An on-line version of this announcement is available at http://www.postfix.org/announcements/postfix-2.7.2.html
The stable release Postfix 2.7.2 addresses the defects described below. These defects are also addressed in the legacy releases that are still maintained.
Note: Postfix 2.3 and earlier are no longer updated. Support for Postfix 2.4 will end in 2011.
Defects fixed with Postfix 2.7.2, 2.6.8, 2.5.11, and 2.4.15:
Postfix no longer automatically appends the system default CA (certificate authority) certificates, when it reads the CA certificates specified with {smtp, lmtp, smtpd}_tls_CAfile or with {smtp, lmtp, smtpd}_tls_CApath. This prevents third-party certificates from getting mail relay permission with the permit_tls_all_clientcerts feature. Unfortunately, this change may cause compatibility problems with configurations that rely on certificate verification for other purposes. To get the old behavior, specify "tls_append_default_CA = yes".
A prior fix for compatibility with Postfix < 2.3 was incomplete. When pipe-to-command delivery fails with a signal, mail is now correctly deferred, instead of being returned to sender.
Poor smtpd_proxy_filter TCP performance over loopback (127.0.0.1) connections was fixed by adapting the output buffer size to the MTU.
The SMTP server no longer applies the reject_rhsbl_helo feature to non-domain forms such as network addresses. This would cause false positives with dbl.spamhaus.org.
The Postfix SMTP server failed to deliver a "421" response and hang up the connection after Milter error. Instead, the server delivered a "503 Access denied" response and left the connection open, due to some Postfix 1.1 workaround for RFC 2821.
Defects fixed with Postfix 2.7.2:
The milter_header_checks parser failed to enable any of the actions that have no effect on message delivery (warn, replace, prepend, ignore, dunno, and ok).
The source code is available from ftp://ftp.porcupine.org/mirrors/postfix-release/index.html and from the mirrors listed at http://www.postfix.org/download.html.