Virtualmin plans for new Postfix Version 3.4x and SNI

sparticle · January 19, 2020, 4:38pm

Postfix V3.4.x is almost upon us currently shipping with Ubuntu 19.10 and already in the confirmed repos for 20.04 due in a couple of months.

This of course solves a long standing issue with virtual domains and SSL email using SNI. In the new version you are able to configure a per domain SSL for email. SO all of us using virtualmin with a single IP will have the ability to have virtualmin (hopefully) configure per virtual server ssl certs for Postfix and Dovecot. Each virtual server signing its own email with its own certs.

What are the plans to intercept this new capability in Virtualmin?

Postfix stable release 3.4.0

[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.4.0.html]

Postfix stable release 3.4.0 is available. This release ends support for legacy release Postfix 3.0.

The main changes are below. See the RELEASE_NOTES file for further details.

Support for logging to file or stdout, instead of using syslog. Logging to file solves a usability problem for MacOS users, and eliminates multiple problems with systemd. Logging to stdout eliminates a syslogd dependency when Postfix runs in a container.
Postfix SMTP client support for multiple deliveries over the same TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don’t combine deliveries.
SNI (server name indication) support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles).
Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8).
Support for TLS configuration files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life was December 31, 2016) and all earlier releases. Postfix 3.3 and earlier still support older OpenSSL APIs.

You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.

Cheers
Spart

Joe · January 20, 2020, 12:54am

When it ships with a distro we support, we’ll support it. Seems like Ubuntu 20.04 will be the first.

toreskev · January 20, 2020, 1:03am

It’s also shipped with Debian 10…

Joe · January 20, 2020, 1:04am

Oh, I didn’t notice! Thanks for the heads up. We’ll add it to the todo list. It’s not a lot of work, since we already have support for it in Dovecot and web servers.

toreskev · January 20, 2020, 9:52am

Perfect. Should make my last migrations from cpanel quite effortless for those last remaining clients that don’t want to edit their email settings.

skelgaard · March 4, 2020, 2:43pm

@Joe u are now supporting debian 10 but i still see no postfix SNI in virtualmin or in the changelog… is this close to being released ?