Postfix stable release 3.3.2, and legacy releases 3.2.7, 3.1.10, 3.0.14 for Red Hat Enterprise Linux and CentOS 6 and 7

The latest Postfix releases are now available in my yum repos and include the following fixes.

Changes for all supported stable releases:

  • Support for OpenSSL 1.1.1, and support for TLSv1.3-specific
    features.

    • Updated Postfix TLS documentation examples for TLSv1.3.
      See
      FORWARD_SECRECY_README
      .

    • New TLSv1.3-specific attributes in Postfix logging and in
      Postfix "Received:" message headers: key exchange, server signature,
      client signature.

    • New option to selectively disable TLSv1.3 in *_tls_protocols
      settings.

    • New server-side support to avoid issuing multiple session
      tickets.

    • New support to allow OpenSSL >= 1.1.0 run-time micro version
      bumps without logging Postfix warnings about library version
      mismatches.

Fixed in all stable releases:

  • Bugfix: smtpd_discard_ehlo_keywords could not disable
    "SMTPUTF8", because some lookup table was using "EHLO_MASK_SMTPUTF8"
    instead.

  • Bugfix: minor memory leak in DANE support when minting
    issuer certs. This affects a tiny minority of use cases.

Changes for Postfix 3.0.14:

  • Additional Postfix TLS library updates to catch up with
    Postfix 3.1 and later. This was necessary to make support for
    OpenSSL 1.1.1 and TLSv1.3 feasible.