This is the Postfix 3.6 (experimental) release.

The stable Postfix release is called postfix-3.5.x where 3=major
release number, 5=minor release number, x=patchlevel.  The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.

New features are developed in snapshot releases. These are called
postfix-3.6-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day).  Patches are never issued for snapshot releases;
instead, a new snapshot is released.

The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.

If you upgrade from Postfix 3.4 or earlier, read RELEASE_NOTES-3.5
before proceeding.

License change
---------------

This software is distributed with a dual license: in addition to the
historical IBM Public License 1.0, it is now also distributed with the
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.

Incompatible change with snapshot 20200920
==========================================

Internal protocols have changed. You need to "postfix stop" before
updating, or before backing out to an earlier release, otherwise
long-running daemons (pickup, qmgr, verify, tlsproxy, postscreen)
may fail to communicate with the rest of Postfix (warnings, timeouts).

The purpose of this change is to produce better error messages, for
example, when someone configures the discard daemon as a bounce
service in master.cf, or vice versa.

This change will break third-party code that implements a
Postfix-internal protocol such as qpsmtpd. Programs that depend on
Postfix internal details are not supported.

Incompatible change with snapshot 20200705
==========================================

The minimum OpenSSL version is 1.1.1, which will reach the end
of life by 20203-09-11. 

The default digest has changed from md5 to sha256 (Postfix 3.6 with
compatibility_level >= 3). With a lower compatibility_level setting,
Postfix defaults to using md5, and logs a warning when a Postfix
configuration specifies no explicit digest type.

Export-grade Diffie-Hellman key exchange is no longer supported,
and the tlsproxy_tls_dh512_param_file parameter is ignored,

Incompatible change with snapshot 20200531
==========================================

Postfix delivery agents now log an explicit record when delegating
delivery to a different Postfix delivery agent. 

For example, with "best_mx_transport = local", an SMTP delivery
agent will now log when a recipient will be delivered locally. This
makes the delegating delivery agent visible, where it would otherwise
have remained invisible, which would complicate troubleshooting.

  postfix/smtp[pid]: queueid: passing <recipient> to transport=local

This will usually be followed by logging for an actual delivery:

  postfix/local[pid]: queueid: to=<recipient>, relay=local, ...

Other examples: the local delivery agent defers mailbox delivery
through mailbox_transport or through fallback_transport.

Major changes with snapshot 20200509
====================================

The threadsafe resolver API (res_nxxx() calls) is now the default,
not because the API is threadsafe, but because new features are
being added there.

To build old style, build with:

    make makefiles CCARGS="-DNO_RES_NCALLS..."

This is also the default for systems that are known not to support
the threadsafe resolver API, such systems that use libc-musl.

Incompatible changes with snapshot 20200416
===========================================

Security: this release disables DANE support on Linux systems with
libc-musl, because libc-musl provides no indication whether DNS
responses are authentic. This broke DANE support without a clear
explanation.
