Skip to content

Upgrade to postfix 3.10 with pqc support#7018

Open
h3nnes wants to merge 1 commit intomailcow:stagingfrom
h3nnes:feat/postfix-3.10-pqc
Open

Upgrade to postfix 3.10 with pqc support#7018
h3nnes wants to merge 1 commit intomailcow:stagingfrom
h3nnes:feat/postfix-3.10-pqc

Conversation

@h3nnes
Copy link

@h3nnes h3nnes commented Jan 26, 2026

Contribution Guidelines

What does this PR include?

Short Description

Upgrades the postfix container base image to trixie-slim for postfix 3.10, which supports pqc.

Fixes #6354

Requires some additional configuration in extra.cf (docs) "to enable algorithm selection through OpenSSL":

tls_eecdh_auto_curves =
tls_ffdhe_auto_groups =

Tested against my secondary backup cow using openssl:

$ openssl s_client -tls1_3 -groups X25519MLKEM768 -starttls smtp -connect mail.second.cow:25
[...]
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ecdsa_secp256r1_sha256
Negotiated TLS1.3 group: X25519MLKEM768
---
SSL handshake has read 3730 bytes and written 1539 bytes
Verification: OK
[...]

Affected Containers

  • postfix

Did you run tests?

What did you test?

Tested on my secondary backup cow for a few hours to see if container is stable.

What were the final results? (Awaited, got)

Working as expected, no issues in handshakes against pqc-supporting or "legacy" servers.

feat(postfix): upgrade to 3.10.5 with post-quantum crypto support
484ea89 
Switch postfix base image from debian:bookworm-slim to debian:trixie-slim
to use Postfix 3.10.5 which includes support for post-quantum cryptography
via OpenSSL 3.5.0.
@h3nnes h3nnes force-pushed the feat/postfix-3.10-pqc branch from fbac12e to 484ea89 Compare January 31, 2026 21:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@h3nnes