Postfix

Postfix no longer automatically appends the system default CA certificates. When pipe-to-command delivery fails with a signal, mail is now correctly deferred, instead of being returned to sender. Poor `smtpd_proxy_filter` TCP performance over loopback (127.0.0.1) connections was fixed by adapting the output buffer size to the MTU. The SMTP server no longer applies the `reject_rhsbl_helo` feature to non-domain forms such as network addresses. The Postfix SMTP server failed to deliver a "421" response and hang up the connection after Milter error.

A problem where the Postfix SMTP client did not skip "unknown" SMTP client attributes, causing a syntax error when sending an "unknown" client PORT attribute was fixed. Postfix will now skip LDAP queries with non-ASCII search strings, instead of failing with a database lookup error. A warning is now logged when a matchlist has a #comment at the end of a line (for example mynetworks or relay_domains).

The Postfix Milter client would be out of step with a Milter application after the application sent a "quarantine" request at end-of-message time. The Milter application would still be in the end-of-message state, while Postfix would already be working on the next SMTP event, typically QUIT or MAIL FROM. In the latter case, Milter responses for the previously-received email message would be applied towards the next MAIL FROM transaction. The Postfix SMTP server would abort with an "unexpected lookup table" error when an SMTPD policy server was mis-configured in a particular way.

This stable release fixes a defect in SASL support. With plaintext SMTP sessions and smtpd_tls_auth_only=yes and smtp_sasl_auth_enable=yes, the SMTP server logged warnings for reject_*_sender_login_mismatch, instead of enforcing them.

This stable release fixes one defect in Milter support.