* TLS
o Support for PKI-less TLS server certificate verification, where
the CA public key or the server certificate is identified via DNSSEC lookup
* LMDB database support
* master
o The master_service_disable parameter value syntax has changed:
use "service/type" instead of "service.type".
* postconf:
o Support for advanced master.cf query and update operations.
This was implemented primarily to support automated system management tools.
o The postconf command produces more warnings
* relay safety
New smtpd_relay_restrictions parameter built-in default settings:
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
defer_unauth_destination
* postscreen whitelisting
Allow a remote SMTP client to skip postscreen(8) tests based on
its postscreen_dnsbl_sites score.
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=180
* tls support:
Support to turn off the TLSv1.1 and TLSv1.2 protocols:
To temporarily turn off problematic protocols globally:
/etc/postfix/main.cf:
smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
However, it may be better to temporarily turn off problematic
protocols for broken sites only:
/etc/postfix/main.cf:
smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
/etc/postfix/tls_policy:
example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
* 20111012 To simplify integration with third-party
applications, the Postfix sendmail command now always transforms
all input lines ending in <CR><LF> into UNIX format (lines ending
in <LF>). Specify "sendmail_fix_line_endings = strict" to restore
historical Postfix behavior (i.e. convert all input lines ending
in <CR><LF> only if the first line ends in <CR><LF>).
* 20120114 Logfile-based alerting systems may need to be
updated to look for "error" messages in addition to "fatal" messages.
Specify "daemon_table_open_error_is_fatal = yes" to get the historical
behavior (immediate termination with "fatal" message).
* enable_long_queue_ids Postfix 2.9 introduces support for non-repeating queue IDs (also
used as queue file names). These names are encoded in a mix of upper
case, lower case and decimal digit characters. Long queue IDs are
disabled by default to avoid breaking tools that parse logfiles and
that expect queue IDs with the smaller [A-F0-9] character set.
* 20111209 memcache lookup and update support. This provides
a way to share postscreen(8) or verify(8) caches between Postfix
OBS-URL: https://build.opensuse.org/package/show/server:mail/postfix?expand=0&rev=154
