The stable Postfix release is called postfix-2.2.x where 2=major
release number, 2=minor release number, x=patchlevel.  The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-2.3-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day).  Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

Incompatibility with Postfix 2.1 and earlier
============================================

If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding.

Major changes with snapshot 20051215
====================================

Plug-in support for SASL authentication in the SMTP server. The
default plug-in is Cyrus SASL, so everything should behave like it
did before. The SMTP/LMTP client still needs to be made pluggable.

Incompatibility with snapshot 20051208
======================================

The fallback_relay feature is renamed to smtp_fallback_relay, to
make clear that the combined SMTP+LMTP client uses this setting
only for SMTP deliveries. The old name still works.

The LMTP client now reports the server as "myhostname[/path/name]".
With the real server hostname in delivery status reports, the
information will be more useful.

Major changes with snapshot 20051208
====================================

The SMTP client now implements the LMTP protocol.  Most but not all
smtp_xxx parameters have an lmtp_xxx "ghost" parameter.  This means
there are lot of new LMTP features, including support for TLS and
for the shared connection cache. There are no lmtp_xxx "ghost"
parameters for the HELO or EHLO commands, because those commands
exist only in SMTP.

Incompatibility with snapshot 20051202
======================================

The Postfix SMTP daemon will not receive mail from the network if
it isn't running with postfix mail_owner privileges.  This prevents
surprises when, for example, "sendmail -bs" is configured to run
as root from xinetd.

Incompatibility with snapshot 20051125
======================================

You MUST stop and restart Postfix, because the address resolver
protocol has changed. If you don't stop and restart Postfix, you
will have an endless stream of warning messages with "problem talking
to service rewrite: Unknown error: 0" and "warning: unexpected
attribute address in input from rewrite socket".

Major changes with snapshot 20051125
====================================

This snapshot adds support for sender-dependent ISP accounts.

- Sender-dependent smarthost lookup tables.  The maps are searched
  with the sender address and with the sender @domain.  The result
  overrides the global relayhost setting, but otherwise has identical
  behavior. See the postconf(5) manual page for more details.

  Example:
    /etc/postfix/main.cf:
	sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay

- Sender-dependent SASL authentication support. This disables SMTP
  connection caching to ensure that mail from different senders
  will use the correct authentication credentials. The SMTP SASL
  password file is first searched by sender address, and then by
  the remote domain and hostname as usual.

  Example:
    /etc/postfix/main.cf:
	smtp_sasl_auth_enable = yes
	smtp_sender_dependent_authentication = yes
	smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass

Incompatibility with snapshot 20051121
======================================

For compatibility reasons, the permit_mx_backup feature will accept
mail for authorized destinations (see permit_mx_backup for definition).
Only with other destinations will it require that the local MTA is
listed as non-primary MX.

Incompatibility with snapshot 20051120
======================================

The permit_mx_backup feature now requires that the local MTA is not
listed as primary MX host for the recipient domain. This prevents
mail loop problems when someone points the primary MX record at
Postfix.

Major changes with snapshot 20051113
====================================

Configurable bounce messages, based on a format that was developed
by Nicolas Riendeau. The file with templates is specified with the
bounce_template_file parameter. Details are in the bounce(5) manual
page, and examples of the built-in templates can be found in a file
bounce.cf.default in the Postfix configuration directory. The
template for the default bounce message looks like this:

    failure_template = <<EOF
    Charset: us-ascii
    From: MAILER-DAEMON (Mail Delivery System)
    Subject: Undelivered Mail Returned to Sender
    Postmaster-Subject: Postmaster Copy: Undelivered Mail

    This is the $mail_name program at host $myhostname.

    I'm sorry to have to inform you that your message could not
    be delivered to one or more recipients. It's attached below.

    For further assistance, please send mail to <postmaster>

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

                            The $mail_name program
    EOF

Incompatibility with snapshot 20051106
======================================

The relay=... logging has changed and now includes the remote SMTP
server port number as hostname[hostaddr]:port.

Incompatibility with snapshot 20051105
======================================

qshape needs to be updated. See the file qshape-microsecond-patch.

All delay logging now has sub-second resolution, including the
over-all "delay=nnn" logging.

At this point the Postfix logging for a recipient looks like this:

    Nov  3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
    to=<wietse@test.example.com>, orig_to=<wietse@test>,
    relay=mail.example.com[1.2.3.4], conn_use=2, delay=0.22,
    delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)


Incompatibility with snapshot 20051103
======================================

pflogsumm needs to be updated. See the pflogsumm-conn-delays-dsn-patch
file.

The queue manager protocol has changed. You need to "postfix reload"
after "make upgrade".

The logging of recipient status information has changed.  This may
require changes to logfile processing tools.

- Postfix now logs an additional attribute with detailed delay
information (delays=a/b/c/d) as described below.

- Postfix now logs an additional attribute with the connection reuse
count (conn_use=nnn) as described below.

Major changes with snapshot 20051103
====================================

This release makes a beginning with a series of new attributes in
Postfix logfile records. 

- Better insight into the nature of performance bottle necks, with
detailed logging of delays in various stages of message delivery.
Postfix logs additional delay information as "delays=a/b/c/d" where
a=time before queue manager, including message transmission; b=time
in queue manager; c=connection setup time including DNS, HELO and
TLS; d=message transmission time.

- Logging of the connection reuse count when SMTP connections are
used for more than one message delivery.  This information is needed
because Postfix can now reuse connections hundreds of times or more,
and can help to diagnose interoperability problems with servers
that suffer from memory leaks or other resource leaks.

At this point the Postfix logging for a recipient looks like this:

    Nov  3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
    to=<wietse@test.example.com>, orig_to=<wietse@test>,
    relay=mail.example.com[1.2.3.4], conn_use=2, delay=0,
    delays=0/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)

The following two logfile fields may or may not be present:

    orig_to     This is omitted when the address did not change.
    conn_use    This is omitted when a connection is used once.

Incompatibility with snapshot 20051026
======================================

The connection cache protocol for SMTP connections has changed.
You need to "postfix reload" after "make upgrade".

The smtp_connection_cache_reuse_limit parameter (which limits the
number of deliveries per SMTP connection) is replaced by the new
smtp_connection_reuse_time_limit parameter (the time after which a
connection is no longer stored into the connection cache).

Major changes with snapshot 20051026
====================================

This snapshot addresses a performance stability problem with remote
SMTP servers. The problem is not specific to Postfix: it can happen
when any MTA sends large amounts of SMTP email to a site that has
multiple MX hosts. The insight that led to the solution, as well
as an initial implementation, are due to Victor Duchovni.

The problem starts when one of a set of MX hosts becomes slower
than the rest.  Even though SMTP clients connect to fast and slow
MX hosts with equal probability, the slow MX host ends up with more
simultaneous inbound connections than the faster MX hosts, because
the slow MX host needs more time to serve each client request.

The slow MX host becomes a connection attractor.  If one MX host
becomes N times slower than the rest, it dominates mail delivery
latency unless there are more than N fast MX hosts to counter the
effect. And if the number of MX hosts is smaller than N, the mail
delivery latency becomes effectively that of the slowest MX host
divided by the total number of MX hosts.

The solution uses connection caching in a way that differs from
Postfix 2.2.  By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
it also favors deliveries over connections that perform well, which
is exactly what we want.

The smtp_connection_reuse_time_limit feature implements the connection
reuse time limit as discussed above.  It limits the amount of time
after which an SMTP connection is no longer stored into the connection
cache. The default limit, 300s, can result in a huge number of
deliveries over a single connection.

This solution will be complete when Postfix logging is updated to
include information about the number of times that a connection was
used. This information is needed to diagnose inter-operability
problems with servers that exhibit bugs when they receive multiple
messages over the same connection.

Incompatibility with snapshot 20051011
======================================

The Postfix local(8) delivery agent no longer updates its idea of
the Delivered-To: address while it expands aliases or .forward
files. With deeply nested aliases or .forward files, this can greatly
reduce the number of queue files and cleanup process instances. To
get the earlier behavior, specify "frozen_delivered_to = no".

The frozen_delivered_to feature can help to alleviate a long-standing
problem with multiple deliveries to recipients that are listed
multiple times in a hierarchy of nested aliases. For this to work,
only the top-level alias should have an owner- alias, and none of
the subordinate aliases.

Major changes with snapshot 20051011
====================================

Optional protection against SMTP clients that hammer the server
with too many new (i.e. uncached) SMTP-over-TLS sessions. Cached
sessions are much less expensive in terms of CPU cycles. Use the
smtpd_client_new_tls_session_rate_limit parameter to specify a limit
that is at least the inbound client concurrency limit, or else you
may deny legitimate service requests.

Optional suppression of remote SMTP client hostname lookup and
hostname verification. Specify "smtpd_peername_lookup = no" to
eliminate DNS lookup latencies, but do so only under extreme
conditions, as it makes Postfix logging less informative.

Incompatibility with snapshot 20050828
======================================

When a header/body_checks or message_reject_characters rule rejects
mail that was submitted with the Postfix sendmail command (or
re-queued with "postsuper -r"), the returned message is now limited
to just the message headers, to avoid the risk of exposure to harmful
content in the message body or attachments.

When the cleanup server rejects the content or size of mail that
was submitted with the Postfix sendmail command, forwarded with the
local(8) delivery agent, or that was re-queued with "postsuper -r",
Postfix no longer sends DSN SUCCESS notification of virtual alias
expansions. Since all the recipients are reported as failed, the
SUCCESS notification seems redundant.

Major changes with snapshot 20050828
====================================

Configurable filters to reject or remove unwanted characters in
email content. The message_reject_characters and message_strip_characters
parameters understand the usual C-like escape sequences: \a \b \f
\n \r \t \v \ddd (up to three octal digits) and \\.

Incompatibility with snapshot 20050726
======================================

Name server replies that contain a malformed hostname are now flagged
as permanent errors instead of transient errors. This change works
around a questionable proposal to use syntactically invalid hostnames
in MX records.

Major changes with snapshot 20050724
====================================

SMTPD Access control based on the existence of an address->name
mapping, with reject_unknown_reverse_client_hostname. There is
no corresponding access table lookup feature, because the name
is not validated in any way (except that it has proper syntax).

Several confusing SMTPD access restrictions were renamed:

    reject_unknown_client -> reject_unknown_client_hostname,
    reject_unknown_hostname -> reject_unknown_helo_hostname,
    reject_invalid_hostname -> reject_invalid_helo_hostname,
    reject_non_fqdn_hostname -> reject_non_fqdn_helo_hostname.

The old names are still recognized and documented.

Incompatibility with snapshot 20050716
======================================

Internal interfaces have changed; this may break third-party patches
because the text of function argument and result type definitions
has changed.  The type of buffer lengths and offsets were changed
from "(unsigned) int" (32 bit on 32-bit and LP64 systems) to
"(s)size_t" (64 bit on LP64 systems, 32 bit on 32-bit systems).

Otherwise, this change makes no difference on 32-bit systems. On
LP64 systems, however, software may mis-behave 1) when Postfix is
linked with pre-compiled code that was compiled with old Postfix
interface definitions and 2) when compiling Postfix source that was
modified by a third-party patch: incorrect code may be generated
when the patch passes the wrong integer argument type in contexts
that disable automatic argument type conversions.  Examples of such
contexts are formatting with printf-like arguments, and invoking
functions that write Postfix request or reply attributes across
inter-process communication channels.  Unfortunately, gcc does not
report "(unsigned) int" versus "(s)size_t" format string argument
mis-matches on 32-bit systems; they can be found only on 64-bit
systems.

Major changes with snapshot 20050716
====================================

Improved portability to LP64 systems, by converting the type of
buffer lengths and offsets from "(unsigned) int" to "(s)size_t".
This change has zero effect on 32-bit systems. On LP64 platforms,
however, this change not only eliminates some obscure portability
bugs, it also eliminates unnecessary conversions between 32/64 bit
integer types, because many system library routines take "(s)size_t"
arguments or return "(s)size_t" values.

Incompatibility with snapshot 20050707
======================================

The connection cache protocol is changed. You may need to "postfix
reload" after upgrading.

Incompatibility with snapshot 20050627
======================================

The Postfix SMTP client no longer applies the smtp_mx_session_limit
to non-permanent errors during the TCP, SMTP, HELO or TLS handshake.
Previous versions did that only with TCP and SMTP handshake errors.

Incompatibility with snapshot 20050622
======================================

The Postfix SMTP client by default limits the number of MX server
addresses to smtp_mx_address_limit=5. Previously this limit was
disabled by default. The new limit prevents Postfix from spending
lots of time trying to connect to lots of bogus MX servers.

The Postfix SMTP error handling of [45]XX server greetings was
cleaned up. The server reply is now properly reported.

Incompatibility with snapshot 20050615
======================================

Many internal protocols have changed. You must reload Postfix or
else the queue manager and delivery agents will complain about
unexpected request and reply attributes.

The new DSN support conflicts with VERP support. For Sendmail
compatibility, Postfix now uses the sendmail -V command line option
for DSN.  In order to request VERP style delivery, you must now
specify -XV instead of -V.  The Postfix sendmail command will
recognize if you try to use -V for VERP-style delivery.  It will
do the right thing and will remind you of the new syntax.

The queue file format is backwards compatible (again) with Postfix
2.2. Postfix 2.3 stores attributes that older versions will ignore.

Major changes with snapshot 20050615
====================================

DSN support as described in RFC 3461 .. RFC 3464. This gives senders
control over successful and failed delivery notifications.  DSN
involves extra parameters to the SMTP MAIL FROM and RCPT TO commands,
as well as extra Postfix sendmail command line options that provide
a sub-set of the functions of those extra SMTP command parameters.

See DSN_README for details. Some implementation notes are in
DSN_NOTES, in the top-level source code directory.

Major changes with snapshot 20050510
====================================

This release improves usability of enhanced status codes in Postfix
access tables, RBL reply templates and in transport maps that use
the error(8) delivery agent.

- When the SMTP server rejects a sender address, it transforms a
  recipient DSN status (e.g., 4.1.1-4.1.6) into the corresponding
  sender DSN status, and vice versa.

- When the SMTP server rejects non-address information (such as the
  HELO command parameter or the client hostname/address), it
  transforms a sender or recipient DSN status into a generic
  non-address DSN status (e.g., 4.0.0).

These transformations are needed when the same access table or RBL
reply template are used for client, helo, sender, or recipient
restrictions; or when the same error(8) mailer information is used
for both senders and recipients.

Incompatibility with snapshot 20050503
======================================

The format of some "warning:" messages in the maillog has changed
so that they are easier to sort:

- The logging now talks about "access table", instead of using three
different expressions "access table", "access map" and "SMTPD access
map" for the same thing.

- "non-SMTP command" is now logged BEFORE the client name/address
and the offending client input, instead of at the end.

Major change with snapshot 20050427+DSN
=======================================

This is experimental DSN support added to snapshot 20050427.  The
code is not for production purposes; it is not fully tested, some
names and interfaces are still rough around the edges, and it does
not update the oqmgr so you have to use qmgr instead.  Some
implementation notes and open issues are described in the
DSN_SUPPORT_README file (top-level directory).

Incompatibility with snapshot 20050329
======================================

If you use TLS, you need to execute "postfix reload" because the
TLS manager protocol has changed.

Incompatibility with snapshot 20050328
======================================

The logging format has changed. Postfix delivery agents now log the
RFC 3463 enhanced status code as "dsn=x.y.z" where y and z can be
up to three digits each. See the file pfloggsum-dsn-patch for an
update to the pfloggsum script.

After you upgrade from Postfix 2.2 or 2.3 you need to execute
"postfix reload", otherwise you will keep running the old Postfix
queue manager, which gives no special treatment to the enhanced
status codes that it receives from Postfix delivery agents.

Major changes with snapshot 20050328
====================================

This release introduces support for RFC 3463 enhanced status codes.
For example, status code 5.1.1 means "recipient unknown". Postfix
recognizes enhanced status codes in remote server replies, generates
enhanced status codes while handling email, and reports enhanced
status codes in non-delivery notifications.  This improves the user
interaction with mail clients that hide the text of error messages
from users.

You can, but don't have to, specify RFC 3463 enhanced status codes
in the output from commands that receive mail from a pipe. If a
command terminates with non-zero exit status, and an enhanced status
code is present at the beginning of the command output, then that
status code takes precedence over the non-zero exit status.

You can, but don't have to, specify RFC 3463 enhanced status codes
in Postfix access maps, header/body_checks REJECT actions, or in
RBL replies.  For example:

    REJECT 5.7.1 You can't go here from there

The status 5.7.1 means "no authorization, message refused", and is
the default for access maps, header/body_checks REJECT actions, and
for RBL replies.

If you specify your own enhanced status code, the Postfix SMTP
server will automatically change a leading '5' digit (hard error)
into '4' where appropriate.  This is needed, for example, with
soft_bounce=yes.
