The stable Postfix release is called postfix-2.8.x where 2=major
release number, 8=minor release number, x=patchlevel.  The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-2.9-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day).  Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 2.7 or earlier, read RELEASE_NOTES-2.8
before proceeding.

Incompatible changes with snapshot 20111218
===========================================

To support external SASL authentication, the Postfix SMTP server
now always checks the smtpd_sender_login_maps table, even without
having "smtpd_sasl_auth_enable = yes" in main.cf.

Major changes with snapshot 20111218
====================================

Support for external SASL authentication via the XCLIENT command.
This is used to accept SASL authentication from an SMTP proxy such
as nginx. This support works even without having to specify
"smtpd_sasl_auth_enable = yes" in main.cf.

Major changes with snapshot 20111213
====================================

Support for a persistent backup database in the memcache client.
The memcache client updates the memcache whenever it looks up or
modifies information in the persistent database.

Support for proxymap-over-tcp (proxy:maptype:mapname@host:port) is
under development.

Elimination of dependencies on the libmemcache library. Postfix
memcache support is now compiled in by default.

Major changes with snapshot 20111209
====================================

memcache lookup and update support. This provides a way to share
postscreen(8) or verify(8) caches between Postfix instances.  The
Postfix memcache client can't be used for security-sensitive
information, and it supports only libmemcache version 1.4.0.  See
MEMCACHE_README and memcache_table(5) for details and limitations.

Incompatible changes with snapshot 20111205
===========================================

Postfix now logs the result of succesful TLS negotiation with TLS
logging levels of 0. See the smtp_tls_loglevel and smtpd_tls_loglevel
descriptions in the postconf(5) manpage for other minor differences.

Major changes with snapshot 20111205
====================================

Support for TLS public key fingerprint matching in the Postfix SMTP
client (in smtp_tls_policy_maps) and server (in check_ccert access
maps).  Public key fingerprints are inherently more specific than
fingerprints over the entire certificate.

Revision of Postfix TLS logging. The main difference is that Postfix
now logs the result of succesful TLS negotiation with TLS logging
levels of 0.  See the smtp_tls_loglevel and smtpd_tls_loglevel
descriptions in the postconf(5) manpage for other minor differences.

Major changes with snapshot 20111203
====================================

Support for time-dependent sender addresses of address verification
probes. The default address, double-bounce, may end up on spammer
blacklists. Although Postfix discards mail for this address, such
mail still uses up network bandwidth and server resources. Specify
an address_verify_sender_ttl value of several hours or more to
frustrate address harvesting.

Major changes with snapshot 20111120
====================================

Eliminated the postconf limitation documented on 20111113 as "lack
of support for per-service parameter name spaces in master.cf,
meaning that "-o user-defined-name=value" always results in an
"unused parameter" warning". This brings the total cost of the
postconf upgrade to some 55 person-hours, 600 lines of code, and
300 lines of comments or documentation.

Major changes with snapshot 20111118
====================================

The "postconf -M" (display master.cf) command now supports filtering.
For example, specify "postconf -M inet" to display only services
that listen on the network.

Incompatible changes with snapshot 20111113
===========================================

The postconf command now logs warnings about unused "name=value"
entries in main.cf, and about unused "-o name=value" entries in
master.cf. Such entries are the result of feature creep in Postfix,
and of mis-typed names. Once the configurations are cleaned up,
Postfix configuration changes will be more robust.

Major changes with snapshot 20111113
====================================

postconf support to warn about unused "name=value" entries in
main.cf, and about unused "-o name=value" entries in master.cf.
This should help to eliminate common errors with mis-typed names.

The only known limitation is lack of support for per-service parameter
name spaces in master.cf, meaning that "-o user-defined-name=value"
always results in an "unused parameter" warning.

This completes an effort that expanded postconf.c by 553 lines of
code that were designed, written, tested and documented (in 250
lines) at the cost of 35 person-hours, spread out over 7 days.

Major changes with snapshot 20111108
====================================

postconf support for parameter names that are generated automatically
from master.cf entries (delivery agents, spawn services), and for
parameter names that are defined with main.cf smtpd_restriction_classes.
This increases the postconf output size with 70 lines or more.

Major changes with snapshot 20111106
====================================

"postconf -M" support to print master.cf entries, and "postconf -f"
support to fold long main.cf or master.cf lines for human readability.

Incompatible changes with snapshot 20111106
===========================================

To work around broken remote SMTP servers, the Postfix SMTP client
by default no longer appends the "AUTH=<>" option to the MAIL FROM
command.  Specify "smtp_send_dummy_mail_auth = yes" to restore the
old behavior.

Incompatible changes with snapshot 20111012
===========================================

For consistency with the SMTP standard, the smtp_line_length_limit
default value was increased from 990 characters to 998 (i.e. 1000
characters including <CR><LF>). Specify "smtp_line_length_limit =
990" to restore historical Postfix behavior.

To simplify integration with third-party applications, the Postfix
sendmail command now always transforms all input lines ending in
<CR><LF> into UNIX format (lines ending in <LF>). Specify
"sendmail_fix_line_endings = strict" to restore historical Postfix
behavior (i.e. convert all input lines ending in <CR><LF> only if
the first line ends in <CR><LF>).

Incompatible changes with snapshot 20110918
===========================================

The following changes were made in default settings, in preparation
for general availability of IPv6:

- The default inet_protocols value is now "all" instead of "ipv4",
  meaning use both IPv4 and IPv6.  As a compatibility workaround
  for sites without global IPv6 connectivity, the commands "make
  upgrade" and "postfix upgrade-configuration" append "inet_protocols
  = ipv4" to main.cf when no explicit inet_protocols setting is
  present.  This workaround will be removed in a future release.

- The default smtp_address_preference value is now "any" instead
  of "ipv6", meaning choose randomly between IPv6 and IPv4. With
  this the Postfix SMTP client will have more success delivering
  mail to sites that have problematic IPv6 configurations.

Incompatible changes with snapshot 20110321
===========================================

You need to "postfix reload" after upgrade from snapshot 20110320.
The hash_queue_names algorithm was changed for better performance
with long queue IDs.

Incompatible changes with snapshot 20110320
===========================================

If you enable support for long queue file names, you need to be
aware that these file names are not compatible with Postfix <= 2.8.
If you must migrate to Postfix <= 2.8, you must first convert all
long queue file names into short names, otherwise the old Postfix
version will complain.

The conversion procedure before migration to Postfix <= 2.8 is:

    # postfix stop
    # postconf enable_long_queue_ids=no
    # postsuper

Run the postsuper command repeatedly until it no longer reports
queue file name changes.

Major changes with snapshot 20110320
====================================

Support for long, non-repeating, queue IDs (queue file names).  The
benefit of non-repeating names is simpler logfile analysis, and
easier queue migration (there is no need to run "postsuper" to
change queue file names that don't match their message file inode
number).

Specify "enable_long_queue_ids = yes" to enable the feature. This
does not change the names of existing queue files. See postconf(5)
or postconf.5.html#enable_long_queue_ids for a detailed description
of the differences with the old short queue IDs.

This changes new Postfix queue IDs from the short form 0FCEE9247A9
into the longer form 3Ps0FS1Zhtz1PFjb, and changes new Message-ID
header values from YYMMDDHHMMSS.queueid@myhostname into the shorter
form queueid@myhostname.

See the note on "Incompatible changes" for a backwards migration
procedure to convert long queue file names into a form that is
compatible with Postfix <= 2.8.

Incompatible changes with snapshot 20110313
===========================================

Use "postfix reload" after "make upgrade" on a running Postfix
system. This is needed because the protocol between postscreen(8)
and dnsblog(8) has changed.

Major changes with snapshot 20110228
====================================

postscreen(8) support to force remote SMTP clients to implement
proper MX lookup policy.  By listening on both primary and backup
MX addresses, postscreen(8) can deny the temporary whitelist status
to clients that connect only to backup MX hosts, and prevent them
from talking to a Postfix SMTP server process.

Example: when 1.2.3.4 is a local backup IP address, specify
"postscreen_whitelist_interfaces = !1.2.3.4 static:all".

Incompatible changes with snapshot 20110219
===========================================

The Postfix SMTP and QMQP servers now log "hostname X does not
resolve to address Y", when a "reverse hostname" lookup result does
not resolve to the client IP address. Until now these servers logged
"Y: hostname X verification failed" or "Y: address not listed for
hostname X" depending on the details of the error.

Major changes with snapshot 20110219
====================================

Postfix now uses long integers for message_size_limit, mailbox_size_limit
and virtual_mailbox_limit. On LP64 systems (64-bit long and pointer,
but 32-bit integer), these limits can now exceed 2GB.

Major changes with snapshot 20110212
====================================

Support for per-record deadlines.  These change the behavior of
Postfix timeout parameters, from a time limit per read or write
system call, to a time limit to send or receive a complete record
(an SMTP command line, SMTP response line, SMTP message content
line, or TLS protocol message).  This limits the impact from hostile
peers that trickle data one byte at a time.

The new configuration parameters and their default settings are:
smtpd_per_record_deadline (normal: no, overload: yes),
smtp_per_record_deadline (no), and lmtp_per_record_deadline (no).

Note: when per-record deadlines are enabled, a short timeout may
cause problems with TLS over very slow network connections.  The
reasons are that a TLS protocol message can be up to 16 kbytes long
(with TLSv1), and that an entire TLS protocol message must be sent
or received within the per-record deadline.

Per-record deadlines were introduced with postscreen(8). This program
does not receive mail, and therefore has no problems with TLS over
slow connections.

Incompatible changes with snapshot 20110130
===========================================

The VSTREAM error flags are now split into separate read and write
error flags. As a result of this change, all programs that use
VSTREAMs MUST be recompiled.
