Debian Quality Assurance

postfix (3.10.5-1) [PTS] [DDPO]

OK: VCS matches the version in the archive

• Git: https://salsa.debian.org/postfix-team/postfix-dev.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: debian/master
• Path: debian/changelog
• Repo size: 10694656
• Browser: https://salsa.debian.org/postfix-team/postfix-dev
• Last scan: 2025-11-10 22:24:03+00
• Next scan: 2025-11-16 20:28:00+00
• Merge requests: 5
• CI pipeline status: success
• Debian changelog in Git:

  postfix (3.10.5-1) unstable; urgency=medium
  
    * new upstream stable release.  From the Release Notes:
  
    * Workaround for an interface mis-match between the Postfix SMTP
      client and MTA-STS policy plugins.
  
        * The existing behavior is to connect to any MX host listed
          in DNS, and to match the server certificate against any STS
          policy MX host pattern.
  
        * The corrected behavior is to connect to an MX host only if
          its name matches any STS policy MX host pattern, and to
          match the server certificate against the MX hostname.
  
      The corrected behavior must be enabled in two places: in Postfix
      with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default:
      "yes") and in an MTA-STS plugin by enabling TLSRPT support, so
      that the plugin forwards STS policy attributes to Postfix. This
      works even if Postfix TLSRPT support is disabled at build time
      or at runtime.
  
    * TLSRPT Workaround: when a TLSRPT policy-type value is
      "no-policy-found", pretend that the TLSRPT policy domain value
      is equal to the recipient domain. This ignores that different
      policy types (TLSA, STS) use different policy domains. But this
      is what Microsoft does, and therefore, what other tools expect.
  
    * Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP
      client's connection reuse logic did not distinguish between
      sessions that require SMTPUTF8 support, and sessions that do
      not. The solution is 1) to store sessions with different SMTPUTF8
      requirements under distinct connection cache storage keys, and
      2) to not cache a connection when SMTPUTF8 is required but the
      server does not support that feature.
  
    * Bugfix (defect introduced: Postfix 3.0, date 20140731): the
      smtpd 'disconnect' command statistics did not count commands
      with "bad syntax" and "bad UTF-8 syntax" errors.
  
    * Bugfix: the August 2025 patch broke DBM library support which
      is still needed on Solaris; and the same change could result
      in warnings with "database X is older than source file Y".
  
    * Postfix 3.11 forward compatibility: to avoid ugly warnings when
      Postfix 3.11 is rolled back to an older version, allow a
      preliminary 'size' record in maildrop queue files created with
      Postfix 3.11 or later.
  
    * Bugfix (defect introduced: Postfix 3.8, date 20220128):
      non-reproducible build, because the 'postconf -e' output order
      for new main.cf entries was no longer deterministic. Problem
      reported by Oleksandr Natalenko, diagnosis by Eray Aslan.
  
    * To make builds predictable, add missing meta_directory and
      shlib_directory settings to the stock main.cf file. Problem
      diagnosed by Eray Aslan.
  
    * Bugfix (defect introduced: Postfix 3.9, date 20230517):
      posttls-finger(1) logged an incorrectly-formatted port number.
      Viktor Dukhovni.
  
   -- Michael Tokarev <mjt@tls.msk.ru>  Tue, 28 Oct 2025 13:02:25 +0300

• This branch is even with tag v3.10.5-1

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---