This is the Postfix 3.2 (stable) release.

The stable Postfix release is called postfix-3.2.x where 3=major
release number, 2=minor release number, x=patchlevel.  The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day).  Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 3.0 or earlier, read RELEASE_NOTES-3.1
before proceeding.

Runtime detection of DNSSEC support
-----------------------------------

The Postfix build system will no longer automatically disable DNSSEC
support when it determines that Postfix will use libc-musl. This removes
the earlier libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12,
and 3.5.2.

Now, when a Postfix process requests DNSSEC support (typically, for
Postfix DANE support), the process may do a runtime test to determine if
DNSSEC validation is available. DNSSEC support may be broken because of
local configuration, libc incompatibility, or other infrastructure issues.

Background: DNSSEC validation is needed for Postfix DANE support;
this ensures that Postfix receives TLSA records with secure TLS
server certificate info. When DNSSEC validation is unavailable,
mail deliveries using opportunistic DANE will not be protected by
server certificate info in TLSA records, and mail deliveries using
mandatory DANE will not be made at all.

The dnssec_probe parameter specifies the DNS query type (default:
"ns") and DNS query name (default: ".") that Postfix may use to
determine whether DNSSEC validation is available. Specify an empty
value to disable this feature.

By default, a Postfix process will send a DNSSEC probe after 1) the
process made a DNS query that requested DNSSEC validation, 2) the
process did not receive a DNSSEC validated response to this query
or to an earlier query, and 3) the process did not already send a
DNSSEC probe.

When the DNSSEC probe has no response, or when the response is not
DNSSEC validated, Postfix logs a warning that DNSSEC validation may
be unavailable. Examples:

warning: DNSSEC validation may be unavailable
warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC validated
warning: reason: dnssec_probe 'ns:.' received no response: Server failure

This feature was backported from Postfix 3.6.

libc-musl workaround for Postfix 3.2.15, 3.3.10, 3.4.12, and 3.5.2
------------------------------------------------------------------

Security: this release disables DANE support on Linux systems with
libc-musl, because libc-musl provides no indication whether DNS
responses are authentic. This broke DANE support without a clear
explanation.

TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13
-----------------------------------------------------------

This release introduces a workaround for implementations that hang
Postfix while shutting down a TLS session, until Postfix times out.
With "tls_fast_shutdown_enable = yes" (the default), Postfix no
longer waits for a remote TLS peer to respond to a TLS 'close'
request. This behavior is recommended with TLSv1.0 and later. Specify
"tls_fast_shutdown_enable = no" to get historical Postfix behavior.

License change with Postfix 3.2.5
---------------------------------

Starting with Postfix 3.2.5, this software is distributed with a
dual license: in addition to the historical IBM Public License 1.0,
it is now also distributed with the more recent Eclipse Public
License 2.0. Recipients can choose to take the software under the
license of their choice. Those who are more comfortable with the
IPL can continue with that license.

Invisible changes
-----------------

In addition to the visible changes described below, there is an
ongoing overhaul of low-level code. With each change come updated
tests to ensure that future changes will not 'break' compatibility
with past behavior.

Major changes - address mapping
-------------------------------

[Feature 20170128] Postfix 3.2 fixes the handling of address
extensions with email addresses that contain spaces. For example,
the virtual_alias_maps, canonical_maps, and smtp_generic_maps
features now correctly propagate an address extension from "aa
bb+ext"@example.com to "cc dd+ext"@other.example, instead of
producing broken output.

Major changes - header/body_checks
----------------------------------

[Feature 20161008] "PASS" and "STRIP" actions in header/body_checks.
"STRIP" is similar to "IGNORE" but also logs the action, and "PASS"
disables header, body, and Milter inspection for the remainder of
the message content.  Contributed by Hobbit.

Major changes - log analysis
----------------------------

[Feature 20160330] The collate.pl script by Viktor Dukhovni for
grouping Postfix logfile records into "sessions" based on queue ID
and process ID information. It's in the auxiliary/collate directory
of the Postfix source tree.

Major changes - maps support
----------------------------

[Feature 20160527] Postfix 3.2 cidr tables support if/endif and
negation (by prepending ! to a pattern), just like regexp and pcre
tables.  The primarily purpose is to improve readability of complex
tables. See the cidr_table(5) manpage for syntax details.

[Incompat 20160925] In the Postfix MySQL database client, the default
option_group value has changed to "client", to enable reading of
"client" option group settings in the MySQL options file. This fixes
a "not found" problem with Postfix queries that contain UTF8-encoded
non-ASCII text.  Specify an empty option_group value (option_group
=) to get backwards-compatible behavior.

[Feature 20161217] Stored-procedure support for MySQL databases.
Contributed by John Fawcett. See mysql_table(5) for instructions.

[Feature 20170128] The postmap command, and the inline: and texthash:
maps now support spaces in left-hand field of the lookup table
"source text". Use double quotes (") around a left-hand field that
contains spaces, and use backslash (\) to protect embedded quotes
in a left-hand field. There is no change in the processing of the
right-hand field.

Major changes - milter support
------------------------------

[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).

[Feature 20161024] smtpd_milter_maps support for per-client Milter
configuration that overrides smtpd_milters, and that has the same
syntax. A lookup result of "DISABLE" turns off Milter support. See
MILTER_README.html for details.

Major changes - policy delegation
---------------------------------

[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).

Major changes - postqueue
-------------------------

[Incompat 20170129] The postqueue command no longer forces all
message arrival times to be reported in UTC. To get the old behavior,
set TZ=UTC in main.cf:import_environment (this override is not
recommended, as it affects all Postfix utities and daemons).

Major changes - safety
----------------------

[Incompat 20161227] For safety reasons, the sendmail -C option must
specify an authorized directory: the default configuration directory,
a directory that is listed in the default main.cf file with
alternate_config_directories or multi_instance_directories, or the
command must be invoked with root privileges (UID 0 and EUID 0).
This mitigates a recurring problem with the PHP mail() function.

Major changes - sasl
--------------------

[Feature 20160625] The Postfix SMTP server now passes remote client
and local server network address and port information to the Cyrus
SASL library. Build with ``make makefiles "CCARGS=$CCARGS
-DNO_IP_CYRUS_SASL_AUTH"'' for backwards compatibility.

Major changes - smtputf8
------------------------

[Feature 20161103] Postfix 3.2 disables the 'transitional' compatibility
between the IDNA2003 and IDNA2008 standards for internationalized
domain names (domain names beyond the limits of US-ASCII).

This change makes Postfix behavior consistent with contemporary web
browsers. It affects the handling of some corner cases such as
German sz and Greek zeta. See http://unicode.org/cldr/utility/idna.jsp
for more examples.

Specify "enable_idna2003_compatibility = yes" to restore historical
behavior (but keep in mind that the rest of the world may not make
that same choice).

Major changes - tls
-------------------

[Feature 20160828] Fixes for deprecated OpenSSL 1.1.0 API features,
so that Postfix will build without depending on backwards-compatibility
support.

[Incompat 20161204] Postfix 3.2 removes tentative features that
were implemented before the DANE spec was finalized:

- Support for certificate usage PKIX-EE(1),

- The ability to disable digest agility (Postfix now behaves as if
  "tls_dane_digest_agility = on"), and

- The ability to disable support for "TLSA 2 [01] [12]" records
  that specify the digest of a trust anchor (Postfix now behaves
  as if "tls_dane_trust_anchor_digest_enable = yes).

[Feature 20161217] Postfix 3.2 enables elliptic curve negotiation
with OpenSSL >= 1.0.2.  This changes the default smtpd_tls_eecdh_grade
setting to "auto", and introduces a new parameter tls_eecdh_auto_curves
with the names of curves that may be negotiated.

The default tls_eecdh_auto_curves setting is determined at compile
time, and depends on the Postfix and OpenSSL versions.  At runtime,
Postfix will skip curve names that aren't supported by the OpenSSL
library.

Major changes - xclient
-----------------------

[Feature 20160611] The Postfix SMTP server local IP address and
port are available in the policy delegation protocol (attribute
names: server_address, server_port), in the Milter protocol (macro
names: {daemon_addr}, {daemon_port}), and in the XCLIENT protocol
(attribute names: DESTADDR, DESTPORT).