First of all everybody thanks for all the congratulations and well wishes, mother and child are doing great. I’m getting the hang of it now, just the midnight feedings are killing and I hope they will soon be over.
But in the week I was off-line Postfix got updated to a new release with all new functionality as well. I haven’t tested it or got into the details yet but I wanted to get the word out on this. I will spend time this week to find what impact these new changes mean to our setup as there are some major changes made to the software:
- DSN (delivery status notification) support as described in RFC
3461 .. RFC 3464. This gives email senders control over notification
of successful, delayed, and failed delivery. DSN involves extra
parameters to the SMTP “MAIL FROM” and “RCPT TO” commands, as well
as extra Postfix sendmail command line options for mail submission.
- Major updates to the TLS (SMTP encryption and authentication)
support. Postfix 2.3 introduces a configuration user interface
that is based on the concept of TLS security levels (none, may,
encrypt, verify, secure) and that can more effectively deal with
DNS spoofing. The old configuration user interface, with multiple
boolean parameters to enable or enforce TLS, is still supported but
will be removed after a few releases.
- Milter (mail filter) application support, compatible with Sendmail
version 8.13.6 and earlier. This allows you to run a large number
of plug-ins to reject unwanted mail, and to sign mail with for
example domain keys. All Milter functions are implemented except
the one that replaces the message body (this will be added later).
- Enhanced status codes (RFC 3463). For example, status code 5.1.1
means “recipient unknown”. Mail clients can translate these status
codes into text in the user’s own language, and greatly improve the
user experience. Enhanced status codes can be specified in Postfix
access tables, in header/body_checks content filter rules, in “rbl”
reply templates, and so on.
- Configurable bounce messages with support for non-ASCII character
- Plug-in support for SASL authentication in the Postfix SMTP server
and client. With this, Postfix can support multiple SASL implementations
without conflicting source code patches. Postfix 2.3 has Dovecot
SASL support built into the SMTP server. As before, support for
Cyrus SASL is available as add-on feature for the Postfix SMTP
server and client. (we have this working already in the current setup)
Support for sender-dependent ISP accounts, in the form of
sender-dependent relayhost lookup and sender-dependent SASL
- The Postfix SMTP client now implements both the SMTP and LMTP
protocols. This means that a lot of features have become available
for LMTP mail delivery, including the shared TCP connection cache.
- After TLS handshake failure, the SMTP client will now reconnect
to the same server to try plaintext delivery (if TLS policy permits).
Earlier Postfix versions would skip the server and defer delivery
if no alternate MX host was available.
All delay logging now has sub-second resolution. Besides the total
delay, Postfix logs separate delays for different stages of delivery
(time in queue, time in queue manager, time to set up connection,
and time to deliver). This gives better insight into the nature of
performance bottle necks.
- Smarter utilisation of cached SMTP connections. When one destination
has multiple inbound SMTP servers, the Postfix SMTP client will now
send less mail via the slower ones, and more mail via the faster ones.
- Support for empty MX records. Older Postfix versions treat this
as a malformed response and defer mail delivery.
Most interesting new features, I think, will be the DSN functionality and Milter (the mail filter). I will spend some time the coming week to see how we can use them in our setup and if there are more benefits to this new version.
Again, I haven’t implemented this new version yet due to lack of time but I will let you know when and how you can safely upgrade your setup to this new 2.3 version.
- No related posts