[PATCH] postfix: Update to version 3.10.6

Tue, 02 Dec 2025 03:58:12 -0800 

- Update from version 3.10.4 to 3.10.6
- No change to rootfile
- Changelog
    3.10.6
      Bugfix (defect introduced: Postfix 3.10, date: 20250117). Symptom: 
warning messages
        that smtp_tls_wrappermode requires "smtp_tls_security_level = encrypt".
        Root cause: Support for "TLS-Required: no" broke client-side TLS 
wrappermode
        support, by downgrading a connection to TLS security level 'may'.
        The fix changes the downgrade level for wrappermode connections to 
'encrypt'.
        Rationale: by design, TLS can be optional only for connections that use
        STARTTLS. The downgrade to unauthenticated 'encrypt' allows a sender to 
avoid
        an email delivery problem. Problem reported by Joshua Tyler Cochran.
      New logging: the Postfix SMTP client will log a warning when an MX 
hostname does
        not match STS policy MX patterns, with 
"smtp_tls_enforce_sts_mx_patterns = yes"
        in Postfix, and with TLSRPT support enabled in a TLS policy plugin. It 
will log
        a successful match only when verbose logging is enabled.
      Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP client 
null pointer
        crash when an STS policy plugin sends no policy_string or no mx_pattern
        attributes. This can happen only during tests with a fake STS plugin.
      Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault when a 
duplicate
        parameter name is given to "postconf -X" or "postconf -#'.
      Documentation: removed incorrect text from the parameter description for
        smtp_cname_overrides_servername. File: proto/postconf.proto.
    3.10.5
      Workaround for an interface mis-match between the Postfix SMTP client and 
MTA-STS
        policy plugins.
              The existing behavior is to connect to any MX host listed in DNS, 
and
                to match the server certificate against any STS policy MX host 
pattern.
              The corrected behavior is to connect to an MX host only if its 
name
                matches any STS policy MX host pattern, and to match the server
                certificate against the MX hostname.
        The corrected behavior must be enabled in two places: in Postfix with a 
new
        parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in an
        MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards 
STS
        policy attributes to Postfix. This works even if Postfix TLSRPT support 
is
        disabled at build time or at runtime.
      TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found", 
pretend
        that the TLSRPT policy domain value is equal to the recipient domain. 
This
        ignores that different policy types (TLSA, STS) use different policy 
domains.
        But this is what Microsoft does, and therefore, what other tools expect.
      Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's 
connection
        reuse logic did not distinguish between sessions that require SMTPUTF8
        support, and sessions that do not. The solution is 1) to store sessions 
with
        different SMTPUTF8 requirements under distinct connection cache storage 
keys,
        and 2) to not cache a connection when SMTPUTF8 is required but the 
server does
        not support that feature.
      Bugfix (defect introduced: Postfix 3.0, date 20140731): the smtpd 
'disconnect'
        command statistics did not count commands with "bad syntax" and
        "bad UTF-8 syntax" errors.
      Bugfix: the August 2025 patch broke DBM library support which is still 
needed on
        Solaris; and the same change could result in warnings with
        "database X is older than source file Y".
      Postfix 3.11 forward compatibility: to avoid ugly warnings when Postfix 
3.11 is
        rolled back to an older version, allow a preliminary 'size' record in 
maildrop
        queue files created with Postfix 3.11 or later.
      Bugfix (defect introduced: Postfix 3.8, date 20220128): non-reproducible 
build,
        because the 'postconf -e' output order for new main.cf entries was no 
longer
        deterministic. Problem reported by Oleksandr Natalenko, diagnosis by 
Eray Aslan.
      To make builds predictable, add missing meta_directory and shlib_directory
        settings to the stock main.cf file. Problem diagnosed by Eray Aslan.
      Bugfix (defect introduced: Postfix 3.9, date 20230517): posttls-finger(1) 
logged
        an incorrectly-formatted port number. Viktor Dukhovni.

Signed-off-by: Adolf Belka <[email protected]>
---
 lfs/postfix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lfs/postfix b/lfs/postfix
index 2bc0174d1..a7ff99c4f 100644
--- a/lfs/postfix
+++ b/lfs/postfix
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = A fast, secure, and flexible mailer
 
-VER        = 3.10.4
+VER        = 3.10.6
 
 THISAPP    = postfix-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = postfix
-PAK_VER    = 49
+PAK_VER    = 50
 
 DEPS       =
 
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 
e0a9b3dbd858e9b2bacb137b886ef35a89220caf91da5bcb90de5fd3df7285645deaff6e58f571cdc75966098cf13190b0315690c270b9f3ed69a21e63d2d3ab
+$(DL_FILE)_BLAKE2 = 
ca9f371f15af45c72ee97830d5bfb08b4ef2020409e55b1a99ef20681dfaec86fa7f7f799caa7b6e5757da0ea9ccbd5ac51104244b2e315f3cedb414b3e46451
 
 install : $(TARGET)
 
-- 
2.52.0

Reply via email to