The Postfix Home Page
All programmers are optimists -- Frederick P. Brooks, Jr.
First of all, thank you for your interest in the Postfix project.
Postfix attempts to be fast, easy to administer, and secure. The outside has a definite Sendmail-ish flavor, but the inside is completely different.
As of July 2015, all supported Postfix releases have new TLS default settings that no longer enable export-grade ciphers, and no longer enable the SSLv2 and SSLv3 protocols. These ciphers and protocols have little if any legitimate use today, and have instead become a vehicle for downgrade attacks. See the announcement for more.
Logjam Attack: this has mostly the same countermeasure as FREAK: disable EXPORT ciphers on the SMTP server side, as described under the next bullet.
FREAK Attack: To protect vulnerable clients execute as root "postconf smtpd_tls_exclude_ciphers=EXPORT; postfix reload". This command removes EXPORT ciphers with opportunistic as well as mandatory TLS. The impact of this attack was already low because each Postfix SMTP server process computes its own own "ephemeral" RSA key and terminates after a limited time.
GHOST Attack: Postfix does not call gethostbyname() since 2005. There is no Postfix code that invokes this function unless Postfix is specifically built for operating systems from more than 10 years ago (this requires the compile-time option "-DNO_IPV6").
About this website
This website has information about the Postfix source code distribution. Built from source code, Postfix can run on UNIX-like systems including AIX, BSD, HP-UX, Linux, MacOS X, Solaris, and more.
Postfix is also distributed as ready-to-run code by operating system vendors, appliance vendors, and other providers. Their versions may have small differences with the software that is described on this website.