This is the Postfix 3.4 (experimental) release. The stable Postfix release is called postfix-3.3.x where 3=major release number, 3=minor release number, x=patchlevel. The stable release never changes except for patches that address bugs or emergencies. Patches change the patchlevel and the release date. New features are developed in snapshot releases. These are called postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year, mm=month, dd=day). Patches are never issued for snapshot releases; instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3 before proceeding. License change --------------- This software is distributed with a dual license: in addition to the historical IBM Public License 1.0, it is now also distributed with the more recent Eclipse Public License 2.0. Recipients can choose to take the software under the license of their choice. Those who are more comfortable with the IPL can continue with that license. Incompatble change with snapshot 20180701 ========================================= To avoid performance loss under load, the tlsproxy(8) daemon now requires a zero process limit in master.cf (this setting is provided with the default master.cf file). As tlsproxy(8) processes become too busy handling TLS connections, more processes will automatically be added. By default, a tlsproxy(8) process will retire after several hours. To set the tlsproxy process limit to zero: # postconf -F tlsproxy/unix/process_limit=0 # postfix reload Major changes with snapshot 20180617 ==================================== Preliminary Postfix SMTP client support for multiple deliveries per TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries. This feature is enabled with "smtp_tls_connection_reuse=yes" in main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps. It supports all Postfix TLS security levels including dane and dane-only. The implementation of TLS connection reuse relies on the same scache(8) service as used for delivering plaintext SMTP mail, the same tlsproxy(8) daemon as used by the postscreen(8) service for inbound connections, and relies on the same hints from the qmgr(8) daemon. It reuses the configuration parameters described in CONNECTION_CACHE_README. The following illustrates how TLS connections are reused: Initial plaintext SMTP handshake: smtp(8) -> remote SMTP server Reused SMTP/TLS connection, or new SMTP/TLS connection: smtp(8) -> tlsproxy(8) -> remote SMTP server Cached SMTP/TLS connection: scache(8) -> tlsproxy(8) -> remote SMTP server There are a few refinements planned: - Log the TLS properties every time a connection is reused. Currently, the properties are logged when a TLS session is created.