diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index c0ede1e2255362c91922d014ceb33b0ea5725e82..6712c167e2d12378510ded8bfc6043d72a23f56a 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -15,6 +15,8 @@ Debian 12 Bookworm. Some minor improvements and fixes.
   * Dropped support for Debian 10 (Buster).
   * Added support for Debian 12 (Bookworm).
   * ``netaddr`` Python package is now required for using the roles.
+  * ``dnspython`` Python package is no longer required for using the
+    roles.
 
 * ``backup_client`` role
 
@@ -43,9 +45,7 @@ Debian 12 Bookworm. Some minor improvements and fixes.
   * Parameter ``maintenance_allowed_hosts`` has been dropped and
     replaced with parameter ``maintenance_allowed_sources``. The new
     parameter expects a list of IPv4 and IPv6 addresses (or
-    subnets). Resolvable names can no longer be specified (and this
-    particular role no longe relies on presence of the ``dnspython``
-    package).
+    subnets). Resolvable names can no longer be specified.
 
   * NTP server configuration is now based on use of pools instead of
     servers. Parameter ``ntp_servers`` has been deprecated and
@@ -61,6 +61,20 @@ Debian 12 Bookworm. Some minor improvements and fixes.
     LDAP server logs can be read via ``journalctl -u slapd`` when
     necessary.
 
+* ``mail_forwarder`` role
+
+  * Firewall rules for incoming connections from the SMTP relay server
+    are now based on relay's IPv4 and IPv6 addresses as resolved on
+    managed machine during deployment time.
+
+    In case the SMTP relay server's IP addresses change, the role
+    needs to get reapplied against managed machines for those changes
+    to take place.
+
+    This change in behaviour was introduced to avoid firewall-related
+    errors due to inability to resolve names via DNS servers during
+    boot time.
+
 * ``mail_server`` role
 
   * Parameter ``mail_server_tls_protocols`` has been dropped and