[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.6.html]
Fixes for Postfix 3.10 only:
Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: Support for
"TLS-Required: no" broke client-side TLS wrappermode support, by
downgrading a connection to TLS security level 'may'.
The fix
changes the downgrade level for wrappermode connections to 'encrypt'.
Rationale: by design, TLS can be optional only for connections that
use STARTTLS. The downgrade to unauthenticated 'encrypt' allows a
sender to avoid an email delivery problem. Problem reported by
Joshua Tyler Cochran.
New logging: the Postfix SMTP client will log a warning when an MX hostname does not match STS policy MX patterns, with "smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with TLSRPT support enabled in a TLS policy plugin. It will log a successful match only when verbose logging is enabled.
Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP client null pointer crash when an STS policy plugin sends no policy_string or no mx_pattern attributes. This can happen only during tests with a fake STS plugin.
Fixes for Postfix 3.10, 3.9, 3.8, 3.7:
Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault when a duplicate parameter name is given to "postconf -X" or "postconf -#'.
Documentation: removed incorrect text from the parameter description for smtp_cname_overrides_servername. File: proto/postconf.proto.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.