diff --git a/postfix/.indent.pro b/postfix/.indent.pro index 32dcd9910..6fd89ea4d 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -271,7 +271,6 @@ -TVBUF -TVSTREAM -TVSTREAM_POPEN_ARGS --TVSTREAN_POPEN_ARGS -TVSTRING -TWAIT_STATUS_T -TWATCHDOG @@ -280,6 +279,7 @@ -TX509_NAME -TX509_STORE_CTX -TXSASL_CLIENT +-TXSASL_CLIENT_CREATE_ARGS -TXSASL_CLIENT_IMPL -TXSASL_CLIENT_IMPL_INFO -TXSASL_CYRUS_CLIENT @@ -290,6 +290,7 @@ -TXSASL_DOVECOT_SERVER_IMPL -TXSASL_DOVECOT_SERVER_MECHS -TXSASL_SERVER +-TXSASL_SERVER_CREATE_ARGS -TXSASL_SERVER_IMPL -TXSASL_SERVER_IMPL_INFO -Tcipher_probe_t diff --git a/postfix/HISTORY b/postfix/HISTORY index 790ecad50..58f8574a1 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -15080,3 +15080,56 @@ Apologies for any names omitted. compatibility. Adding such headers to remote mail can break DKIM signatures that cover headers that are not present. File: cleanup/cleanup_message.c. + +20090415 + + Workaround: to avoid unnecessary "fatal" delivery agent + exits, delivery agents retry getting a shared lock on a + queue file. This is necessary since the queue manager's + behavior was changed years ago to refill the in-memory + recipient list before it was completely empty. File: + global/deliver_request.c. + + Documentation: updated STRESS_README. + +20090416 + + Workaround: some AWK implementations have a limit of 10 + output files and lack a working close() function. It is too + much trouble to find out what systems have this limitation, + and where, if any, such systems store their XPG4-compatible + AWK program. So instead we generate a stream of here + documents and let the shell split the stream into files. + File: postconf/extract.awk. + + Documentation: clarification of certificate file usage. + Victor Duchovni. Files: proto/postconf.proto, + proto/TLS_README.html. + + Feature: pass a "TLS is active" flag to the server-side + SASL support. Based on code by Timo Sirainen, except that + the implementation uses an extensible API so that it will + be less painful to add more attributes in future Postfix + versions. Files: xsasl/xsasl.h, xsasl/xsasl_*server.c, + smtpd/smtpd_sasl_glue.c. + +20090417 + + Documentation: re-generate READMEs and manpages for updated + hyperlinks. + + Documentation: missing hyperlinks and missing parameters + in manpages. File: mantools/postlink, mantools/check-postlink. + +20090418 + + Cleanup: use the extensible API to pass SMTP client address + information to the dovecot SASL plugin, and prepare for + passing server address information. Files: xsasl/xsasl.h, + xsasl/xsasl_dovecot_server.c, smtpd/smtpd_sasl_glue.c. + + Same extensible API transformation for the SASL client-side + code to make future extensions less painful. Files: + xsasl/xsasl.h, xsasl/xsasl*client.c, smtp/smtp_sasl_glue.c. + + More postlink fixes. File: mantools/postlink. diff --git a/postfix/README_FILES/AAAREADME b/postfix/README_FILES/AAAREADME index 31d9c0e58..2dd6cac2b 100644 --- a/postfix/README_FILES/AAAREADME +++ b/postfix/README_FILES/AAAREADME @@ -12,6 +12,7 @@ GGeenneerraall ccoonnffiigguurraattiioonn * TLS_README: TLS Encryption and authentication * TLS_LEGACY_README: Legacy TLS support * IPV6_README: IP Version 6 Support + * MULTI_INSTANCE_README: Multiple-instance management * INSTALL: Installation from source code PPrroobblleemm ssoollvviinngg diff --git a/postfix/README_FILES/SMTPD_POLICY_README b/postfix/README_FILES/SMTPD_POLICY_README index 7ba1838da..a98a675f1 100644 --- a/postfix/README_FILES/SMTPD_POLICY_README +++ b/postfix/README_FILES/SMTPD_POLICY_README @@ -88,9 +88,9 @@ Notes: attribute, sends the attribute with an empty value ("name="), or sends a zero value ("name=0") in the case of a numerical attribute. - * The "recipient" attribute is available only in the "RCPT TO" stage, and in - the "DATA" and "END-OF-MESSAGE" stages when Postfix accepted only one - recipient for the current message. + * The "recipient" attribute is available in the "RCPT TO" stage. It is also + available in the "DATA" and "END-OF-MESSAGE" stages if Postfix accepted + only one recipient for the current message. * The "recipient_count" attribute (Postfix 2.3 and later) is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It specifies the number of diff --git a/postfix/README_FILES/STRESS_README b/postfix/README_FILES/STRESS_README index ebf3095e8..1e4c3e432 100644 --- a/postfix/README_FILES/STRESS_README +++ b/postfix/README_FILES/STRESS_README @@ -4,12 +4,11 @@ PPoossttffiixx SSttrreessss--DDeeppeennddeenntt CCoonn OOvveerrvviieeww -This document describes the symptoms of Postfix SMTP server overload, and how -to avoid the condition under normal conditions. When the condition is caused by -botnets or other malware, the document suggests configuration settings that -help to minimize the impact on legitimate mail. Finally, the document -introduces stress-adaptive behavior, introduced with Postfix 2.5, and how it -can be used to automatically switch configuration settings under overload. +This document describes the symptoms of Postfix SMTP server overload. It +presents permanent main.cf changes to avoid overload during normal operation, +and temporary main.cf changes to cope with an unexpected burst of mail. This +document makes specific suggestions for Postfix 2.5 and later which support +stress-adaptive behavior, and for earlier Postfix versions that don't. Topics covered in this document: @@ -17,42 +16,46 @@ Topics covered in this document: * Service more SMTP clients at the same time * Spend less time per SMTP client * Disconnect suspicious SMTP clients - * Take desperate measures - * Make Postfix behavior stress-adaptive + * Temporary measures for older Postfix releases + * Automatic stress-adaptive behavior * Detecting support for stress-adaptive behavior * Forcing stress-adaptive behavior on or off + * Other measures to off-load zombies * Credits SSyymmppttoommss ooff PPoossttffiixx SSMMTTPP sseerrvveerr oovveerrllooaadd -Under normal conditions, Postfix responds immediately when a remote SMTP client -connects. The time needed to deliver mail should be noticeable only with very -large messages. Performance degrades more dramatically when the number of -remote SMTP clients exceeds the number of Postfix SMTP server processes. When a -client connects while all server processes are busy, the client must wait until -a server process becomes available. +Under normal conditions, the Postfix SMTP server responds immediately when an +SMTP client connects to it; the time to deliver mail is noticeable only with +large messages. Performance degrades dramatically when the number of SMTP +clients exceeds the number of Postfix SMTP server processes. When an SMTP +client connects while all Postfix SMTP server processes are busy, the client +must wait until a server process becomes available. -Overload may be caused by a legitimate mail (example: a DNS registrar opens a -new zone for registrations), by mistake (mail explosion caused by a forwarding -loop) or by illegitimate mail (worm outbreak, botnet, or other malware -activity). Symptoms of Postfix SMTP mail server overload are: +SMTP server overload may be caused by a surge of legitimate mail (example: a +DNS registrar opens a new zone for registrations), by mistake (mail explosion +caused by a forwarding loop) or by malice (worm outbreak, botnet, or other +illegitimate activity). + +Symptoms of Postfix SMTP server overload are: * Remote SMTP clients experience a long delay before Postfix sends the "220 - hostname.example.com ESMTP Postfix" greeting. If this affects end-user mail - clients, enable the "submission" service entry in master.cf (present since - Postfix 2.1), and tell users to connect to this instead of the public SMTP - service. + hostname.example.com ESMTP Postfix" greeting. - o NOTE: Broken DNS configurations also cause lengthy delays before - Postfix sends "220 hostname.example.com ...". In this case the delay - happens even when Postfix is not busy. + o NOTE: Broken DNS configurations can also cause lengthy delays before + Postfix sends "220 hostname.example.com ...". These delays also exist + when Postfix is NOT overloaded. + + o NOTE: To avoid "overload" delays for end-user mail clients, enable the + "submission" service entry in master.cf (present since Postfix 2.1), + and tell users to connect to this instead of the public SMTP service. * The Postfix SMTP server logs an increased number of "lost connection after CONNECT" events. This happens because remote SMTP clients disconnect before Postfix answers the connection. - o NOTE: A portscan for open SMTP ports also results in "lost connection - ..." logfile messages. + o NOTE: A portscan for open SMTP ports can also result in "lost + connection ..." logfile messages. * Postfix 2.3 and later logs a warning that all server ports are busy: @@ -63,15 +66,16 @@ activity). Symptoms of Postfix SMTP mail server overload are: condition, increase the process count in master.cf or reduce the service time per client -Legitimate mail that doesn't get through during an episode of overload is not -necessarily lost. It should still arrive once the situation returns to normal, -as long as the overload condition is temporary. +Legitimate mail that doesn't get through during an episode of Postfix SMTP +server overload is not necessarily lost. It should still arrive once the +situation returns to normal, as long as the overload condition is temporary. SSeerrvviiccee mmoorree SSMMTTPP cclliieennttss aatt tthhee ssaammee ttiimmee -To service more SMTP clients simultaneously, you need to increase the number of -SMTP server processes. This will improve the responsiveness for remote SMTP -clients, as long as the server machine has enough hardware and software +One measure to avoid the "all server processes busy" condition is to service +more SMTP clients simultaneously. For this you need to increase the number of +Postfix SMTP server processes. This will improve the responsiveness for remote +SMTP clients, as long as the server machine has enough hardware and software resources to run the additional processes, and as long as the file system can keep up with the additional load. @@ -84,8 +88,9 @@ keep up with the additional load. operating system that supports kernel-based event filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll). - * You can reduce the Postfix memory footprint by using cdb: lookup tables - instead of Berkeley DB's hash: or btree: tables. + * More processes use more memory. You can reduce the Postfix memory footprint + by using cdb: lookup tables instead of Berkeley DB's hash: or btree: + tables. 1 /etc/postfix/main.cf: 2 # Raise the global process limit, 100 since Postfix 2.0. @@ -120,9 +125,9 @@ keep up with the additional load. SSppeenndd lleessss ttiimmee ppeerr SSMMTTPP cclliieenntt When increasing the number of SMTP server processes is not practical, you can -improve Postfix server responsiveness by eliminating unnecessary work. When -Postfix spends less time per SMTP session, the same number of SMTP server -processes can service more clients in the same amount of time. +improve Postfix server responsiveness by eliminating delays. When Postfix +spends less time per SMTP session, the same number of SMTP server processes can +service more clients in a given amount of time. * Eliminate non-functional RBL lookups (blocklists that are no longer in operation). These lookups can degrade performance. Postfix logs a warning @@ -137,18 +142,18 @@ processes can service more clients in the same amount of time. BACKSCATTER_README for examples of the latter. * Group your header_checks and body_checks patterns to avoid unnecessary - pattern matching operations. + pattern matching operations: 1 /etc/postfix/header_checks: 2 if /^Subject:/ 3 /^Subject: virus found in mail from you/ reject - 4 /^Subject: ..../ .... + 4 /^Subject: ..other../ reject 5 endif 6 7 if /^Received:/ 8 /^Received: from (postfix\.org) / reject forged client name in received header: $1 - 9 /^Received: from .../ .... + 9 /^Received: from ..other../ reject .... 10 endif DDiissccoonnnneecctt ssuussppiicciioouuss SSMMTTPP cclliieennttss @@ -157,14 +162,16 @@ Under conditions of overload you can improve Postfix SMTP server responsiveness by hanging up on suspicious clients, so that other clients get a chance to talk to Postfix. - * Use "521" reply codes (Postfix 2.6 and later) for botnet-related RBLs or - for selected non-RBL restrictions. With Postfix 2.3-2.5 use "421" for a - similar result. The Postfix SMTP server will disconnect immediately without + * Use "521" SMTP reply codes (Postfix 2.6 and later) or "421" (Postfix 2.3- + 2.5) to hang up on clients that that match botnet-related RBLs (see next + bullet) or that match selected non-RBL restrictions such as SMTP access + maps. The Postfix SMTP server will reject mail and disconnect without waiting for the remote SMTP client to send a QUIT command. - You can set individual reject codes for RBLs, and for individual responses - from a specific RBL. We'll use zen.spamhaus.org as an example; by the time - you read this document, details may have changed. Right now, their + * To hang up connections from blacklisted zombies, you can set specific + Postfix SMTP server reject codes for specific RBLs, and for individual + responses from specific RBLs. We'll use zen.spamhaus.org as an example; by + the time you read this document, details may have changed. Right now, their documents say that a response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP address, which means that the machine is probably running a bot of some kind. To give a 521 response instead of the default 554 @@ -180,37 +187,45 @@ to Postfix. 8 rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps 9 10 /etc/postfix/rbl_reply_maps: - 11 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable; - 12 $rbl_class [$rbl_what] blocked using - 13 $rbl_domain${rbl_reason?; $rbl_reason} - 14 - 15 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable; - 16 $rbl_class [$rbl_what] blocked using - 17 $rbl_domain${rbl_reason?; $rbl_reason} + 11 # With Postfix 2.3-2.5 use "421" to hang up connections. + 12 zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable; + 13 $rbl_class [$rbl_what] blocked using + 14 $rbl_domain${rbl_reason?; $rbl_reason} + 15 + 16 zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable; + 17 $rbl_class [$rbl_what] blocked using + 18 $rbl_domain${rbl_reason?; $rbl_reason} - Although the above shows three RBL lookups (lines 4-6), Postfix will still - only do a single DNS query, so the performance difference is negligible. + Although the above example shows three RBL lookups (lines 4-6), Postfix + will only do a single DNS query, so it does not affect the performance. - With Postfix 2.3-2.5, use 421 (reply code 521 will not cause Postfix to - disconnect). The down-side of sending 421 is that it works only for zombies - and other malware. If the client is running a real MTA, then it may connect - again several times until the mail expires in its queue. When this is a - problem, stick with the default 554 reply, and use "smtpd_hard_error_limit - = 1" as described below. + * With Postfix 2.3-2.5, use reply code 421 (521 will not cause Postfix to + disconnect). The down-side of replying with 421 is that it works only for + zombies and other malware. If the client is running a real MTA, then it may + connect again several times until the mail expires in its queue. When this + is a problem, stick with the default 554 reply, and use + "smtpd_hard_error_limit = 1" as described below. - With Postfix 2.5, or with earlier releases that contain the stress-adaptive - behavior patch, you can turn on the above under overload by replacing line - 8 with: + * You can automatically turn on the above overload measure with Postfix 2.5 + and later, or with earlier releases that contain the stress-adaptive + behavior source code patch from the mirrors listed at http:// + www.postfix.org/download.html. Simply replace line above 8 with: 8 rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps} - More information about automatic stress-adaptive behavior is at the end of - this document. +More information about automatic stress-adaptive behavior is in section +"Automatic stress-adaptive behavior". -TTaakkee ddeessppeerraattee mmeeaassuurreess +TTeemmppoorraarryy mmeeaassuurreess ffoorr oollddeerr PPoossttffiixx rreelleeaasseess -The following measures will still allow mmoosstt legitimate clients to connect and -send mail, but may affect some legitimate clients. +See the next section, "Automatic stress-adaptive behavior", if you are running +Postfix version 2.5 or later, or if you have applied the source code patch for +stress-adaptive behavior from the mirrors listed at http://www.postfix.org/ +download.html. + +The following measures can be applied temporarily during overload. They still +allow mmoosstt legitimate clients to connect and send mail, but may affect some +legitimate clients. * Reduce smtpd_timeout (default: 300s). Experience on the postfix-users list from a variety of sysadmins shows that reducing the "normal" smtpd_timeout @@ -228,55 +243,75 @@ send mail, but may affect some legitimate clients. longer-active user names that didn't bother to unsubscribe. No mail should be lost, as long as this measure is used only temporarily. - * Disable remote SMTP client hostname lookups, so that all SMTP client - hostnames become "unknown" (line 5 below). This feature was introduced with - Postfix 2.3. Unfortunately, this measure is more problematic than the other - ones proposed sofar. First, this will result in loss of mail when you use - hostname-based access rules that reject mail from "unknown" SMTP clients - (examples: reject_unknown_client_hostname, - reject_unknown_reverse_client_hostname). Second, this may result in loss of - mail when you subject "unknown" SMTP clients to additional restrictions - such as reject_unverified_sender. + * Use an smtpd_junk_command_limit of 1 instead of the default 100. This + prevents clients from keeping idle connections open by repeatedly sending + NOOP or RSET commands. 1 /etc/postfix/main.cf: 2 smtpd_timeout = 10 3 smtpd_hard_error_limit = 1 - 4 # Caution: line 5 may trigger REJECTs by hostname-based access rules + 4 smtpd_junk_command_limit = 1 - 5 smtpd_peername_lookup = no +With these measures, no mail should be lost, as long as these measures are used +only temporarily. The next section of this document introduces a way to +automate this process. -Except with the last measure, no mail should be lost, as long as these measures -are used only temporarily. The next section of this document introduces a way -to automate this process. - -MMaakkee PPoossttffiixx bbeehhaavviioorr ssttrreessss--aaddaappttiivvee +AAuuttoommaattiicc ssttrreessss--aaddaappttiivvee bbeehhaavviioorr Postfix version 2.5 introduces automatic stress-adaptive behavior. This is also -available as an add-on patch for Postfix versions 2.4 and 2.3 from the mirrors -listed at http://www.postfix.org/download.html. +available as a source code patch for Postfix versions 2.4 and 2.3 from the +mirrors listed at http://www.postfix.org/download.html. -It works as follows. When a "public" network service runs into an "all server -ports are busy" condition, the master(8) daemon logs a warning, restarts the -service (without interrupting existing network sessions), and runs the service -with "-o stress=yes" on the command line. Normally, it runs a stress-adaptive -service with "-o stress=" on the command line (i.e. with an empty parameter -value). Other services never have "-o stress" parameters on the command line, -including services that listen on a loopback interface only. +It works as follows. When a "public" network service such as the SMTP server +runs into an "all server ports are busy" condition, the Postfix master(8) +daemon logs a warning, restarts the service (without interrupting existing +network sessions), and runs the service with "-o stress=yes" on the server +process command line: -The stress pseudo-parameter value is the key to making main.cf parameter -settings stress adaptive: + 80821 ?? S 0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes - 1 /etc/postfix/main.cf: - 2 smtpd_timeout = ${stress?10}${stress:300} - 3 smtpd_hard_error_limit = ${stress?1}${stress:20} +Normally, the Postfix master(8) daemon runs such a service with "-o stress=" on +the command line (i.e. with an empty parameter value): + + 83326 ?? S 0:00.28 smtpd -n smtp -t inet -u -c -o stress= + +Services that have local access only never have "-o stress" parameters on the +command line. This includes services internal to Postfix such as the queue +manager, and services that listen on a loopback interface only, such as after- +filter SMTP services. + +The "stress" parameter value is the key to making main.cf parameter settings +stress adaptive. The following settings are the default with Postfix 2.6 and +later. With earlier Postfix versions that have stress-adaptive support, append +the lines below to the main.cf file and issue a "postfix reload" command: + + 1 smtpd_timeout = ${stress?10}${stress:300}s + 2 smtpd_hard_error_limit = ${stress?1}${stress:20} + 3 smtpd_junk_command_limit = ${stress?1}${stress:100} Translation: - * Line 2: under conditions of stress, use an smtpd_timeout value of 10 - seconds instead of the default 300 seconds, + * Line 1: under conditions of stress, use an smtpd_timeout value of 10 + seconds instead of the default 300 seconds. Experience on the postfix-users + list from a variety of sysadmins shows that reducing the "normal" + smtpd_timeout to 60s is unlikely to affect legitimate clients. However, it + is unlikely to become the Postfix default because it's not RFC compliant. + Setting smtpd_timeout to 10s (line 2 below) or even 5s under stress will + still allow most legitimate clients to connect and send mail, but may delay + mail from some clients. No mail should be lost, as long as this measure is + used only temporarily. - * Line 3: under conditions of stress, use an smtpd_hard_error_limit of 1 - instead of the default 20. + * Line 2: under conditions of stress, use an smtpd_hard_error_limit of 1 + instead of the default 20. This helps by disconnecting clients after a + single error, giving other clients a chance to connect. However, this may + cause significant delays with legitimate mail, such as a mailing list that + contains a few no-longer-active user names that didn't bother to + unsubscribe. No mail should be lost, as long as this measure is used only + temporarily. + + * Line 3: under conditions of stress, use an smtpd_junk_command_limit of 1 + instead of the default 100. This prevents clients from keeping idle + connections open by repeatedly sending NOOP or RSET commands. The syntax of ${name?value} and ${name:value} is explained at the beginning of the postconf(5) manual page. @@ -346,6 +381,18 @@ accept remote connections. 7 -o stress= 8 -o . . . +OOtthheerr mmeeaassuurreess ttoo ooffff--llooaadd zzoommbbiieess + +OpenBSD spamd implements a daemon that handles all connections from "new" +clients. Only well-behaved mail clients are allowed to talk to the mail server. +Other clients are tarpitted, and will never get a chance to affect mail server +performance. + +At some point in the future, Postfix may come with a simple front-end daemon +that does basic greylisting and pipelining detection to keep zombies and other +ratware away from Postfix itself. This would use the "pass" service type which +has been available in stable Postfix releases since Postfix 2.5. + CCrreeddiittss * Thanks to the postfix-users mailing list members for sharing early diff --git a/postfix/README_FILES/TLS_LEGACY_README b/postfix/README_FILES/TLS_LEGACY_README index f78af3ff6..1f82652a2 100644 --- a/postfix/README_FILES/TLS_LEGACY_README +++ b/postfix/README_FILES/TLS_LEGACY_README @@ -375,7 +375,7 @@ is high. Example: /etc/postfix/main.cf: - smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache + smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache As of version 2.5, Postfix will no longer maintain this file in a directory with non-Postfix ownership. As a migration aid, attempts to open such files are @@ -631,7 +631,7 @@ client is allowed to negotiate per unit time. Example: /etc/postfix/main.cf: - smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache + smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache As of version 2.5, Postfix will no longer maintain this file in a directory with non-Postfix ownership. As a migration aid, attempts to open such files are diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 47adf0b7c..a408a86c5 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -160,10 +160,10 @@ configure all three at the same time, in which case the cipher used determines which certificate is presented. For Netscape and OpenSSL clients without special cipher choices, the RSA certificate is preferred. -In order for remote SMTP clients to check the Postfix SMTP server certificates, -the CA certificate (in case of a certificate chain, all CA certificates) must -be available. You should add any intermediate CA certificates to the server -certificate: the server certificate first, then the intermediate CA(s). +To enable a remote SMTP client to verify the Postfix SMTP server certificate, +the issuing CA certificates must be made available to the client. You should +include the required certificates in the server certificate file, the server +certificate first, then the issuing CA(s) (bottom-up order). Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". Create the server.pem @@ -227,14 +227,14 @@ files in the directory when the information is needed. Thus, the $smtpd_tls_CApath directory needs to be accessible inside the optional chroot jail. -When you configure the Postfix SMTP server to request client certificates, any -CA certificates in $smtpd_tls_CAfile are sent to the client, in order to allow -it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile is -specified, no preferred CA list is sent, and the client is free to choose an -identity signed by any CA. Many clients use a fixed identity regardless of the -preferred CA list and you may be able to reduce TLS negotiation overhead by -installing client CA certificates mostly or only in $smtpd_tls_CApath. In the -latter case you need not specify a $smtpd_tls_CAfile. +When you configure the Postfix SMTP server to request client certificates, the +DNs of certificate authorities in $smtpd_tls_CAfile are sent to the client, in +order to allow it to choose an identity signed by a CA you trust. If no +$smtpd_tls_CAfile is specified, no preferred CA list is sent, and the client is +free to choose an identity signed by any CA. Many clients use a fixed identity +regardless of the preferred CA list and you may be able to reduce TLS +negotiation overhead by installing client CA certificates mostly or only in +$smtpd_tls_CApath. In the latter case you need not specify a $smtpd_tls_CAfile. Note, that unless client certificates are used to allow greater access to TLS authenticated clients, it is best to not ask for client certificates at all, as @@ -670,14 +670,14 @@ as the Postfix SMTP server. If a certificate is to be presented, it must be in accessible without password. Both parts (certificate and private key) may be in the same file. -In order for remote SMTP servers to verify the Postfix SMTP client -certificates, the CA certificate (in case of a certificate chain, all CA -certificates) must be available. You should add these certificates to the -client certificate, the client certificate first, then the issuing CA(s). +To enable remote SMTP servers to verify the Postfix SMTP client certificate, +the issuing CA certificates must be made available to the server. You should +include the required certificates in the client certificate file, the client +certificate first, then the issuing CA(s) (bottom-up order). Example: the certificate for "client.example.com" was issued by "intermediate -CA" which itself has a certificate of "root CA". Create the client.pem file -with: +CA" which itself has a certificate issued by "root CA". Create the client.pem +file with: % ccaatt cclliieenntt__cceerrtt..ppeemm iinntteerrmmeeddiiaattee__CCAA..ppeemm >> cclliieenntt..ppeemm diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index cf51d3ffd..bad090302 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -20,8 +20,9 @@ only when clients match $local_header_rewrite_clients. Specify Adding such headers can break DKIM signatures that cover headers that are not present. -This changes the appearance of Postfix logging: some messages will -no longer log a message-id=<...text...> line. +This changes the appearance of Postfix logging: to preserve +compatibility with existing logfile processing software, Postfix +will log ``message-id=<>'' for messages without Message-Id header. Major changes with snapshot 20090212 ==================================== diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 84f31dd8b..a7b7d4e9d 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,5 +1,7 @@ Wish list: + Remove this file from the stable release. + "postconf -N" option to print user-defined parameter names (these have no defaults, since they exist only when specified in main.cf or with "-o name=value"). @@ -7,27 +9,16 @@ Wish list: Make the "unknown recipient" test configurable as first|last|never, with "yes"=="last" for backwards compatibility. The "first" setting is good for performance - (stress=yes) when all users are defined in local files. - - Make the double-bounce address time-dependent (with 24-hour - grace period). Spammers appear to use this address to avoid - DATA command rejects. Avoiding DATA rejects means they can - pipeline the entire SMTP session without triggering huge - numbers of protocol errors. They can still trigger "improper - command pipelining after DATA" alarms, but that requires - non-default main.cf settings. + (stress=yes) when all users are defined in local files; but + it may perform worse when users are in networked tables. Cleanup: make DNSBL query format configurable beyond the client's reversed IP address. With 'final delivery' in the LMTP client, need an option - to also add delivered-to and other pipe(8) features. - This requires making mail_copy() more generic. - - To work around historical AWK's limit of 10 open files, - pipe all output into a shell and have the shell open files. - It's too much pain to find out whose AWK is old and where - if any they keep the XPG4 compliant version. + to also add delivered-to and other pipe(8) features. This + requires making mail_copy() functionality available in + non-mailbox context. Cleanup: modernize the "add missing From: header" code, to ``phrase '' form. Most likely, quote the entire phrase @@ -40,13 +31,6 @@ Wish list: Maybe change maps_rbl_reject_code default to 521, and update wording in STRESS_README. - reject_unlisted_recipient = (yes | late | early | no) with - yes===late, for backwards compatibility. Ditto for - reject_unlisted_sender. - - Set a flag when a remote SMTP client speaks before the - Postfix SMTP server sends the 220 greeting. - Encapsulate time_t comparisons so that they can be made system dependent (use difftime() where available). @@ -65,13 +49,6 @@ Wish list: is unlikely to break existing configurations. Or perhaps it's just too ugly. - Make adding Date/From/Message-ID headers dependent on local - rewrite context. - - Make adding date/from/etc. conditional. Perhaps on header - rewrite context? Do we need a more powerful concept than - local_header_rewrite_clients/remote_header_rewrite_domain? - Write delivery rate delay example (which _README?) and auth failure cache example (SASL_README). Then include them in SOHO_README. @@ -83,12 +60,16 @@ Wish list: that it makes smtpd_mumble_restrictions available for local and remote mail; the disadvantage is that it makes local submissions more dependent on networking. One possibility - is to use "pickup -o content_filter=smtp:127.0.0.1:10025"; + is to use "pickup -o content_filter=smtp:127.0.0.1:10025", + or a dedicated SMTP client/server on UNIX-domain sockets; we could also decide to always suppress "mail loop" detection for loopback connections. Another option is to have the pickup or cleanup server drive an SMTP client directly; this would require extension of the mail_stream() interface, - plus a way to handle bounced/deferred recipients intelligently. + plus a way to handle bounced/deferred recipients intelligently, + but it would be at odds with Postfix design where delivery + agents access queue files directly; exposing delivery agents + to raw queue files violates another Postfix design principle. Consolidate duplicated code in *_server_accept_{pass,inet}(). diff --git a/postfix/html/BASIC_CONFIGURATION_README.html b/postfix/html/BASIC_CONFIGURATION_README.html index c204ba66d..ae988b6b6 100644 --- a/postfix/html/BASIC_CONFIGURATION_README.html +++ b/postfix/html/BASIC_CONFIGURATION_README.html @@ -20,7 +20,7 @@

Introduction

Postfix has several hundred configuration parameters that are -controlled via the main.cf file. Fortunately, all parameters have +controlled via the main.cf file. Fortunately, all parameters have sensible default values. In many cases, you need to configure only two or three parameters before you can start to play with the mail system. Here's a quick introduction to the syntax:

@@ -121,12 +121,12 @@ look at the other parameters listed here as well:

Postfix configuration files

By default, Postfix configuration files are in /etc/postfix. -The two most important files are main.cf and master.cf; these files +The two most important files are main.cf and master.cf; these files must be owned by root. Giving someone else write permission to -main.cf or master.cf (or to their parent directories) means giving +main.cf or master.cf (or to their parent directories) means giving root privileges to that person.

-

In /etc/postfix/main.cf you will have to set up a minimal number +

In /etc/postfix/main.cf you will have to set up a minimal number of configuration parameters. Postfix configuration parameters resemble shell variables, with two important differences: the first one is that Postfix does not know about quotes like the UNIX shell @@ -136,7 +136,7 @@ does.

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     parameter = value
@@ -145,7 +145,7 @@ does.

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     other_parameter = $parameter
@@ -162,12 +162,12 @@ Here is a common example of how Postfix invokes a database: 

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     virtual_alias_maps = hash:/etc/postfix/virtual
-

Whenever you make a change to the main.cf or master.cf file, +

Whenever you make a change to the main.cf or master.cf file, execute the following command as root in order to refresh a running mail system:

@@ -194,7 +194,7 @@ to an unqualified recipient address. 

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     myorigin = $myhostname (default: send mail as "user@$myhostname")
     myorigin = $mydomain   (probably desirable: "user@$mydomain")
@@ -223,7 +223,7 @@ domain, you must list $mydomain as well. 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mydestination = $myhostname localhost.$mydomain localhost
@@ -232,7 +232,7 @@ domain, you must list $mydomain as well. 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mydestination = $myhostname localhost.$mydomain localhost $mydomain
@@ -241,7 +241,7 @@ domain, you must list $mydomain as well. 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mydestination = $myhostname localhost.$mydomain localhost 
         www.$mydomain ftp.$mydomain
@@ -265,7 +265,7 @@ then your default mynetworks setting ma 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mynetworks_style = subnet  (default: authorize subnetworks)
     mynetworks_style = host    (safe: authorize local machine only)
     mynetworks = 127.0.0.0/8   (safe: authorize local machine only)
@@ -273,7 +273,7 @@ then your default mynetworks setting ma
-

You can specify the trusted networks in the main.cf file, or +

You can specify the trusted networks in the main.cf file, or you can let Postfix do the work for you. The default is to let Postfix do the work. The result depends on the mynetworks_style parameter value. @@ -304,13 +304,13 @@ blocks in CIDR (network/mask) notation, for example: 

-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mynetworks = 168.100.189.0/28, 127.0.0.0/8

You can also specify the absolute pathname of a pattern file instead -of listing the patterns in the main.cf file.

+of listing the patterns in the main.cf file.

What destinations to relay mail to

@@ -325,7 +325,7 @@ of the domains listed with the mydestina 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relay_domains = $mydestination (default)
     relay_domains =           (safe: never forward mail from strangers)
     relay_domains = $mydomain (forward mail to my domain and subdomains)
@@ -341,13 +341,13 @@ or desirable.  For example, your system may be turned off outside
 office hours, it may be behind a firewall, or it may be connected
 via a provider who does not allow direct mail to the Internet.  In
 those cases you need to configure Postfix to deliver mail indirectly
-via a relay host. 

+via a relay host. 

 
 
 Examples (specify only one of the following): 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relayhost =                   (default: direct delivery to Internet)
     relayhost = $mydomain         (deliver via local mailhub)
     relayhost = [mail.$mydomain]  (deliver via local mailhub)
@@ -392,7 +392,7 @@ serious problems (resource, software) to postmaster:  

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     notify_classes = resource, software
 

 

@@ -477,7 +477,7 @@ mail delivery loops will happen when the primary MX host is down.
 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     proxy_interfaces = 1.2.3.4 (the proxy/NAT external network address)
 

 

@@ -539,7 +539,7 @@ Postfix logging. 

 
  Running Postfix daemon processes
 chrooted  

 
-
 Postfix daemon processes can be configured (via the master.cf
+
 Postfix daemon processes can be configured (via the master.cf
 file) to run in a chroot jail.  The processes run at a fixed low
 privilege and with file system access limited to the Postfix queue
 directories (/var/spool/postfix).  This provides a significant
@@ -556,9 +556,9 @@ processes, and perhaps also the lmtp(8) client. The au
 porcupine.org mail server runs all daemons chrooted that can be
 chrooted.  

 
-
The default /etc/postfix/master.cf file specifies that no Postfix
+
The default /etc/postfix/master.cf file specifies that no Postfix
 daemon runs chrooted. In order to enable chroot operation, edit
-the file /etc/postfix/master.cf, and follow instructions in the
+the file /etc/postfix/master.cf, and follow instructions in the
 file.  When you're finished, execute "postfix reload" to make the
 change effective. 

 
@@ -592,7 +592,7 @@ or if you run Postfix on a virtual interface, you will have to
 specify the fully-qualified domain name that the mail system should
 use. 

 
-
 Alternatively, if you specify mydomain in main.cf, then Postfix
+
 Alternatively, if you specify mydomain in main.cf, then Postfix
 will use its value to generate a fully-qualified default value      
 for the myhostname parameter. 

 
@@ -600,7 +600,7 @@ for the myhostname parameter. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     myhostname = host.local.domain (machine name is not FQDN)
     myhostname = host.virtual.domain (virtual interface)
     myhostname = virtual.domain (virtual interface)
@@ -614,7 +614,7 @@ $myhostname.  By default, it is derived
 by stripping off the first part (unless the result would be a
 top-level domain). 

 
-
 Conversely, if you specify mydomain in main.cf, then Postfix
+
 Conversely, if you specify mydomain in main.cf, then Postfix
 will use its value to generate a fully-qualified default value
 for the myhostname parameter. 

 
@@ -622,7 +622,7 @@ for the myhostname parameter. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     mydomain = local.domain
     mydomain = virtual.domain (virtual interface)
 
 
@@ -636,7 +636,7 @@ to "user@[network address]" will be delivered locally,
 as if it is addressed to a domain listed in  $mydestination.

 
 
 You can override the inet_interfaces setting in the Postfix
-master.cf file by prepending an IP address to a server name. 

+master.cf file by prepending an IP address to a server name. 

 
 
 The default is to listen on all active interfaces.  If you run
 mailers on virtual interfaces, you will have to specify what
@@ -652,7 +652,7 @@ MTA is down.  

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     inet_interfaces = all
 

 

@@ -662,7 +662,7 @@ each Postfix instance, specify only one of the following. 

 
 

 
-/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     inet_interfaces = virtual.host.tld         (virtual Postfix)
     inet_interfaces = $myhostname localhost... (non-virtual Postfix)
 

diff --git a/postfix/html/DSN_README.html b/postfix/html/DSN_README.html
index 6ca3d84d3..32ef928af 100644
--- a/postfix/html/DSN_README.html
+++ b/postfix/html/DSN_README.html
@@ -21,7 +21,7 @@ DSN Support 
 
Introduction

 
 
 Postfix version 2.3 introduces support for Delivery Status
-Notifications as described in RFC 3464. This gives senders control
+Notifications as described in RFC 3464. This gives senders control
 over successful and failed delivery notifications.  

 
 
 Specifically, DSN support gives an email sender the ability to
diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html
index 0193491e9..0514d22f6 100644
--- a/postfix/html/IPV6_README.html
+++ b/postfix/html/IPV6_README.html
@@ -254,7 +254,7 @@ to the LMTP client. 

 
 
  •  
     The SMTP server now requires that IPv6 addresses in SMTP
 commands are specified as [ipv6:ipv6address], as
-described in RFC 2821. 
    
+described in RFC 2821. 
    
 
 
  •  
     The IPv6 network address matching code was rewritten from
 the ground up, and is expected to be closer to the specification.
diff --git a/postfix/html/MAILDROP_README.html b/postfix/html/MAILDROP_README.html
index ad95a4e93..100cc297a 100644
--- a/postfix/html/MAILDROP_README.html
+++ b/postfix/html/MAILDROP_README.html
@@ -85,7 +85,7 @@ becoming clogged with undeliverable messages. Specify an empty
 value ("virtual_mailbox_maps =") to disable this feature. 
    
 
 
  •  
     Lines 6 and 13-15 redirect mail for postmaster to the
-local postmaster. RFC 821 requires that every domain has a postmaster
+local postmaster. RFC 821 requires that every domain has a postmaster
 address. 
    
 
 
diff --git a/postfix/html/SCHEDULER_README.html b/postfix/html/SCHEDULER_README.html
index 5551eed92..3ab943201 100644
--- a/postfix/html/SCHEDULER_README.html
+++ b/postfix/html/SCHEDULER_README.html
@@ -640,7 +640,7 @@ feedback amount, per delivery that does not fail with connection
 or handshake failure  
 
   default_destination_concurrency_negative_feedback
    
-transport_destination_concurrency_negative_feedback 
+transport_destination_concurrency_negative_feedback 
  2.5
     2.5   Per-destination negative
 feedback amount, per delivery that fails with connection or handshake
 failure  
diff --git a/postfix/html/SMTPD_POLICY_README.html b/postfix/html/SMTPD_POLICY_README.html
index fef97a1ac..42c3e2f4e 100644
--- a/postfix/html/SMTPD_POLICY_README.html
+++ b/postfix/html/SMTPD_POLICY_README.html
@@ -126,10 +126,10 @@ stress=
     an empty value ("name="), or sends a zero value ("name=0") in
     the case of a numerical attribute. 
    
 
-    
  •  
     The "recipient" attribute is available only in the
-    "RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages
-    when Postfix accepted only one recipient for the current message.
-    
    
+    
  •  
     The "recipient" attribute is available in the "RCPT
+    TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE"
+    stages if Postfix accepted only one recipient for the current
+    message.  
    
 
     
  •  
     The "recipient_count" attribute (Postfix 2.3 and later)
     is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It
diff --git a/postfix/html/STRESS_README.html b/postfix/html/STRESS_README.html
index 0a090a2c3..49a99408f 100644
--- a/postfix/html/STRESS_README.html
+++ b/postfix/html/STRESS_README.html
@@ -21,13 +21,11 @@ Stress-Dependent Configuration
 
    Overview 
    
 
 
     This document describes the symptoms of Postfix SMTP server
-overload, and how to avoid the condition under normal conditions.
-When the condition is caused by botnets or other malware, the
-document suggests configuration settings that help to minimize the
-impact on legitimate mail.  Finally, the document introduces
-stress-adaptive behavior, introduced with Postfix 2.5, and how it
-can be used to automatically switch configuration settings under
-overload.  
    
+overload. It presents permanent main.cf changes to avoid overload
+during normal operation, and temporary main.cf changes to cope with
+an unexpected burst of mail. This document makes specific suggestions
+for Postfix 2.5 and later which support stress-adaptive behavior,
+and for earlier Postfix versions that don't.  
    
 
 
     Topics covered in this document: 
    
 
@@ -41,47 +39,52 @@ overload.  
    
 
 
  •  Disconnect suspicious SMTP clients 
 
-
  •  Take desperate measures 
+
  •  Temporary measures for older Postfix releases 
 
-
  •  Make Postfix behavior stress-adaptive 
+
  •  Automatic stress-adaptive behavior 
 
 
  •  Detecting support for stress-adaptive behavior 
 
 
  •  Forcing stress-adaptive behavior on or off 
 
+
  •  Other measures to off-load zombies 
+
 
  •  Credits 
 
 
 
 
     Symptoms of Postfix SMTP server overload 
    
 
-
     Under normal conditions, Postfix responds immediately when a
-remote SMTP client connects. The time needed to deliver mail should
-be noticeable only with very large messages.  Performance degrades
-more dramatically when the number of remote SMTP clients exceeds
-the number of Postfix SMTP server processes.  When a client connects
-while all server processes are busy, the client must wait until a
-server process becomes available. 
    
+
     Under normal conditions, the Postfix SMTP server responds
+immediately when an SMTP client connects to it; the time to deliver
+mail is noticeable only with large messages.  Performance degrades
+dramatically when the number of SMTP clients exceeds the number of
+Postfix SMTP server processes.  When an SMTP client connects while
+all Postfix SMTP server processes are busy, the client must wait
+until a server process becomes available. 
    
 
-
     Overload may be caused by a legitimate mail (example: a DNS
-registrar opens a new zone for registrations), by mistake (mail
-explosion caused by a forwarding loop) or by illegitimate mail (worm
-outbreak, botnet, or other malware activity).  Symptoms of Postfix
-SMTP mail server overload are: 
    
+
     SMTP server overload may be caused by a surge of legitimate
+mail (example: a DNS registrar opens a new zone for registrations),
+by mistake (mail explosion caused by a forwarding loop) or by malice
+(worm outbreak, botnet, or other illegitimate activity).  
    
+
+
     Symptoms of Postfix SMTP server overload are: 
    
 
 
      
 
 
    •  
       Remote SMTP clients experience a long delay before Postfix
-sends the "220 hostname.example.com ESMTP Postfix" greeting.  If
-this affects end-user mail clients, enable the "submission" service
-entry in master.cf (present since Postfix 2.1), and tell users to
-connect to this instead of the public SMTP service. 
      
+sends the "220 hostname.example.com ESMTP Postfix" greeting. 
      
 
 
        
 
-
      •  
         NOTE: Broken DNS configurations also cause lengthy delays
-before Postfix sends "220 hostname.example.com ...". In this case
-the delay happens even when Postfix is not busy.  
        
+
      •  
         NOTE: Broken DNS configurations can also cause lengthy
+delays before Postfix sends "220 hostname.example.com ...". These
+delays also exist when Postfix is NOT overloaded.  
        
+
+
      •  
         NOTE:  To avoid "overload" delays for end-user mail
+clients, enable the "submission" service entry in master.cf (present
+since Postfix 2.1), and tell users to connect to this instead of
+the public SMTP service. 
        
 
 
      
 
@@ -91,8 +94,8 @@ clients disconnect before Postfix answers the connection. 
      
 
 
        
 
-
      •  
         NOTE: A portscan for open SMTP ports also results in "lost
-connection ..." logfile messages. 
        
+
      •  
         NOTE: A portscan for open SMTP ports can also result in
+"lost connection ..." logfile messages. 
        
 
 
      
 
@@ -111,14 +114,16 @@ Oct  3 20:39:27 spike postfix/master[28905]: warning: to avoid this
 
    
 
 
     Legitimate mail that doesn't get through during an episode of
-overload is not necessarily lost. It should still arrive once the
-situation returns to normal, as long as the overload condition is
-temporary.  
    
+Postfix SMTP server overload is not necessarily lost. It should
+still arrive once the situation returns to normal, as long as the
+overload condition is temporary.  
    
 
 
     Service more SMTP clients at the same time  
    
 
-
     To service more SMTP clients simultaneously, you need to increase
-the number of SMTP server processes. This will improve the
+
     One measure to avoid the "all server processes busy" condition
+is to service more SMTP clients simultaneously. For this you need
+to increase the number of Postfix SMTP server processes. This will
+improve the
 responsiveness for remote SMTP clients, as long as the server machine
 has enough hardware and software resources to run the additional
 processes, and as long as the file system can keep up with the
@@ -137,7 +142,8 @@ later, and an operating system that supports kernel-based event
 filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).
 
    
 
-
  •  
     You can reduce the Postfix memory footprint by using cdb:
+
  •  
     More processes use more memory. You can reduce the Postfix
+memory footprint by using cdb:
 lookup tables instead of Berkeley DB's hash: or btree: tables. 
    
 
 
    @@ -181,9 +187,9 @@ Issue a "postfix reload" command to make the change effective.  
    
 
 
     When increasing the number of SMTP server processes is not
 practical, you can improve Postfix server responsiveness by eliminating
-unnecessary work. When Postfix spends less time per SMTP session, the
-same number of SMTP server processes can service more clients in the
-same amount of time. 
    
+delays.  When Postfix spends less time per SMTP session, the same
+number of SMTP server processes can service more clients in a given
+amount of time. 
    
 
 
      
 
@@ -201,18 +207,18 @@ emergency patterns to block the latest worm explosion or backscatter
 mail.  See BACKSCATTER_README for examples of the latter.
 
 
    •  
       Group your header_checks and body_checks patterns to avoid
-unnecessary pattern matching operations.
+unnecessary pattern matching operations:
 
 
        1  /etc/postfix/header_checks:
  2      if /^Subject:/
  3      /^Subject: virus found in mail from you/ reject
- 4      /^Subject: ..../ ....
+ 4      /^Subject: ..other../ reject
  5      endif
  6  
  7      if /^Received:/
  8      /^Received: from (postfix\.org) / reject forged client name in received header: $1
- 9      /^Received: from .../ ....
+ 9      /^Received: from ..other../ reject ....
 10      endif
 
      
 
@@ -226,20 +232,22 @@ clients get a chance to talk to Postfix.  
      
 
 
        
 
-
      •  
         Use "521" reply codes (Postfix 2.6 and later) for
-botnet-related RBLs or for selected non-RBL restrictions. With
-Postfix 2.3-2.5 use "421" for a similar result. The Postfix SMTP
-server will disconnect immediately without waiting for the remote
-SMTP client to send a QUIT command. 
        
+
      •  
         Use "521" SMTP reply codes (Postfix 2.6 and later) or "421"
+(Postfix 2.3-2.5) to hang up on clients that that match botnet-related
+RBLs (see next bullet) or that match selected non-RBL restrictions
+such as SMTP access maps.  The Postfix SMTP server will reject mail
+and disconnect without waiting for the remote SMTP client to send
+a QUIT command.  
        
 
-
         You can set individual reject codes for RBLs, and for individual
-responses from a specific RBL. We'll use zen.spamhaus.org as an
-example; by the time you read this document, details may have
-changed.  Right now, their documents say that a response of 127.0.0.10
-or 127.0.0.11 indicates a dynamic client IP address, which means
-that the machine is probably running a bot of some kind.  To give
-a 521 response instead of the default 554 response, use something
-like: 
        
+
      •  
         To hang up connections from blacklisted zombies, you can
+set specific Postfix SMTP server reject codes for specific RBLs,
+and for individual responses from specific RBLs. We'll use
+zen.spamhaus.org as an example; by the time you read this document,
+details may have changed.  Right now, their documents say that a
+response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP
+address, which means that the machine is probably running a bot of
+some kind.  To give a 521 response instead of the default 554
+response, use something like: 
        
 
 
          1  /etc/postfix/main.cf:
@@ -252,45 +260,55 @@ like: 
        
  8      rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
  9  
 10  /etc/postfix/rbl_reply_maps:
-11      zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
-12       $rbl_class [$rbl_what] blocked using
-13       $rbl_domain${rbl_reason?; $rbl_reason}
-14  
-15      zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
-16       $rbl_class [$rbl_what] blocked using
-17       $rbl_domain${rbl_reason?; $rbl_reason}
+11      # With Postfix 2.3-2.5 use "421" to hang up connections.
+12      zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
+13       $rbl_class [$rbl_what] blocked using
+14       $rbl_domain${rbl_reason?; $rbl_reason}
+15  
+16      zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
+17       $rbl_class [$rbl_what] blocked using
+18       $rbl_domain${rbl_reason?; $rbl_reason}
 
        
 
-
         Although the above shows three RBL lookups (lines 4-6), Postfix
-will still only do a single DNS query, so the performance difference
-is negligible. 
        
+
         Although the above example shows three RBL lookups (lines 4-6),
+Postfix will only do a single DNS query, so it does not affect the
+performance. 
        
 
-
         With Postfix 2.3-2.5, use 421 (reply code 521 will not cause
-Postfix to disconnect). The down-side of sending 421 is that
-it works only for zombies and other malware. If the client is running
-a real MTA, then it may connect again several times until the mail
-expires in its queue. When this is a problem, stick with the default
-554 reply, and use "smtpd_hard_error_limit = 1" as described below.
-
        
+
      •  
         With Postfix 2.3-2.5, use reply code 421 (521 will not
+cause Postfix to disconnect). The down-side of replying with 421
+is that it works only for zombies and other malware. If the client
+is running a real MTA, then it may connect again several times until
+the mail expires in its queue. When this is a problem, stick with
+the default 554 reply, and use "smtpd_hard_error_limit = 1" as
+described below.  
        
 
-
         With Postfix 2.5, or with earlier releases that contain the
-stress-adaptive behavior patch, you can turn on the above under
-overload by replacing line 8 with: 
        
+
      •  
         You can automatically turn on the above overload measure
+with Postfix 2.5 and later, or with earlier releases that contain
+the stress-adaptive behavior source code patch from the mirrors
+listed at http://www.postfix.org/download.html. Simply replace line
+above 8 with: 
        
 
 
          8      rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
 
        
 
-
         More information about automatic stress-adaptive behavior is
-at the end of this document. 
        
-
 
      
 
-
       Take desperate measures 
      
+
       More information about automatic stress-adaptive behavior is
+in section "Automatic stress-adaptive behavior".
+
      
 
-
       The following measures will still allow most legitimate
-clients to connect and send mail, but may affect some legitimate
-clients. 
      
+
       Temporary measures for older Postfix releases 
      
+
+
       See the next section, "Automatic stress-adaptive
+behavior", if you are running Postfix version 2.5 or later, or
+if you have applied the source code patch for stress-adaptive
+behavior from the mirrors listed at http://www.postfix.org/download.html.
+
      
+
+
       The following measures can be applied temporarily during overload.
+They still allow most legitimate clients to connect and send
+mail, but may affect some legitimate clients. 
      
 
 
        
 
@@ -312,16 +330,9 @@ such as a mailing list that contains a few no-longer-active user
 names that didn't bother to unsubscribe. No mail should be lost,
 as long as this measure is used only temporarily. 
        
 
-
      •  
         Disable remote SMTP client hostname lookups, so that all
-SMTP client hostnames become "unknown" (line 5 below). This feature
-was introduced with Postfix 2.3. Unfortunately, this measure is
-more problematic than the other ones proposed sofar.  First, this
-will result in loss of mail when you use hostname-based access rules
-that reject mail from "unknown" SMTP clients (examples:
-reject_unknown_client_hostname, reject_unknown_reverse_client_hostname).
-Second, this may result in loss of mail when you subject "unknown"
-SMTP clients to additional restrictions such as reject_unverified_sender.
-
        
+
      •  
         Use an smtpd_junk_command_limit of 1 instead of the default
+100. This prevents clients from keeping idle connections open by
+repeatedly sending NOOP or RSET commands. 
        
 
 
      
 
@@ -330,40 +341,60 @@ SMTP clients to additional restrictions such as main.cf:
 2      smtpd_timeout = 10
 3      smtpd_hard_error_limit = 1
-4      # Caution: line 5 may trigger REJECTs by hostname-based access rules 
-5      smtpd_peername_lookup = no
+4      smtpd_junk_command_limit = 1
 
    
 
    • 
 
-
     Except with the last measure, no mail should be lost, as long
+
     With these measures, no mail should be lost, as long
 as these measures are used only temporarily. The next section of
 this document introduces a way to automate this process. 
    
 
-
     Make Postfix behavior stress-adaptive 
    
+
     Automatic stress-adaptive behavior 
    
 
 
     Postfix version 2.5 introduces automatic stress-adaptive behavior.
-This is also available as an add-on patch for Postfix versions 2.4
-and 2.3 from the mirrors listed at http://www.postfix.org/download.html.
-
    
+This is also available as a source code patch for Postfix versions
+2.4 and 2.3 from the mirrors listed at
+http://www.postfix.org/download.html.  
    
 
-
     It works as follows. When a "public" network service runs into
-an "all server ports are busy" condition, the master(8) daemon logs
-a warning, restarts the service (without interrupting existing
-network sessions), and runs the service with "-o stress=yes" on the
-command line. Normally, it runs a stress-adaptive service with "-o
-stress=" on the command line (i.e. with an empty parameter value).
-Other services never have "-o stress" parameters on the command
-line, including services that listen on a loopback interface only.
+
     It works as follows. When a "public" network service such as
+the SMTP server runs into an "all server ports are busy" condition,
+the Postfix master(8) daemon logs a warning, restarts the service
+(without interrupting existing network sessions), and runs the
+service with "-o stress=yes" on the server process command line:
 
    
 
-
     The stress pseudo-parameter value is the key to making main.cf
-parameter settings stress adaptive: 
    
-
 
    
 
    -1  /etc/postfix/main.cf:
-2      smtpd_timeout = ${stress?10}${stress:300}
-3      smtpd_hard_error_limit = ${stress?1}${stress:20}
+80821  ??  S      0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes
+
    
+
    
+
+
     Normally, the Postfix master(8) daemon runs such a service with
+"-o stress=" on the command line (i.e.  with an empty parameter
+value):  
    
+
+
    
+
    +83326  ??  S      0:00.28 smtpd -n smtp -t inet -u -c -o stress=
+
    
+
    
+
+
     Services that have local access only never have "-o stress"
+parameters on the command line. This includes services internal to
+Postfix such as the queue manager, and services that listen on a
+loopback interface only, such as after-filter SMTP services.  
    
+
+
     The "stress" parameter value is the key to making main.cf
+parameter settings stress adaptive. The following settings are the
+default with Postfix 2.6 and later. With earlier Postfix versions
+that have stress-adaptive support, append the lines below to the
+main.cf file and issue a "postfix reload" command: 
    
+
+
    
+
    +1 smtpd_timeout = ${stress?10}${stress:300}s
+2 smtpd_hard_error_limit = ${stress?1}${stress:20}
+3 smtpd_junk_command_limit = ${stress?1}${stress:100}
 
    
 
    
 
@@ -371,11 +402,29 @@ parameter settings stress adaptive: 
    
 
 
      
 
-
    •  
       Line 2: under conditions of stress, use an smtpd_timeout
-value of 10 seconds instead of the default 300 seconds,
+
    •  
       Line 1: under conditions of stress, use an smtpd_timeout
+value of 10 seconds instead of the default 300 seconds. Experience
+on the postfix-users list from a variety of sysadmins shows that
+reducing the "normal" smtpd_timeout to 60s is unlikely to affect
+legitimate clients. However, it is unlikely to become the Postfix
+default because it's not RFC compliant. Setting smtpd_timeout to
+10s (line 2 below) or even 5s under stress will still allow most
+legitimate clients to connect and send mail, but may delay mail
+from some clients. No mail should be lost, as long as this measure
+is used only temporarily. 
      
 
-
    •  
       Line 3: under conditions of stress, use an smtpd_hard_error_limit
-of 1 instead of the default 20. 
      
+
    •  
       Line 2: under conditions of stress, use an smtpd_hard_error_limit
+of 1 instead of the default 20. This helps by disconnecting clients
+after a single error, giving other clients a chance to connect.
+However, this may cause significant delays with legitimate mail,
+such as a mailing list that contains a few no-longer-active user
+names that didn't bother to unsubscribe. No mail should be lost,
+as long as this measure is used only temporarily. 
      
+
+
    •  
       Line 3: under conditions of stress, use an
+smtpd_junk_command_limit of 1 instead of the default 100. This
+prevents clients from keeping idle connections open by repeatedly
+sending NOOP or RSET commands. 
      
 
 
    
 
@@ -463,6 +512,20 @@ services that accept remote connections. 
    
 
    
 
    
 
+
     Other measures to off-load zombies 
    
+
+
     OpenBSD spamd
+implements a daemon that handles all connections from "new" clients.
+Only well-behaved mail clients are allowed to talk to the mail
+server. Other clients are tarpitted, and will never get a chance
+to affect mail server performance. 
    
+
+
     At some point in the future, Postfix may come with a simple
+front-end daemon that does basic greylisting and pipelining detection
+to keep zombies and other ratware away from Postfix itself. This
+would use the "pass" service type which has been available in
+stable Postfix releases since Postfix 2.5. 
    
+
 
     Credits 
    
 
 
      
diff --git a/postfix/html/TLS_LEGACY_README.html b/postfix/html/TLS_LEGACY_README.html
index e5787a031..cde602dc4 100644
--- a/postfix/html/TLS_LEGACY_README.html
+++ b/postfix/html/TLS_LEGACY_README.html
@@ -564,7 +564,7 @@ the cost of repeatedly negotiating TLS session keys is high.
      
 
      
 
       /etc/postfix/main.cf:
-    smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
+    smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
 
      
 
      
 
@@ -938,7 +938,7 @@ is allowed to negotiate per unit time.
      
 
      
 
       /etc/postfix/main.cf:
-    smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache
+    smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
 
      
 
      
 
diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html
index 16ebb375b..f056f12db 100644
--- a/postfix/html/TLS_README.html
+++ b/postfix/html/TLS_README.html
@@ -266,11 +266,11 @@ determines which certificate is presented. For Netscape and OpenSSL
 clients without special cipher choices, the RSA certificate is
 preferred. 
      
 
-
       In order for remote SMTP clients to check the Postfix SMTP
-server certificates, the CA certificate (in case of a certificate
-chain, all CA certificates) must be available.  You should add any
-intermediate CA certificates to the server certificate: the server
-certificate first, then the intermediate CA(s).  
      
+
       To enable a remote SMTP client to verify the Postfix SMTP server
+certificate, the issuing CA certificates must be made available to the
+client. You should include the required certificates in the server
+certificate file, the server certificate first, then the issuing
+CA(s) (bottom-up order). 
      
 
 
       Example: the certificate for "server.example.com" was issued by
 "intermediate CA" which itself has a certificate issued by "root
@@ -363,9 +363,9 @@ is needed. Thus, the $smtpd_tls_CApat
 accessible inside the optional chroot jail. 
      
 
 
       When you configure the Postfix SMTP server to request client certificates, any CA certificates
-in $smtpd_tls_CAfile are sent to the client, in order to allow it to
-choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile
+href="#server_vrfy_client">client certificates, the DNs of certificate
+authorities in $smtpd_tls_CAfile are sent to the client, in order to allow
+it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile
 is specified, no preferred CA list is sent, and the client is free to
 choose an identity signed by any CA. Many clients use a fixed identity
 regardless of the preferred CA list and you may be able to reduce TLS
@@ -970,14 +970,14 @@ must not be encrypted, meaning: it must be accessible without
 password. Both parts (certificate and private key) may be in the
 same file. 
      
 
-
       In order for remote SMTP servers to verify the Postfix SMTP
-client certificates, the CA certificate (in case of a certificate
-chain, all CA certificates) must be available.  You should add
-these certificates to the client certificate, the client certificate
-first, then the issuing CA(s). 
      
+
       To enable remote SMTP servers to verify the Postfix SMTP client
+certificate, the issuing CA certificates must be made available to the
+server. You should include the required certificates in the client
+certificate file, the client certificate first, then the issuing
+CA(s) (bottom-up order). 
      
 
 
       Example: the certificate for "client.example.com" was issued by
-"intermediate CA" which itself has a certificate of "root CA".
+"intermediate CA" which itself has a certificate issued by "root CA".
 Create the client.pem file with: 
      
 
 
      
diff --git a/postfix/html/UUCP_README.html b/postfix/html/UUCP_README.html
index 0a8a69d98..e20df521e 100644
--- a/postfix/html/UUCP_README.html
+++ b/postfix/html/UUCP_README.html
@@ -89,7 +89,7 @@ directory. 
      
 via UUCP: 
      
 
 
      -/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     uucp      unix  -       n       n       -       -       pipe
       flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 
      
@@ -118,7 +118,7 @@ whenever you change the transport file. 
      
 
    •  
       Enable transport table lookups: 
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     transport_maps = hash:/etc/postfix/transport
 
      
 
@@ -130,7 +130,7 @@ types Postfix supports, use the command "postconf -m". 
      
 is willing to relay mail for. 
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relay_domains = example.com ...other relay domains...
 
      
 
@@ -162,7 +162,7 @@ directory. 
      
 mail transport to your UUCP gateway host, say, uucp-gateway: 
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     relayhost = uucp-gateway
     default_transport = uucp
 
      
@@ -170,7 +170,7 @@ mail transport to your UUCP gateway host, say, uucp-gateway: 
      
 
       Postfix 2.0 and later also allows the following more succinct form: 
      
 
 
      -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     default_transport = uucp:uucp-gateway
 
      
 
@@ -178,7 +178,7 @@ mail transport to your UUCP gateway host, say, uucp-gateway: 
      
 delivery via UUCP: 
      
 
 
      -/etc/postfix/master.cf:
+/etc/postfix/master.cf:
     uucp      unix  -       n       n       -       -       pipe
       flags=F user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
 
      
diff --git a/postfix/html/VERP_README.html b/postfix/html/VERP_README.html
index 8300e0a84..5cb63e199 100644
--- a/postfix/html/VERP_README.html
+++ b/postfix/html/VERP_README.html
@@ -132,7 +132,7 @@ you of the new syntax): 
      
 
    
 
    
 
-
     The first form uses the default main.cf VERP delimiter characters.
+
     The first form uses the default main.cf VERP delimiter characters.
 The second form allows you to explicitly specify the VERP delimiter
 characters. The example shows the recommended values. 
    
 
@@ -156,7 +156,7 @@ are to be discarded when doing alias expansions: 
    
 
 
    
 
    -/etc/postfix/main.cf:
+/etc/postfix/main.cf:
     recipient_delimiter = +
     forward_path = $home/.forward${recipient_delimiter}${extension},
         $home/.forward
@@ -213,7 +213,7 @@ MAIL FROM:<sender@domain> XVERP=+=
 
    
 
    
 
-
     The first form uses the default main.cf VERP delimiters, the
+
     The first form uses the default main.cf VERP delimiters, the
 second form overrides them explicitly. The values shown are the
 recommended ones. 
    
 
@@ -243,7 +243,7 @@ you of the new syntax):
    -

    The first form uses the default main.cf VERP delimiters, the +

    The first form uses the default main.cf VERP delimiters, the second form overrides them explicitly. The values shown are the recommended ones.

    diff --git a/postfix/html/anvil.8.html b/postfix/html/anvil.8.html index ded336ddf..b081554c9 100644 --- a/postfix/html/anvil.8.html +++ b/postfix/html/anvil.8.html @@ -201,7 +201,7 @@ ANVIL(8) ANVIL(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index d62ce02c8..3a6e49ab2 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -148,7 +148,7 @@ BOUNCE(8) BOUNCE(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 4eabdae18..0b0fa7aa5 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -99,7 +99,7 @@ CLEANUP(8) CLEANUP(8) always_add_missing_headers (no) Always add (Resent-) From:, To:, Date: or Message- - ID headers when not present. + ID: headers when not present. BUILT-IN CONTENT FILTERING CONTROLS Postfix built-in content filtering is meant to stop a diff --git a/postfix/html/defer.8.html b/postfix/html/defer.8.html index d62ce02c8..3a6e49ab2 100644 --- a/postfix/html/defer.8.html +++ b/postfix/html/defer.8.html @@ -148,7 +148,7 @@ BOUNCE(8) BOUNCE(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/discard.8.html b/postfix/html/discard.8.html index 2be0a00a1..48c249598 100644 --- a/postfix/html/discard.8.html +++ b/postfix/html/discard.8.html @@ -100,7 +100,7 @@ DISCARD(8) DISCARD(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/error.8.html b/postfix/html/error.8.html index d0ca50937..63778d23a 100644 --- a/postfix/html/error.8.html +++ b/postfix/html/error.8.html @@ -114,7 +114,7 @@ ERROR(8) ERROR(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/flush.8.html b/postfix/html/flush.8.html index c5f3bb405..1c76677cb 100644 --- a/postfix/html/flush.8.html +++ b/postfix/html/flush.8.html @@ -149,7 +149,7 @@ FLUSH(8) FLUSH(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/index.html b/postfix/html/index.html index 9b7d128be..0cd7f6d66 100644 --- a/postfix/html/index.html +++ b/postfix/html/index.html @@ -46,6 +46,8 @@ configuration examples
  • IP Version 6 Support +
  • Multiple-instance management +
  • Installation from source code diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 1588febfa..f435276cb 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -392,9 +392,9 @@ SMTP(8) SMTP(8) shake procedures. smtp_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP client - certificate. + A file containing CA certificates of root CAs + trusted to sign either remote SMTP server certifi- + cates or intermediate CA certificates. smtp_tls_CApath (empty) Directory with PEM format certificate authority @@ -777,7 +777,7 @@ SMTP(8) SMTP(8) The hostname to send in the SMTP EHLO or HELO com- mand. - lmtp_lhlo_name ($myhostname) + lmtp_lhlo_name ($myhostname) The hostname to send in the LMTP LHLO command. smtp_host_lookup (dns) diff --git a/postfix/html/local.8.html b/postfix/html/local.8.html index e43fdb985..363755725 100644 --- a/postfix/html/local.8.html +++ b/postfix/html/local.8.html @@ -617,7 +617,7 @@ LOCAL(8) LOCAL(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index d70d1d345..1e6d6667c 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -168,7 +168,7 @@ MASTER(8) MASTER(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/oqmgr.8.html b/postfix/html/oqmgr.8.html index f952244e9..589beee04 100644 --- a/postfix/html/oqmgr.8.html +++ b/postfix/html/oqmgr.8.html @@ -248,7 +248,7 @@ OQMGR(8) OQMGR(8) negative feedback, after a delivery completes with a connection or handshake failure. - transport_destination_concurrency_negative_feedback + transport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback) Idem, for delivery via the named message transport. @@ -353,7 +353,7 @@ OQMGR(8) OQMGR(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/pickup.8.html b/postfix/html/pickup.8.html index 07bb66863..3532a6628 100644 --- a/postfix/html/pickup.8.html +++ b/postfix/html/pickup.8.html @@ -99,7 +99,7 @@ PICKUP(8) PICKUP(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index 7c780fe5e..5589058d0 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -486,7 +486,7 @@ PIPE(8) PIPE(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/postalias.1.html b/postfix/html/postalias.1.html index 6304118f7..e78cade27 100644 --- a/postfix/html/postalias.1.html +++ b/postfix/html/postalias.1.html @@ -209,7 +209,7 @@ POSTALIAS(1) POSTALIAS(1) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 487e5abb8..9ba2d0d9f 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1595,7 +1595,7 @@ Examples: 
     debug_peer_list = 127.0.0.1
-debug_peer_list = some.domain
+debug_peer_list = example.com
    @@ -1844,7 +1844,7 @@ is decremented by 1 after each failed pseudo-cohort.

    A pseudo-cohort is the number of deliveries equal to a destination's delivery concurrency.

    -

    Use transport_destination_concurrency_negative_feedback +

    Use transport_destination_concurrency_negative_feedback to specify a transport-specific override, where transport is the master.cf name of the message delivery transport.

    @@ -3489,6 +3489,11 @@ seconds. When the LMTP client receives a request for the same connection the connection is reused.

    +

    This parameter is available in Postfix version 2.2 and earlier. +With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand, +lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit. +

    +

    The effectiveness of cached connections will be determined by the number of LMTP servers in use, and the concurrency limit specified @@ -3782,7 +3787,7 @@ client, for example: 

     /etc/postfix/master.cf:
-    mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com
+    mylmtp ... lmtp -o lmtp_lhlo_name=foo.bar.com
    @@ -6027,7 +6032,7 @@ Example: 

    -myhostname = host.domain.tld
+myhostname = host.example.com
    @@ -7272,7 +7277,7 @@ Examples: 
     relayhost = $mydomain
-relayhost = [gateway.my.domain]
+relayhost = [gateway.example.com]
 relayhost = uucphost
 relayhost = [an.ip.add.ress]
    @@ -8870,10 +8875,15 @@ during TLS startup and shutdown handshake procedures.

    smtp_tls_CAfile (default: empty)
    -

    The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP client certificate. This is -needed only when the CA certificate is not already present in the -client certificate file.

    +

    A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. +These are loaded into memory before the smtp(8) client enters the +chroot jail. If the number of trusted roots is large, consider using +smtp_tls_CApath instead, but note that the latter directory must be +present in the chroot jail if the smtp(8) client is chrooted. This +file may also be used to augment the client certificate trust chain, +but it is best to include all the required certificates directly in +$smtp_tls_cert_file.

    Example:

    @@ -8936,13 +8946,14 @@ well without them. The recommended setting is to let the defaults stand:

    The best way to use the default settings is to comment out the above parameters in main.cf if present.

    -

    In order to verify certificates, the CA certificate (in case -of a certificate chain, all CA certificates) must be available. -You should add these certificates to the client certificate, the -client certificate first, then the issuing CA(s).

    +

    To enable remote SMTP servers to verify the Postfix SMTP client +certificate, the issuing CA certificates must be made available to the +server. You should include the required certificates in the client +certificate file, the client certificate first, then the issuing +CA(s) (bottom-up order).

    -

    Example: the certificate for "client.dom.ain" was issued by -"intermediate CA" which itself has a certificate of "root CA". +

    Example: the certificate for "client.example.com" was issued by +"intermediate CA" which itself has a certificate issued by "root CA". Create the client.pem file with "cat client_cert.pem intermediate_CA.pem root_CA.pem > client.pem".

    @@ -12148,12 +12159,25 @@ The default time unit is s (seconds).
    smtpd_tls_CAfile (default: empty)
    -

    The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP server certificate. This is -needed only when the CA certificate is not already present in the -server certificate file. This file may also contain the CA -certificates of other trusted CAs. You must use this file for the -list of trusted CAs if you want to use chroot-mode.

    +

    A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. These are loaded into memory before the smtpd(8) server +enters the chroot jail. If the number of trusted roots is large, consider +using smtpd_tls_CApath instead, but note that the latter directory must +be present in the chroot jail if the smtpd(8) server is chrooted. This +file may also be used to augment the server certificate trust chain, +but it is best to include all the required certificates directly in the +server certificate file.

    + +

    By default (see smtpd_tls_ask_ccert), client certificates are not +requested, and smtpd_tls_CAfile should remain empty. If you do make use +of client certificates, the distinguished names (DNs) of the certificate +authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +in the client certificate request message. MUAs with multiple client +certificates may use the list of preferred certificate authorities +to select the correct client certificate. You may want to put your +"preferred" CA or CAs in this file, and install other trusted CAs in +$smtpd_tls_CApath.

    Example:

    @@ -12169,17 +12193,22 @@ list of trusted CAs if you want to use chroot-mode.

    smtpd_tls_CApath (default: empty)
    -

    Directory with PEM format certificate authority certificates -that the Postfix SMTP server offers to remote SMTP clients for the -purpose of client certificate verification. Do not forget to create -the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash -/etc/postfix/certs".

    +

    A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate CA +certificates. Do not forget to create the necessary "hash" links with, +for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use +smtpd_tls_CApath in chroot mode, this directory (or a copy) must be +inside the chroot jail.

    -

    To use this option in chroot mode, this directory (or a copy) -must be inside the chroot jail. Please note that in this case the -CA certificates are not offered to the client, so that e.g. Netscape -clients might not offer certificates issued by them. Use of this -feature is therefore not recommended.

    +

    By default (see smtpd_tls_ask_ccert), client certificates are +not requested, and smtpd_tls_CApath should remain empty. In contrast +to smtp_tls_CAfile, DNs of certificate authorities installed +in $smtpd_tls_CApath are not included in the client certificate +request message. MUAs with multiple client certificates may use the +list of preferred certificate authorities to select the correct +client certificate. You may want to put your "preferred" CA or +CAs in $smtp_tls_CAfile, and install the remaining trusted CAs in +$smtpd_tls_CApath.

    Example:

    @@ -12299,12 +12328,13 @@ are present, the cipher used determines which certificate will be presented to the client. For Netscape and OpenSSL clients without special cipher choices the RSA certificate is preferred.

    -

    In order to verify a certificate, the CA certificate (in case -of a certificate chain, all CA certificates) must be available. -You should add these certificates to the server certificate, the -server certificate first, then the issuing CA(s).

    +

    To enable a remote SMTP client to verify the Postfix SMTP server +certificate, the issuing CA certificates must be made available to the +client. You should include the required certificates in the server +certificate file, the server certificate first, then the issuing +CA(s) (bottom-up order).

    -

    Example: the certificate for "server.dom.ain" was issued by +

    Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate of "root CA". Create the server.pem file with "cat server_cert.pem intermediate_CA.pem root_CA.pem > server.pem".

    diff --git a/postfix/html/postdrop.1.html b/postfix/html/postdrop.1.html index 5eec30834..2756476d0 100644 --- a/postfix/html/postdrop.1.html +++ b/postfix/html/postdrop.1.html @@ -87,7 +87,7 @@ POSTDROP(1) POSTDROP(1) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/postlog.1.html b/postfix/html/postlog.1.html index 86a1378f8..1f428d0c1 100644 --- a/postfix/html/postlog.1.html +++ b/postfix/html/postlog.1.html @@ -66,7 +66,7 @@ POSTLOG(1) POSTLOG(1) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/postmap.1.html b/postfix/html/postmap.1.html index 50a36ff78..123536cea 100644 --- a/postfix/html/postmap.1.html +++ b/postfix/html/postmap.1.html @@ -262,7 +262,7 @@ POSTMAP(1) POSTMAP(1) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/postmulti.1.html b/postfix/html/postmulti.1.html index 896106ea8..645238e24 100644 --- a/postfix/html/postmulti.1.html +++ b/postfix/html/postmulti.1.html @@ -179,8 +179,8 @@ POSTMULTI(1) POSTMULTI(1) New or existing instance name assignment -I name Assign the specified instance name to an existing - instance or to a newly created or imported - instance. Instance names other than "-" (which + instance, newly-created instance, or imported + instance. Instance names other than "-" (which makes the instance "nameless") must start with "postfix-". This restriction reduces the likeli- hood of name collisions with system files. diff --git a/postfix/html/postqueue.1.html b/postfix/html/postqueue.1.html index b0f867749..fe9cbd131 100644 --- a/postfix/html/postqueue.1.html +++ b/postfix/html/postqueue.1.html @@ -147,7 +147,7 @@ POSTQUEUE(1) POSTQUEUE(1) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index 2445c4865..bb819abd0 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -236,7 +236,7 @@ POSTSUPER(1) POSTSUPER(1) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/qmgr.8.html b/postfix/html/qmgr.8.html index 891ce3be2..de1b0c0bf 100644 --- a/postfix/html/qmgr.8.html +++ b/postfix/html/qmgr.8.html @@ -286,7 +286,7 @@ QMGR(8) QMGR(8) negative feedback, after a delivery completes with a connection or handshake failure. - transport_destination_concurrency_negative_feedback + transport_destination_concurrency_negative_feedback ($default_destination_concurrency_negative_feedback) Idem, for delivery via the named message transport. @@ -425,7 +425,7 @@ QMGR(8) QMGR(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/qmqpd.8.html b/postfix/html/qmqpd.8.html index 9b877bd67..c62b0d150 100644 --- a/postfix/html/qmqpd.8.html +++ b/postfix/html/qmqpd.8.html @@ -134,27 +134,29 @@ QMQPD(8) QMQPD(8) What clients are allowed to connect to the QMQP server port. - qmqpd_client_port_logging (no) - Enable logging of the remote QMQP client port in - addition to the hostname and IP address. - queue_directory (see 'postconf -d' output) - The location of the Postfix top-level queue direc- + The location of the Postfix top-level queue direc- tory. syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + syslog_name (see 'postconf -d' output) + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter - characters on the Postfix sendmail(1) command line + The characters Postfix accepts as VERP delimiter + characters on the Postfix sendmail(1) command line and in SMTP commands. + Available in Postfix version 2.5 and later: + + qmqpd_client_port_logging (no) + Enable logging of the remote QMQP client port in + addition to the hostname and IP address. + SEE ALSO http://cr.yp.to/proto/qmqp.html, QMQP protocol cleanup(8), message canonicalization diff --git a/postfix/html/scache.8.html b/postfix/html/scache.8.html index 9b3aacc2d..7702135a0 100644 --- a/postfix/html/scache.8.html +++ b/postfix/html/scache.8.html @@ -134,7 +134,7 @@ SCACHE(8) SCACHE(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/showq.8.html b/postfix/html/showq.8.html index 2cf7d33d2..c399c68ec 100644 --- a/postfix/html/showq.8.html +++ b/postfix/html/showq.8.html @@ -90,7 +90,7 @@ SHOWQ(8) SHOWQ(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 1588febfa..f435276cb 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -392,9 +392,9 @@ SMTP(8) SMTP(8) shake procedures. smtp_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP client - certificate. + A file containing CA certificates of root CAs + trusted to sign either remote SMTP server certifi- + cates or intermediate CA certificates. smtp_tls_CApath (empty) Directory with PEM format certificate authority @@ -777,7 +777,7 @@ SMTP(8) SMTP(8) The hostname to send in the SMTP EHLO or HELO com- mand. - lmtp_lhlo_name ($myhostname) + lmtp_lhlo_name ($myhostname) The hostname to send in the LMTP LHLO command. smtp_host_lookup (dns) diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 7645c1ee5..84256e063 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -382,14 +382,14 @@ SMTPD(8) SMTPD(8) handshake procedures. smtpd_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP server - certificate. + A file containing (PEM format) CA certificates of + root CAs trusted to sign either remote SMTP client + certificates or intermediate CA certificates. smtpd_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP server - certificate. + A file containing (PEM format) CA certificates of + root CAs trusted to sign either remote SMTP client + certificates or intermediate CA certificates. smtpd_tls_always_issue_session_ids (yes) Force the Postfix SMTP server to issue a TLS ses- diff --git a/postfix/html/spawn.8.html b/postfix/html/spawn.8.html index 75c825a90..fbd6523e9 100644 --- a/postfix/html/spawn.8.html +++ b/postfix/html/spawn.8.html @@ -133,7 +133,7 @@ SPAWN(8) SPAWN(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/tlsmgr.8.html b/postfix/html/tlsmgr.8.html index 473edb021..8866ea8eb 100644 --- a/postfix/html/tlsmgr.8.html +++ b/postfix/html/tlsmgr.8.html @@ -158,7 +158,7 @@ TLSMGR(8) TLSMGR(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index d62ce02c8..3a6e49ab2 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -148,7 +148,7 @@ BOUNCE(8) BOUNCE(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/trivial-rewrite.8.html b/postfix/html/trivial-rewrite.8.html index 67878574c..2919775dd 100644 --- a/postfix/html/trivial-rewrite.8.html +++ b/postfix/html/trivial-rewrite.8.html @@ -297,7 +297,7 @@ TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/html/virtual.8.html b/postfix/html/virtual.8.html index e067406b0..5064d787e 100644 --- a/postfix/html/virtual.8.html +++ b/postfix/html/virtual.8.html @@ -282,7 +282,7 @@ VIRTUAL(8) VIRTUAL(8) syslog_facility (mail) The syslog facility of Postfix logging. - syslog_name (postfix) + syslog_name (see 'postconf -d' output) The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". diff --git a/postfix/man/man1/postalias.1 b/postfix/man/man1/postalias.1 index 390a74e2c..8e86b8b86 100644 --- a/postfix/man/man1/postalias.1 +++ b/postfix/man/man1/postalias.1 @@ -186,7 +186,7 @@ The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "STANDARDS" diff --git a/postfix/man/man1/postdrop.1 b/postfix/man/man1/postdrop.1 index edab93ad1..76c257518 100644 --- a/postfix/man/man1/postdrop.1 +++ b/postfix/man/man1/postdrop.1 @@ -82,7 +82,7 @@ import from a non-Postfix parent process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .IP "\fBtrigger_timeout (10s)\fR" diff --git a/postfix/man/man1/postlog.1 b/postfix/man/man1/postlog.1 index ab067d386..6a9989803 100644 --- a/postfix/man/man1/postlog.1 +++ b/postfix/man/man1/postlog.1 @@ -64,7 +64,7 @@ The default location of the Postfix main.cf and master.cf configuration files. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man1/postmap.1 b/postfix/man/man1/postmap.1 index 9189c28a2..d79ac3510 100644 --- a/postfix/man/man1/postmap.1 +++ b/postfix/man/man1/postmap.1 @@ -243,7 +243,7 @@ The default database type for use in \fBnewaliases\fR(1), \fBpostalias\fR(1) and \fBpostmap\fR(1) commands. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man1/postmulti.1 b/postfix/man/man1/postmulti.1 index 36439722f..9d7c8b399 100644 --- a/postfix/man/man1/postmulti.1 +++ b/postfix/man/man1/postmulti.1 @@ -176,8 +176,9 @@ primary Postfix instance. .SH "New or existing instance name assignment" .IP "\fB-I \fIname\fR" Assign the specified instance \fIname\fR to an existing -instance or to a newly created or imported instance. Instance -names other than "-" (which makes the instance "nameless") +instance, newly-created instance, or imported instance. +Instance +names other than "-" (which makes the instance "nameless") must start with "postfix-". This restriction reduces the likelihood of name collisions with system files. .IP "\fB-G \fIgroup\fR" diff --git a/postfix/man/man1/postqueue.1 b/postfix/man/man1/postqueue.1 index a6f51534c..83df565c5 100644 --- a/postfix/man/man1/postqueue.1 +++ b/postfix/man/man1/postqueue.1 @@ -135,7 +135,7 @@ import from a non-Postfix parent process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .IP "\fBtrigger_timeout (10s)\fR" diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index c38dc8f9d..9b292a987 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -222,7 +222,7 @@ subdirectory levels. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 00d394280..6ad3b76fe 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -876,7 +876,7 @@ Examples: .na .ft C debug_peer_list = 127.0.0.1 -debug_peer_list = some.domain +debug_peer_list = example.com .fi .ad .ft R @@ -1933,6 +1933,10 @@ Keep Postfix LMTP client connections open for up to $max_idle seconds. When the LMTP client receives a request for the same connection the connection is reused. .PP +This parameter is available in Postfix version 2.2 and earlier. +With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand, +lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit. +.PP The effectiveness of cached connections will be determined by the number of LMTP servers in use, and the concurrency limit specified for the LMTP client. Cached connections are closed under any of @@ -3357,7 +3361,7 @@ Example: .nf .na .ft C -myhostname = host.domain.tld +myhostname = host.example.com .fi .ad .ft R @@ -4079,7 +4083,7 @@ Examples: .na .ft C relayhost = $mydomain -relayhost = [gateway.my.domain] +relayhost = [gateway.example.com] relayhost = uucphost relayhost = [an.ip.add.ress] .fi @@ -5026,10 +5030,15 @@ during TLS startup and shutdown handshake procedures. .PP This feature is available in Postfix 2.2 and later. .SH smtp_tls_CAfile (default: empty) -The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP client certificate. This is -needed only when the CA certificate is not already present in the -client certificate file. +A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. +These are loaded into memory before the \fBsmtp\fR(8) client enters the +chroot jail. If the number of trusted roots is large, consider using +smtp_tls_CApath instead, but note that the latter directory must be +present in the chroot jail if the \fBsmtp\fR(8) client is chrooted. This +file may also be used to augment the client certificate trust chain, +but it is best to include all the required certificates directly in +$smtp_tls_cert_file. .PP Example: .PP @@ -5091,13 +5100,14 @@ smtp_tls_eckey_file = The best way to use the default settings is to comment out the above parameters in main.cf if present. .PP -In order to verify certificates, the CA certificate (in case -of a certificate chain, all CA certificates) must be available. -You should add these certificates to the client certificate, the -client certificate first, then the issuing CA(s). +To enable remote SMTP servers to verify the Postfix SMTP client +certificate, the issuing CA certificates must be made available to the +server. You should include the required certificates in the client +certificate file, the client certificate first, then the issuing +CA(s) (bottom-up order). .PP -Example: the certificate for "client.dom.ain" was issued by -"intermediate CA" which itself has a certificate of "root CA". +Example: the certificate for "client.example.com" was issued by +"intermediate CA" which itself has a certificate issued by "root CA". Create the client.pem file with "cat client_cert.pem intermediate_CA.pem root_CA.pem > client.pem". .PP @@ -7474,12 +7484,25 @@ to update the global ipc_timeout parameter. Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is s (seconds). .SH smtpd_tls_CAfile (default: empty) -The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP server certificate. This is -needed only when the CA certificate is not already present in the -server certificate file. This file may also contain the CA -certificates of other trusted CAs. You must use this file for the -list of trusted CAs if you want to use chroot-mode. +A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. These are loaded into memory before the \fBsmtpd\fR(8) server +enters the chroot jail. If the number of trusted roots is large, consider +using smtpd_tls_CApath instead, but note that the latter directory must +be present in the chroot jail if the \fBsmtpd\fR(8) server is chrooted. This +file may also be used to augment the server certificate trust chain, +but it is best to include all the required certificates directly in the +server certificate file. +.PP +By default (see smtpd_tls_ask_ccert), client certificates are not +requested, and smtpd_tls_CAfile should remain empty. If you do make use +of client certificates, the distinguished names (DNs) of the certificate +authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +in the client certificate request message. MUAs with multiple client +certificates may use the list of preferred certificate authorities +to select the correct client certificate. You may want to put your +"preferred" CA or CAs in this file, and install other trusted CAs in +$smtpd_tls_CApath. .PP Example: .PP @@ -7493,17 +7516,22 @@ smtpd_tls_CAfile = /etc/postfix/CAcert.pem .PP This feature is available in Postfix 2.2 and later. .SH smtpd_tls_CApath (default: empty) -Directory with PEM format certificate authority certificates -that the Postfix SMTP server offers to remote SMTP clients for the -purpose of client certificate verification. Do not forget to create -the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash -/etc/postfix/certs". +A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate CA +certificates. Do not forget to create the necessary "hash" links with, +for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use +smtpd_tls_CApath in chroot mode, this directory (or a copy) must be +inside the chroot jail. .PP -To use this option in chroot mode, this directory (or a copy) -must be inside the chroot jail. Please note that in this case the -CA certificates are not offered to the client, so that e.g. Netscape -clients might not offer certificates issued by them. Use of this -feature is therefore not recommended. +By default (see smtpd_tls_ask_ccert), client certificates are +not requested, and smtpd_tls_CApath should remain empty. In contrast +to smtp_tls_CAfile, DNs of certificate authorities installed +in $smtpd_tls_CApath are not included in the client certificate +request message. MUAs with multiple client certificates may use the +list of preferred certificate authorities to select the correct +client certificate. You may want to put your "preferred" CA or +CAs in $smtp_tls_CAfile, and install the remaining trusted CAs in +$smtpd_tls_CApath. .PP Example: .PP @@ -7601,12 +7629,13 @@ are present, the cipher used determines which certificate will be presented to the client. For Netscape and OpenSSL clients without special cipher choices the RSA certificate is preferred. .PP -In order to verify a certificate, the CA certificate (in case -of a certificate chain, all CA certificates) must be available. -You should add these certificates to the server certificate, the -server certificate first, then the issuing CA(s). +To enable a remote SMTP client to verify the Postfix SMTP server +certificate, the issuing CA certificates must be made available to the +client. You should include the required certificates in the server +certificate file, the server certificate first, then the issuing +CA(s) (bottom-up order). .PP -Example: the certificate for "server.dom.ain" was issued by +Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate of "root CA". Create the server.pem file with "cat server_cert.pem intermediate_CA.pem root_CA.pem > server.pem". diff --git a/postfix/man/man8/anvil.8 b/postfix/man/man8/anvil.8 index cf6867f47..24224fa4b 100644 --- a/postfix/man/man8/anvil.8 +++ b/postfix/man/man8/anvil.8 @@ -231,7 +231,7 @@ The process ID of a Postfix command or daemon process. The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/bounce.8 b/postfix/man/man8/bounce.8 index dfaa53a46..4c1489f55 100644 --- a/postfix/man/man8/bounce.8 +++ b/postfix/man/man8/bounce.8 @@ -119,7 +119,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index cb6a47b61..6b1884268 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -96,7 +96,7 @@ with older Postfix versions). .PP Available in Postfix version 2.6 and later: .IP "\fBalways_add_missing_headers (no)\fR" -Always add (Resent-) From:, To:, Date: or Message-ID headers +Always add (Resent-) From:, To:, Date: or Message-ID: headers when not present. .SH "BUILT-IN CONTENT FILTERING CONTROLS" .na diff --git a/postfix/man/man8/discard.8 b/postfix/man/man8/discard.8 index 7a9cd7dae..cd603ed3d 100644 --- a/postfix/man/man8/discard.8 +++ b/postfix/man/man8/discard.8 @@ -87,7 +87,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/error.8 b/postfix/man/man8/error.8 index 5fa8f73b6..b77ab2910 100644 --- a/postfix/man/man8/error.8 +++ b/postfix/man/man8/error.8 @@ -97,7 +97,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/flush.8 b/postfix/man/man8/flush.8 index 91313b9f9..7dd566390 100644 --- a/postfix/man/man8/flush.8 +++ b/postfix/man/man8/flush.8 @@ -126,7 +126,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/local.8 b/postfix/man/man8/local.8 index d7658f33e..382637136 100644 --- a/postfix/man/man8/local.8 +++ b/postfix/man/man8/local.8 @@ -581,7 +581,7 @@ Whether or not a \fBlocal\fR(8) recipient's home directory must exist before mail delivery is attempted. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8 index b688f93ae..cf158f2f3 100644 --- a/postfix/man/man8/master.8 +++ b/postfix/man/man8/master.8 @@ -147,7 +147,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/oqmgr.8 b/postfix/man/man8/oqmgr.8 index 5be3f42fc..1c781481a 100644 --- a/postfix/man/man8/oqmgr.8 +++ b/postfix/man/man8/oqmgr.8 @@ -307,7 +307,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/pickup.8 b/postfix/man/man8/pickup.8 index c79250f12..cd4efb5c8 100644 --- a/postfix/man/man8/pickup.8 +++ b/postfix/man/man8/pickup.8 @@ -97,7 +97,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 33d385bb6..527bd404c 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -415,7 +415,7 @@ The location of the Postfix top-level queue directory. The separator between user names and address extensions (user+foo). .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/qmgr.8 b/postfix/man/man8/qmgr.8 index 0252679b3..8dd459e68 100644 --- a/postfix/man/man8/qmgr.8 +++ b/postfix/man/man8/qmgr.8 @@ -357,7 +357,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/qmqpd.8 b/postfix/man/man8/qmqpd.8 index b9e0a231c..72fcd4786 100644 --- a/postfix/man/man8/qmqpd.8 +++ b/postfix/man/man8/qmqpd.8 @@ -130,19 +130,21 @@ The process ID of a Postfix command or daemon process. The process name of a Postfix command or daemon process. .IP "\fBqmqpd_authorized_clients (empty)\fR" What clients are allowed to connect to the QMQP server port. -.IP "\fBqmqpd_client_port_logging (no)\fR" -Enable logging of the remote QMQP client port in addition to -the hostname and IP address. .IP "\fBqueue_directory (see 'postconf -d' output)\fR" The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .IP "\fBverp_delimiter_filter (-=+)\fR" The characters Postfix accepts as VERP delimiter characters on the Postfix \fBsendmail\fR(1) command line and in SMTP commands. +.PP +Available in Postfix version 2.5 and later: +.IP "\fBqmqpd_client_port_logging (no)\fR" +Enable logging of the remote QMQP client port in addition to +the hostname and IP address. .SH "SEE ALSO" .na .nf diff --git a/postfix/man/man8/scache.8 b/postfix/man/man8/scache.8 index 4b200166a..79a635c14 100644 --- a/postfix/man/man8/scache.8 +++ b/postfix/man/man8/scache.8 @@ -128,7 +128,7 @@ The process ID of a Postfix command or daemon process. The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/showq.8 b/postfix/man/man8/showq.8 index 46bbfa6f8..389b29e78 100644 --- a/postfix/man/man8/showq.8 +++ b/postfix/man/man8/showq.8 @@ -78,7 +78,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "FILES" diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index b15d3aacd..c3baf168b 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -337,8 +337,8 @@ client uses for TLS encrypted SMTP sessions. Time limit for Postfix SMTP client write and read operations during TLS startup and shutdown handshake procedures. .IP "\fBsmtp_tls_CAfile (empty)\fR" -The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP client certificate. +A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. .IP "\fBsmtp_tls_CApath (empty)\fR" Directory with PEM format certificate authority certificates that the Postfix SMTP client uses to verify a remote SMTP server diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 1951911cf..9439ff6e6 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -337,11 +337,13 @@ server uses for TLS encrypted SMTP sessions. The time limit for Postfix SMTP server write and read operations during TLS startup and shutdown handshake procedures. .IP "\fBsmtpd_tls_CAfile (empty)\fR" -The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP server certificate. +A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. .IP "\fBsmtpd_tls_CAfile (empty)\fR" -The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP server certificate. +A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. .IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" Force the Postfix SMTP server to issue a TLS session id, even when TLS session caching is turned off (smtpd_tls_session_cache_database diff --git a/postfix/man/man8/spawn.8 b/postfix/man/man8/spawn.8 index 21418fc13..ba1ab560b 100644 --- a/postfix/man/man8/spawn.8 +++ b/postfix/man/man8/spawn.8 @@ -125,7 +125,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/tlsmgr.8 b/postfix/man/man8/tlsmgr.8 index 665f8f99c..a6ec299e1 100644 --- a/postfix/man/man8/tlsmgr.8 +++ b/postfix/man/man8/tlsmgr.8 @@ -149,7 +149,7 @@ The process ID of a Postfix command or daemon process. The process name of a Postfix command or daemon process. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/man/man8/trivial-rewrite.8 b/postfix/man/man8/trivial-rewrite.8 index 3885570ec..ccf1f354d 100644 --- a/postfix/man/man8/trivial-rewrite.8 +++ b/postfix/man/man8/trivial-rewrite.8 @@ -253,7 +253,7 @@ Display the name of the recipient table in the "User unknown" responses. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .PP diff --git a/postfix/man/man8/virtual.8 b/postfix/man/man8/virtual.8 index 28222ac59..b82beef4d 100644 --- a/postfix/man/man8/virtual.8 +++ b/postfix/man/man8/virtual.8 @@ -278,7 +278,7 @@ The process name of a Postfix command or daemon process. The location of the Postfix top-level queue directory. .IP "\fBsyslog_facility (mail)\fR" The syslog facility of Postfix logging. -.IP "\fBsyslog_name (postfix)\fR" +.IP "\fBsyslog_name (see 'postconf -d' output)\fR" The mail system name that is prepended to the process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". .SH "SEE ALSO" diff --git a/postfix/mantools/check-postlink b/postfix/mantools/check-postlink new file mode 100755 index 000000000..ecddefa00 --- /dev/null +++ b/postfix/mantools/check-postlink @@ -0,0 +1,57 @@ +#!/bin/sh + +# Look for missing parameter names in postlink + +trap 'rm -f postlink.tmp postconf.tmp check-postlink.tmp 2>/dev/null' 0 1 2 3 15 + +# Extract parameters from postconf.5.html hyperlinks. + +sed -n '/[ ].*href="postconf\.5\.html#/{ + s/^[^#]*#// + s/".*// + p +}' mantools/postlink | sort > postlink.tmp +# +# Extract parameters from postlink script. This also produces names +# of obsolete parameters, and non-parameter names such as SMTPD +# access restrictions and mask names. + +postconf -d | sed 's/ =.*//' | sort >postconf.tmp + +# Filter the output through a whitelist. + +cat >check-postlink.tmp <<'EOF' +lmtp_body_checks +lmtp_cname_overrides_servername +lmtp_destination_concurrency_failed_cohort_limit +lmtp_destination_concurrency_negative_feedback +lmtp_destination_concurrency_positive_feedback +lmtp_destination_rate_delay +lmtp_header_checks +lmtp_initial_destination_concurrency +lmtp_mime_header_checks +lmtp_nested_header_checks +local_destination_concurrency_failed_cohort_limit +local_destination_concurrency_negative_feedback +local_destination_concurrency_positive_feedback +local_destination_rate_delay +local_initial_destination_concurrency +relay_destination_concurrency_failed_cohort_limit +relay_destination_concurrency_negative_feedback +relay_destination_concurrency_positive_feedback +relay_destination_rate_delay +relay_initial_destination_concurrency +smtp_destination_concurrency_failed_cohort_limit +smtp_destination_concurrency_negative_feedback +smtp_destination_concurrency_positive_feedback +smtp_destination_rate_delay +smtp_initial_destination_concurrency +stress +virtual_destination_concurrency_failed_cohort_limit +virtual_destination_concurrency_negative_feedback +virtual_destination_concurrency_positive_feedback +virtual_destination_rate_delay +virtual_initial_destination_concurrency +EOF + +comm -23 postconf.tmp postlink.tmp | fgrep -vx -f check-postlink.tmp diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 5fea129b3..7d4d59e52 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -205,6 +205,7 @@ while (<>) { s;\bline_length_limit\b;$&;g; s;\blmtp_bind_address\b;$&;g; s;\blmtp_bind_address6\b;$&;g; + s;\blmtp_assume_final\b;$&;g; s;\blmtp_cache_connection\b;$&;g; s;\blmtp_discard_lhlo_keyword_address_maps\b;$&;g; s;\blmtp_discard_lhlo_keywords\b;$&;g; @@ -260,7 +261,7 @@ while (<>) { s;\blmtp_tls_note_starttls_offer\b;$&;g; s;\blmtp_sender_dependent_authentication\b;$&;g; s;\blmtp_sasl_path\b;$&;g; - s;\blmtp_lhlo_name\b;$&;g; + s;\blmtp_lhlo_name\b;$&;g; s;\blmtp_connect_timeout\b;$&;g; s;\blmtp_data_done_timeout\b;$&;g; s;\blmtp_data_init_timeout\b;$&;g; @@ -360,6 +361,7 @@ while (<>) { s;\bdestination_concurrency_feedback_debug\b;$&;g; s;\bdefault_destina[-]*\n* *[]*tion_rate_delay\b;$&;g; + s;\bqmqpd_client_port_logging\b;$&;g; s;\bqmqpd_error_delay\b;$&;g; s;\bqmqpd_timeout\b;$&;g; s;\bqueue_directory\b;$&;g; @@ -403,7 +405,7 @@ while (<>) { s;\bservice_throttle_time\b;$&;g; s;\bsetgid_group\b;$&;g; - s;\bconnection_cache_service\b;$&;g; + s;\bconnection_cache_service_name\b;$&;g; s;\bconnection_cache_status_update_time\b;$&;g; s;\bconnection_cache_protocol_timeout\b;$&;g; s;\bconnection_cache_ttl_limit\b;$&;g; @@ -669,7 +671,7 @@ while (<>) { # Transport-dependent magical parameters. s;(transport)()?(_destination_concurrency_failed_cohort_limit)\b;$2$1$3;g; - s;(transport)()?(_destination_concurrency_negative_feedback)\b;$2$1$3;g; + s;(transport)()?(_destination_concurrency_negative_feedback)\b;$2$1$3;g; s;(transport)()?(_destination_concurrency_positive_feedback)\b;$2$1$3;g; s;(transport)()?(_delivery_slot_cost)\b;$2$1$3;g; s;(transport)()?(_delivery_slot_discount)\b;$2$1$3;g; diff --git a/postfix/proto/SMTPD_POLICY_README.html b/postfix/proto/SMTPD_POLICY_README.html index 549a9d6e3..4ceb78cc3 100644 --- a/postfix/proto/SMTPD_POLICY_README.html +++ b/postfix/proto/SMTPD_POLICY_README.html @@ -126,10 +126,10 @@ stress= an empty value ("name="), or sends a zero value ("name=0") in the case of a numerical attribute.

    -

  • The "recipient" attribute is available only in the - "RCPT TO" stage, and in the "DATA" and "END-OF-MESSAGE" stages - when Postfix accepted only one recipient for the current message. -

    +

  • The "recipient" attribute is available in the "RCPT + TO" stage. It is also available in the "DATA" and "END-OF-MESSAGE" + stages if Postfix accepted only one recipient for the current + message.

  • The "recipient_count" attribute (Postfix 2.3 and later) is non-zero only in the "DATA" and "END-OF-MESSAGE" stages. It diff --git a/postfix/proto/STRESS_README.html b/postfix/proto/STRESS_README.html index 6df8cb662..31488359f 100644 --- a/postfix/proto/STRESS_README.html +++ b/postfix/proto/STRESS_README.html @@ -21,13 +21,11 @@ Stress-Dependent Configuration

    Overview

    This document describes the symptoms of Postfix SMTP server -overload, and how to avoid the condition under normal conditions. -When the condition is caused by botnets or other malware, the -document suggests configuration settings that help to minimize the -impact on legitimate mail. Finally, the document introduces -stress-adaptive behavior, introduced with Postfix 2.5, and how it -can be used to automatically switch configuration settings under -overload.

    +overload. It presents permanent main.cf changes to avoid overload +during normal operation, and temporary main.cf changes to cope with +an unexpected burst of mail. This document makes specific suggestions +for Postfix 2.5 and later which support stress-adaptive behavior, +and for earlier Postfix versions that don't.

    Topics covered in this document:

    @@ -41,47 +39,52 @@ overload.

  • Disconnect suspicious SMTP clients -
  • Take desperate measures +
  • Temporary measures for older Postfix releases -
  • Make Postfix behavior stress-adaptive +
  • Automatic stress-adaptive behavior
  • Detecting support for stress-adaptive behavior
  • Forcing stress-adaptive behavior on or off +
  • Other measures to off-load zombies +
  • Credits

    Symptoms of Postfix SMTP server overload

    -

    Under normal conditions, Postfix responds immediately when a -remote SMTP client connects. The time needed to deliver mail should -be noticeable only with very large messages. Performance degrades -more dramatically when the number of remote SMTP clients exceeds -the number of Postfix SMTP server processes. When a client connects -while all server processes are busy, the client must wait until a -server process becomes available.

    +

    Under normal conditions, the Postfix SMTP server responds +immediately when an SMTP client connects to it; the time to deliver +mail is noticeable only with large messages. Performance degrades +dramatically when the number of SMTP clients exceeds the number of +Postfix SMTP server processes. When an SMTP client connects while +all Postfix SMTP server processes are busy, the client must wait +until a server process becomes available.

    -

    Overload may be caused by a legitimate mail (example: a DNS -registrar opens a new zone for registrations), by mistake (mail -explosion caused by a forwarding loop) or by illegitimate mail (worm -outbreak, botnet, or other malware activity). Symptoms of Postfix -SMTP mail server overload are:

    +

    SMTP server overload may be caused by a surge of legitimate +mail (example: a DNS registrar opens a new zone for registrations), +by mistake (mail explosion caused by a forwarding loop) or by malice +(worm outbreak, botnet, or other illegitimate activity).

    + +

    Symptoms of Postfix SMTP server overload are:

    • Remote SMTP clients experience a long delay before Postfix -sends the "220 hostname.example.com ESMTP Postfix" greeting. If -this affects end-user mail clients, enable the "submission" service -entry in master.cf (present since Postfix 2.1), and tell users to -connect to this instead of the public SMTP service.

      +sends the "220 hostname.example.com ESMTP Postfix" greeting.

        -

      • NOTE: Broken DNS configurations also cause lengthy delays -before Postfix sends "220 hostname.example.com ...". In this case -the delay happens even when Postfix is not busy.

        +

      • NOTE: Broken DNS configurations can also cause lengthy +delays before Postfix sends "220 hostname.example.com ...". These +delays also exist when Postfix is NOT overloaded.

        + +

      • NOTE: To avoid "overload" delays for end-user mail +clients, enable the "submission" service entry in master.cf (present +since Postfix 2.1), and tell users to connect to this instead of +the public SMTP service.

      @@ -91,8 +94,8 @@ clients disconnect before Postfix answers the connection.

        -

      • NOTE: A portscan for open SMTP ports also results in "lost -connection ..." logfile messages.

        +

      • NOTE: A portscan for open SMTP ports can also result in +"lost connection ..." logfile messages.

      @@ -111,14 +114,16 @@ Oct 3 20:39:27 spike postfix/master[28905]: warning: to avoid this

    Legitimate mail that doesn't get through during an episode of -overload is not necessarily lost. It should still arrive once the -situation returns to normal, as long as the overload condition is -temporary.

    +Postfix SMTP server overload is not necessarily lost. It should +still arrive once the situation returns to normal, as long as the +overload condition is temporary.

    Service more SMTP clients at the same time

    -

    To service more SMTP clients simultaneously, you need to increase -the number of SMTP server processes. This will improve the +

    One measure to avoid the "all server processes busy" condition +is to service more SMTP clients simultaneously. For this you need +to increase the number of Postfix SMTP server processes. This will +improve the responsiveness for remote SMTP clients, as long as the server machine has enough hardware and software resources to run the additional processes, and as long as the file system can keep up with the @@ -137,7 +142,8 @@ later, and an operating system that supports kernel-based event filters (BSD kqueue(2), Linux epoll(4), or Solaris /dev/poll).

    -

  • You can reduce the Postfix memory footprint by using cdb: +

  • More processes use more memory. You can reduce the Postfix +memory footprint by using cdb: lookup tables instead of Berkeley DB's hash: or btree: tables. 

    @@ -181,9 +187,9 @@ Issue a "postfix reload" command to make the change effective.  
    
 
 
     When increasing the number of SMTP server processes is not
 practical, you can improve Postfix server responsiveness by eliminating
-unnecessary work. When Postfix spends less time per SMTP session, the
-same number of SMTP server processes can service more clients in the
-same amount of time. 
    
+delays.  When Postfix spends less time per SMTP session, the same
+number of SMTP server processes can service more clients in a given
+amount of time. 
    
 
 
      
 
@@ -201,18 +207,18 @@ emergency patterns to block the latest worm explosion or backscatter
 mail.  See BACKSCATTER_README for examples of the latter.
 
 
    •  
       Group your header_checks and body_checks patterns to avoid
-unnecessary pattern matching operations.
+unnecessary pattern matching operations:
 
 
        1  /etc/postfix/header_checks:
  2      if /^Subject:/
  3      /^Subject: virus found in mail from you/ reject
- 4      /^Subject: ..../ ....
+ 4      /^Subject: ..other../ reject
  5      endif
  6  
  7      if /^Received:/
  8      /^Received: from (postfix\.org) / reject forged client name in received header: $1
- 9      /^Received: from .../ ....
+ 9      /^Received: from ..other../ reject ....
 10      endif
 
      
 
@@ -226,20 +232,22 @@ clients get a chance to talk to Postfix.  
      
 
 
        
 
-
      •  
         Use "521" reply codes (Postfix 2.6 and later) for
-botnet-related RBLs or for selected non-RBL restrictions. With
-Postfix 2.3-2.5 use "421" for a similar result. The Postfix SMTP
-server will disconnect immediately without waiting for the remote
-SMTP client to send a QUIT command. 
        
+
      •  
         Use "521" SMTP reply codes (Postfix 2.6 and later) or "421"
+(Postfix 2.3-2.5) to hang up on clients that that match botnet-related
+RBLs (see next bullet) or that match selected non-RBL restrictions
+such as SMTP access maps.  The Postfix SMTP server will reject mail
+and disconnect without waiting for the remote SMTP client to send
+a QUIT command.  
        
 
-
         You can set individual reject codes for RBLs, and for individual
-responses from a specific RBL. We'll use zen.spamhaus.org as an
-example; by the time you read this document, details may have
-changed.  Right now, their documents say that a response of 127.0.0.10
-or 127.0.0.11 indicates a dynamic client IP address, which means
-that the machine is probably running a bot of some kind.  To give
-a 521 response instead of the default 554 response, use something
-like: 
        
+
      •  
         To hang up connections from blacklisted zombies, you can
+set specific Postfix SMTP server reject codes for specific RBLs,
+and for individual responses from specific RBLs. We'll use
+zen.spamhaus.org as an example; by the time you read this document,
+details may have changed.  Right now, their documents say that a
+response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP
+address, which means that the machine is probably running a bot of
+some kind.  To give a 521 response instead of the default 554
+response, use something like: 
        
 
 
          1  /etc/postfix/main.cf:
@@ -252,45 +260,55 @@ like: 
        
  8      rbl_reply_maps = hash:/etc/postfix/rbl_reply_maps
  9  
 10  /etc/postfix/rbl_reply_maps:
-11      zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
-12       $rbl_class [$rbl_what] blocked using
-13       $rbl_domain${rbl_reason?; $rbl_reason}
-14  
-15      zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
-16       $rbl_class [$rbl_what] blocked using
-17       $rbl_domain${rbl_reason?; $rbl_reason}
+11      # With Postfix 2.3-2.5 use "421" to hang up connections.
+12      zen.spamhaus.org=127.0.0.10 521 4.7.1 Service unavailable;
+13       $rbl_class [$rbl_what] blocked using
+14       $rbl_domain${rbl_reason?; $rbl_reason}
+15  
+16      zen.spamhaus.org=127.0.0.11 521 4.7.1 Service unavailable;
+17       $rbl_class [$rbl_what] blocked using
+18       $rbl_domain${rbl_reason?; $rbl_reason}
 
        
 
-
         Although the above shows three RBL lookups (lines 4-6), Postfix
-will still only do a single DNS query, so the performance difference
-is negligible. 
        
+
         Although the above example shows three RBL lookups (lines 4-6),
+Postfix will only do a single DNS query, so it does not affect the
+performance. 
        
 
-
         With Postfix 2.3-2.5, use 421 (reply code 521 will not cause
-Postfix to disconnect). The down-side of sending 421 is that
-it works only for zombies and other malware. If the client is running
-a real MTA, then it may connect again several times until the mail
-expires in its queue. When this is a problem, stick with the default
-554 reply, and use "smtpd_hard_error_limit = 1" as described below.
-
        
+
      •  
         With Postfix 2.3-2.5, use reply code 421 (521 will not
+cause Postfix to disconnect). The down-side of replying with 421
+is that it works only for zombies and other malware. If the client
+is running a real MTA, then it may connect again several times until
+the mail expires in its queue. When this is a problem, stick with
+the default 554 reply, and use "smtpd_hard_error_limit = 1" as
+described below.  
        
 
-
         With Postfix 2.5, or with earlier releases that contain the
-stress-adaptive behavior patch, you can turn on the above under
-overload by replacing line 8 with: 
        
+
      •  
         You can automatically turn on the above overload measure
+with Postfix 2.5 and later, or with earlier releases that contain
+the stress-adaptive behavior source code patch from the mirrors
+listed at http://www.postfix.org/download.html. Simply replace line
+above 8 with: 
        
 
 
          8      rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
 
        
 
-
         More information about automatic stress-adaptive behavior is
-at the end of this document. 
        
-
 
      
 
-
       Take desperate measures 
      
+
       More information about automatic stress-adaptive behavior is
+in section "Automatic stress-adaptive behavior".
+
      
 
-
       The following measures will still allow most legitimate
-clients to connect and send mail, but may affect some legitimate
-clients. 
      
+
       Temporary measures for older Postfix releases 
      
+
+
       See the next section, "Automatic stress-adaptive
+behavior", if you are running Postfix version 2.5 or later, or
+if you have applied the source code patch for stress-adaptive
+behavior from the mirrors listed at http://www.postfix.org/download.html.
+
      
+
+
       The following measures can be applied temporarily during overload.
+They still allow most legitimate clients to connect and send
+mail, but may affect some legitimate clients. 
      
 
 
        
 
@@ -312,16 +330,9 @@ such as a mailing list that contains a few no-longer-active user
 names that didn't bother to unsubscribe. No mail should be lost,
 as long as this measure is used only temporarily. 
        
 
-
      •  
         Disable remote SMTP client hostname lookups, so that all
-SMTP client hostnames become "unknown" (line 5 below). This feature
-was introduced with Postfix 2.3. Unfortunately, this measure is
-more problematic than the other ones proposed sofar.  First, this
-will result in loss of mail when you use hostname-based access rules
-that reject mail from "unknown" SMTP clients (examples:
-reject_unknown_client_hostname, reject_unknown_reverse_client_hostname).
-Second, this may result in loss of mail when you subject "unknown"
-SMTP clients to additional restrictions such as reject_unverified_sender.
-
        
+
      •  
         Use an smtpd_junk_command_limit of 1 instead of the default
+100. This prevents clients from keeping idle connections open by
+repeatedly sending NOOP or RSET commands. 
        
 
 
      
 
@@ -330,40 +341,60 @@ SMTP clients to additional restrictions such as reject_unverified_sender.
 1  /etc/postfix/main.cf:
 2      smtpd_timeout = 10
 3      smtpd_hard_error_limit = 1
-4      # Caution: line 5 may trigger REJECTs by hostname-based access rules 
-5      smtpd_peername_lookup = no
+4      smtpd_junk_command_limit = 1
    • -

    Except with the last measure, no mail should be lost, as long +

    With these measures, no mail should be lost, as long as these measures are used only temporarily. The next section of this document introduces a way to automate this process.

    -

    Make Postfix behavior stress-adaptive

    +

    Automatic stress-adaptive behavior

    Postfix version 2.5 introduces automatic stress-adaptive behavior. -This is also available as an add-on patch for Postfix versions 2.4 -and 2.3 from the mirrors listed at http://www.postfix.org/download.html. -

    +This is also available as a source code patch for Postfix versions +2.4 and 2.3 from the mirrors listed at +http://www.postfix.org/download.html.

    -

    It works as follows. When a "public" network service runs into -an "all server ports are busy" condition, the master(8) daemon logs -a warning, restarts the service (without interrupting existing -network sessions), and runs the service with "-o stress=yes" on the -command line. Normally, it runs a stress-adaptive service with "-o -stress=" on the command line (i.e. with an empty parameter value). -Other services never have "-o stress" parameters on the command -line, including services that listen on a loopback interface only. +

    It works as follows. When a "public" network service such as +the SMTP server runs into an "all server ports are busy" condition, +the Postfix master(8) daemon logs a warning, restarts the service +(without interrupting existing network sessions), and runs the +service with "-o stress=yes" on the server process command line:

    -

    The stress pseudo-parameter value is the key to making main.cf -parameter settings stress adaptive:

    - 
    -1  /etc/postfix/main.cf:
-2      smtpd_timeout = ${stress?10}${stress:300}
-3      smtpd_hard_error_limit = ${stress?1}${stress:20}
+80821  ??  S      0:00.24 smtpd -n smtp -t inet -u -c -o stress=yes
+
    +
    + +

    Normally, the Postfix master(8) daemon runs such a service with +"-o stress=" on the command line (i.e. with an empty parameter +value):

    + +
    +
    +83326  ??  S      0:00.28 smtpd -n smtp -t inet -u -c -o stress=
+
    +
    + +

    Services that have local access only never have "-o stress" +parameters on the command line. This includes services internal to +Postfix such as the queue manager, and services that listen on a +loopback interface only, such as after-filter SMTP services.

    + +

    The "stress" parameter value is the key to making main.cf +parameter settings stress adaptive. The following settings are the +default with Postfix 2.6 and later. With earlier Postfix versions +that have stress-adaptive support, append the lines below to the +main.cf file and issue a "postfix reload" command:

    + +
    +
    +1 smtpd_timeout = ${stress?10}${stress:300}s
+2 smtpd_hard_error_limit = ${stress?1}${stress:20}
+3 smtpd_junk_command_limit = ${stress?1}${stress:100}
    @@ -371,11 +402,29 @@ parameter settings stress adaptive:

      -

    • Line 2: under conditions of stress, use an smtpd_timeout -value of 10 seconds instead of the default 300 seconds, +

    • Line 1: under conditions of stress, use an smtpd_timeout +value of 10 seconds instead of the default 300 seconds. Experience +on the postfix-users list from a variety of sysadmins shows that +reducing the "normal" smtpd_timeout to 60s is unlikely to affect +legitimate clients. However, it is unlikely to become the Postfix +default because it's not RFC compliant. Setting smtpd_timeout to +10s (line 2 below) or even 5s under stress will still allow most +legitimate clients to connect and send mail, but may delay mail +from some clients. No mail should be lost, as long as this measure +is used only temporarily.

      -

    • Line 3: under conditions of stress, use an smtpd_hard_error_limit -of 1 instead of the default 20.

      +

    • Line 2: under conditions of stress, use an smtpd_hard_error_limit +of 1 instead of the default 20. This helps by disconnecting clients +after a single error, giving other clients a chance to connect. +However, this may cause significant delays with legitimate mail, +such as a mailing list that contains a few no-longer-active user +names that didn't bother to unsubscribe. No mail should be lost, +as long as this measure is used only temporarily.

      + +

    • Line 3: under conditions of stress, use an +smtpd_junk_command_limit of 1 instead of the default 100. This +prevents clients from keeping idle connections open by repeatedly +sending NOOP or RSET commands.

    @@ -463,6 +512,20 @@ services that accept remote connections.

    +

    Other measures to off-load zombies

    + +

    OpenBSD spamd +implements a daemon that handles all connections from "new" clients. +Only well-behaved mail clients are allowed to talk to the mail +server. Other clients are tarpitted, and will never get a chance +to affect mail server performance.

    + +

    At some point in the future, Postfix may come with a simple +front-end daemon that does basic greylisting and pipelining detection +to keep zombies and other ratware away from Postfix itself. This +would use the "pass" service type which has been available in +stable Postfix releases since Postfix 2.5.

    +

    Credits

      diff --git a/postfix/proto/TLS_LEGACY_README.html b/postfix/proto/TLS_LEGACY_README.html index a46f99c58..c304f7e63 100644 --- a/postfix/proto/TLS_LEGACY_README.html +++ b/postfix/proto/TLS_LEGACY_README.html @@ -568,6 +568,11 @@ the cost of repeatedly negotiating TLS session keys is high.

      +

      As of version 2.5, Postfix will no longer maintain this file +in a directory with non-Postfix ownership. As a migration aid, +attempts to open such files are redirected to the Postfix-owned +$data_directory, and a warning is logged.

      +

      Cached Postfix SMTP server session information expires after a certain amount of time. Postfix/TLS does not use the OpenSSL default of 300s, but a longer time of 3600sec (=1 hour). RFC 2246 @@ -937,6 +942,11 @@ is allowed to negotiate per unit time.

      +

      As of version 2.5, Postfix will no longer maintain this file +in a directory with non-Postfix ownership. As a migration aid, +attempts to open such files are redirected to the Postfix-owned +$data_directory, and a warning is logged.

      +

      Cached Postfix SMTP client session information expires after a certain amount of time. Postfix/TLS does not use the OpenSSL default of 300s, but a longer time of 3600s (=1 hour). RFC 2246 diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index c1e77971b..c2d999b50 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -266,11 +266,11 @@ determines which certificate is presented. For Netscape and OpenSSL clients without special cipher choices, the RSA certificate is preferred.

      -

      In order for remote SMTP clients to check the Postfix SMTP -server certificates, the CA certificate (in case of a certificate -chain, all CA certificates) must be available. You should add any -intermediate CA certificates to the server certificate: the server -certificate first, then the intermediate CA(s).

      +

      To enable a remote SMTP client to verify the Postfix SMTP server +certificate, the issuing CA certificates must be made available to the +client. You should include the required certificates in the server +certificate file, the server certificate first, then the issuing +CA(s) (bottom-up order).

      Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root @@ -363,9 +363,9 @@ is needed. Thus, the $smtpd_tls_CApath directory needs to be accessible inside the optional chroot jail.

      When you configure the Postfix SMTP server to request client certificates, any CA certificates -in $smtpd_tls_CAfile are sent to the client, in order to allow it to -choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile +href="#server_vrfy_client">client certificates, the DNs of certificate +authorities in $smtpd_tls_CAfile are sent to the client, in order to allow +it to choose an identity signed by a CA you trust. If no $smtpd_tls_CAfile is specified, no preferred CA list is sent, and the client is free to choose an identity signed by any CA. Many clients use a fixed identity regardless of the preferred CA list and you may be able to reduce TLS @@ -970,14 +970,14 @@ must not be encrypted, meaning: it must be accessible without password. Both parts (certificate and private key) may be in the same file.

      -

      In order for remote SMTP servers to verify the Postfix SMTP -client certificates, the CA certificate (in case of a certificate -chain, all CA certificates) must be available. You should add -these certificates to the client certificate, the client certificate -first, then the issuing CA(s).

      +

      To enable remote SMTP servers to verify the Postfix SMTP client +certificate, the issuing CA certificates must be made available to the +server. You should include the required certificates in the client +certificate file, the client certificate first, then the issuing +CA(s) (bottom-up order).

      Example: the certificate for "client.example.com" was issued by -"intermediate CA" which itself has a certificate of "root CA". +"intermediate CA" which itself has a certificate issued by "root CA". Create the client.pem file with:

      diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5c55409e3..1848dd3b3 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -890,7 +890,7 @@ Examples: 
       debug_peer_list = 127.0.0.1
-debug_peer_list = some.domain
+debug_peer_list = example.com
      %PARAM default_database_type see "postconf -d" output @@ -2876,7 +2876,7 @@ Example: 

      -myhostname = host.domain.tld
+myhostname = host.example.com
      %PARAM mynetworks see "postconf -d" output @@ -3508,7 +3508,7 @@ Examples: 
       relayhost = $mydomain
-relayhost = [gateway.my.domain]
+relayhost = [gateway.example.com]
 relayhost = uucphost
 relayhost = [an.ip.add.ress]
      @@ -7050,6 +7050,11 @@ seconds. When the LMTP client receives a request for the same connection the connection is reused.

      +

      This parameter is available in Postfix version 2.2 and earlier. +With Postfix version 2.3 and later, see lmtp_connection_cache_on_demand, +lmtp_connection_cache_destinations, or lmtp_connection_reuse_time_limit. +

      +

      The effectiveness of cached connections will be determined by the number of LMTP servers in use, and the concurrency limit specified @@ -8430,12 +8435,13 @@ are present, the cipher used determines which certificate will be presented to the client. For Netscape and OpenSSL clients without special cipher choices the RSA certificate is preferred.

      -

      In order to verify a certificate, the CA certificate (in case -of a certificate chain, all CA certificates) must be available. -You should add these certificates to the server certificate, the -server certificate first, then the issuing CA(s).

      +

      To enable a remote SMTP client to verify the Postfix SMTP server +certificate, the issuing CA certificates must be made available to the +client. You should include the required certificates in the server +certificate file, the server certificate first, then the issuing +CA(s) (bottom-up order).

      -

      Example: the certificate for "server.dom.ain" was issued by +

      Example: the certificate for "server.example.com" was issued by "intermediate CA" which itself has a certificate of "root CA". Create the server.pem file with "cat server_cert.pem intermediate_CA.pem root_CA.pem > server.pem".

      @@ -8498,12 +8504,25 @@ to anyone else.

      %PARAM smtpd_tls_CAfile -

      The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP server certificate. This is -needed only when the CA certificate is not already present in the -server certificate file. This file may also contain the CA -certificates of other trusted CAs. You must use this file for the -list of trusted CAs if you want to use chroot-mode.

      +

      A file containing (PEM format) CA certificates of root CAs trusted +to sign either remote SMTP client certificates or intermediate CA +certificates. These are loaded into memory before the smtpd(8) server +enters the chroot jail. If the number of trusted roots is large, consider +using smtpd_tls_CApath instead, but note that the latter directory must +be present in the chroot jail if the smtpd(8) server is chrooted. This +file may also be used to augment the server certificate trust chain, +but it is best to include all the required certificates directly in the +server certificate file.

      + +

      By default (see smtpd_tls_ask_ccert), client certificates are not +requested, and smtpd_tls_CAfile should remain empty. If you do make use +of client certificates, the distinguished names (DNs) of the certificate +authorities listed in smtpd_tls_CAfile are sent to the remote SMTP client +in the client certificate request message. MUAs with multiple client +certificates may use the list of preferred certificate authorities +to select the correct client certificate. You may want to put your +"preferred" CA or CAs in this file, and install other trusted CAs in +$smtpd_tls_CApath.

      Example:

      @@ -8515,17 +8534,22 @@ smtpd_tls_CAfile = /etc/postfix/CAcert.pem %PARAM smtpd_tls_CApath -

      Directory with PEM format certificate authority certificates -that the Postfix SMTP server offers to remote SMTP clients for the -purpose of client certificate verification. Do not forget to create -the necessary "hash" links with, for example, "$OPENSSL_HOME/bin/c_rehash -/etc/postfix/certs".

      +

      A directory containing (PEM format) CA certificates of root CAs +trusted to sign either remote SMTP client certificates or intermediate CA +certificates. Do not forget to create the necessary "hash" links with, +for example, "$OPENSSL_HOME/bin/c_rehash /etc/postfix/certs". To use +smtpd_tls_CApath in chroot mode, this directory (or a copy) must be +inside the chroot jail.

      -

      To use this option in chroot mode, this directory (or a copy) -must be inside the chroot jail. Please note that in this case the -CA certificates are not offered to the client, so that e.g. Netscape -clients might not offer certificates issued by them. Use of this -feature is therefore not recommended.

      +

      By default (see smtpd_tls_ask_ccert), client certificates are +not requested, and smtpd_tls_CApath should remain empty. In contrast +to smtp_tls_CAfile, DNs of certificate authorities installed +in $smtpd_tls_CApath are not included in the client certificate +request message. MUAs with multiple client certificates may use the +list of preferred certificate authorities to select the correct +client certificate. You may want to put your "preferred" CA or +CAs in $smtp_tls_CAfile, and install the remaining trusted CAs in +$smtpd_tls_CApath.

      Example:

      @@ -8827,13 +8851,14 @@ smtp_tls_eckey_file =

      The best way to use the default settings is to comment out the above parameters in main.cf if present.

      -

      In order to verify certificates, the CA certificate (in case -of a certificate chain, all CA certificates) must be available. -You should add these certificates to the client certificate, the -client certificate first, then the issuing CA(s).

      +

      To enable remote SMTP servers to verify the Postfix SMTP client +certificate, the issuing CA certificates must be made available to the +server. You should include the required certificates in the client +certificate file, the client certificate first, then the issuing +CA(s) (bottom-up order).

      -

      Example: the certificate for "client.dom.ain" was issued by -"intermediate CA" which itself has a certificate of "root CA". +

      Example: the certificate for "client.example.com" was issued by +"intermediate CA" which itself has a certificate issued by "root CA". Create the client.pem file with "cat client_cert.pem intermediate_CA.pem root_CA.pem > client.pem".

      @@ -8874,10 +8899,15 @@ smtp_tls_key_file = $smtp_tls_cert_file %PARAM smtp_tls_CAfile -

      The file with the certificate of the certification authority -(CA) that issued the Postfix SMTP client certificate. This is -needed only when the CA certificate is not already present in the -client certificate file.

      +

      A file containing CA certificates of root CAs trusted to sign +either remote SMTP server certificates or intermediate CA certificates. +These are loaded into memory before the smtp(8) client enters the +chroot jail. If the number of trusted roots is large, consider using +smtp_tls_CApath instead, but note that the latter directory must be +present in the chroot jail if the smtp(8) client is chrooted. This +file may also be used to augment the client certificate trust chain, +but it is best to include all the required certificates directly in +$smtp_tls_cert_file.

      Example:

      diff --git a/postfix/src/anvil/anvil.c b/postfix/src/anvil/anvil.c index b1aa1676f..8bde6f7c0 100644 --- a/postfix/src/anvil/anvil.c +++ b/postfix/src/anvil/anvil.c @@ -209,7 +209,7 @@ /* The process name of a Postfix command or daemon process. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/bounce/bounce.c b/postfix/src/bounce/bounce.c index ae62d21db..81d09942f 100644 --- a/postfix/src/bounce/bounce.c +++ b/postfix/src/bounce/bounce.c @@ -107,7 +107,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index 688b6860d..a9dbdf5b7 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -80,7 +80,7 @@ /* .PP /* Available in Postfix version 2.6 and later: /* .IP "\fBalways_add_missing_headers (no)\fR" -/* Always add (Resent-) From:, To:, Date: or Message-ID headers +/* Always add (Resent-) From:, To:, Date: or Message-ID: headers /* when not present. /* BUILT-IN CONTENT FILTERING CONTROLS /* .ad diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 236db5e11..e5175fd7c 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -624,6 +624,10 @@ static void cleanup_header_done_callback(void *context) * ID uniqueness only within a second, we must ensure that the time in * the message ID matches the queue ID creation time, as long as we use * the queue ID in the message ID. + * + * XXX We log a dummy name=value record so that we (hopefully) don't break + * compatibility with existing logfile analyzers, and so that we don't + * complicate future code that wants to log more name=value attributes. */ if ((state->hdr_rewrite_context || var_always_add_hdrs) && (state->headers_seen & (1 << (state->resent[0] ? @@ -636,7 +640,11 @@ static void cleanup_header_done_callback(void *context) msg_info("%s: %smessage-id=<%s.%s@%s>", state->queue_id, *state->resent ? "resent-" : "", time_stamp, state->queue_id, var_myhostname); + state->headers_seen |= (1 << (state->resent[0] ? + HDR_RESENT_MESSAGE_ID : HDR_MESSAGE_ID)); } + if ((state->headers_seen & (1 << HDR_MESSAGE_ID)) == 0) + msg_info("%s: message-id=<>", state->queue_id); /* * Add a missing (Resent-)Date: header. The date is in local time units, diff --git a/postfix/src/discard/discard.c b/postfix/src/discard/discard.c index c0e5e6deb..d1d467edb 100644 --- a/postfix/src/discard/discard.c +++ b/postfix/src/discard/discard.c @@ -73,7 +73,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/error/error.c b/postfix/src/error/error.c index 6ee9e7714..26aa01134 100644 --- a/postfix/src/error/error.c +++ b/postfix/src/error/error.c @@ -83,7 +83,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/flush/flush.c b/postfix/src/flush/flush.c index 2658819cd..53a2c8f44 100644 --- a/postfix/src/flush/flush.c +++ b/postfix/src/flush/flush.c @@ -112,7 +112,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/global/deliver_request.c b/postfix/src/global/deliver_request.c index 7ee6dbabb..05c074380 100644 --- a/postfix/src/global/deliver_request.c +++ b/postfix/src/global/deliver_request.c @@ -207,6 +207,7 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request) static RCPT_BUF *rcpt_buf; int rcpt_count; int dsn_ret; + int lock_tries; /* * Initialize. For some reason I wanted to allow for multiple instances @@ -335,8 +336,21 @@ static int deliver_request_get(VSTREAM *stream, DELIVER_REQUEST *request) } if (msg_verbose) msg_info("%s: file %s", myname, VSTREAM_PATH(request->fp)); - if (myflock(vstream_fileno(request->fp), INTERNAL_LOCK, DELIVER_LOCK_MODE) < 0) - msg_fatal("shared lock %s: %m", VSTREAM_PATH(request->fp)); + + /* + * XXX Originally, the queue manager would read new recipients AFTER all + * the in-memory recipients were processed. either the queue manager held + * an exclusive lock or delivery agents held a shared lock. Now we try a + * few times. + */ + for (lock_tries = 0; /* see below */; lock_tries++) { + if (myflock(vstream_fileno(request->fp), INTERNAL_LOCK, DELIVER_LOCK_MODE) == 0) + break; + if (lock_tries < 5) + sleep(1); + else + msg_fatal("shared lock %s: %m", VSTREAM_PATH(request->fp)); + } close_on_exec(vstream_fileno(request->fp), CLOSE_ON_EXEC); return (0); diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 516d91735..d2b4c20f8 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1003,8 +1003,8 @@ extern bool var_smtp_skip_5xx_greeting; #define DEF_IGN_MX_LOOKUP_ERR 0 extern bool var_ign_mx_lookup_err; -#define VAR_SKIP_QUIT_RESP "smtp_skip_quit_response" -#define DEF_SKIP_QUIT_RESP 1 +#define VAR_SMTP_SKIP_QUIT_RESP "smtp_skip_quit_response" +#define DEF_SMTP_SKIP_QUIT_RESP 1 extern bool var_skip_quit_resp; #define VAR_SMTP_ALWAYS_EHLO "smtp_always_send_ehlo" diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 00e1c4011..2cca4f695 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20090404" -#define MAIL_VERSION_NUMBER "2.6" +#define MAIL_RELEASE_DATE "20090418" +#define MAIL_VERSION_NUMBER "2.7" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/local/local.c b/postfix/src/local/local.c index 33af0ad76..ebbf47d38 100644 --- a/postfix/src/local/local.c +++ b/postfix/src/local/local.c @@ -537,7 +537,7 @@ /* before mail delivery is attempted. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index f18572ac7..6167fc431 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -131,7 +131,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/oqmgr/qmgr.c b/postfix/src/oqmgr/qmgr.c index 1a8b8b241..e1e1b2d7f 100644 --- a/postfix/src/oqmgr/qmgr.c +++ b/postfix/src/oqmgr/qmgr.c @@ -273,7 +273,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/pickup/pickup.c b/postfix/src/pickup/pickup.c index 3b4628435..ccf64749e 100644 --- a/postfix/src/pickup/pickup.c +++ b/postfix/src/pickup/pickup.c @@ -77,7 +77,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index 8deb6f0e4..a17ba7f63 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -393,7 +393,7 @@ /* The separator between user names and address extensions (user+foo). /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c index cd0569173..34336cd7e 100644 --- a/postfix/src/postalias/postalias.c +++ b/postfix/src/postalias/postalias.c @@ -174,7 +174,7 @@ /* and \fBpostmap\fR(1) commands. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* STANDARDS diff --git a/postfix/src/postconf/Makefile.in b/postfix/src/postconf/Makefile.in index 324ca9d3a..a91c9b95a 100644 --- a/postfix/src/postconf/Makefile.in +++ b/postfix/src/postconf/Makefile.in @@ -44,7 +44,7 @@ update: ../../bin/$(PROG) $(SAMPLES) cp $(PROG) ../../bin $(MAKES): $(INC_DIR)/mail_params.h ../global/mail_params.c - $(AWK) -f extract.awk ../*/*.c + $(AWK) -f extract.awk ../*/*.c | $(SHELL) $(AUTOS): auto.awk $(AWK) -f auto.awk diff --git a/postfix/src/postconf/extract.awk b/postfix/src/postconf/extract.awk index f25437ee3..4e0c690c4 100644 --- a/postfix/src/postconf/extract.awk +++ b/postfix/src/postconf/extract.awk @@ -12,56 +12,124 @@ # when doing duplicate elimination. Differences in the default value # or lower/upper bounds still result in "postconf -d" duplicates, # which are a sign of an error somewhere... +# +# XXX Work around ancient AWK implementations with a 10 file limit +# and no working close() operator (e.g. Solaris). Some systems +# have a more modern implementation that is XPG4-compatible, but it +# is too much bother to find out where each system keeps these. /^(static| )*(const +)?CONFIG_INT_TABLE .*\{/,/\};/ { if ($1 ~ /VAR/) { - print "int " substr($3,2,length($3)-2) ";" > "int_vars.h" + int_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { - print |"sed 's/[ ][ ]*/ /g' > int_table.h" + int_table[$0] = 1 } } } /^(static| )*(const +)?CONFIG_STR_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - print "char *" substr($3,2,length($3)-2) ";" > "str_vars.h" + str_vars["char *" substr($3,2,length($3)-2) ";"] = 1 if (++stab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { - print |"sed 's/[ ][ ]*/ /g' > str_table.h" + str_table[$0] = 1 } } } /^(static| )*(const +)?CONFIG_RAW_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - print "char *" substr($3,2,length($3)-2) ";" > "raw_vars.h" + raw_vars["char *" substr($3,2,length($3)-2) ";"] = 1 if (++rtab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { - print |"sed 's/[ ][ ]*/ /g' > raw_table.h" + raw_table[$0] = 1 } } } /^(static| )*(const +)?CONFIG_BOOL_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - print "int " substr($3,2,length($3)-2) ";" > "bool_vars.h" + bool_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++btab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { - print |"sed 's/[ ][ ]*/ /g' > bool_table.h" + bool_table[$0] = 1 } } } /^(static| )*(const +)?CONFIG_TIME_TABLE .*\{/,/\};/ { if ($1 ~ /^VAR/) { - print "int " substr($3,2,length($3)-2) ";" > "time_vars.h" + time_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++ttab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { - print |"sed 's/[ ][ ]*/ /g' > time_table.h" + time_table[$0] = 1 } } } /^(static| )*(const +)?CONFIG_NINT_TABLE .*\{/,/\};/ { if ($1 ~ /VAR/) { - print "int " substr($3,2,length($3)-2) ";" > "nint_vars.h" + nint_vars["int " substr($3,2,length($3)-2) ";"] = 1 if (++itab[$1 $2 $4 $5 $6 $7 $8 $9] == 1) { - print |"sed 's/[ ][ ]*/ /g' > nint_table.h" + nint_table[$0] = 1 } } } -# Workaround for broken gawk versions. +END { + # Print parameter declarations without busting old AWK's file limit. + print "cat >int_vars.h <<'EOF'" + for (key in int_vars) + print key + print "EOF" -END { exit(0); } + print "cat >str_vars.h <<'EOF'" + for (key in str_vars) + print key + print "EOF" + + print "cat >raw_vars.h <<'EOF'" + for (key in raw_vars) + print key + print "EOF" + + print "cat >bool_vars.h <<'EOF'" + for (key in bool_vars) + print key + print "EOF" + + print "cat >time_vars.h <<'EOF'" + for (key in time_vars) + print key + print "EOF" + + print "cat >nint_vars.h <<'EOF'" + for (key in nint_vars) + print key + print "EOF" + + # Print parameter initializations without busting old AWK's file limit. + print "sed 's/[ ][ ]*/ /g' >int_table.h <<'EOF'" + for (key in int_table) + print key + print "EOF" + + print "sed 's/[ ][ ]*/ /g' >str_table.h <<'EOF'" + for (key in str_table) + print key + print "EOF" + + print "sed 's/[ ][ ]*/ /g' >raw_table.h <<'EOF'" + for (key in raw_table) + print key + print "EOF" + + print "sed 's/[ ][ ]*/ /g' >bool_table.h <<'EOF'" + for (key in bool_table) + print key + print "EOF" + + print "sed 's/[ ][ ]*/ /g' >time_table.h <<'EOF'" + for (key in time_table) + print key + print "EOF" + + print "sed 's/[ ][ ]*/ /g' >nint_table.h <<'EOF'" + for (key in nint_table) + print key + print "EOF" + + # Flush output nicely. + exit(0); +} diff --git a/postfix/src/postdrop/postdrop.c b/postfix/src/postdrop/postdrop.c index 630bdb300..8a3c7c2a0 100644 --- a/postfix/src/postdrop/postdrop.c +++ b/postfix/src/postdrop/postdrop.c @@ -68,7 +68,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .IP "\fBtrigger_timeout (10s)\fR" diff --git a/postfix/src/postlog/postlog.c b/postfix/src/postlog/postlog.c index 784843ce7..000ff70d6 100644 --- a/postfix/src/postlog/postlog.c +++ b/postfix/src/postlog/postlog.c @@ -54,7 +54,7 @@ /* configuration files. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/postmap/postmap.c b/postfix/src/postmap/postmap.c index be414e70f..e956aed9b 100644 --- a/postfix/src/postmap/postmap.c +++ b/postfix/src/postmap/postmap.c @@ -227,7 +227,7 @@ /* and \fBpostmap\fR(1) commands. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/postmulti/postmulti.c b/postfix/src/postmulti/postmulti.c index 353eefde7..9cfec54a2 100644 --- a/postfix/src/postmulti/postmulti.c +++ b/postfix/src/postmulti/postmulti.c @@ -164,8 +164,9 @@ /* .SH "New or existing instance name assignment" /* .IP "\fB-I \fIname\fR" /* Assign the specified instance \fIname\fR to an existing -/* instance or to a newly created or imported instance. Instance -/* names other than "-" (which makes the instance "nameless") +/* instance, newly-created instance, or imported instance. +/* Instance +/* names other than "-" (which makes the instance "nameless") /* must start with "postfix-". This restriction reduces the /* likelihood of name collisions with system files. /* .IP "\fB-G \fIgroup\fR" diff --git a/postfix/src/postqueue/postqueue.c b/postfix/src/postqueue/postqueue.c index 7ced31f05..24f08d9d0 100644 --- a/postfix/src/postqueue/postqueue.c +++ b/postfix/src/postqueue/postqueue.c @@ -121,7 +121,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .IP "\fBtrigger_timeout (10s)\fR" diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index 48f390909..088df7652 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -208,7 +208,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/qmgr/qmgr.c b/postfix/src/qmgr/qmgr.c index f147e63e0..a99993b58 100644 --- a/postfix/src/qmgr/qmgr.c +++ b/postfix/src/qmgr/qmgr.c @@ -319,7 +319,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/qmqpd/qmqpd.c b/postfix/src/qmqpd/qmqpd.c index bb86c614d..28f4f2213 100644 --- a/postfix/src/qmqpd/qmqpd.c +++ b/postfix/src/qmqpd/qmqpd.c @@ -106,19 +106,21 @@ /* The process name of a Postfix command or daemon process. /* .IP "\fBqmqpd_authorized_clients (empty)\fR" /* What clients are allowed to connect to the QMQP server port. -/* .IP "\fBqmqpd_client_port_logging (no)\fR" -/* Enable logging of the remote QMQP client port in addition to -/* the hostname and IP address. /* .IP "\fBqueue_directory (see 'postconf -d' output)\fR" /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .IP "\fBverp_delimiter_filter (-=+)\fR" /* The characters Postfix accepts as VERP delimiter characters on the /* Postfix \fBsendmail\fR(1) command line and in SMTP commands. +/* .PP +/* Available in Postfix version 2.5 and later: +/* .IP "\fBqmqpd_client_port_logging (no)\fR" +/* Enable logging of the remote QMQP client port in addition to +/* the hostname and IP address. /* SEE ALSO /* http://cr.yp.to/proto/qmqp.html, QMQP protocol /* cleanup(8), message canonicalization diff --git a/postfix/src/scache/scache.c b/postfix/src/scache/scache.c index 6a4164ef6..81a3e8865 100644 --- a/postfix/src/scache/scache.c +++ b/postfix/src/scache/scache.c @@ -110,7 +110,7 @@ /* The process name of a Postfix command or daemon process. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/showq/showq.c b/postfix/src/showq/showq.c index 73517a60e..ff23d337b 100644 --- a/postfix/src/showq/showq.c +++ b/postfix/src/showq/showq.c @@ -64,7 +64,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* FILES diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c index 645d5ae2a..dbadd98bc 100644 --- a/postfix/src/smtp/lmtp_params.c +++ b/postfix/src/smtp/lmtp_params.c @@ -87,7 +87,7 @@ }; static const CONFIG_BOOL_TABLE lmtp_bool_table[] = { VAR_LMTP_SKIP_5XX, DEF_LMTP_SKIP_5XX, &var_smtp_skip_5xx_greeting, - VAR_SKIP_QUIT_RESP, DEF_SKIP_QUIT_RESP, &var_skip_quit_resp, + VAR_LMTP_SKIP_QUIT_RESP, DEF_LMTP_SKIP_QUIT_RESP, &var_skip_quit_resp, VAR_LMTP_SASL_ENABLE, DEF_LMTP_SASL_ENABLE, &var_smtp_sasl_enable, VAR_LMTP_RAND_ADDR, DEF_LMTP_RAND_ADDR, &var_smtp_rand_addr, VAR_LMTP_QUOTE_821_ENV, DEF_LMTP_QUOTE_821_ENV, &var_smtp_quote_821_env, diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 7546bcf5b..c0f9f553b 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -307,8 +307,8 @@ /* Time limit for Postfix SMTP client write and read operations /* during TLS startup and shutdown handshake procedures. /* .IP "\fBsmtp_tls_CAfile (empty)\fR" -/* The file with the certificate of the certification authority -/* (CA) that issued the Postfix SMTP client certificate. +/* A file containing CA certificates of root CAs trusted to sign +/* either remote SMTP server certificates or intermediate CA certificates. /* .IP "\fBsmtp_tls_CApath (empty)\fR" /* Directory with PEM format certificate authority certificates /* that the Postfix SMTP client uses to verify a remote SMTP server diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c index 7de9cf09d..4c8afe881 100644 --- a/postfix/src/smtp/smtp_params.c +++ b/postfix/src/smtp/smtp_params.c @@ -89,7 +89,7 @@ static const CONFIG_BOOL_TABLE smtp_bool_table[] = { VAR_SMTP_SKIP_5XX, DEF_SMTP_SKIP_5XX, &var_smtp_skip_5xx_greeting, VAR_IGN_MX_LOOKUP_ERR, DEF_IGN_MX_LOOKUP_ERR, &var_ign_mx_lookup_err, - VAR_SKIP_QUIT_RESP, DEF_SKIP_QUIT_RESP, &var_skip_quit_resp, + VAR_SMTP_SKIP_QUIT_RESP, DEF_SMTP_SKIP_QUIT_RESP, &var_skip_quit_resp, VAR_SMTP_ALWAYS_EHLO, DEF_SMTP_ALWAYS_EHLO, &var_smtp_always_ehlo, VAR_SMTP_NEVER_EHLO, DEF_SMTP_NEVER_EHLO, &var_smtp_never_ehlo, VAR_SMTP_SASL_ENABLE, DEF_SMTP_SASL_ENABLE, &var_smtp_sasl_enable, @@ -107,5 +107,6 @@ VAR_SMTP_SENDER_AUTH, DEF_SMTP_SENDER_AUTH, &var_smtp_sender_auth, VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr, VAR_SMTP_SASL_AUTH_SOFT_BOUNCE, DEF_SMTP_SASL_AUTH_SOFT_BOUNCE, &var_smtp_sasl_auth_soft_bounce, + VAR_LMTP_ASSUME_FINAL, DEF_LMTP_ASSUME_FINAL, &var_lmtp_assume_final, 0, }; diff --git a/postfix/src/smtp/smtp_sasl_glue.c b/postfix/src/smtp/smtp_sasl_glue.c index 1b657e64b..c7ca62abc 100644 --- a/postfix/src/smtp/smtp_sasl_glue.c +++ b/postfix/src/smtp/smtp_sasl_glue.c @@ -273,11 +273,16 @@ void smtp_sasl_connect(SMTP_SESSION *session) void smtp_sasl_start(SMTP_SESSION *session, const char *sasl_opts_name, const char *sasl_opts_val) { + XSASL_CLIENT_CREATE_ARGS create_args; + if (msg_verbose) msg_info("starting new SASL client"); if ((session->sasl_client = - xsasl_client_create(smtp_sasl_impl, session->stream, var_procname, - session->host, sasl_opts_val)) == 0) + XSASL_CLIENT_CREATE(smtp_sasl_impl, &create_args, + stream = session->stream, + service = var_procname, + server_name = session->host, + security_options = sasl_opts_val)) == 0) msg_fatal("SASL per-connection initialization failed"); session->sasl_reply = vstring_alloc(20); } diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index c5dcc8921..da68506ba 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -305,11 +305,13 @@ /* The time limit for Postfix SMTP server write and read operations /* during TLS startup and shutdown handshake procedures. /* .IP "\fBsmtpd_tls_CAfile (empty)\fR" -/* The file with the certificate of the certification authority -/* (CA) that issued the Postfix SMTP server certificate. +/* A file containing (PEM format) CA certificates of root CAs trusted +/* to sign either remote SMTP client certificates or intermediate CA +/* certificates. /* .IP "\fBsmtpd_tls_CAfile (empty)\fR" -/* The file with the certificate of the certification authority -/* (CA) that issued the Postfix SMTP server certificate. +/* A file containing (PEM format) CA certificates of root CAs trusted +/* to sign either remote SMTP client certificates or intermediate CA +/* certificates. /* .IP "\fBsmtpd_tls_always_issue_session_ids (yes)\fR" /* Force the Postfix SMTP server to issue a TLS session id, even /* when TLS session caching is turned off (smtpd_tls_session_cache_database diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index 407437624..da37c4f9a 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -164,6 +164,8 @@ void smtpd_sasl_activate(SMTPD_STATE *state, const char *sasl_opts_name, const char *sasl_opts_val) { const char *mechanism_list; + XSASL_SERVER_CREATE_ARGS create_args; + int tls_flag; /* * Sanity check. @@ -187,12 +189,24 @@ void smtpd_sasl_activate(SMTPD_STATE *state, const char *sasl_opts_name, * Set up a new server context for this connection. */ #define SMTPD_SASL_SERVICE "smtp" +#ifdef USE_TLS + tls_flag = state->tls_context != 0; +#else + tls_flag = 0; +#endif +#define ADDR_OR_EMPTY(addr, unknown) (strcmp(addr, unknown) ? addr : "") +#define REALM_OR_NULL(realm) (*(realm) ? (realm) : (char *) 0) if ((state->sasl_server = - xsasl_server_create(smtpd_sasl_impl, state->client, - SMTPD_SASL_SERVICE, *var_smtpd_sasl_realm ? - var_smtpd_sasl_realm : (char *) 0, - sasl_opts_val)) == 0) + XSASL_SERVER_CREATE(smtpd_sasl_impl, &create_args, + stream = state->client, + server_addr = "", /* need smtpd_peer.c update */ + client_addr = ADDR_OR_EMPTY(state->addr, + CLIENT_ADDR_UNKNOWN), + service = SMTPD_SASL_SERVICE, + user_realm = REALM_OR_NULL(var_smtpd_sasl_realm), + security_options = sasl_opts_val, + tls_flag = tls_flag)) == 0) msg_fatal("SASL per-connection initialization failed"); /* diff --git a/postfix/src/spawn/spawn.c b/postfix/src/spawn/spawn.c index 3ef6228f5..37fdcac74 100644 --- a/postfix/src/spawn/spawn.c +++ b/postfix/src/spawn/spawn.c @@ -105,7 +105,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/tlsmgr/tlsmgr.c b/postfix/src/tlsmgr/tlsmgr.c index 906f5b808..c3f214e15 100644 --- a/postfix/src/tlsmgr/tlsmgr.c +++ b/postfix/src/tlsmgr/tlsmgr.c @@ -129,7 +129,7 @@ /* The process name of a Postfix command or daemon process. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/trivial-rewrite/trivial-rewrite.c b/postfix/src/trivial-rewrite/trivial-rewrite.c index fed4cfb38..6eae44dc2 100644 --- a/postfix/src/trivial-rewrite/trivial-rewrite.c +++ b/postfix/src/trivial-rewrite/trivial-rewrite.c @@ -227,7 +227,7 @@ /* responses. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* .PP diff --git a/postfix/src/virtual/virtual.c b/postfix/src/virtual/virtual.c index e2b33cd5b..80d3bcf8c 100644 --- a/postfix/src/virtual/virtual.c +++ b/postfix/src/virtual/virtual.c @@ -242,7 +242,7 @@ /* The location of the Postfix top-level queue directory. /* .IP "\fBsyslog_facility (mail)\fR" /* The syslog facility of Postfix logging. -/* .IP "\fBsyslog_name (postfix)\fR" +/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" /* The mail system name that is prepended to the process name in syslog /* records, so that "smtpd" becomes, for example, "postfix/smtpd". /* SEE ALSO diff --git a/postfix/src/xsasl/xsasl.h b/postfix/src/xsasl/xsasl.h index 291ff8edd..4f5aa5713 100644 --- a/postfix/src/xsasl/xsasl.h +++ b/postfix/src/xsasl/xsasl.h @@ -44,16 +44,29 @@ typedef struct XSASL_SERVER { * Generic server implementation. Specific instances extend this with their * own private data. */ +typedef struct XSASL_SERVER_CREATE_ARGS { + VSTREAM *stream; + const char *server_addr; + const char *client_addr; + const char *service; + const char *user_realm; + const char *security_options; + int tls_flag; +} XSASL_SERVER_CREATE_ARGS; + typedef struct XSASL_SERVER_IMPL { - XSASL_SERVER *(*create) (struct XSASL_SERVER_IMPL *, VSTREAM *, const char *, const char *, const char *); + XSASL_SERVER *(*create) (struct XSASL_SERVER_IMPL *, XSASL_SERVER_CREATE_ARGS *); void (*done) (struct XSASL_SERVER_IMPL *); } XSASL_SERVER_IMPL; extern XSASL_SERVER_IMPL *xsasl_server_init(const char *, const char *); extern ARGV *xsasl_server_types(void); -#define xsasl_server_create(impl, stream, service, realm, sec_props) \ - (impl)->create((impl), (stream), (service), (realm), (sec_props)) +#define xsasl_server_create(impl, args) \ + (impl)->create((impl), (args)) +#define XSASL_SERVER_CREATE(impl, args, a1, a2, a3, a4, a5, a6, a7) \ + xsasl_server_create((impl), (((args)->a1), ((args)->a2), ((args)->a3), \ + ((args)->a4), ((args)->a5), ((args)->a6), ((args)->a7), (args))) #define xsasl_server_done(impl) (impl)->done((impl)); /* @@ -78,16 +91,26 @@ typedef struct XSASL_CLIENT { * Generic client implementation. Specific instances extend this with their * own private data. */ +typedef struct XSASL_CLIENT_CREATE_ARGS { + VSTREAM *stream; + const char *service; + const char *server_name; + const char *security_options; +} XSASL_CLIENT_CREATE_ARGS; + typedef struct XSASL_CLIENT_IMPL { - XSASL_CLIENT *(*create) (struct XSASL_CLIENT_IMPL *, VSTREAM *, const char *, const char *, const char *); + XSASL_CLIENT *(*create) (struct XSASL_CLIENT_IMPL *, XSASL_CLIENT_CREATE_ARGS *); void (*done) (struct XSASL_CLIENT_IMPL *); } XSASL_CLIENT_IMPL; extern XSASL_CLIENT_IMPL *xsasl_client_init(const char *, const char *); extern ARGV *xsasl_client_types(void); -#define xsasl_client_create(impl, stream, service, server, sec_props) \ - (impl)->create((impl), (stream), (service), (server), (sec_props)) +#define xsasl_client_create(impl, args) \ + (impl)->create((impl), (args)) +#define XSASL_CLIENT_CREATE(impl, args, a1, a2, a3, a4) \ + xsasl_client_create((impl), (((args)->a1), ((args)->a2), ((args)->a3), \ + ((args)->a4), (args))) #define xsasl_client_done(impl) (impl)->done((impl)); /* diff --git a/postfix/src/xsasl/xsasl_client.c b/postfix/src/xsasl/xsasl_client.c index d45e28dc1..0bddd41ef 100644 --- a/postfix/src/xsasl/xsasl_client.c +++ b/postfix/src/xsasl/xsasl_client.c @@ -15,13 +15,25 @@ /* /* ARGV *xsasl_client_types() /* -/* XSASL_CLIENT *xsasl_client_create(implementation, stream, service, -/* server_name, security_properties) +/* .in +4 +/* typedef struct XSASL_CLIENT_CREATE_ARGS { +/* VSTREAM *stream; +/* const char *service; +/* const char *server_name; +/* const char *security_options; +/* } XSASL_CLIENT_CREATE_ARGS; +/* .in -4 +/* +/* XSASL_CLIENT *xsasl_client_create(implementation, create_args) /* XSASL_CLIENT_IMPL *implementation; -/* VSTREAM *stream; -/* const char *service; -/* const char *server_name; -/* const char *security_properties; +/* XSASL_CLIENT_CREATE_ARGS *create_args; +/* +/* XSASL_CLIENT *XSASL_CLIENT_CREATE(implementation, create_args, +/* stream = stream_val, +/* ..., +/* security_options = prop_val) +/* XSASL_CLIENT_IMPL *implementation; +/* XSASL_CLIENT_CREATE_ARGS *create_args; /* /* void xsasl_client_free(client) /* XSASL_CLIENT *client; @@ -62,6 +74,11 @@ /* security properties. The stream handle is stored so that /* encryption can be turned on after successful negotiations. /* +/* XSASL_CLIENT_CREATE() is a macro that provides an interface +/* with named parameters. Named parameters do not have to +/* appear in a fixed order. The parameter names correspond to +/* the member names of the XSASL_CLIENT_CREATE_ARGS structure. +/* /* xsasl_client_free() is called at the end of an SMTP session. /* It destroys a SASL client instance, and disables further /* read/write operations if encryption was turned on. diff --git a/postfix/src/xsasl/xsasl_cyrus_client.c b/postfix/src/xsasl/xsasl_cyrus_client.c index c496f8f33..16a098c07 100644 --- a/postfix/src/xsasl/xsasl_cyrus_client.c +++ b/postfix/src/xsasl/xsasl_cyrus_client.c @@ -148,10 +148,7 @@ typedef struct { */ static void xsasl_cyrus_client_done(XSASL_CLIENT_IMPL *); static XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *, - VSTREAM *, - const char *, - const char *, - const char *); + XSASL_CLIENT_CREATE_ARGS *); static int xsasl_cyrus_client_set_security(XSASL_CLIENT *, const char *); static int xsasl_cyrus_client_first(XSASL_CLIENT *, const char *, const char *, const char *, const char **, VSTRING *); @@ -301,10 +298,7 @@ static void xsasl_cyrus_client_done(XSASL_CLIENT_IMPL *impl) /* xsasl_cyrus_client_create - per-session SASL initialization */ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl, - VSTREAM *stream, - const char *service, - const char *server, - const char *sec_props) + XSASL_CLIENT_CREATE_ARGS *args) { XSASL_CYRUS_CLIENT *client = 0; static sasl_callback_t callbacks[] = { @@ -346,7 +340,7 @@ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl, #define NULL_SERVER_ADDR ((char *) 0) #define NULL_CLIENT_ADDR ((char *) 0) - if ((sasl_status = SASL_CLIENT_NEW(service, server, + if ((sasl_status = SASL_CLIENT_NEW(args->service, args->server_name, NULL_CLIENT_ADDR, NULL_SERVER_ADDR, var_cyrus_sasl_authzid ? custom_callbacks : custom_callbacks + 1, NULL_SECFLAGS, @@ -369,7 +363,7 @@ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl, client->xsasl.free = xsasl_cyrus_client_free; client->xsasl.first = xsasl_cyrus_client_first; client->xsasl.next = xsasl_cyrus_client_next; - client->stream = stream; + client->stream = args->stream; client->sasl_conn = sasl_conn; client->callbacks = custom_callbacks; client->decoded = vstring_alloc(20); @@ -379,7 +373,8 @@ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl, for (cp = custom_callbacks; cp->id != SASL_CB_LIST_END; cp++) cp->context = (void *) client; - if (xsasl_cyrus_client_set_security(&client->xsasl, sec_props) + if (xsasl_cyrus_client_set_security(&client->xsasl, + args->security_options) != XSASL_AUTH_OK) XSASL_CYRUS_CLIENT_CREATE_ERROR_RETURN(0); diff --git a/postfix/src/xsasl/xsasl_cyrus_server.c b/postfix/src/xsasl/xsasl_cyrus_server.c index a86602d65..78bb4df17 100644 --- a/postfix/src/xsasl/xsasl_cyrus_server.c +++ b/postfix/src/xsasl/xsasl_cyrus_server.c @@ -154,10 +154,7 @@ typedef struct { */ static void xsasl_cyrus_server_done(XSASL_SERVER_IMPL *); static XSASL_SERVER *xsasl_cyrus_server_create(XSASL_SERVER_IMPL *, - VSTREAM *, - const char *, - const char *, - const char *); + XSASL_SERVER_CREATE_ARGS *); static void xsasl_cyrus_server_free(XSASL_SERVER *); static int xsasl_cyrus_server_first(XSASL_SERVER *, const char *, const char *, VSTRING *); @@ -259,10 +256,7 @@ static void xsasl_cyrus_server_done(XSASL_SERVER_IMPL *impl) /* xsasl_cyrus_server_create - create server instance */ static XSASL_SERVER *xsasl_cyrus_server_create(XSASL_SERVER_IMPL *unused_impl, - VSTREAM *stream, - const char *service, - const char *realm, - const char *sec_props) + XSASL_SERVER_CREATE_ARGS *args) { const char *myname = "xsasl_cyrus_server_create"; char *server_address; @@ -273,7 +267,8 @@ static XSASL_SERVER *xsasl_cyrus_server_create(XSASL_SERVER_IMPL *unused_impl, if (msg_verbose) msg_info("%s: SASL service=%s, realm=%s", - myname, service, realm ? realm : "(null)"); + myname, args->service, args->user_realm ? + args->user_realm : "(null)"); /* * The optimizer will eliminate code duplication and/or dead code. @@ -314,8 +309,8 @@ static XSASL_SERVER *xsasl_cyrus_server_create(XSASL_SERVER_IMPL *unused_impl, #endif if ((sasl_status = - SASL_SERVER_NEW(service, var_myhostname, - realm ? realm : NO_AUTH_REALM, + SASL_SERVER_NEW(args->service, var_myhostname, + args->user_realm ? args->user_realm : NO_AUTH_REALM, server_address, client_address, NO_SESSION_CALLBACKS, NO_SECURITY_LAYERS, &sasl_conn)) != SASL_OK) { @@ -335,13 +330,13 @@ static XSASL_SERVER *xsasl_cyrus_server_create(XSASL_SERVER_IMPL *unused_impl, server->xsasl.next = xsasl_cyrus_server_next; server->xsasl.get_mechanism_list = xsasl_cyrus_server_get_mechanism_list; server->xsasl.get_username = xsasl_cyrus_server_get_username; - server->stream = stream; + server->stream = args->stream; server->sasl_conn = sasl_conn; server->decoded = vstring_alloc(20); server->username = 0; server->mechanism_list = 0; - if (xsasl_cyrus_server_set_security(&server->xsasl, sec_props) + if (xsasl_cyrus_server_set_security(&server->xsasl, args->security_options) != XSASL_AUTH_OK) XSASL_CYRUS_SERVER_CREATE_ERROR_RETURN(0); diff --git a/postfix/src/xsasl/xsasl_dovecot_server.c b/postfix/src/xsasl/xsasl_dovecot_server.c index ca27113d9..4883d097e 100644 --- a/postfix/src/xsasl/xsasl_dovecot_server.c +++ b/postfix/src/xsasl/xsasl_dovecot_server.c @@ -161,10 +161,11 @@ typedef struct { char *username; /* authenticated user */ VSTRING *sasl_line; unsigned int sec_props; /* Postfix mechanism filter */ + int tls_flag; /* TLS enabled in this session */ char *mechanism_list; /* filtered mechanism list */ ARGV *mechanism_argv; /* ditto */ - MAI_HOSTADDR_STR server_addr; /* local IP address */ - MAI_HOSTADDR_STR client_addr; /* remote IP address */ + char *client_addr; /* remote IP address */ + char *server_addr; /* remote IP address */ } XSASL_DOVECOT_SERVER; /* @@ -172,10 +173,7 @@ typedef struct { */ static void xsasl_dovecot_server_done(XSASL_SERVER_IMPL *); static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *, - VSTREAM *, - const char *, - const char *, - const char *); + XSASL_SERVER_CREATE_ARGS *); static void xsasl_dovecot_server_free(XSASL_SERVER *); static int xsasl_dovecot_server_first(XSASL_SERVER *, const char *, const char *, VSTRING *); @@ -394,20 +392,19 @@ static void xsasl_dovecot_server_done(XSASL_SERVER_IMPL *impl) /* xsasl_dovecot_server_create - create server instance */ static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl, - VSTREAM *stream, - const char *service, - const char *realm, - const char *sec_props) + XSASL_SERVER_CREATE_ARGS *args) { const char *myname = "xsasl_dovecot_server_create"; XSASL_DOVECOT_SERVER *server; struct sockaddr_storage ss; struct sockaddr *sa = (struct sockaddr *) & ss; SOCKADDR_SIZE salen; + MAI_HOSTADDR_STR server_addr; if (msg_verbose) msg_info("%s: SASL service=%s, realm=%s", - myname, service, realm ? realm : "(null)"); + myname, args->service, args->user_realm ? + args->user_realm : "(null)"); /* * Extend the XSASL_SERVER_IMPL object with our own data. We use @@ -423,26 +420,29 @@ static XSASL_SERVER *xsasl_dovecot_server_create(XSASL_SERVER_IMPL *impl, server->impl = (XSASL_DOVECOT_SERVER_IMPL *) impl; server->sasl_line = vstring_alloc(256); server->username = 0; - server->service = mystrdup(service); + server->service = mystrdup(args->service); server->last_request_id = 0; server->mechanism_list = 0; server->mechanism_argv = 0; + server->tls_flag = args->tls_flag; server->sec_props = name_mask_opt(myname, xsasl_dovecot_conf_sec_props, - sec_props, NAME_MASK_ANY_CASE | NAME_MASK_FATAL); + args->security_options, + NAME_MASK_ANY_CASE | NAME_MASK_FATAL); + server->client_addr = mystrdup(args->client_addr); /* - * XXX This is not the right place: it ignores client overrides with the - * XCLIENT command. + * XXX Temporary code until smtpd_peer.c is updated. */ - salen = sizeof(ss); - if (getpeername(vstream_fileno(stream), sa, &salen) < 0 - || sockaddr_to_hostaddr(sa, salen, &server->client_addr, 0, 0) != 0) - server->client_addr.buf[0] = 0; - salen = sizeof(ss); - if (getsockname(vstream_fileno(stream), sa, &salen) < 0 - || sockaddr_to_hostaddr(sa, salen, &server->server_addr, 0, 0) != 0) - server->server_addr.buf[0] = 0; + if (args->server_addr && *args->server_addr) { + server->server_addr = mystrdup(args->server_addr); + } else { + salen = sizeof(ss); + if (getsockname(vstream_fileno(args->stream), sa, &salen) < 0 + || sockaddr_to_hostaddr(sa, salen, &server_addr, 0, 0) != 0) + server_addr.buf[0] = 0; + server->server_addr = mystrdup(server_addr.buf); + } return (&server->xsasl); } @@ -481,6 +481,8 @@ static void xsasl_dovecot_server_free(XSASL_SERVER *xp) argv_free(server->mechanism_argv); } myfree(server->service); + myfree(server->server_addr); + myfree(server->client_addr); myfree((char *) server); } @@ -638,8 +640,10 @@ int xsasl_dovecot_server_first(XSASL_SERVER *xp, const char *sasl_method, vstream_fprintf(server->impl->sasl_stream, "AUTH\t%u\t%s\tservice=%s\tnologin\tlip=%s\trip=%s", server->last_request_id, sasl_method, - server->service, server->server_addr.buf, - server->client_addr.buf); + server->service, server->server_addr, + server->client_addr); + if (server->tls_flag) + vstream_fputs("\tsecured", server->impl->sasl_stream); if (init_response) { /* diff --git a/postfix/src/xsasl/xsasl_server.c b/postfix/src/xsasl/xsasl_server.c index 28204f7bb..6b45ab8b0 100644 --- a/postfix/src/xsasl/xsasl_server.c +++ b/postfix/src/xsasl/xsasl_server.c @@ -15,13 +15,28 @@ /* /* ARGV *xsasl_server_types() /* -/* XSASL_SERVER *xsasl_server_create(implementation, stream, service, -/* user_realm, security_options) +/* .in +4 +/* typedef struct XSASL_SERVER_CREATE_ARGS { +/* VSTREAM *stream; +/* const char *server_addr; +/* const char *client_addr; +/* const char *service; +/* const char *user_realm; +/* const char *security_options; +/* int tls_flag; +/* } XSASL_SERVER_CREATE_ARGS; +/* .in -4 +/* +/* XSASL_SERVER *xsasl_server_create(implementation, args) /* XSASL_SERVER_IMPL *implementation; -/* const char *service; -/* VSTREAM *stream; -/* const char *user_realm; -/* const char *security_options; +/* XSASL_SERVER_CREATE_ARGS *args; +/* +/* XSASL_SERVER *XSASL_SERVER_CREATE(implementation, args, +/* stream = stream_value, +/* ..., +/* tls_flag = tls_flag_value) +/* XSASL_SERVER_IMPL *implementation; +/* XSASL_SERVER_CREATE_ARGS *args; /* /* void xsasl_server_free(server) /* XSASL_SERVER *server; @@ -65,7 +80,13 @@ /* with the specified security properties. Specify a null /* pointer when no realm should be used. The stream handle is /* stored so that encryption can be turned on after successful -/* negotiations. +/* negotiations. Specify zero-length strings when a client or +/* server address is unavailable. +/* +/* XSASL_SERVER_CREATE() is a macro that provides an interface +/* with named parameters. Named parameters do not have to +/* appear in a fixed order. The parameter names correspond to +/* the member names of the XSASL_SERVER_CREATE_ARGS structure. /* /* xsasl_server_free() is called at the end of an SMTP session. /* It destroys a SASL server instance, and disables further @@ -107,6 +128,9 @@ /* Arguments: /* .IP auth_method /* AUTH command authentication method. +/* .IP client_addr +/* IPv4 or IPv6 address (no surrounding [] or ipv6: prefix), +/* or zero-length string if unavailable. /* .IP init_resp /* AUTH command initial response or null pointer. /* .IP implementation @@ -121,6 +145,9 @@ /* equivalent. This is passed unchanged to the plug-in. /* .IP server /* SASL plug-in server handle. +/* .IP server_addr +/* IPv4 or IPv6 address (no surrounding [] or ipv6: prefix), +/* or zero-length string if unavailable. /* .IP server_reply /* BASE64 encoded server non-error reply (without SMTP reply /* code or enhanced status code), or ASCII error description.