mail/postfix: Update to 3.11.1
This update brings some possibly breaking changes:
- Postfix 3.11.0:
- TLS
- smtp_tls_security_level now defaults to "may" when Postfix is built with TLS support and compatibility_level >= 3.11
- RFC 8689 REQUIRETLS support added: requires strong authentication (DANE/STS) from all servers in the forward path that announce REQUIRETLS
- TLS logging now includes desired vs. actual security level enforcement status and REQUIRETLS policy enforcement details
- New smtp_tls_enforce_sts_mx_patterns parameter (default: yes) ensures MX hostname matching for MTA-STS
- OpenSSL 3.5+ changes the tls_eecdh_auto_curves default to avoid protocol ossification (post-quantum cryptography prep)
- Other
- milter_default_action default changed from "tempfail" to "shutdown"
- JSON output support added to postconf, postalias, postmap, postmulti
- Deprecation warnings now logged for obsolete parameters (DEPRECATION_README)
- TLS
- Postfix 3.11.1 (bug fixes only):
- Fix alias_maps error when default_database_type is not set in main.cf
- Fix buffer over-read when enhanced status codes lack trailing text (e.g. "5.7.2" with no subsequent text) in access tables, header/body checks, rbl_reply_maps, and default_rbl_reply; present since 3.0
- Fix null pointer dereference in nbdb_reindexd(8) due to service_name not being propagated (regression since 3.3)
- Fix spurious startup error from nbdb_reindexd(8) when non_bdb_migration_level disables automatic re-indexing