Postfix 3.10 MTA Arrives with OpenSSL 3.5 Support

[yawnbox]

Summary

Please update Postfix to 3.10 and OpenSSL to 3.5 to begin to support post-quantum cryptogrpahy.

Motivation

re: https://linuxiac.com/postfix-3-10-mta-arrives-with-openssl-3-5-support/

"One of the most significant highlights of Postfix 3.10 is its forward compatibility with OpenSSL 3.5 post-quantum cryptography. Administrators can manage algorithm selection directly through the new “tls_eecdh_auto_curves” and “tls_ffdhe_auto_groups” parameters. By setting these parameter values to empty, Postfix effectively defers the algorithm selection to OpenSSL’s own configuration.

In addition, the release includes support for the RFC 8689 “TLS-Required: no” message header. This feature makes it possible to request delivery of certain emails, such as TLSRPT summaries, even if the ideal TLS security settings cannot be enforced.

A major new capability also arrives with added support for the TLSRPT protocol. By publishing a specific policy in DNS, a domain can receive daily summaries of successful and failed TLS connections to that domain’s mail servers. This is especially useful for domains leveraging DANE or MTA-STS to protect email security."

Additional context

No response