[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.8.2.html]
Fixed with Postfix 3.8.2, 3.7.7, 3.6.11, 3.5.21:
Bugfix (defect introduced: Postfix alpha, 19980207): the valid_hostname() check in the Postfix DNS client library was blocking unusual but legitimate wildcard names (*.name) in some DNS lookup results and lookup requests. Examples:
name class/type result *.one.example IN CNAME *.other.example *.other.example IN A 10.0.0.1 *.other.example IN TLSA ..certificate info...
Such syntax is blesed in RFC 1034 section 4.3.3.
Bugfix (defect introduced: Postfix 3.0, 20140218): when an address verification probe fails during or after an opportunistic TLS handshake, don't enforce a minimum time-in-queue before falling back to plaintext. Problem reported by Serg.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.