Postfix V3.4.x is almost upon us currently shipping with Ubuntu 19.10 and already in the confirmed repos for 20.04 due in a couple of months.
This of course solves a long standing issue with virtual domains and SSL email using SNI. In the new version you are able to configure a per domain SSL for email. SO all of us using virtualmin with a single IP will have the ability to have virtualmin (hopefully) configure per virtual server ssl certs for Postfix and Dovecot. Each virtual server signing its own email with its own certs.
What are the plans to intercept this new capability in Virtualmin?
Postfix stable release 3.4.0
[An on-line version of this announcement will be available at http://www.postfix.org/announcements/postfix-3.4.0.html]
Postfix stable release 3.4.0 is available. This release ends support for legacy release Postfix 3.0.
The main changes are below. See the RELEASE_NOTES file for further details.
- Support for logging to file or stdout, instead of using syslog. Logging to file solves a usability problem for MacOS users, and eliminates multiple problems with systemd. Logging to stdout eliminates a syslogd dependency when Postfix runs in a container.
- Postfix SMTP client support for multiple deliveries over the same TLS-encrypted connection. This is primarily to improve mail delivery performance for destinations that throttle clients when they don’t combine deliveries.
- SNI (server name indication) support in the Postfix SMTP server, the Postfix SMTP client, and in the tlsproxy(8) daemon (both server and client roles).
- Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8) and postscreen(8).
- Support for TLS configuration files that contain multiple (key, certificate, trust chain) instances. This was required to implement server-side SNI table lookups, but it also eliminates the need for separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
- Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life was December 31, 2016) and all earlier releases. Postfix 3.3 and earlier still support older OpenSSL APIs.
You can find the updated Postfix source code at the mirrors listed at http://www.postfix.org/.