1This is the Postfix 3.1 (stable) release. 2 3The stable Postfix release is called postfix-3.1.x where 3=major 4release number, 1=minor release number, x=patchlevel. The stable 5release never changes except for patches that address bugs or 6emergencies. Patches change the patchlevel and the release date. 7 8New features are developed in snapshot releases. These are called 9postfix-3.2-yyyymmdd where yyyymmdd is the release date (yyyy=year, 10mm=month, dd=day). Patches are never issued for snapshot releases; 11instead, a new snapshot is released. 12 13The mail_release_date configuration parameter (format: yyyymmdd) 14specifies the release date of a stable release or snapshot release. 15 16If you upgrade from Postfix 2.11 or earlier, read RELEASE_NOTES-3.0 17before proceeding. 18 19Workaround - UTF8 support in Postfix MySQL queries 20-------------------------------------------------- 21 22Someone reported false "not found" errors with MySQL map queries 23that contain UTF8-encoded text. To avoid such errors, specify 24"option_group = client" in Postfix MySQL configuration files. This 25will be the default setting with Postfix 3.2 and later. 26 27Major changes - address verification safety 28------------------------------------------- 29 30[Feature 20151227] The new address_verify_pending_request_limit 31parameter introduces a safety limit for the number of address 32verification probes in the active queue. The default limit is 1/4 33of the active queue maximum size. The queue manager enforces the 34limit by tempfailing probe messages that exceed the limit. This 35design avoids dependencies on global counters that get out of sync 36after a process or system crash. 37 38Tempfailing verify requests is not as bad as one might think. The 39Postfix verify cache proactively updates active addresses weeks 40before they expire. The address_verify_pending_request_limit affects 41only unknown addresses, and inactive addresses that have expired 42from the address verify cache (by default, after 31 days). 43 44Major changes - json support 45---------------------------- 46 47[Feature 20151129] Machine-readable, JSON-formatted queue listing 48with "postqueue -j" (no "mailq" equivalent). The output is a stream 49of JSON objects, one per queue file. To simplify parsing, each 50JSON object is formatted as one text line followed by one newline 51character. See the postqueue(1) manpage for a detailed description 52of the output format. 53 54Major changes - milter support 55------------------------------ 56 57[Feature 20150523] The milter_macro_defaults feature provides an 58optional list of macro name=value pairs. These specify default 59values for Milter macros when no value is available from the SMTP 60session context. 61 62For example, with "milter_macro_defaults = auth_type=TLS", the 63Postfix SMTP server will send an auth_type of "TLS" to a Milter, 64unless the remote client authenticates with SASL. 65 66This feature was originally implemented for a submission service 67that may authenticate clients with a TLS certificate, without having 68to make changes to the code that implements TLS support. 69 70Major changes - output rate control 71----------------------------------- 72 73[Feature 20150710] Destination-independent delivery rate delay 74 75Support to enforce a destination-independent delay between email 76deliveries. The following example inserts 20 seconds of delay 77between all deliveries with the SMTP transport, limiting the delivery 78rate to at most three messages per minute. 79 80/etc/postfix/main.cf: 81 smtp_transport_rate_delay = 20s 82 83For details, see the description of default_transport_rate_delay 84and transport_transport_rate_delay in the postconf(5) manpage. 85 86Major changes - postscreen dnsbl 87-------------------------------- 88 89[Feature 20150710] postscreen support for the TTL of DNSBL and DNSWL 90lookup results 91 92Historically, the default setting "postscreen_dnsbl_ttl = 1h" assumes 93that a "not found" result from a DNSBL server will be valid for one 94hour. This may have been adequate five years ago when postscreen 95was first implemented, but nowadays, that one hour can result in 96missed opportunities to block new spambots. 97 98To address this, postscreen now respects the TTL of DNSBL "not 99found" replies, as well as the TTL of DNSWL replies (both "found" 100and "not found"). The TTL for a "not found" reply is determined 101according to RFC 2308 (the TTL of an SOA record in the reply). 102 103Support for DNSBL or DNSWL reply TTL values is controlled by two 104configuration parameters: 105 106postscreen_dnsbl_min_ttl (default: 60 seconds). 107 108 This parameter specifies a minimum for the amount of time that 109 a DNSBL or DNSWL result will be cached in the postscreen_cache_map. 110 This prevents an excessive number of postscreen cache updates 111 when a DNSBL or DNSWL server specifies a very small reply TTL. 112 113postscreen_dnsbl_max_ttl (default: $postscreen_dnsbl_ttl or 1 hour) 114 115 This parameter specifies a maximum for the amount of time that 116 a DNSBL or DNSWL result will be cached in the postscreen_cache_map. 117 This prevents cache pollution when a DNSBL or DNSWL server 118 specifies a very large reply TTL. 119 120The postscreen_dnsbl_ttl parameter is now obsolete, and has become 121the default value for the new postscreen_dnsbl_max_ttl parameter. 122 123Major changes - sasl auth safety 124-------------------------------- 125 126[Feature 20151031] New "smtpd_client_auth_rate_limit" feature, to 127enforce an optional rate limit on AUTH commands per SMTP client IP 128address. Similar to other smtpd_client_*_rate_limit features, this 129enforces a limit on the number of requests per $anvil_rate_time_unit. 130 131Major changes - smtpd policy 132---------------------------- 133 134[Feature 20150913] New SMTPD policy service attribute "policy_context", 135with a corresponding "smtpd_policy_service_policy_context" configuration 136parameter. Originally, this was implemented to share the same SMTPD 137policy service endpoint among multiple check_policy_service clients. 138 139Major changes - tls 140------------------- 141 142[Feature 20160207] A new "postfix tls" command to quickly enable 143opportunistic TLS in the Postfix SMTP client or server, and to 144manage SMTP server keys and certificates, including certificate 145signing requests and TLSA DNS records for DANE. See the postfix-tls(1) 146manpage for a detailed description. 147 148[Feature 20160103] The Postfix SMTP client by default enables DANE 149policies when an MX host has a (DNSSEC) secure TLSA DNS record, 150even if the MX DNS record was obtained with insecure lookups. The 151existence of a secure TLSA record implies that the host wants to 152talk TLS and not plaintext. For details see the 153smtp_tls_dane_insecure_mx_policy configuration parameter. 154 155[Incompat 20150721] As of the middle of 2015, all supported Postfix 156releases no longer enable "export" grade ciphers for opportunistic 157TLS, and no longer use the deprecated SSLv2 and SSLv3 protocols for 158mandatory or opportunistic TLS. 159 160These changes are very unlikely to cause problems with server-to-server 161communication over the Internet, but they may result in interoperability 162problems with ancient client or server implementations on internal 163networks. To address this problem, you can revert the changes with: 164 165Postfix SMTP client settings: 166 167 lmtp_tls_ciphers = export 168 smtp_tls_ciphers = export 169 lmtp_tls_protocols = !SSLv2 170 smtp_tls_protocols = !SSLv2 171 lmtp_tls_mandatory_protocols = !SSLv2 172 smtp_tls_mandatory_protocols = !SSLv2 173 174Postfix SMTP server settings: 175 176 smtpd_tls_ciphers = export 177 smtpd_tls_protocols = 178 smtpd_tls_mandatory_protocols = !SSLv2 179 180These settings, if put in main.cf, affect all Postfix SMTP client 181or server communication, which may be undesirable. To be more 182selective, use "-o name=value" parameter overrides on specific 183services in master.cf. Execute the command "postfix reload" to make 184the changes effective. 185 186[Incompat 20150719] The default Diffie-Hellman non-export prime was 187updated from 1024 to 2048 bits, because SMTP clients are starting 188to reject TLS handshakes with primes smaller than 2048 bits. 189 190Historically, this prime size is not negotiable, and each site needs 191to determine which prime size works best for the majority of its 192clients. See FORWARD_SECRECY_README for some hints in the quick-start 193section. 194 195