Postfix 3.2.0 stable release

Previous Topic Next Topic
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Postfix 3.2.0 stable release

Wietse Venema
[An on-line version of this announcement will be available at

Postfix stable release 3.2.0 is available, 20 years after work began
early 1997. This release ends support for legacy release Postfix 2.10.

The main changes in no particular order are:

  * Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes
    the default smtpd_tls_eecdh_grade setting to "auto", and
    introduces a new parameter tls_eecdh_auto_curves with the names
    of curves that may be negotiated.

  * Stored-procedure support for MySQL databases. Contributed by
    John Fawcett. See the mysql_table(5) manpage for details.

  * Cidr: table support for if/endif and negation (by prepending !
    to a pattern), just like regexp: and pcre: tables. See the
    cidr_table(5) manpage for details.

  * The postmap command and the inline: and texthash: maps now
    support spaces in left-hand field of lookup table source text.
    Use double quotes (") around a left-hand field that contains
    spaces, and use backslash (\) to protect quotes in a left-hand

  * Support for per-client Milter configuration (smtpd_milter_maps)
    that overrides the main.cf smtpd_milters setting, and that has
    the same syntax. A lookup result of "DISABLE" turns off Milter
    support for that client. See MILTER_README.html for details.

  * The local SMTP server IP address and port are available in the
    policy delegation protocol (attribute names: server_address,
    server_port), in the Milter protocol (macro names: {daemon_addr},
    {daemon_port}), and in the XCLIENT protocol (attribute names:

  * For safety reasons, the Postfix sendmail -C option must specify
    an authorized directory: the default configuration directory,
    a directory that is listed in the default main.cf file with
    alternate_config_directories or multi_instance_directories,
    otherwise the command must be invoked with root privileges.
    This mitigates a recurring "jail break" problem with the PHP
    mail() function.

  * "PASS" and "STRIP" actions in header/body_checks. "STRIP" is
    similar to "IGNORE" but also logs the action, and "PASS" disables
    header, body, and Milter inspection for the remainder of the
    message content. Contributed by Hobbit.

  * The collate.pl script by Viktor Dukhovni for grouping Postfix
    logfile records into "sessions" based on queue ID and process
    ID information, in the auxiliary/collate directory of the Postfix
    source tree.

Disabled or removed behavior:

  * SMTPUTF8 support: Postfix 3.2 disables the 'transitional'
    compatibility between the IDNA2003 and IDNA2008 standards for
    internationalized domain names (domain names beyond the limits
    of US-ASCII). This makes Postfix behavior consistent with
    contemporary web browsers. See RELEASE_NOTES for more.

  * Postfix 3.2 removes tentative features that were implemented
    before the DANE spec was finalized: support for certificate
    usage PKIX-EE(1), the ability to disable digest agility, and
    the ability to disable support for "TLSA 2 [01] [12]" records
    that specify the digest of a trust anchor. See RELEASE_NOTES
    for more.

You can find the updated Postfix source code at the mirrors listed
at http://www.postfix.org/.

Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Re: Postfix 3.2.0 stable release

Viktor Dukhovni

> On Mar 2, 2017, at 7:43 PM, Wietse Venema <[hidden email]> wrote:
>  * Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes
>    the default smtpd_tls_eecdh_grade setting to "auto", and
>    introduces a new parameter tls_eecdh_auto_curves with the names
>    of curves that may be negotiated.

Tiny correction.  The EC negotiation is with OpenSSL >= 1.0.2, not
OpenSSL <= 1.0.2.  That is, it requires at *least* OpenSSL 1.0.2,
which currently means some patch level of 1.0.2 or 1.1.0.