#17943 closed enhancement (fixed)
postfix-3.8.0
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New minor version.
Change History (4)
comment:1 by , 13 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 13 months ago
comment:3 by , 13 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
258b1c9496 Update to graphviz-8.0.3. e3d2ed3620 Update to postfix-3.8.0. 17eb8077f8 Update to apr-1.7.4.
Note:
See TracTickets
for help on using tickets.
This is the Postfix 3.8 stable release.
Major changes - SRV support
[Feature 20230214] Support to look up DNS SRV records in the Postfix SMTP/LMTP client.
For example, with "use_srv_lookup = submission" and "relayhost = example.com:submission", the Postfix SMTP client will look up DNS SRV records for _submission._tcp.example.com, and will relay email through the hosts and ports that are specified with those records.
See https://www.postfix.org/postconf.5.html#use_srv_lookup for more details, including how to selectively use SRV in a configuration that connects to multiple ISP accounts.
SRV support may also be useful inside a cloud-based infrastructure when Postfix needs to deliver mail to services that run on a dynamically-allocated port.
Major changes - TLS support [Incompat 20230304] This introduces the following changes:
[Feature 20230108] New configuration parameter tls_ffdhe_auto_groups for finite-field Diffie-Hellman ephemeral (FFDHE) support in TLS 1.3 with OpenSSL 3.0.
Major changes - attack resistance
[Feature 20240312] the Postfix SMTP server can now aggregate smtpd_client_*_rate and smtpd_client_*_count statistics by network block, as specified with smtpd_client_ipv4_prefix_length (default 32, no aggregation) and smtpd_client_ipv6_prefix_length (default 84, aggregation by /84 network blocks). The latter raises the bar for a memory exhaustion attack.
[Feature 20221023] Unconditionally disable a CPU resource attack requesting TLS renegotiation. There's no good reason to support this in the middle of an SMTP connection.
Major changes - bit rot
[Incompat 20221228] Postfix documentation and code have been converted to use "grep -E" and "grep -F" instead of the historical forms "egrep" and "fgrep". To build Postfix on a system that supports only the historical forms, run the script auxiliary/fix-grep/fix-grep.sh to revert this change.
Major changes - configuration checks
[Feature 20240406] The postconf command now warns for #comment in or after a Postfix parameter value. Postfix programs do not support #comment after other text, and treat that as input.
Major changes - database support
[Incompat 20220509] The PostgreSQL client encoding is now configurable with the "encoding" Postfix configuration file attribute. The default is "UTF8". Previously the encoding was hard-coded as "LATIN1".
Major changes - logging
[Incompat 20230308] The postfix(1) and postlog(1) commands now produce stderr logging even when stderr is not connected to a terminal. This eliminates an inconsistency, and makes these programs easier to use in some automated procedures. The canonical example is to capture output from "postmulti -p status" to figure out which instances are or are not running.
Major changes - source code organization
[Incompat 20220507] Most global/mkmap*.[hc] files are moved to the util directory; only global/mkmap_proxy.* remains. The old file organization was designed before support for dynamically-loadable databases was added, and that code suffered from complexity.