Postfix stable release 3.10.3
This release fixes defects that were introduced in Postfix 3.10. These were fixed first in the Postfix 3.11 unstable release.
The defects exist only with the default configuration "tls_required_enable = yes".
* Bugfix (defect introduced: Postfix-3.10, date 20250117): include the current TLS security level in the SMTP connection cache lookup key for lookups by next-hop destination, to avoid reusing the same SMTP connection when sending messages with and without a "TLS-Required: no" header. Likewise, include the current TLS security level in the TLS session lookup key, to avoid reusing the same TLS session info when sending messages with and without a "TLS-Required: no" header.
* Bugfix (defect introduced: Postfix-3.10, date 20250117): the Postfix SMTP client attempted to look up TLSA records even with "TLS-Required: no". This could result in unnecessary failures. Fix by Viktor Dukhovni & Wietse.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.
Wietse
The Postfix 3.10.3 mail server addresses issues that were introduced in Postfix 3.10. The updates include adding the current TLS security level to the keys used for looking up the SMTP connection and TLS sessions, and making sure that the Postfix SMTP client doesn't try to find TLSA records when the "TLS-Required: no" header is there, which helps prevent unnecessary errors.
