postfix-3.4-20180701

postfix/HISTORY

@@ -23587,3 +23587,10 @@ Apologies for any names omitted.
 
 	Documentation: the connection caching limitation for SMTP
 	over TLS is now obsolete. File: proto/CONNECTION_CACHE_README.html.
+
+20180701
+
+	Incompatibility: the tlsproxy(8) daemon now requires a zero
+	process limit in master.cf (this setting is provided with
+	the default master.cf file). See RELEASE_NOTES for how to
+	change the tlsproxy process limit. File: tlsproxy/tlsproxy.c.

postfix/README_FILES/TLS_README

@@ -1436,10 +1436,10 @@ Example:
 CClliieenntt--ssiiddee TTLLSS ccoonnnneeccttiioonn rreeuussee
 
 Historically, the Postfix SMTP client has supported multiple deliveries per
-connection only for plaintext connections. Postfix 3.4 introduces the ability
+plaintext connection. Postfix 3.4 introduces support for multiple deliveries
-to make multiple deliveries per TLS-encrypted connection. This is primarily to
+per TLS-encrypted connection. Multiple deliveries per connection improve mail
-improve mail delivery performance for destinations that throttle clients when
+delivery performance, especially for destinations that throttle clients that
-they don't combine deliveries.
+don't combine deliveries.
 
 To enable multiple deliveries per TLS connection, specify:
 

postfix/RELEASE_NOTES

@@ -25,6 +25,21 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
 the software under the license of their choice. Those who are more
 comfortable with the IPL can continue with that license.
 
+Incompatble change with snapshot 20180701
+=========================================
+
+To avoid performance loss under load, the tlsproxy(8) daemon now
+requires a zero process limit in master.cf (this setting is provided
+with the default master.cf file). As tlsproxy(8) processes become
+too busy handling TLS connections, more processes will automatically
+be added. By default, a tlsproxy(8) process will retire after several
+hours.
+
+To set the tlsproxy process limit to zero:
+
+# postconf -F tlsproxy/unix/process_limit=0
+# postfix reload
+
 Major changes with snapshot 20180617
 ====================================
 
@@ -38,15 +53,12 @@ main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
 It supports all Postfix TLS security levels including dane and
 dane-only.
 
-With connection reuse enabled as described above, the Postfix SMTP
+The implementation of TLS connection reuse relies on the same
-client uses the tlsproxy(8) server to encrypt a connection (even under
+scache(8) service as used for delivering plaintext SMTP mail, the
-low-traffic conditions). The tlsproxy(8) service was introduced in
+same tlsproxy(8) daemon as used by the postscreen(8) service for
-Postfix 2.8, to support STARTTLS in postscreen(8).
+inbound connections, and relies on the same hints from the qmgr(8)
-
+daemon. It reuses the configuration parameters described in
-Under high-traffic conditions, the Postfix SMTP client will use the
+CONNECTION_CACHE_README.
-scache(8) connection cache to store and retrieve open connections.
-This part already existed for plaintext SMTP, and it works in the
-same way for TLS-encrypted connections.
 
 The following illustrates how TLS connections are reused:
 

postfix/html/TLS_README.html

@@ -1913,10 +1913,10 @@ when the certificate is needed.  </p>
 <h3><a name="client_tls_reuse">Client-side TLS connection reuse</a> </h3>
 
 <p> Historically, the Postfix SMTP client has supported multiple
-deliveries per connection only for plaintext connections. Postfix
+deliveries per plaintext connection. Postfix 3.4 introduces support
-3.4 introduces the ability to make multiple deliveries per TLS-encrypted
+for multiple deliveries per TLS-encrypted connection. Multiple
-connection. This is primarily to improve mail delivery performance
+deliveries per connection improve mail delivery performance,
-for destinations that throttle clients when they don't combine
+especially for destinations that throttle clients that don't combine
 deliveries. </p>
 
 <p> To enable multiple deliveries per TLS connection, specify:</p>

postfix/proto/TLS_README.html

@@ -1913,10 +1913,10 @@ when the certificate is needed.  </p>
 <h3><a name="client_tls_reuse">Client-side TLS connection reuse</a> </h3>
 
 <p> Historically, the Postfix SMTP client has supported multiple
-deliveries per connection only for plaintext connections. Postfix
+deliveries per plaintext connection. Postfix 3.4 introduces support
-3.4 introduces the ability to make multiple deliveries per TLS-encrypted
+for multiple deliveries per TLS-encrypted connection. Multiple
-connection. This is primarily to improve mail delivery performance
+deliveries per connection improve mail delivery performance,
-for destinations that throttle clients when they don't combine
+especially for destinations that throttle clients that don't combine
 deliveries. </p>
 
 <p> To enable multiple deliveries per TLS connection, specify:</p>

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20180624"
+#define MAIL_RELEASE_DATE	"20180701"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT

postfix/src/tlsproxy/tlsproxy.c

@@ -1331,6 +1331,7 @@ int     main(int argc, char **argv)
 		      CA_MAIL_SERVER_SLOW_EXIT(tlsp_drain),
 		      CA_MAIL_SERVER_RETIRE_ME,
 		      CA_MAIL_SERVER_WATCHDOG(&var_tlsp_watchdog),
+		      CA_MAIL_SERVER_UNLIMITED,
 		      0);
 }