This is the Postfix 3.10 experimental release.

The stable Postfix release is called postfix-3.9.x where 3=major
release number, 9=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.10-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 3.8 or earlier, please read RELEASE_NOTES-3.9
before proceeding.

Dual license
------------

As of Postfix 3.2.5 this software is distributed with a dual license:
in addition to the historical IBM Public License (IPL) 1.0, it is
now also distributed with the more recent Eclipse Public License
(EPL) 2.0. Recipients can choose to take the software under the
license of their choice. Those who are more comfortable with the
IPL can continue with that license.
 
[Feature 20250119]

Support for the REQUIRETLS verb in SMTP. As specified in RFC 8689,
this not only requires TLS encryption, but also server certificate
matching. TODO(wietse): new configuration parameters.

[Feature 20250117]

Support for the RFC 8689 "TLS-Required: no" message header to request
delivery of messages such as TLSRPT summaries even if the preferred
TLS security policy cannot be enforced. This limits the Postfix
SMTP client to "smtp_tls_security_level = may" which does not
authenticate server certificates and which allows falling back to
plaintext.

Support for the REQUIRETLS SMTP service extension remains future work.

[Incompat 20250116]

Postfix needs "postfix reload" after upgrade, because of a change in
the delivery agent protocol. If this step is skipped, Postfix delivery
agents will log a warning:

    unexpected attribute smtputf8 from xxx socket (expecting: sendopts)

where xxx is the delivery agent service name.

[Incompat 20250106]

The logging of the Milter 'quarantine' action has changed. Instead
of logging "milter triggers HOLD action", it logs the reason given
by a Milter application, or "default_action" if a Milter application
was unavailable and the milter_default_action parameter or Milter
"default_action" property specifies "quarantine".

[Feature 20250106]

The Postfix Milter implementation now logs the reason for a 
'quarantine' action, instead of "milter triggers HOLD action".

- If the quarantine action was requested by a Milter application,
  Postfix will log the reason given by the application.

- If the quarantine action was requested with the "milter_default_action"
  parameter setting or with a Milter "default_action" property,
  Postfix will log "default_action".

[Feature 20250105]

Support for automatic RFC 2047 encoding of non-ASCII "full name"
information in Postfix-generated From: message headers. Encoding
non-ASCII full names can avoid the need to use SMTPUTF8, and therefore
can avoid incompatibility with sites that do not support SMTPUTF8.

The encoded result looks like "=?charset?Q?gibberish?=: for
quoted-printable encoding, or "=?charset?B?gibberish?=" for base64
encoding. Postfix uses quoted-printable for a full name that is
short or mostly ASCII, and uses base64 otherwise.

Background: when a message without a From: header is submitted with the
Postfix sendmail(1) command, Postfix will add a From: header and will
try to use the sender's full name specified with the Postfix sendmail(1)
"-F" option, with the sendmail(1) "NAME" environment variable, or
with the GECOS field in the UNIX password database.

This introduces a new configuration parameter "full_name_encoding_charset"
(default: utf8) which specifies the character set of the full name
information in the Postfix sendmail(1) "-F" option or "NAME"
environment variable, or in the GECOS field in the UNIX password
database. The parameter value is also part of the encoded full name,
and informs a Mail User Agent how to display the decoded gibberish.

[Incompat 20250105]

The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
ends abnormally (timeout, lost connection, or too many errors).

[Feature 20250105]

The SMTP server now logs the queue ID (or "NOQUEUE") when a connection
ends abnormally (timeout, lost connection, or too many errors).

[Feature 20241104]

The cleanup server now logs "queueid: canceled" when a message
transaction is started but not completed. This provides a clear
signal to logfile collation tools.

[Feature 20240926]

Support for the TLSRPT protocol (defined in RFC 8460). With this,
an email receiving domain can publish a policy in DNS, and request
daily summary reports for successful and failed SMTP-over-TLS
connections to that domain's MX hosts.

Postfix supports TLSRPT summaries for DANE (built-in) and MTA-STS
(via an smtp_tls_policy_maps plugin). For details, see TLSRPT_README.