After 10 months of development Release of the new stable branch of the mail server postfix – 3.7.0 . At the same time, it was announced that the postfix 3.3 branch support was announced, released in early 2018. PostFix is one of the rare projects that combine high safety, reliability and performance, which managed to achieve thanks to the well-thought-out architecture and enough hard politics Code and audit patches. The project code extends under EPL 2.0 licenses (Eclipse Public License) and IPL 1.0 (IBM Public License).
In accordance with January an automated survey about 500 thousand mail servers, PostFix is used on 34.08% (a year ago 33.66%) mail servers,
Exim share is 58.95% (59.14%), Sendmail – 3.58% (3.6%), Mailanable – 1.99% (2.02%), MDaemon – 0.52% (0.60%), Microsoft Exchange – 0.26% (0.32%), OpenSMTPD – 0.06 % (0.05%).
Basic innovations :
- The possibility of inserts at the location of the contents of small tables “CIDR:”, “PCRE:” and “REGEXP:” within the values of the POSTFIX configuration parameters, without connecting external files or databases. The substitution on the place is determined using curly brackets, for example, the default value of the SMTPD_FORBIDDEN_COMMANDS parameter now contains a string “Connect Get POST REGEXP: {{/ ^ [^ A-Z] / THRASH}}”, which reset connections from customers sending trash instead of teams. General syntax: /etc/postfix/main.cf: parameter = .. Map-Type: {{rule-1}, {rule-2} ..} .. /etc/postfix/master.cf: .. -o {Parameter = .. Map type: {{rule-1}, {rule-2} ..} ..} ..
- POSTLOG handler is now equipped with the Set-GID flag and when it changes, performs operations with the privileges of the PostDrop group, which allows it to be used by its unprivileged programs to record logs through the postLogD background process, which allows you to increase the MailLog_File configuration flexibility and implement the stdout logging from Container.
- Added support for OpenSSL 3.0.0 libraries, PCRE2 and Berkeley DB 18.
- Added protection against attacks to determine the collisions in the hash method by the method of keys. Protection is implemented through randomization of the initial state of hash tables stored in RAM. Currently, there is only one way to conduct such attacks associated with the search for IPv6-addresses of SMTP clients in the ANVIL service and requires the installation of hundreds of short-term connections per second during cyclical passage of thousands of different client IP addresses.
- Protection from external clients and servers is strengthened, very slowly by bit transmitting data to hold SMTP and LMTP compounds (for example, to block work through the creation of the limit exhaustion conditions for the number of established connections). Instead of time constraints in binding to records, a restriction is now applied in binding to requests, as well as a limit of the minimum possible data transmission intensity.