[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.8.6.html]
This is the first regular update after te SMTP smuggling episode. As the last regular update was in November, this update is larger than usual.
Fixed with Postfix 3.8.6, 3.7.11, 3.6.15, 3.5.25:
Bugfix (defect introduced: Postfix 2.3, date 20051222): the Dovecot auth client did not reset the 'reason' from a previous Dovecot auth service response, before parsing the next Dovecot auth server response in the same SMTP session, resulting in a nonsensical "authentication failed" warning message. Reported by Stephan Bosch.
Bugfix (defect introduced: Postfix 3.1, date: 20151128): "postqueue -j" produced broken JSON when escaping a control character as \uXXXX. Found during code maintenance.
Cleanup: this fixes posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. By Viktor Dukhovni.
Bugfix (defect introduced: Postfix 2.3): after prepending a header at the top of a message (with an access(5), header_checks(5) or Milter action), the Postfix Milter "delete header" or "update header" action was skipping the prepended header, instead of skipping the Postfix-generated Received: header. Problem report by Carlos Velasco.
Workaround: tlsmgr logfile spam. Reportedly, some OS lies under load: it says that a socket is readable, then it says that the socket has unread data, and then it says that read returns EOF, causing Postfix to spam the log with a warning message.
Bugfix (defect introduced: Postfix 3.4): the SMTP server's BDAT command handler could be tricked to read $message_size_limit bytes into memory. Found during code maintenance.
Safety: limit the total size of DNS lookup results to 100 records; drop the excess records, and log a warning. This limit is 20x larger than the number of server addresses that the Postfix SMTP client is willing to consider when delivering mail, and is far below the number of records that could cause a tail recursion crash in dns_rr_append() as reported by Toshifumi Sakaguchi. This fix also limits the number of DNS requests that a check_*_*_access restriction can make.
Performance, related to the previous problem: eliminate worst-case behavior where the queue manager could defer delivery to all destinations over a specific delivery transport, after only a single delivery agent crash. The scheduler now throttles deliveries to one destination, and allows other deliveries to keep making progress.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.