The latest Postfix releases are now available in my yum repos and include the following fixes.
The main changes in Postfix 3.4.0 are listed below. .
- Support for logging to file or stdout, instead of using syslog. Logging to file solves a usability problem for MacOS users, and eliminates multiple problems with systemd. Logging to stdout eliminates a syslogd dependency when Postfix runs in a container.
- Postfix SMTP client support for multiple deliveries over the same TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don't combine deliveries.
- SNI (server name indication) support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles).
- Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8).
- Support for TLS configuration files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
- Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life was December 31, 2016) and all earlier releases. Postfix 3.3 and earlier still support older OpenSSL APIs.