[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.8.3.html]
Fixed with Postfix 3.8.3, 3.7.8, 3.6.12, 3.5.22:
Bugfix (defect introduced Postfix 2.5, date 20080104): the Postfix SMTP server was waiting for a client command instead of replying immediately, after a client certificate verification error in TLS wrappermode. Reported by Andreas Kinzler.
Usability: the Postfix SMTP server (finally) attempts to log the SASL username after authentication failure. In Postfix logging, this appends ", sasl_username=xxx" after the reason for SASL authentication failure. The logging replaces an unavailable reason with "(reason unavailable)", and replaces an unavailable sasl_username with "(unavailable)". Based on code by Jozsef Kadlecsik.
Compatibility bugfix (defect introduced: Postfix 2.11, date 20130405): in forward_path, the expression ${recipient_delimiter} would expand to an empty string when a recipient address had no recipient delimiter. The compatibility fix is to use a configured recipient delimiter value instead. Reported by Tod A. Sandman.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.