First of all everybody thanks for all the congratulations and well wishes, mother and child are doing great. I’m getting the hang of it now, just the midnight feedings are killing and I hope they will soon be over.

But in the week I was off-line Postfix got updated to a new release with all new functionality as well. I haven’t tested it or got into the details yet but I wanted to get the word out on this. I will spend time this week to find what impact these new changes mean to our setup as there are some major changes made to the software:

  • DSN (delivery status notification) support as described in RFC
    3461 .. RFC 3464. This gives email senders control over notification
    of successful, delayed, and failed delivery. DSN involves extra
    parameters to the SMTP “MAIL FROM” and “RCPT TO” commands, as well
    as extra Postfix sendmail command line options for mail submission.
  • Major updates to the TLS (SMTP encryption and authentication)
    support. Postfix 2.3 introduces a configuration user interface
    that is based on the concept of TLS security levels (none, may,
    encrypt, verify, secure) and that can more effectively deal with
    DNS spoofing. The old configuration user interface, with multiple
    boolean parameters to enable or enforce TLS, is still supported but
    will be removed after a few releases.
  • Milter (mail filter) application support, compatible with Sendmail
    version 8.13.6 and earlier. This allows you to run a large number
    of plug-ins to reject unwanted mail, and to sign mail with for
    example domain keys. All Milter functions are implemented except
    the one that replaces the message body (this will be added later).
  • Enhanced status codes (RFC 3463). For example, status code 5.1.1
    means “recipient unknown”. Mail clients can translate these status
    codes into text in the user’s own language, and greatly improve the
    user experience. Enhanced status codes can be specified in Postfix
    access tables, in header/body_checks content filter rules, in “rbl”
    reply templates, and so on.
  • Configurable bounce messages with support for non-ASCII character
  • Plug-in support for SASL authentication in the Postfix SMTP server
    and client. With this, Postfix can support multiple SASL implementations
    without conflicting source code patches. Postfix 2.3 has Dovecot
    SASL support built into the SMTP server. As before, support for
    Cyrus SASL is available as add-on feature for the Postfix SMTP
    server and client. (we have this working already in the current setup)
  • Support for sender-dependent ISP accounts, in the form of
    sender-dependent relayhost lookup and sender-dependent SASL
    username/password lookup.
  • The Postfix SMTP client now implements both the SMTP and LMTP
    protocols. This means that a lot of features have become available
    for LMTP mail delivery, including the shared TCP connection cache.
  • After TLS handshake failure, the SMTP client will now reconnect
    to the same server to try plaintext delivery (if TLS policy permits).
    Earlier Postfix versions would skip the server and defer delivery
    if no alternate MX host was available.
  • All delay logging now has sub-second resolution. Besides the total
    delay, Postfix logs separate delays for different stages of delivery
    (time in queue, time in queue manager, time to set up connection,
    and time to deliver). This gives better insight into the nature of
    performance bottle necks.
  • Smarter utilisation of cached SMTP connections. When one destination
    has multiple inbound SMTP servers, the Postfix SMTP client will now
    send less mail via the slower ones, and more mail via the faster ones.
  • Support for empty MX records. Older Postfix versions treat this
    as a malformed response and defer mail delivery.

Most interesting new features, I think, will be the DSN functionality and Milter (the mail filter). I will spend some time the coming week to see how we can use them in our setup and if there are more benefits to this new version.

Again, I haven’t implemented this new version yet due to lack of time but I will let you know when and how you can safely upgrade your setup to this new 2.3 version.