An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-2.7.2.html
The stable release Postfix 2.7.2 addresses the defects described
below. These defects are also addressed in the legacy releases
that are still maintained.
Note: Postfix 2.3 and earlier are no longer updated. Support for
Postfix 2.4 will end in 2011.
Defects fixed with Postfix 2.7.2, 2.6.8, 2.5.11, and 2.4.15:
- Postfix no longer automatically appends the system default CA
(certificate authority) certificates, when it reads the CA
certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or
with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party
certificates from getting mail relay permission with the
permit_tls_all_clientcerts feature. Unfortunately, this change
may cause compatibility problems with configurations that rely
on certificate verification for other purposes. To get the old
behavior, specify "tls_append_default_CA = yes".
- A prior fix for compatibility with Postfix < 2.3 was incomplete.
When pipe-to-command delivery fails with a signal, mail is now
correctly deferred, instead of being returned to sender.
- Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1)
connections was fixed by adapting the output buffer size to the
MTU.
- The SMTP server no longer applies the reject_rhsbl_helo feature
to non-domain forms such as network addresses. This would cause
false positives with dbl.spamhaus.org.
- The Postfix SMTP server failed to deliver a "421" response and
hang up the connection after Milter error. Instead, the server
delivered a "503 Access denied" response and left the connection
open, due to some Postfix 1.1 workaround for RFC 2821.
Defects fixed with Postfix 2.7.2:
- The milter_header_checks parser failed to enable any of the actions
that have no effect on message delivery (warn, replace, prepend,
ignore, dunno, and ok).
You can find the updated Postfix versions at the mirrors listed at
http://www.postfix.org/
Wietse
