summaryrefslogtreecommitdiffstats
path: root/RELEASE_NOTES-2.6
blob: ff07431554c0ba87865f5610d75f7824fc9b6015 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
The stable Postfix release is called postfix-2.6.x where 2=major
release number, 6=minor release number, x=patchlevel.  The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-2.7-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day).  Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 2.4 or earlier, read RELEASE_NOTES-2.5
before proceeding.

Major changes - multi-instance support
--------------------------------------

[Feature 20090121] Support for managing multiple Postfix instances.
This can automatically apply your "postfix start" etc.  command to
multiple Postfix instances, including upgrades to new Postfix
versions.  Multi-instance support allows you to do the following
and more:

- Simplify post-queue content filter configuration by using separate
  Postfix instances before and after the filter. This simplifies
  trouble shooting and performance tuning.

- Implement per-user content filters (or no filter) via transport
  map lookups instead of content_filter settings. Mail for some
  users can be sent directly from the before-filter instance to the
  after-filter instance.

- Test new configuration settings (on a different server IP address
  or TCP port) without disturbing production instances.

- Each additional Postfix instance uses a few files and directories,
  plus memory for an extra master daemon and queue manager. The
  pickup daemon is needed only if you use local submission or
  "postsuper -r".

Best of all, nothing changes when you use only one Postfix instance.

The MULTI_INSTANCE_README file presents an introduction to
multi-instance management. Multi-instance support is based on an
API that is described in the postfix-wrapper(5) manual page.

Major changes - milter support
------------------------------

[Feature 20090428] The following improvements have been made to the
Milter implementation:

- Improved compatibility of the {mail_addr} and {rcpt_addr} macros.

- Support for the {mail_host}, {mail_mailer}, {rcpt_host} and
{rcpt_mailer} macros.

- Milter applications can now request rejected recipients with the
SMFIP_RCPT_REJ feature. Rejected recipients are reported with
{rcpt_mailer} = "error", {rcpt_host} = enhanced status code, and
{rcpt_addr} = descriptive text. This feature requires "milter_protocol
= 6" or higher (default as of Postfix 2.6).

- Milters can now replace the envelope sender address with the
SMFIR_CHGFROM request, and can add recipients with SMFIR_ADDRCPT_PAR.
These implementations ignore ESMTP command parameters and log a
warning message as follows:

    warning: 100B22B3293: cleanup_chg_from: ignoring ESMTP arguments "whatever"
    warning: 100B22B3293: cleanup_add_rcpt: ignoring ESMTP arguments "whatever"

[Incompat 20090428] The default milter_protocol setting is increased
from 2 to 6; this enables all available features up to and including
Sendmail 8.14.0.  The new milter_protocol setting may break
compatibility with older Milter libraries or applications, and may
cause Postfix to log warning messages such as:

    warning: milter inet:host:port: can't read packet header: Unknown error : 0

    warning: milter inet:host:port: can't read packet header: Success

    warning: milter inet:host:port: can't read SMFIC_DATA reply
    packet header: No such file or directory

To restore compatibility, specify "milter_protocol = 2" in main.cf.

Major changes - security
------------------------

[Incompat 20080726] When a mailbox file is not owned by its recipient,
the local and virtual delivery agents now log a warning and defer
delivery.  Specify "strict_mailbox_ownership = no" to ignore such
ownership discrepancies.

Major changes - smtp server
---------------------------

[Feature 20080212] check_reverse_client_hostname_access, to make
access decisions based on the unverified client hostname.  For
safety reasons an OK result is not allowed.

[Feature 20090210] With "reject_tempfail_action = defer", the Postfix
SMTP server immediately replies with a 4xx status after some temporary
error, instead of executing an implicit "defer_if_permit" action.

[Feature 20090215] The Postfix SMTP server automatically hangs up
after replying with "521". This makes overload handling more
effective.  See also RFC 1846 for prior art on this topic.

[Feature 20090228] The Postfix SMTP server maintains a per-session
"improper command pipelining detected" flag. This flag can be tested
at any time with reject_unauth_pipelining, and is raised whenever
a client command is followed by unexpected commands or message
content. The Postfix SMTP server logs the first command pipelining
transgression as "improper command pipelining after <command> from
<hostname>[<hostaddress>]".

[Feature 20090212] Stress-dependent behavior is enabled by default.
Under conditions of overload, smtpd_timeout is reduced from 300s
to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and
smtpd_junk_command_limit is reduced from 100 to 1. This will reduce
the impact of overload for most legitimate mail.

[Feature 20080629] The Postfix SMTP server's SASL authentication
was re-structured.  With "smtpd_tls_auth_only = yes", SASL support
is now activated only after a successful TLS handshake. Earlier
Postfix SMTP server versions could complain about unavailable SASL
mechanisms during the plaintext phase of the SMTP protocol.

[Incompat 20080510] In the policy delegation protocol, certificate
common name attributes are now xtext encoded UTF-8. The xtext decoded
attributes may contain any UTF-8 value except non-printable ASCII
characters.

Major changes - performance
---------------------------

[Feature 20090215] The Postfix SMTP server automatically hangs up
after replying with "521". This makes overload handling more
effective.  See also RFC 1846 for prior art on this topic.

[Feature 20090212] Stress-dependent behavior is enabled by default.
Under conditions of overload, smtpd_timeout is reduced from 300s
to 10s, smtpd_hard_error_limit is reduced from 20 to 1, and
smtpd_junk_command_limit is reduced from 100 to 1. This will reduce
the negative impact of server overload for most legitimate mail.

[Feature 20090109] Specify "tcp_windowsize = 65535" (or less) to
work around routers with broken TCP window scaling implementations.
This is perhaps more convenient than collecting tcpdump output and
tuning kernel parameters by hand.  With Postfix TCP servers (smtpd(8),
qmqpd(8)), this feature is implemented by the Postfix master(8)
daemon.

To change this parameter without stopping Postfix, you need to first
terminate all Postfix TCP servers:

    # postconf -e master_service_disable=inet
    # postfix reload

This immediately terminates all processes that accept network
connections.  Then you enable Postfix TCP servers with the updated
tcp_windowsize setting:

    # postconf -e tcp_windowsize=65535 master_service_disable=
    # postfix reload

If you skip these steps with a running Postfix system, then the
tcp_windowsize change will work only for Postfix TCP clients (smtp(8),
lmtp(8)).

Of course you can also do "postfix stop" and "postfix start",
but that is more disruptive.

Major changes - tls
-------------------

[Incompat 20090428] The Postfix SMTP client(!) no longer tries to
use the obsolete SSLv2 protocol by default, as this may prevent the
use of modern SSL features.  Lack of SSLv2 support should never be
a problem, since SSLv3 was defined in 1996, and TLSv1 in 1999. You
can undo the change by specifying empty main.cf values for
smtp_tls_protocols and lmtp_tls_protocols. The Postfix SMTP server
maintains SSLv2 support for backwards compatibility with ancient
clients.

[Feature 20081010] Controls for the protocols and ciphers that
Postfix will use with opportunistic TLS. The smtp_tls_protocols,
smtp_tls_ciphers, and equivalent parameters for lmtp and smtpd
provide global settings; the SMTP client TLS policy table provides
ciphers and protocols settings for specific peers.  Code by Victor
Duchovni. Details are given in the TLS_README and postconf(5)
documents.

[Feature 20081108] Elliptic curve support. This requires OpenSSL
version 0.9.9 or later.

Major changes - address verification
------------------------------------

[Incompat 20080428] Postfix SMTP server replies for address
verification have changed.  unverified_recipient_reject_code and
unverified_sender_reject_code now handle "5XX" rejects only. The
"4XX" rejects are now controlled with unverified_sender_defer_code
and unverified_recipient_defer_code.

[Feature 20080428] Finer control over the way Postfix reports address
verification failures to remote SMTP clients.

- unverified_sender/recipient_defer_code: the numerical Postfix
  SMTP server reply code when address verification failed due
  to some temporary error.

- unverified_sender/recipient_reject_reason: fixed text that Postfix
  will send to the remote SMTP client, instead of sending actual
  address verification details.

Major changes - dsn
-------------------

[Feature 20090307] New "lmtp_assume_final = yes" flag to send correct
DSN "success" notifications when LMTP delivery is "final" as opposed
to delivery into a content filter.

Major changes - file organization
---------------------------------

[Incompat 20080207] According to discussions on the mailing list,
too many people are breaking newly installed Postfix by overwriting
the new /etc/postfix files with versions from an older release, and
end up with a broken configuration that cannot repair itself. For
this reason, postfix-script, postfix-files and post-install are
moved away from /etc/postfix to $daemon_directory.

Major changes - header rewriting
--------------------------------

[Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
Message-ID: or To: headers only when clients match
$local_header_rewrite_clients.  Specify "always_add_missing_headers
= yes" for backwards compatibility.  Adding such headers can break
DKIM signatures that cover headers that are not present. For
compatibility with existing logfile processing software, Postfix
will log ``message-id=<>'' for messages without Message-Id header.

Major changes - lmtp client
---------------------------

[Feature 20090307] New "lmtp_assume_final = yes" flag to send correct
DSN "success" notifications when LMTP delivery is "final" as opposed
to delivery into a content filter.

Major changes - logging
-----------------------

[Incompat 20090330] Postfix now adds (Resent-) From:, Date:,
Message-ID: or To: headers only when clients match
$local_header_rewrite_clients.  Specify "always_add_missing_headers
= yes" for backwards compatibility.  Adding such headers can break
DKIM signatures that cover headers that are not present.

This changes the appearance of Postfix logging: to preserve
compatibility with existing logfile processing software, Postfix
will log ``message-id=<>'' for messages without Message-Id header.

Major changes - mime
--------------------

[Feature 20080324] When the "postmap -q -" command reads lookup
keys from standard input, it now understands RFC822 and MIME message
format.  Specify -h or -b to use headers or body lines as lookup
keys, and specify -hm or -bm to simulate header_checks or body_checks.

Major changes - miscellaneous
-----------------------------

[Feature 20090109] Support to selectively disable master(8) listener
ports by service type or by service name + type. Specify a list of
service types ("inet", "unix", "fifo", or "pass") or "name.type"
tuples, where "name" is the first field of a master.cf entry and
"type" is a service type. Examples: to turn off the main SMTP
listener port, use "master_service_disable = smtp.inet"; to turn
off all TCP/IP listeners, use "master_service_disable = inet".
Changing this parameter requires "postfix reload".

Major changes - sasl
--------------------

[Feature 20090418] The Postfix SMTP server passes more information
to the Dovecot authentication server: the "TLS is active" flag, the
server IP address, and the client IP address.

[Feature 20080629] The Postfix SMTP server's SASL authentication
was re-structured.  With "smtpd_tls_auth_only = yes", SASL support
is now activated only after a successful TLS handshake. Earlier
Postfix SMTP server versions could complain about unavailable SASL
mechanisms during the plaintext phase of the SMTP protocol.