Release Notes: A high load of DSN success notification requests could slow down the queue manager, which is now worked around by making the trace client asynchronous, just like the bounce and defer clients. The local delivery agent ignored table lookup errors in mailbox_command_maps, mailbox_transport_maps, fallback_transport_maps, and alias owner lookup, which is now fixed. Both RHSBL and RHSWL queries for names ending in a numerical suffix are now skipped. The Postfix Milter client reported a temporary error instead of "file too large" in three cases. Linux kernel version 3 support has been added.
Release Notes: This release contains a fix for CVE-2011-0411, which allows plain text command injection with SMTP sessions over TLS. This defect was introduced with Postfix version 2.2. The same flaw exists in other implementations of the STARTTLS command.
Release Notes: Postfix no longer automatically appends the system default CA certificates. When pipe-to-command delivery fails with a signal, mail is now correctly deferred, instead of being returned to sender. Poor `smtpd_proxy_filter` TCP performance over loopback (127.0.0.1) connections was fixed by adapting the output buffer size to the MTU. The SMTP server no longer applies the `reject_rhsbl_helo` feature to non-domain forms such as network addresses. The Postfix SMTP server failed to deliver a "421" response and hang up the connection after Milter error.
Release Notes: This version fixes problems such as a milter application hang, a core dump related to malformed error messages in LDAP, MySQL, or PostgreSQL lookup table configurations, a stuck-in-queue problem for mail with zero recipients, invalid host rejections for hostnames such as 1-2-3-4, and a problem with the VRFY command.
Release Notes: The installation/upgrade procedure did not automatically create the data_directory. In the "new queue manager", the _destination_rate_delay code needed to postpone the job scheduler updates after delivery completion, otherwise the scheduler could loop on blocked jobs. The queue manager used <transport>_concurrency_failed_cohort_limit instead of <transport>_destination_concurrency_failed_cohort_limit as documented. The SMTP client disabled MIME parsing despite non-empty settings for smtp_header_checks, smtp_mime_header_checks, smtp_nested_header_checks, or smtp_body_checks.
Release Notes: The SMTP server did not ask for a client certificate with "smtpd_tls_req_ccert = yes". Reduced TCP performance is avoided when reusing an SMTP connection with a larger than 4096-byte TCP MSS value.
Release Notes: CN comment strings are now null-terminated after sanitization. "Bad address pattern" errors with non-address patterns in namadr_list_match() calls are avoided. A "cleanup -v" panic has been fixed that occurred because the new "SMTP reply" request flag did not have a printable name. Using "Before-queue content filter", RFC3848 information was not added to the headers. A poorly-implemented integer overflow check for TCP MSS calculation had the unexpected effect that people broke Postfix on LP64 systems. Delivery is deferred when a mailbox file is not owned by the recipient.
Release Notes: The Postfix 2.5 "postfix upgrade-configuration" command now works even with Postfix 2.4 or earlier versions of the postfix command. When installing Postfix 2.5.0 without upgrading from an existing master.cf file, the new master.cf file had an incorrect process limit for the proxywrite service. This service is used only by the obscure "smtp_sasl_auth_cache_name" and "lmtp_sasl_auth_cache_name" configuration parameters. Someone needed multi-line support for header/body Milter replies. The LDAP client's TLS support was broken in several ways.
Release Notes: TLS (SSL) support was streamlined further. Milter support was updated from the Sendmail 8.13 feature set and now includes most of the features introduced with Sendmail 8.14. Stress-adaptive configuration was introduced. This allows the Postfix SMTP server to temporarily adjust its rules under conditions of overload. The queue manager scheduler now provides per-transport scheduling controls and allows for adjustment of the sensitivity to mail delivery (non-)errors. Security was improved by introducing a Postfix-owned data_directory for storage of randomness, caches, and other non-queue data.