Postfix 3.11 MTA Released With REQUIRETLS Support

Postfix 3.11 mail server released with REQUIRETLS support, TLS improvements, JSON output tools, and guidance for migrating away from Berkeley DB.

Postfix 3.11 MTA Released With REQUIRETLS Support

A year after the 3.10 release, the Postfix team has announced version 3.11. With this release, the 3.7 branch has reached the end of its update cycle.

A key change addresses the removal of Berkeley DB from some Linux distributions. Since Postfix relied on Berkeley DB for hash: and btree: tables, administrators should migrate to alternatives such as LMDB or CDB. In light of this, the project offers documentation and tools to support partially automated migrations.

Postfix 3.11 includes several TLS security enhancements. The SMTP client’s smtp_tls_security_level now defaults to “may” when built with TLS support and compatibility level 3.11 or newer.

Another important addition is support for REQUIRETLS, an ESMTP extension, which allows senders to require email transmission only over strongly authenticated TLS connections. All servers along the delivery path must support secure authentication mechanisms such as DANE or MTA-STS when this option is enabled.

Moreover, TLS logging now reports both the requested and actual enforcement levels and indicates whether REQUIRETLS policies were applied successfully.

Additional TLS changes adjust elliptic-curve defaults when Postfix is built with OpenSSL 3.5 or newer. This reduces TLS handshake message size to prevent compatibility issues with network equipment that cannot handle larger packets.

Postfix 3.11 adds JSON output support to command-line utilities such as postconf, postmap, postalias, and postmulti, enabling easier integration with automation and configuration management tools.

The release also improves Milter error handling for messages over long-lived SMTP connections. The default milter_default_action now uses a new “shutdown” behavior, disconnecting the remote SMTP client when a Milter error occurs.

Finally, the project has begun deprecating several obsolete configuration parameters. Postfix programs will now log warnings when these settings are detected, indicating that they will be removed in a future release.

For more details, see the announcement. The Postfix 3.11 source code is available for download on the project’s official website.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts