Postfix 3.10.6, 3.9.7, 3.8.13, and 3.7.18 released
Postfix has released version 3.10.6 alongside some legacy versions (3.9.7, 3.8.13, and 3.7.18). Therefore, an update is available for the main branch.
There's one specific bug resolution in Postfix 3.10 that fixes another problem introduced by this release itself. It relates to a particular SMTP setting (smtp_tls_wrappermode) when combined with "encrypt" security level requirements. Previously, if your system supported "TLS-Required: no," it could disrupt client-side TLS wrapping and incorrectly cause the connection to revert to an unauthenticated 'encrypt' level. This fix adjusts that fallback properly, helping prevent email delivery issues down the line.
Also included in Postfix 3.10 is a better logging feature for the SMTP client. If you enable smtp_tls_enforce_sts_mx_patterns ("yes") and have a TLS policy plugin running with TLSRPT support, now it will warn you if an MX hostname doesn't match expected STS patterns. This provides you more insight into potential problems during delivery. Conversely, when verbose logging is turned on, it tells you explicitly when the match is successful.
Another important change in Postfix 3.10 is fixing a client-side crash that happened with specific STS plugin setups during testing. It wasn't something users would typically encounter, but it's good to know this potential hiccup is addressed.
Beyond these fixes for version 3.10, the same update also patches issues affecting older versions (3.9 and below). One notable one was a segmentation fault caused by duplicate parameter names in certain "postconf" commands ("-X or -#"). This bug traces back quite far, to Postfix version 2.9 from March 7, 2012.
On the documentation side, they've cleaned up things slightly; incorrect text has been removed from the description of smtp_cname_overrides_servername in postconf.proto.
If you're using these releases or just want to check out what changed, find it on the Postfix mirrors page.
