[An on-line version of this announcement will be available at https://www.postfix.org/announcements/postfix-3.10.3.html]
This release fixes defects that were introduced in Postfix 3.10. These were fixed first in the Postfix 3.11 unstable release.
The defects exist only with the default configuration "tls_required_enable = yes".
Bugfix (defect introduced: Postfix-3.10, date 20250117): include the current TLS security level in the SMTP connection cache lookup key for lookups by next-hop destination, to avoid reusing the same SMTP connection when sending messages with and without a "TLS-Required: no" header. Likewise, include the current TLS security level in the TLS session lookup key, to avoid reusing the same TLS session info when sending messages with and without a "TLS-Required: no" header.
Bugfix (defect introduced: Postfix-3.10, date 20250117): the Postfix SMTP client attempted to look up TLSA records even with "TLS-Required: no". This could result in unnecessary failures. Fix by Viktor Dukhovni & Wietse.
You can find the updated Postfix source code at the mirrors listed at https://www.postfix.org/.