- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the
MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
- Improved before-queue content filter performance. With
"smtpd_proxy_options = speed_adjust", the Postfix SMTP server
receives the entire message before it connects to a before-queue
content filter. Typically, this allows Postfix to handle the same
mail load with fewer content filter processes.
- Improved address verification performance. The verify database is now
persistent by default, and it is automatically cleaned periodically. Under
overload conditions, the Postfix SMTP server no longer waits up to 6 seconds
for an address probe to complete.
- Support for reputation management based on the local SMTP client IP address.
This is typically implemented with "FILTER transportname:" actions in access
maps or header/body checks, and mail delivery transports in master.cf with
unique smtp_bind_address values.
- "postmulti -p command" did not skip disabled instances.
- In the multi_instance_wrapper parameter, the expansion of
$command_directory and $daemon_directory was broken.
- The address_verify_poll_count parameter value was not made
stress-dependent by default. This defeated the purpose of making other
settings stress-dependent by default with Postfix 2.6.
- Milter applications would hang up after receiving an unexpected
SMFIC_HEADER (mail header) command. This problem happened with Milters
that (legitimately) do not send replies for SMFIC_RCPT (recipient
address) or SMFIC_DATA (start of message) commands.
- Core dump while an printing error message for a malformed %<letter>
sequence in LDAP, MySQL or PostgreSQL lookup table configuration.
- Mail with zero recipients was forever stuck in the queue. This happened
when "postsuper -r" was run after all the recipients of a message were
delivered (or bounced), but before the message was deleted from the queue.
- With hostnames such as 1-2-3-4, the valid_hostname() fuction did not
recognize the '-' as a non-numeric character, causing a legitimate name
to be rejected as "invalid".
- The VRFY command did not accept a mailbox address inside <>.
- The Postfix Milter client got out of step with a Milter application
after the application sent a "quarantine" request at end-of-message
time. The Milter application would still be in the end-of-message
state, while Postfix would already be working on the next SMTP
event, typically, QUIT or MAIL FROM. In the latter case, Milter
responses for the previously-received email message would be applied
towards the next MAIL FROM transaction. This problem was diagnosed
with help from Alban Deniz.
- The Postfix SMTP server would abort with an "unexpected lookup table"
error when an SMTPD policy server was mis-configured in a particular way.
christos