After almost a year of development, The launch ofand the new stable version of Postfix 3.10, marking a significant advance and above all the end of support for branch 3.6, which had been available since early 2021.
For those who do not know Postfix, you should know that this is an open source email server and is one of the few projects that combine high security, reliability and performance at the same time. Its modular architecture allows different components to handle specific tasks, optimizing performance and resource management.
Postfix 3.10 Top New Features
With the release of this new version of Postfix 3.10, Now you can use the algorithms cryptographic resistant to quantum computing attacks in their TLS connections. However, These algorithms depend on OpenSSL 3.5, a version that is still under development. For its implementation, instead of introducing a new configuration syntax in Postfix, it has been decided to take advantage of the existing OpenSSL configuration with the tls_eecdh_auto_curves parameters y tls_ffdhe_auto_groups.
Another of the changes that stands out in Postfix 3.10 is the support for the “TLS-Required: no” header. Adding support for this header to email messages ensures that the message is delivered even if the specified TLS security policy cannot be applied.
If the header is present, Postfix operates in mode smtp_tls_security_level = may, which means that Server certificate not verified and, if necessary, an unencrypted connection is allowed. In future versions, full implementation of the extension is planned. SMTP REQUIREMENTS, which will provide greater control over the security of encryption in mail transport.
In addition to that, TLS-RPT support has been added, a protocol that allows rTrack email delivery failures when an encrypted connection as defined by DNS-based Authentication of Named Entities or MTA Strict Transport Security fails
On the privacy improvements side, the option has been added smtpd_hide_client_session = yes, which allows the client session information to be omitted when the SMTP server modifies the "Received» in incoming emails.
As for improvements for those using MySQL or PostgreSQ databases, in this new release, when Postfix connects to a database using mysql: or pgsql: and only one server is specified, it is now treated as a load balancer. If the connection fails, an immediate retry is performed, instead of waiting 60 seconds as in previous versions.
Of the other changes that stand out of this new version:
- Postfix now supports MIME encoding of names in headers «From:", avoiding the use of SMTPUTF8, which is not widely supported by all applications.
- To define the original encoding of the names, the new parameter has been introduced full_name_encoding_charset, which by default is set to UTF-8.
- Milter now logs the specific reason why a message is quarantined:
If the quarantine action was requested by a Milter application, Postfix will log the reason provided by the application.
If the quarantine action was requested with the parameter setting «milter_default_action» or with a property «default_action» by Milter, postfix will log «default_action«. - The SMTP server may generate a queue identifier or NOQUEUE when the connection ends due to timeout, interruption, or excessive errors.
- Dovecot SASL Client now includes detailed information about authentication errors, showing the exact mechanism that failed.
- The cleanup server now logs “queueid: canceled» When a message transaction is started, but not completed. This provides a clear signal to log file collection tools.
- The Postfix SMTP server 'reject' log now shows sasl_method, sasl_username and sasl_sender if available.
Finally, if you are interested in knowing more about it, you can consult the details in the following linkAs for those interested in obtaining the new version, they can do so from the following link