Postfix 3.7 MTA

Postfix 3.7 MTA Released with OpenSSL 3.0 Support

The latest version of the popular mail transfer agent, Postfix 3.7, makes maillog_file feature even more useful.

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. Designed by Wietse Venema, Postfix is a mail server built with security in mind and specifically designed to replace Sendmail.

Because of its modular pipeline-based architecture, Postfix is versatile and integrates easily with many other services, such as spam and antivirus processing, as well as with message store software, such as the Dovecot IMAP and POP3 server.

In addition, Postfix is also quite resource efficient. Nowadays, many ISPs are using it to handle millions of messages a day.

What’s New in Postfix 3.7

We start with the fact that the new version of this widely-used MTA adds support to inline the content of small cidr:, pcre:, and regexp: tables in Postfix parameter values. For those of you unaware, Postfix uses lookup tables to store and look up information for access control, address rewriting, and even for content filtering.

All of the above means that Postfix 3.7 now gives you even more flexibility in configuring it. For example, you can use the new smtpd_forbidden_commands default value, CONNECT GET POST regexp:{{/^[^A-Z]/ Thrash}}, to quickly drop connections from clients that send garbage.

Nowadays, logging becoming an important part of almost every service. Since Postfix 3.4, the mail server offers build-in logging support available via the maillog_file configuration directive. With Postfix 3.7, this option becomes even more powerful. The postlog command is now set-gid postdrop, so that unprivileged programs can use it to write logging through the postlogd daemon.

Postfix 3.7 ships with the updated defense against remote clients or servers that ‘trickle’ SMTP or LMTP traffic, based on per-request deadlines and minimum data rates. The new smtpd_per_record_deadline parameter limits the combined time for the Postfix SMTP server to receive a request and to send a response, while the new {smtp,lmtp}_per_record_deadline parameters limit the combined time for the Postfix SMTP or LMTP client to send a request and to receive a response.

In addition to the security features included in this release, we can’t fail to mention that Postfix was updated to support OpenSSL 3.0.0 API features and to work around OpenSSL 3.0.0 bit-rot.

For detailed information about all changes in Postfix 3.7, you can refer to the release notes.

Leave a Reply

Your email address will not be published.