n-line version of this announcement will be available at
https://www.postfix.org/announcements/postfix-3.10.5.html]
Fixes for Postfix 3.10 only:
* Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: support for "TLS-Required: no" broke client-side
TLS wrappermode support, by downgrading a connection to TLS
security level 'may'.
The fix changes the downgrade level for wrappermode connections
to 'encrypt'. Rationale: by design, TLS can be optional only
for connections that use STARTTLS. The downgrade to unauthenticated
'encrypt' allows a sender to avoid an email delivery problem.
Problem reported by Joshua Tyler Cochran.
* New logging: the Postfix SMTP client will log a warning when
an MX hostname does not match STS policy MX patterns, with
"smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with
TLSRPT support enabled in a TLS policy plugin. It will log a
successful match only when verbose logging is enabled.
* Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP
client null pointer crash when an STS policy plugin sends no
policy_string or no mx_pattern attributes. This can happen only
during tests with a fake STS plugin.
Fixes for Postfix 3.10, 3.9, 3.8, 3.7:
* Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault
when a duplicate parameter name is given to "postconf -X" or
"postconf -#'.
* Documentation: removed incorrect text from the parameter
description for smtp_cname_overrides_servername. File:
proto/postconf.proto.
You can find the updated Postfix source code at the mirrors
listed at https://www.postfix.org/.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
