| blob | 0a926aa3895d2340a8b845d683660dc071a6ad4d |
1 The stable Postfix release is called postfix-2.6.x where 2=major
2 release number, 6=minor release number, x=patchlevel. The stable
3 release never changes except for patches that address bugs or
4 emergencies. Patches change the patchlevel and the release date.
6 New features are developed in snapshot releases. These are called
7 postfix-2.7-yyyymmdd where yyyymmdd is the release date (yyyy=year,
8 mm=month, dd=day). Patches are never issued for snapshot releases;
9 instead, a new snapshot is released.
11 The mail_release_date configuration parameter (format: yyyymmdd)
12 specifies the release date of a stable release or snapshot release.
14 If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
15 before proceeding.
17 Major changes - multi-instance support
18 --------------------------------------
20 [Feature 20090121] Support for managing multiple Postfix instances.
21 This can automatically apply your "postfix start" etc. command to
22 multiple Postfix instances, including upgrades to new Postfix
23 versions. Multi-instance support allows you to do the following
24 and more:
26 - Simplify post-queue content filter configuration by using separate
27 Postfix instances before and after the filter. This simplifies
28 trouble shooting and performance tuning.
30 - Implement per-user content filters (or no filter) via transport
31 map lookups instead of content_filter settings. Mail for some
32 users can be sent directly from the before-filter instance to the
33 after-filter instance.
35 - Test new configuration settings (on a different server IP address
36 or TCP port) without disturbing production instances.
38 - Each additional Postfix instance uses a few files and directories,
39 plus memory for an extra master daemon and queue manager. The
40 pickup daemon is needed only if you use local submission or
41 "postsuper -r".
43 Best of all, nothing changes when you use only one Postfix instance.
45 The MULTI_INSTANCE_README file presents an introduction to
46 multi-instance management. Multi-instance support is based on an
47 API that is described in the postfix-wrapper(5) manual page.
49 Major changes - milter support
50 ------------------------------
52 [Feature 20090428] The following improvements have been made to the
53 Milter implementation:
55 - Improved compatibility of the {mail_addr} and {rcpt_addr} macros.
57 - Support for the {mail_host}, {mail_mailer}, {rcpt_host} and
58 {rcpt_mailer} macros.
60 - Milter applications can now request rejected recipients with the
61 SMFIP_RCPT_REJ feature. Rejected recipients are reported with
62 {rcpt_mailer} = "error", {rcpt_host} = enhanced status code, and
63 {rcpt_addr} = descriptive text. This feature requires "milter_protocol
64 = 6" or higher (default as of Postfix 2.6).
66 - Milters can now replace the envelope sender address with the
67 SMFIR_CHGFROM request, and can add recipients with SMFIR_ADDRCPT_PAR.
68 These implementations ignore ESMTP command parameters and log a
69 warning message as follows:
71 warning: 100B22B3293: cleanup_chg_from: ignoring ESMTP arguments "whatever"
72 warning: 100B22B3293: cleanup_add_rcpt: ignoring ESMTP arguments "whatever"
74 [Incompat 20090428] The default milter_protocol setting is increased
75 from 2 to 6; this enables all available features up to and including
76 Sendmail 8.14.0. The new milter_protocol setting may break
77 compatibility with older Milter libraries or applications, and may
78 cause Postfix to log warning messages such as:
80 warning: milter inet:host:port: can't read packet header: Unknown error : 0
82 warning: milter inet:host:port: can't read packet header: Success
84 warning: milter inet:host:port: can't read SMFIC_DATA reply
85 packet header: No such file or directory
87 To restore compatibility, specify "milter_protocol = 2" in main.cf.
89 Major changes - security
90 ------------------------
92 [Incompat 20080726] When a mailbox file is not owned by its recipient,
93 the local and virtual delivery agents now log a warning and defer
94 delivery. Specify "strict_mailbox_ownership = no" to ignore such
95 ownership discrepancies.
97 Major changes - smtp server
98 ---------------------------
100 [Feature 20080212] check_reverse_client_hostname_access, to make
101 access decisions based on the unverified client hostname. For
102 safety reasons an OK result is not allowed.
104 [Feature 20090210] With "reject_tempfail_action = defer", the Postfix
105 SMTP server immediately replies with a 4xx status after some temporary
106 error, instead of executing an implicit "defer_if_permit" action.
108 [Feature 20090215] The Postfix SMTP server automatically hangs up
109 after replying with "521". This makes overload handling more
110 effective. See also RFC 1846 for prior art on this topic.
112 [Feature 20090228] The Postfix SMTP server maintains a per-session
113 "improper command pipelining detected" flag. This flag can be tested
114 at any time with reject_unauth_pipelining, and is raised whenever
115 a client command is followed by unexpected commands or message
116 content. The Postfix SMTP server logs the first command pipelining
117 transgression as "improper command pipelining after <command> from
118 <hostname>[<hostaddress>]".
120 [Feature 20090212] Stress-dependent behavior is enabled by default.
121 Under conditions of overload, smtpd_timeout is reduced from 300s
122 to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and
123 smtpd_junk_command_limit is reduced from 100 to 1. This will reduce
124 the impact of overload for most legitimate mail.
126 [Feature 20080629] The Postfix SMTP server's SASL authentication
127 was re-structured. With "smtpd_tls_auth_only = yes", SASL support
128 is now activated only after a successful TLS handshake. Earlier
129 Postfix SMTP server versions could complain about unavailable SASL
130 mechanisms during the plaintext phase of the SMTP protocol.
132 [Incompat 20080510] In the policy delegation protocol, certificate
133 common name attributes are now xtext encoded UTF-8. The xtext decoded
134 attributes may contain any UTF-8 value except non-printable ASCII
135 characters.
137 Major changes - performance
138 ---------------------------
140 [Feature 20090215] The Postfix SMTP server automatically hangs up
141 after replying with "521". This makes overload handling more
142 effective. See also RFC 1846 for prior art on this topic.
144 [Feature 20090212] Stress-dependent behavior is enabled by default.
145 Under conditions of overload, smtpd_timeout is reduced from 300s
146 to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and
147 smtpd_junk_command_limit is reduced from 100 to 1. This will reduce
148 the negative impact of server overload for most legitimate mail.
150 [Feature 20090109] Specify "tcp_windowsize = 65535" (or less) to
151 work around routers with broken TCP window scaling implementations.
152 This is perhaps more convenient than collecting tcpdump output and
153 tuning kernel parameters by hand. With Postfix TCP servers (smtpd(8),
154 qmqpd(8)), this feature is implemented by the Postfix master(8)
155 daemon.
157 To change this parameter without stopping Postfix, you need to first
158 terminate all Postfix TCP servers:
160 # postconf -e master_service_disable=inet
161 # postfix reload
163 This immediately terminates all processes that accept network
164 connections. Then you enable Postfix TCP servers with the updated
165 tcp_windowsize setting:
167 # postconf -e tcp_windowsize=65535 master_service_disable=
168 # postfix reload
170 If you skip these steps with a running Postfix system, then the
171 tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
172 lmtp(8)).
174 Of course you can also do "postfix stop" and "postfix start",
175 but that is more disruptive.
177 Major changes - tls
178 -------------------
180 [Incompat 20090428] The Postfix SMTP client(!) no longer tries to
181 use the obsolete SSLv2 protocol by default, as this may prevent the
182 use of modern SSL features. Lack of SSLv2 support should never be
183 a problem, since SSLv3 was defined in 1996, and TLSv1 in 1999. You
184 can undo the change by specifying empty main.cf values for
185 smtp_tls_protocols and lmtp_tls_protocols. The Postfix SMTP server
186 maintains SSLv2 support for backwards compatibility with ancient
187 clients.
189 [Feature 20081010] Controls for the protocols and ciphers that
190 Postfix will use with opportunistic TLS. The smtp_tls_protocols,
191 smtp_tls_ciphers, and equivalent parameters for lmtp and smtpd
192 provide global settings; the SMTP client TLS policy table provides
193 ciphers and protocols settings for specific peers. Code by Victor
194 Duchovni. Details are given in the TLS_README and postconf(5)
195 documents.
197 [Feature 20081108] Elliptic curve support. This requires OpenSSL
198 version 0.9.9 or later.
200 Major changes - address verification
201 ------------------------------------
203 [Incompat 20080428] Postfix SMTP server replies for address
204 verification have changed. unverified_recipient_reject_code and
205 unverified_sender_reject_code now handle "5XX" rejects only. The
206 "4XX" rejects are now controlled with unverified_sender_defer_code
207 and unverified_recipient_defer_code.
209 [Feature 20080428] Finer control over the way Postfix reports address
210 verification failures to remote SMTP clients.
212 - unverified_sender/recipient_defer_code: the numerical Postfix
213 SMTP server reply code when address verification failed due
214 to some temporary error.
216 - unverified_sender/recipient_reject_reason: fixed text that Postfix
217 will send to the remote SMTP client, instead of sending actual
218 address verification details.
220 Major changes - dsn
221 -------------------
223 [Feature 20090307] New "lmtp_assume_final = yes" flag to send correct
224 DSN "success" notifications when LMTP delivery is "final" as opposed
225 to delivery into a content filter.
227 Major changes - file organization
228 ---------------------------------
230 [Incompat 20080207] According to discussions on the mailing list,
231 too many people are breaking newly installed Postfix by overwriting
232 the new /etc/postfix files with versions from an older release, and
233 end up with a broken configuration that cannot repair itself. For
234 this reason, postfix-script, postfix-files and post-install are
235 moved away from /etc/postfix to $daemon_directory.
237 Major changes - header rewriting
238 --------------------------------
240 [Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
241 Message-ID: or To: headers only when clients match
242 $local_header_rewrite_clients. Specify "always_add_missing_headers
243 = yes" for backwards compatibility. Adding such headers can break
244 DKIM signatures that cover headers that are not present.
245 compatibility with existing logfile processing software, Postfix
246 will log ``message-id=<>'' for messages without Message-Id header.
248 Major changes - lmtp client
249 ---------------------------
251 [Feature 20090307] New "lmtp_assume_final = yes" flag to send correct
252 DSN "success" notifications when LMTP delivery is "final" as opposed
253 to delivery into a content filter.
255 Major changes - logging
256 -----------------------
258 [Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
259 Message-ID: or To: headers only when clients match
260 $local_header_rewrite_clients. Specify "always_add_missing_headers
261 = yes" for backwards compatibility. Adding such headers can break
262 DKIM signatures that cover headers that are not present.
264 This changes the appearance of Postfix logging: to preserve
265 compatibility with existing logfile processing software, Postfix
266 will log ``message-id=<>'' for messages without Message-Id header.
268 Major changes - mime
269 --------------------
271 [Feature 20080324] When the "postmap -q -" command reads lookup
272 keys from standard input, it now understands RFC822 and MIME message
273 format. Specify -h or -b to use headers or body lines as lookup
274 keys, and specify -hm or -bm to simulate header_checks or body_checks.
276 Major changes - miscellaneous
277 -----------------------------
279 [Feature 20090109] Support to selectively disable master(8) listener
280 ports by service type or by service name + type. Specify a list of
281 service types ("inet", "unix", "fifo", or "pass") or "name.type"
282 tuples, where "name" is the first field of a master.cf entry and
283 "type" is a service type. Examples: to turn off the main SMTP
284 listener port, use "master_service_disable = smtp.inet"; to turn
285 off all TCP/IP listeners, use "master_service_disable = inet".
286 Changing this parameter requires "postfix reload".
288 Major changes - sasl
289 --------------------
291 [Feature 20090418] The Postfix SMTP server passes more information
292 to the Dovecot authentication server: the "TLS is active" flag, the
293 server IP address, and the client IP address.
295 [Feature 20080629] The Postfix SMTP server's SASL authentication
296 was re-structured. With "smtpd_tls_auth_only = yes", SASL support
297 is now activated only after a successful TLS handshake. Earlier
298 Postfix SMTP server versions could complain about unavailable SASL
299 mechanisms during the plaintext phase of the SMTP protocol.