Postfix 3.6.0 comes with inclusive terms, improvements and more

After a year of development, a new stable branch of Postfix 3.6.0 mail server was released and at the same time, support for the Postfix 3.2 branch released in early 2017 was announced.

Postfix is one of the few projects that combine high security, reliability and performance at the same time, which was achieved thanks to a well thought out architecture and a fairly strict coding and patch auditing policy.

Main new features Postfix 3.6.0

In this new version a purge of references to the words "white" and "black" has been carried out, perceived by some members of the community as racial discrimination. Instead of "white list" and "black list", they should now use the following terms "allow list" and "deny list" (for example, the parameters postscreen_allowlist_interfaces, postscreen_denylist_action y postscreen_dnsbl_allowlist_threshold). The changes affect documentation, post-screen processing settings (built-in firewall), and reflection of information in logs.

To preserve the old terms in the records, the parameter «respectful_logging=no', Which must be specified in main.cf  and backward compatibility with older settings has also been retained for backward compatibility reasons. The configuration file "master.cf" has not changed for now either.

Moreover, another of the changes that stands out of this new version is mode compatibility_level=3.6, the default transition was made to use the SHA256 hash function instead of MD5.

When configuring an older version, MD5 continues to apply to the compatibility level parameter, but for settings related to hashing, where the algorithm is not explicitly defined, a warning will be displayed in the log.

Support for the export version of the Diffie-Hellman key exchange protocol has been removed (now the value of the parameter is ignored tlsproxy_tls_dh512_param_file) simplified from problems related to specifying an incorrect driver program in master.cf.

To detect such errors, each internal service, including the postdrop, now announces the protocol name before starting the data exchange, and each client process, including sendmail, verifies that the advertised protocol name matches the supported variant.

As well it is noted that a new type of assignments was added «local_login_sender_maps« for flexible control over the assignment of the sender's envelope address (passed in the "MAIL FROM" command during an SMTP session) to the sendmail and postdrop processes. For example, to allow local users, with the exception of root and postfix, to specify only their logins to sendmail using the binding from UID to name.

DNS defaults use a new API which supports multi-threading (thread safe) by default. To compile with the above API, you must specify when compiling «make makefiles CCARGS="-DNO_RES_NCALLS... «.

Added mode «enable_threaded_bounces=yes»To replace notifications for delivery problems, delayed delivery or delivery confirmation with the same discussion ID (the email client will display the notification in the same thread, along with the rest of the correspondence messages).

By default, the / etc / services system database is no longer used to determine TCP port numbers for SMTP and LMTP. Instead, the port numbers are configured via the known_tcp_ports parameter (default lmtp=24, smtp=25, smtps=submissions=465, submit=587). In case there is a missing service in known_tcp_ports, / etc / services will continue to be used.

The compatibility level ("compatibility_level") has been raised to the value "3.6" (the parameter was changed twice in the past, except 3.6, the values ​​0 (default), 1 and 2 are compatible).

From now on, "compatibility_level" will change to the version number where the changes that break compatibility were made. To check compatibility levels, separate comparison operators have been added to main.cf and master.cf, such as "<= level" and "

Finally it is mentioned that due to changes in internal protocols used for communication between Postfix components, it is necessary to stop the mail server with the command «postfix stop» before updating.

Failure to do so can result in crashes with the pickup, qmgr, verify, tlsproxy, and postscreen processes, which can delay sending emails until Postfix is ​​restarted.

If you want to know more about it, you can check the following link.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.