Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#14892 closed enhancement (fixed)


Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: normal Milestone: 11.0
Component: BOOK Version: SVN
Severity: normal Keywords:


New point version

Change History (5)

comment:1 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 2 years ago

Summary: postfix-3.5.10postfix-3.6.0

Now 3.6.0

comment:3 by Douglas R. Reno, 2 years ago


 Postfix stable release 3.5.10 and legacy releases 3.4.20, 3.3.17, 3.2.22

[An on-line version of this announcement will be available at]

The following fixes address null pointer bugs and a memory leak that have no potential for information loss or leaks, privilege escalation, or denial of service.

Fixed in Postfix 3.4 and 3.5:

    Missing null pointer checks (introduced in Postfix 3.4) after an internal I/O error during the smtp(8) to tlsproxy(8) handshake. Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.

Fixed in all supported Postfix releases:

    Null pointer bug (introduced in Postfix 3.0) and memory leak (introduced in Postfix 3.4) after an inline: table syntax error in or Found by Coverity, reported by Jaroslav Skarvada. Based on a fix by Viktor Dukhovni.

    Incomplete null pointer check (introduced: Postfix 2.10) after truncated HaProxy version 1 handshake message. Found by Coverity, reported by Jaroslav Skarvada. Fix by Viktor Dukhovni.

    Missing null pointer check (introduced: Postfix alpha) after null argv[0] value.

Release notes for 3.6.0:

 Postfix stable release 3.6.0 is available. This ends the support for legacy release Postfix 3.2.

The main changes are below. See the RELEASE_NOTES file for further details.

Incompatible changes:

    This release requires "postfix stop" before updating, or before backing out to an earlier release, because some internal protocols have changed. Otherwise, long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen) may fail to communicate with the rest of Postfix, causing mail delivery delays until Postfix is restarted.

    Respectful logging. Postfix version 3.6 deprecates terminology that implies white is better than black. Instead, Postfix prefers 'allowlist', 'denylist', and variations on those words. This change affects Postfix documentation, and postscreen parameters and logging.

    To keep the old postscreen logging set "respectful_logging = no" in before setting "compatibility_level = 3.6". In any case, the old postscreen parameter names will keep working as before.

Other changes:

    The minimum supported OpenSSL version is 1.1.1, which will reach the end of life by 2023-09-11. Postfix 3.6 is expected to reach the end of support in 2025. Until then, Postfix will be updated as needed for compatibility with OpenSSL.

    The default fingerprint digest has changed from md5 to sha256 (Postfix 3.6 with compatibility_level >= 3.6). With a lower compatibility_level setting, Postfix defaults to using md5, and logs a warning when a Postfix configuration specifies no explicit digest type.

    The export-grade Diffie-Hellman key exchange is no longer supported, and the tlsproxy_tls_dh512_param_file parameter is ignored,

    Better error messages when someone configures an incorrect program in To recognize such mistakes, every Postfix internal service, including the postdrop command, announces the name of its protocol before doing any other I/O, and every Postfix client program, including the Postfix sendmail command, will verify that the protocol name matches what it expects.

    Fine-grained control over the envelope sender address for submission with the Postfix sendmail (or postdrop) commands.


        # Allow root and postfix full control, anyone else can only
        # send mail as themselves. Use "uid:" followed by the numerical
        # UID when the UID has no entry in the UNIX password file.
        local_login_sender_maps =
            inline:{ { root = *}, { postfix = * } },

       # Allow both the bare username and the user@domain forms.
        /(.+)/ $1 $

    Threaded bounces. This allows mail readers to present a non-delivery, delayed delivery, or successful delivery notification in the same email thread as the original message.

    Unfortunately, this also makes it easy for users to mistakenly delete the whole email thread (all related messages), instead of deleting only the delivery status notification.

    To enable, specify "enable_threaded_bounces = yes".

    Postfix by default no longer uses the services(5) database to look up the TCP ports for SMTP and LMTP services. Instead, this information is configured with the new known_tcp_ports configuration parameter (default: lmtp=24, smtp=25, smtps=submissions=465, submission=587). When a service is not specified in known_tcp_ports, Postfix will still query the services(5) database.

    Starting with Postfix version 3.6, the compatibility level is "3.6". In future Postfix releases, the compatibility level will be the Postfix version that introduced the last incompatible change. The level is formatted as 'major.minor.patch', where 'patch' is usually omitted and defaults to zero. Earlier compatibility levels are 0, 1 and 2.

    This also introduces and support for the <=level, < level, and other operators to compare compatibility levels. With the standard <=, <, etc. operators, compatibility level 3.10 would be less than 3.9, which is undesirable.

comment:4 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed

comment:5 by Bruce Dubbs, 2 years ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.