[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-2.11.2.html]
Bugfixes for Postfix 2.11, 2.10, 2.9 and 2.8:
Fix for DMARC implementations based on SPF policy plus DKIM Milter. The PREPEND access/policy action added headers ABOVE Postfix's own Received: header, exposing Postfix's own Received: header to Milters (protocol violation) and hiding the PREPENDed header from Milters. PREPENDed headers are now added BELOW Postfix's own Received: header and remain visible to Milters.
The Postfix SMTP server logged an incorrect client name in reject messages for check_reverse_client_hostname_access and check_reverse_client_hostname_{mx,ns}_access. They replied with the verified client name, instead of the name that was rejected.
The qmqpd daemon crashed with null pointer bug when logging a lost connection while not in a mail transaction.
Bugfixes/workarounds for Postfix 2.10, 2.9 and 2.8:
The TLS client logged that an anonymous TLS connection was "Untrusted", instead of "Anonymous".
The makedefs script now prepends "-I. -I../../include" to the compiler command-line options, to avoid name clashes with non-Postfix header files.
You can find the Postfix source code at the mirrors listed at http://www.postfix.org/.