Urgent Postfix stable release 3.7.3 and non-urgent legacy releases 3.6.7, 3.5.17, 3.4.27

[For updated versions of this announcement please see https://www.postfix.org/announcements/postfix-3.7.3.html]

Fixed in Postfix 3.7.3:

• This fixes a bug where some messages were not delivered after "warning: Unexpected record type 'X'.

  Such messages were moved to the "corrupt" queue directory, where they may still be found. See below for instructions to deal with these falsely flagged messages.

  This problem could happen for messages with 5000 or more recipients, or with fewer recipients on a busy mail server. The problem was first reported by Frank Brendel, and the error conditions were first reproduced by John Alex.

  To find out if you have messages flagged as "corrupt", you can use the "postfix check" command.

  Execute as root:

  postfix check
  

  Look for warnings like this:

  postfix/postfix-script: warning: damaged message: corrupt/<filename>
  

  A message in the "corrupt" queue directory may be inspected with the "postcat" command.

  Execute as root:

  postcat /var/spool/postfix/corrupt/<filename>  
  
  

  • If delivery of the file is still desired, the file can be moved back to the "incoming" queue after updating Postfix and executing "postfix reload".

    Execute as root:

    mv /var/spool/postfix/corrupt/<filename> /var/spool/postfix/incoming/
    

  • If bouncing the message is still desired, the message may be moved to the "hold" queue and expired there, so that Postfix will return it to the sender.

    Execute as root:

    mv /var/spool/postfix/corrupt/<filename> /var/spool/postfix/hold/
    postsuper -f <filename>
    

    Note: this does not work with programs such as MailScanner that use the "hold" queue for their own purposes.

Fixed in Postfix 3.7, 3.6, 3.5, 3.4:

• Workaround: in a TLS server disable Postfix's 1-element internal session cache, to work around an OpenSSL 3.0 regression that broke TLS handshakes. This cache is rarely useful. Report by Spil Oss, fix by Viktor Dukhovni.

• Code health: the fix for milter_header_checks (3.7.1, 3.6.6, 3.5.16, 3.4.26) introduced a missing msg_panic() argument (in code that never executes).

• Code health: Postfix 3.3.0 introduced an uninitialized verify_append() request status in case of a null original recipient address.

Fixed in Postfix 3.7, 3.6, 3.5:

• Postfix 3.5.0 introduced debug logging noise in map_search_create().

You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.