postfix (3.10.6-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/postfix-team/postfix-dev.git
-
- Branch: debian/master
- Path: debian/changelog
- Repo size: 3649536
- Browser: https://salsa.debian.org/postfix-team/postfix-dev
- Last scan: 2025-11-26 15:01:43+00
- Next scan: 2025-12-01 20:31:00+00
- CI pipeline status: failed
- Debian changelog in Git:
postfix (3.10.6-1) unstable; urgency=medium
* new upstream stable release:
- Bugfix (defect introduced: Postfix 3.10, date: 20250117).
Symptom: warning messages that smtp_tls_wrappermode requires
"smtp_tls_security_level = encrypt".
Root cause: support for "TLS-Required: no" broke client-side
TLS wrappermode support, by downgrading a connection to TLS
security level 'may'.
The fix changes the downgrade level for wrappermode connections
to 'encrypt'. Rationale: by design, TLS can be optional only
for connections that use STARTTLS. The downgrade to unauthenticated
'encrypt' allows a sender to avoid an email delivery problem.
Problem reported by Joshua Tyler Cochran.
- New logging: the Postfix SMTP client will log a warning when
an MX hostname does not match STS policy MX patterns, with
"smtp_tls_enforce_sts_mx_patterns = yes" in Postfix, and with
TLSRPT support enabled in a TLS policy plugin. It will log a
successful match only when verbose logging is enabled.
- Bugfix (defect introduced: Postfix 3.10, date: 20240902): SMTP
client null pointer crash when an STS policy plugin sends no
policy_string or no mx_pattern attributes. This can happen only
during tests with a fake STS plugin.
- Bugfix (defect introduced: Postfix 2.9, date: 20120307): segfault
when a duplicate parameter name is given to "postconf -X" or
"postconf -#'.
- Documentation: removed incorrect text from the parameter
description for smtp_cname_overrides_servername. File:
proto/postconf.proto.
-- Michael Tokarev <mjt@tls.msk.ru> Wed, 26 Nov 2025 11:12:30 +0300
- This branch is even with tag v3.10.6-1
