POSTFIX 3.6.0 Mail Server Release

After the year of development took place Release of the new stable branch of the mail server postfix – 3.6.0 . At the same time, it is announced to stop supporting Postfix 3.2 branch, released in early 2017. Postfix is ​​one of the rare projects that combine high safety, reliability and performance, which managed to achieve thanks to the thoughtful architecture and enough hard politics Code and audit patches. The project code extends under EPL 2.0 licenses (Eclipse Public License) and IPL 1.0 (IBM Public License).

In accordance with April automated survey About 600 thousand mail servers, PostFix is ​​used on 33.66% (a year ago 34.29%) mail servers,
Exim share is 59.14% (57.77%), Sendmail – 3.6% (3.83%), Mailanable – 2.02% (2.12%), MDaemon – 0.60% (0.77%), Microsoft Exchange – 0.32% (0.47%).

Basic innovations :

  • Due to the change in the internal protocols used to interact between PostFix components, you must stop the mail server to stop the “PostFix Stop” command. Otherwise, failures can be observed when interacting with Pickup, QMGR, Verify, TlsProxy and PostScreen processes, which can lead to sending letters before restarting PostFix.
  • Cleaning the mentions of the words “White” and “Black”, perceived by some community representatives as racial discrimination. Instead of “Whitelist” and “BlackList”, you should now use “ALLOWLIST” and “DENYLIST” (for example, parameters postscreen_allowlist_interfaces, postscreen_denylist_action and postscreen_dnsbl_allowlist_threshold). Changes affect documentation, setting the PostScreen process (built-in firewall) and reflection of information in the logs. PostFix / PostScreen [PID]: ALLOWLIST VETO [address]: port postfix / postscreen [PID]: ALLOWLISTED [address]: port postfix / postscreen [PID]: Denylisted [address]: port

    To save the previous terms in the logs provided The parameter “Respectful_Logging = No”, which should be specified in main.cf before “compatibility_level = 3.6”. Support for old names POSTSCREEN settings is saved to ensure backward compatibility. Also, the configuration file “Master.cf” remains unchanged.

  • In “Compatibility_Level = 3.6” mode, the default is to use the SHA256 hash function instead of MD5. When setting an earlier version, MD5 continues to be applied in the Compatibility_Level parameter, but for the use of hash settings, in which the algorithm is clearly not defined, a warning will be displayed in the log. The support of the export version of the exchange protocol Diffi Helmana
/Media reports.