The official Postfix release is called 2.1.x where 2=major release number, 1=minor release number, x=patchlevel. Snapshot releases are now called 2.2-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). The mail_release_date configuration parameter contains the release date (both for official release and snapshot release). Patches are issued for the official release and change the patchlevel and the release date. Patches are never issued for snapshot releases. Major changes with snapshot Postfix-2.2-20050212 ================================================ When header address rewriting is enabled, Postfix now updates a message header only when at least one address in that header is modified. Older Postfix versions first parse and then unparse a header so that there may be subtle changes in formatting, such as the amount of whitespace between tokens, or in capitalization of header labels such as FROM:/CC: because they are not replaced by From:/Cc:. Major changes with snapshot Postfix-2.2-20050211 ================================================ The "generics" table feature is renamed to "generic", for consistency with other Postfix table names which are also singular. Major changes with snapshot Postfix-2.2-20050209 ================================================ The policy delegation protocol now supplies TLS client certificate information after successful verification. The new attribute names are ccert_subject, ccert_issuer and ccert_fingerprint. Major changes with snapshot Postfix-2.2-20050208 ================================================ New "check_ccert_maps maptype:mapname" feature to enforce access control based on (hexadecimal) client certificate fingerprints. Major changes with snapshot Postfix-2.2-20050206 ================================================ Support for address rewriting in outgoing SMTP mail. This is useful for sites that have no valid Internet domain name, and that use a domain name such as localdomain.local instead. Mail addresses that use such domain names are often rejected by mail servers. The new smtp_generic_maps feature allows you to replace local mail addresses by valid Internet addresses when mail is sent across the Internet. It has no effect on mail that is sent between accounts on the local machine. The syntax is described in generic(5) and a detailed example is in the STANDARD_CONFIGURATION_README file. Example: /etc/postfix/main.cf: smtp_generic_maps = hash:/etc/postfix/generic /etc/postfix/generic: you@localdomain.local youraccount@yourisp.net her@localdomain.local heraccount@herisp.net @localdomain.local youraccount+local@yourisp.net When mail is sent to a remote host via SMTP, this replaces your local mail address you@localdomain.local by your ISP mail address, replaces her@localdomain.local by her ISP mail address, and replaces all other local addresses by your ISP account, with an address extension of +local (this example assumes that the ISP supports "+" style address extensions). Major changes with snapshot Postfix-2.2-20050205 ================================================ REPLACE action in header_checks and body_checks. See header_checks(5) for details. Incompatible changes with snapshot Postfix-2.2-20050203 ======================================================= Postfix rewrites message header addresses only in mail that originates from the local machine. Specify "local_header_rewrite_clients = static:all" to get the old behavior of Postfix 2.1 and earlier. All "postfix start" file permission checks are run in the foreground while Postfix is started. Major changes with snapshot Postfix-2.2-20050203 ================================================ To create a ready-to-install package for distribution to other systems use "make package" or "make non-interactive-package", instead of invoking the postfix-install script by hand (which is deprecated). See the PACKAGE_README file for details. New "permit_inet_interfaces" access restriction to allow access from local IP addresses only. This is used for the default, purist, setting of local_header_rewrite_clients in the previous paragraph. New "sleep time-in-seconds" pseudo access restriction to block zombie clients with reject_unauthorized_pipelining before the Postfix SMTP server sends the SMTP greeting. See postconf(5) for example. Safety: Postfix no longer tries to send mail to the fallback_relay when the local machine is MX host for the mail destination. See the postconf(5) description of fallback_relay for details. Incompatible changes with snapshot Postfix-2.2-20050117 ======================================================= Only the deferred and defer queue directories are hashed by default, instead of eight queue directories. With modern file systems, this speeds up Postfix boot time without compromising performance under high load too much. Hashing is now turned on only for the defer and deferred queue directories, because those contain lots of mail when undeliverable mail is backing up. The SMTP server now requires that IPv6 addresses in SMTP commands are specified as [ipv6:ipv6address], as described in RFC 2821. Incompatible changes with snapshot Postfix-2.2-20050111+IPV6 ============================================================ Postfix version 2.2 IP version 6 support is based on the Postfix/IPv6 patch by Dean Strik, but differs in a few minor ways. - Network protocol support including DNS lookup is selected with the inet_protocols parameter instead of the inet_interfaces parameter. This is needed so that Postfix will not attempt to deliver mail via IPv6 when the system has no IPv6 connectivity. - The lmtp_bind_address6 feature was omitted. The Postfix LMTP client will be absorbed into the SMTP client, so there is no reason to keep adding features to the LMTP client. - The cidr-based address matching code was rewritten. The new behavior is believed to be closer to expectation. The results may be incompatible with that of the Postfix/IPv6 patch. Major changes with snapshot Postfix-2.2-20050111+IPV6 ===================================================== Postfix version 2.2 IP version 6 support based on the Postfix/IPv6 patch by Dean Strik and others. IP version 6 support is selected in main.cf; it is not selected at compile time as with TLS or SASL. IP version 6 support is always compiled into Postfix on systems that have Postfix compatible IP version 6 support. On other systems Postfix will simply use IP version 4 just like it did before. See the IPV6_README document for what systems are supported, and how to turn on IPv6 in main.cf. Incompatible changes with snapshot Postfix-2.2-20041210+TLS =========================================================== Postfix version 2.2 TLS support is based on the Postfix/TLS patch by Lutz Jaenicke, but differs in a few minor ways. - main.cf: Use btree instead of sdbm for TLS session cache databases. Session caches are now accessed only by the tlsmgr(8) process, so there are no more concurrency issues. Although Postfix still has an sdbm client, the sdbm library (1000 lines of code) is no longer included with Postfix/TLS. TLS session caches can use any database that can store objects of several kbytes or more, and that implements the sequence operation. In most cases, btree databases should be adequate. NOTE: You cannot use dbm databases. TLS session objects are too large. - master.cf: Specify unix instead of fifo as the tlsmgr service type. The smtp(8) and smtpd(8) processes now use a client-server protocol in order to access the tlsmgr(8)'s pseudo-random number generation (PRNG) pool, and in order to access the TLS session cache databases. Such a protocol cannot be run across fifos. Major changes with snapshot Postfix-2.2-20041210+TLS ===================================================== TLS support based on the Postfix/TLS patch by Lutz Jaenicke. This is not compiled in by default. To build Postfix with TLS support, see the TLS_README document. Major changes with snapshot Postfix-2.2-20041218 ================================================ Fine control for SMTP inter-operability problems, by discarding keywords sent or received with the EHLO handshake. Typically one would discard "pipelining", "starttls", or "auth". Specify a list of EHLO keywords with the smtp(d)_discard_ehlo_keywords parameters, or specify one or more lookup tables, indexed by remote network address, with the smtp(d)_discard_ehlo_keyword_address_maps parameters. Note: this only discards words from the EHLO conversation; it does not turn off the actual features in the SMTP server. More client attributes for delivery to command with the local(8) and pipe(8) delivery agents: client_hostname, client_address, client_protocol, client_helo, sasl_method, sasl_sender, and sasl_username. With local(8), attribute names must be specified in upper case. Major changes with snapshot Postfix-2.2-20041210 ================================================ You can now dump an entire database with the new postmap/postalias "-s" option. This works only for database types with Postfix sequence operator support: hash, btree, dbm, and sdbm. Major changes with snapshot Postfix-2.2-20041208 ================================================ Support for CDB databases by Michael Tokarev. This supports both Michael's tinycdb and Daniel Bernstein's cdb implementations, but neither of the two implementations is bundled with Postfix. Incompatible changes with snapshot Postfix-2.2-20041118 ======================================================= You must restart Postfix, because the master-child protocol has changed. Postfix will log warnings about partial status updates if you forget to restart the master. Major changes with snapshot Postfix-2.2-20041118 ================================================ New "smtpd_end_of_data_restrictions" feature that is invoked after the client terminates the SMTP DATA command. The syntax is the same as with "smtpd_data_restrictions", but the message size is the actual byte count of the message content. Incompatible changes with snapshot Postfix-2.2-20041030 ======================================================= The SMTP session cache is renamed to connection cache, to avoid confusion with the TLS session cache. Thus, all session_cache_mumble parameters are now called connection_cache_mumble. Incompatible changes with snapshot Postfix-2.2-20041023 ======================================================= You must reload or stop/start Postfix, because the queue manager to delivery agent protocol has changed. If you forget this, mail will remain queued until the queue manager is restarted. Support for the non-standard Errors-To: return addresses is removed. It was already disabled by default with Postfix version 2.1. Since Errors-To: is non-standard, there was no guarantee that it would have effect with other MTAs. Major changes with snapshot Postfix-2.2-20041023 ================================================ The NIS+ client by Geoff Gibbs is now part of the Postfix source tree. Details are given in the nisplus_table(5) manual page. By default, Postfix no longer appends its own domain to addresses in message headers from remote clients. Thus, spam from poorly written software no longer looks like it came from a local user. Postfix either does not rewrite remote message headers at all, or it rewrites headers and appends the domain name that is specified with the remote_header_rewrite_domain parameter (like "domain.invalid"). To get the behavior of earlier Postfix versions (always append Postfix's own domain to incomplete addresses in message headers) specify: /etc/postfix/main.cf: local_header_rewrite_clients = static:all Postfix always appends its own domain information to addresses in message headers from Postfix sendmail and from local SMTP clients. By default, Postfix considers an SMTP client local (and thus updates message header addresses with the Postfix's own domain) when the client IP address matches mynetworks, or when the client is SASL or TLS authenticated. If you want to include other clients via a pop-before-smtp table, then you have to specify that via the new local_header_rewrite_clients parameter: /etc/postfix/main.cf: local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, check_address_map hash:/etc/postfix/pop-before-smtp As before, Postfix appends local domain information to envelope addresses (as opposed to header addresses), because an unqualified envelope address is effectively local for the purpose of delivery, and for the purpose of replying to it. Full details are given in ADDRESS_REWRITING_README, and in the postconf(5) manual. For best results, point your browser at the ADDRESS_REWRITING_README.html file and navigate to the section titled "To rewrite or not to rewrite, or to label as invalid". Incompatible changes with snapshot Postfix-2.2-20041009 ======================================================= You must reload or stop/start Postfix, because the queue manager to delivery agent protocol has changed. If you forget this, mail will remain queued until the queue manager is restarted. The smtpd_client_connection_limit_exceptions parameter is renamed to smtpd_client_event_limit_exceptions. Besides connections it now also applies to per-client message rate and recipient rate limits. Major changes with snapshot Postfix-2.2-20041009 ================================================ Per SMTP client message rate and recipient rate limits. These limit the number of MAIL FROM or RCPT TO requests regardless of whether or not Postfix would have accepted them otherwise. The user interface (smtpd_client_message_rate_limit and smtpd_client_recipient_rate_limit) is similar to that of the existing per SMTP client connection rate limit, and the same warnings apply: these features are to be used to stop abuse, and must not be used to regulate legitimate mail. More details can be found in the postconf(5) manual. Incompatible changes with snapshot Postfix-2.2-20040919 ======================================================= This snapshot adds a discard service to the master.cf file. Major changes with snapshot Postfix-2.2-20040919 ================================================ A new discard(8) mail delivery agent that makes throwing away mail easier and more efficient. It's the Postfix equivalent of /dev/null for deliveries. On the input side, Postfix already has a /dev/null equivalent in the form of the DISCARD action in access maps and header_body_checks. Access control for local mail submission, for listing the queue and for flushing the queue. These features are controlled with authorized_submit_users, authorized_mailq_users, and with authorized_flush_users, respectively. The last two controls are always permitted for the super-user and for the mail system owner. More information is in the postconf(5) manual. Incompatible changes with snapshot Postfix-2.2-20040829 ======================================================= When no recipients are specified on the command line or via the -t option, the Postfix sendmail command terminates with status EX_USAGE and produces an error message instead of accepting the mail first and bouncing it later. This gives more direct feedback in case of a common client configuration error. Major changes with snapshot Postfix-2.2-20040827 ================================================ Easier use of the proxymap service with the virtual(8) delivery agent. As of now, the virtual(8) delivery agent will silently open maps directly when they can't be proxied. This means you can now specify "virtual_mailbox_maps = proxy:mysql:whatever" without triggering fatal errors in the virtual(8) delivery agent. Better SMTP client control over the use of SASL mechanisms. New smtp_sasl_mechanism_filter mechanism to shorten the list of SASL mechanisms from a remote server to just those that the local SASL library can actually use. Finer control over canonical mapping with canonical_classes, sender_canonical_classes and recipient_canonical_classes. These specify one or more of envelope_sender, header_sender, envelope_recipient or header_recipient. The default settings are backwards compatible. Incompatible changes with snapshot Postfix-2.2-20040729 ======================================================= SMTP session caching is enabled temporarily when a destination has a high volume of mail in the active queue. To disable, specify "smtp_connection_cache_on_demand = no". Major changes with snapshot Postfix-2.2-20040729 ================================================ Opportunistic SMTP session caching. When a destination has a high volume of mail in the active queue, SMTP session caching is enabled temporarily. This is controlled with a new configuration parameter "smtp_connection_cache_on_demand" (default: yes). Incompatible changes with snapshot Postfix-2.2-20040723 ======================================================= Permanent SMTP session caching is now enabled with the smtp_session_cache_destinations parameter. This requires "bare" domain names without "[]" or TCP port. The change eliminates a syntax conflict between host:port and maptype:mapname, and simplifies the user interface, at the cost of a minor loss of control over what sessions are cached. Major changes with snapshot Postfix-2.2-20040721 ================================================ The session cache manager now logs cache hit and miss statistics every $session_cache_status_update_time seconds (default: 600s). It reports the hit and miss rates for lookups by domain, as well as for lookups by network address. Hit rates for cache lookups by domain will tell you how useful session caching is. Cache lookups by network address will always fail, unless you're sending mail to different domains that share the same MX host. Incompatible changes with snapshot Postfix-2.2-20040720 ======================================================= The default SMTP/LMTP timeouts for sending RSET are reduced to 20s. Major changes with snapshot Postfix-2.2-20040720 ================================================ Selective permanent SMTP session caching. Instead of disconnecting immediately after a mail transaction, the SMTP client can save the open session to a session cache daemon, so that any SMTP client process can use that session for another mail transaction. This feature introduces the scache (session cache) server, which is added to your master.cf file when you upgrade Postfix. *** You need to execute "postfix reload" when upgrading from Postfix *** version 2.1 or later. *** You need to execute "postfix stop" when upgrading from Postfix *** version 2.0 or earlier. Execute "postfix start" when done. Session caching is enabled with the new smtp_connection_cache_destinations parameter. Specify a list of destinations or lookup tables: - if mail is sent without relay host: a domain (the right-hand side of an email address), - if mail is sent via a relay host, the relay host (without [], and without non-default TCP port) that is specified in main.cf or in the transport map, - a /file/name with domains and/or relay hosts, - a type:table with domains and/or relay hosts on the left-hand side; the right-hand side result from type:table lookups is ignored. The following optimizes deliveries to hosts that your machine relays mail to: smtp_connection_cache_destinations = $relay_domains $relayhost A setting that tries to optimize deliveries to problem sites: smtp_connection_cache_destinations = hotmail.com... Cached SMTP sessions are allowed to remain unused for only a limited amount of time (smtp_connection_cache_time_limit, default: 2 seconds). This limits the impact on remote server resources. Specify larger values only with permission from the remote sites. To avoid triggering remote problems, the same SMTP session is used only a limited number of times (smtp_connection_cache_reuse_limit, default: 10). Robustness note: to prevent mail from being delivered to the wrong server, the session caching feature explicitly labels each cached session with destination domain and IP address information. A session cache lookup succeeds only when the correct information is specified. Limitations: - SMTP session caching does not work with TLS (the necessary support for object passivation and re-activation does not exist without closing the connection). - SMTP session caching assumes that SASL credentials are valid for all hostnames or domain names that map onto the same IP address and TCP port. Major changes with snapshot Postfix-2.2-20040621 ================================================ Control over the working directory when executing an external command. With the pipe(8) mailer, specify directory=pathname, and with local(8) specify "command_execution_directory = expression" where "expression" is subject to $home etc. macro expansion. The result of macro expansion is restricted by the set of characters specified with execution_directory_expansion_filter.