mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20250205

Browse Source
This commit is contained in:
Wietse Z Venema 2025-02-05 00:00:00 -05:00 committed by Viktor Dukhovni
parent 70fe1107cf
commit 226326ea50
18 changed files with 484 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
postfix/HISTORY
View File

@ -28918,4 +28918,19 @@ Apologies for any names omitted.
Debug logging: cleanup/cleanup_api.c. tls/tlsrpt_wrapper.c. Debug logging: cleanup/cleanup_api.c. tls/tlsrpt_wrapper.c.
proto/TLSRPT_README.html. proto/TLSRPT_README.html.
20250204
Feature: with "smtpd_hide_client_session = yes", the Postfix
SMTP server generates a Received: header without client
session info (EHLO, hostname, IP address, TLS session
details, SASL login details, SMTP protocol details). Files:
conf/master.cf, mantools/postlink, proto/postconf.proto,
global/mail_params.h, smtpd/smtpd.c.
20250205
Documentation: updated TLSRPT_README, added postfix-tlspol
policy plugin, deprecated the policy_ttl attribute. File:
proto/TLSRPT_README.html.
Postfix 3.10 code freeze. Postfix 3.10 code freeze.

83
postfix/README_FILES/TLSRPT_README
View File

@ -48,11 +48,12 @@ are collected and processed into daily summary reports.
TLSRPT report generator produces daily summary reports. TLSRPT report generator produces daily summary reports.
The TLSRPT client library, and the infrastructure to collect, fetch, and report The TLSRPT client library, and the infrastructure to collect, fetch, and report
TLSRPT information are maintained by sys4 at https://github.com/sys4/libtlsrpt TLSRPT information, are implemented and maintained by sys4 at https://
and https://github.com/sys4/tlsrpt-reporter, respectively. github.com/sys4/libtlsrpt and https://github.com/sys4/tlsrpt-reporter,
respectively.
The Postfix implementation supports both DANE (Postfix built-in) and MTA-STS The Postfix implementation supports domains with DANE (Postfix built-in) and
(through an smtp_tls_policy_maps plug-in). MTA-STS (through an smtp_tls_policy_maps plug-in).
The Postfix smtp(8) client process implements the SMTP client engine. With The Postfix smtp(8) client process implements the SMTP client engine. With
"smtp_tls_connection_reuse = no", the smtp(8) client process also implements "smtp_tls_connection_reuse = no", the smtp(8) client process also implements
@ -228,19 +229,25 @@ Options:
MMTTAA--SSTTSS SSuuppppoorrtt vviiaa ssmmttpp__ttllss__ppoolliiccyy__mmaappss MMTTAA--SSTTSS SSuuppppoorrtt vviiaa ssmmttpp__ttllss__ppoolliiccyy__mmaappss
Postfix supports MTA-STS though an smtp_tls_policy_maps policy plugin, which Postfix supports MTA-STS though an smtp_tls_policy_maps policy plugin, which
replies with a TLS security level and optional matching requirements. Postfix replies with a TLS security level and name=value attributes with certificate
3.10 and later optionally also accept the name=value attributes described matching requirements. Postfix 3.10 and later accept additional name=value
below. Specify { name = value } when a value may contain whitespace. attributes that are needed for TLSRPT.
Note 1: Postfix 3.10 and later will accept these attributes in an MTA-STS Examples of smtp_tls_policy_maps plugins with MTA-STS support are:
response even if TLSRPT support is disabled (at build time or run time).
With TLSRPT support turned off, Postfix will use the ttl and policy_failure
attributes, and will ignore the attributes that are used only for TLSRPT.
Note 2: It is an error to specify these attributes for a non-STS policy. * postfix-tlspol, supports domains with DANE (using Postfix built-in DANE),
and domains with MTA-STS.
The examples in the table apply to the MTA-STS policy example given in RFC 8461 * postfix-mta-sts-resolver, supports domains with MTA-STS.
Section 3.2:
Both plugins can generate the additional name=value attributes that Postfix
needs for TLSRPT support (as of February 2025). This is enabled by setting a
tlsrpt boolean in a plugin configuration file. This setting is safe with
Postfix 3.10 and later, even if Postfix TLSRPT support is disabled (at build
time or at run time).
The examples in the text below apply to this MTA-STS policy example given in
RFC 8461 Section 3.2:
version: STSv1 version: STSv1
mode: enforce mode: enforce
@ -249,7 +256,9 @@ Section 3.2:
mx: backupmx.example.com mx: backupmx.example.com
max_age: 604800 max_age: 604800
A policy response may contain line breaks. The list of supported attributes is given below. Instead of name=value, specify
{ name = value } when a value may contain whitespace. A policy response may
contain line breaks.
* policy_type=type * policy_type=type
@ -259,45 +268,49 @@ A policy response may contain line breaks.
The domain that the MTA-STS policy applies to. The domain that the MTA-STS policy applies to.
* policy_ttl=time Example: policy_domain=example.com
How long (in seconds) a Postfix SMTP client process will cache the MTA-STS
plugin response.
* { policy_string = value } * { policy_string = value }
Specify one policy_string instance for each MTA-STS policy feature, Specify one policy_string instance for each MTA-STS policy feature,
enclosed inside "{" and "}" to protect whitespace in attribute values. enclosed inside "{" and "}" to protect whitespace in attribute values.
Example: Example: { policy_string = version: STSv1 } { policy_string = mode: enforce
} ...
{ policy_string = version: STSv1 } { policy_string = mode: enforce } The above form ignores whitespace after the opening "{", around the "=",
... and before the closing "}".
This form ignores whitespace after the opening "{", around the "=", and
before the closing "}".
* mx_host_pattern=pattern * mx_host_pattern=pattern
Specify one mx_host_pattern instance for each "mx:" feature in the MTA-STS Specify one mx_host_pattern instance for each "mx:" feature in the MTA-STS
policy. policy.
Example: Example: mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
* policy_failure=type * policy_failure=type
If specified, forces MTA-STS policy enforcement to fail with the indicated If specified, forces MTA-STS policy enforcement to fail with the indicated
error, even if a server certificate would satisfy conventional PKI error, even if a server certificate would satisfy conventional PKI
constraints. constraints. Valid errors are sts-policy-fetch-error, sts-policy-invalid,
sts-webpki-invalid, or the less informative validation-failure.
Valid errors are sts-policy-fetch-error, sts-policy-invalid, sts-webpki- Example: policy_failure=sts-webpki-invalid
invalid, or the less informative validation-failure.
Example: * policy_ttl=time
policy_failure=sts-webpki-invalid This attribute is deprecated. The time value is not used, and support for
this attribute will eventually be removed from the code.
Notes:
* Postfix 3.10 and later will accept these additional attributes in an MTA-
STS response even if TLSRPT support is disabled (at build time or at run
time). With TLSRPT support turned off, Postfix may still use the
policy_failure attribute, and will ignore the attributes that are used only
for TLSRPT.
* It is an error to specify these attributes for a non-STS policy.
LLiimmiittaattiioonnss LLiimmiittaattiioonnss
@ -314,7 +327,7 @@ SMTP protocol engine. It just is not how Postfix works internally.
CCrreeddiittss CCrreeddiittss
* The TLSRPT client library and report generator are implemented and * The TLSRPT client library, and the infrastructure to collect, fetch, and
maintained by sys4. report TLSRPT information, are implemented and maintained by sys4.
* Wietse Venema implemented the integration with Postfix. * Wietse Venema implemented the integration with Postfix.

2
postfix/conf/master.cf
View File

@ -23,6 +23,7 @@ smtp inet n - n - - smtpd
# -o smtpd_sasl_auth_enable=yes # -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes # -o smtpd_tls_auth_only=yes
# -o local_header_rewrite_clients=static:all # -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no # -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here, # Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
@ -42,6 +43,7 @@ smtp inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes # -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes # -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all # -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no # -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here, # Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions" # specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"

125
postfix/html/TLSRPT_README.html
View File

@ -98,12 +98,13 @@ and a central TLSRPT report generator produces daily summary reports.
</ul> </ul>
<p> The TLSRPT client library, and the infrastructure to collect, <p> The TLSRPT client library, and the infrastructure to collect,
fetch, and report TLSRPT information are maintained by sys4 at fetch, and report TLSRPT information, are implemented and maintained
<a href="https://github.com/sys4/libtlsrpt">https://github.com/sys4/libtlsrpt</a> and by sys4 at <a href="https://github.com/sys4/libtlsrpt">https://github.com/sys4/libtlsrpt</a> and
<a href="https://github.com/sys4/tlsrpt-reporter">https://github.com/sys4/tlsrpt-reporter</a>, respectively. </p> <a href="https://github.com/sys4/tlsrpt-reporter">https://github.com/sys4/tlsrpt-reporter</a>, respectively. </p>
<p> The Postfix implementation supports both DANE (Postfix built-in) <p> The Postfix implementation supports domains with DANE (Postfix
and MTA-STS (through an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plug-in). </p> built-in) and MTA-STS (through an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plug-in).
</p>
<p> The Postfix <a href="smtp.8.html">smtp(8)</a> client process implements the SMTP client <p> The Postfix <a href="smtp.8.html">smtp(8)</a> client process implements the SMTP client
engine. With "<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> = no", the <a href="smtp.8.html">smtp(8)</a> client engine. With "<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> = no", the <a href="smtp.8.html">smtp(8)</a> client
@ -332,25 +333,33 @@ generator's sender address): </p>
</a></h2> </a></h2>
<p> Postfix supports MTA-STS though an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> policy <p> Postfix supports MTA-STS though an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> policy
plugin, which replies with a TLS security level and optional matching plugin, which replies with a TLS security level and name=value
requirements. Postfix 3.10 and later optionally also accept the attributes with certificate matching requirements. Postfix 3.10 and
name=value attributes described below. Specify <tt>{ name = value later accept additional name=value attributes that are needed for
}</tt> when a value may contain whitespace. </p> TLSRPT. </p>
<blockquote> <p> Examples of <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plugins with MTA-STS support
are: </p>
<p> Note 1: Postfix 3.10 and later will accept these attributes in <ul>
an MTA-STS response even if TLSRPT support is disabled (at build
time or run time). With TLSRPT support turned off, Postfix
will use the <tt>ttl</tt> and <tt>policy_failure</tt> attributes,
and will ignore the attributes that are used only for TLSRPT. </p>
<p> Note 2: It is an error to specify these attributes for a non-STS <li> <p> <a href="https://github.com/Zuplu/postfix-tlspol">
policy. </p> postfix-tlspol</a>, supports domains with DANE (using Postfix
built-in DANE), and domains with MTA-STS. </p>
</blockquote> <li> <p> <a href="https://github.com/Snawoot/postfix-mta-sts-resolver">
postfix-mta-sts-resolver</a>, supports domains with MTA-STS. </p>
<p> The examples in the table apply to the MTA-STS policy example </ul>
<p> Both plugins can generate the additional name=value attributes
that Postfix needs for TLSRPT support (as of February 2025). This
is enabled by setting a <tt>tlsrpt</tt> boolean in a plugin
configuration file. This setting is safe with Postfix 3.10 and
later, even if Postfix TLSRPT support is disabled (at build time
or at run time). </p>
<p> The examples in the text below apply to this MTA-STS policy example
given in <a given in <a
href="https://datatracker.ietf.org/doc/html/rfc8461#section-3.2"> href="https://datatracker.ietf.org/doc/html/rfc8461#section-3.2">
RFC 8461 Section 3.2</a>: </p> RFC 8461 Section 3.2</a>: </p>
@ -366,72 +375,77 @@ max_age: 604800
</pre> </pre>
</blockquote> </blockquote>
<p> A policy response may contain line breaks. </p> <p> The list of supported attributes is given below. Instead of
<tt>name=value</tt>, specify <tt>{ name = value }</tt> when a value
may contain whitespace. A policy response may contain line breaks.
</p>
<ul> <ul>
<li> <p> <tt> policy_type=<i>type</i> </tt> <li> <p> <tt> policy_type=<i>type</i> </tt> </p>
<p> Specify <tt>sts</tt> or <tt>no-policy-found</tt>. </p> </li> <p> Specify <tt>sts</tt> or <tt>no-policy-found</tt>. </p> </li>
<li> <p> <tt> policy_domain=<i>name</i> </tt> </p> <li> <p> <tt> policy_domain=<i>name</i> </tt> </p>
<p> The domain that the MTA-STS policy applies to. </p> </li> <p> The domain that the MTA-STS policy applies to. </p>
<li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<p> How long (in seconds) a Postfix SMTP client process will cache <p> Example: <tt>policy_domain=example.com</tt> </p>
the MTA-STS plugin response. </p> </li>
</li>
<li> <p> <tt> { policy_string = <i>value</i> } </tt> </p> <li> <p> <tt> { policy_string = <i>value</i> } </tt> </p>
<p> Specify one <tt>policy_string</tt> instance for each MTA-STS <p> Specify one <tt>policy_string</tt> instance for each MTA-STS
policy feature, enclosed inside "{" and "}" to protect whitespace policy feature, enclosed inside "{" and "}" to protect whitespace
in attribute values. </p> in attribute values. <p>
<p> Example: </p> <p> Example: <tt> { policy_string = version: STSv1 } { policy_string
= mode: enforce } ...</tt> </p>
<blockquote> <p> The above form ignores whitespace after the opening "{", around
<pre> the "=", and before the closing "}".</p> </li>
{ policy_string = version: STSv1 } { policy_string = mode: enforce } ...
</pre>
</blockquote>
<p> This form ignores whitespace after the opening "{", around the "=",
and before the closing "}".</p> </li>
<li> <p> <tt> mx_host_pattern=<i>pattern</i> </tt> </p> <li> <p> <tt> mx_host_pattern=<i>pattern</i> </tt> </p>
<p> Specify one <tt>mx_host_pattern</tt> instance for each "mx:" feature <p> Specify one <tt>mx_host_pattern</tt> instance for each "mx:" feature
in the MTA-STS policy. </p> in the MTA-STS policy. </p>
<p> Example: </p> <p> Example: <tt>mx_host_pattern=mail.example.com
mx_host_pattern=*.example.net ...</tt> </p> </li>
<blockquote>
<pre>
mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
</pre>
</blockquote>
</li>
<li> <p> <tt> policy_failure=<i>type</i> </tt> </p> <li> <p> <tt> policy_failure=<i>type</i> </tt> </p>
<p> If specified, forces MTA-STS policy enforcement to fail with <p> If specified, forces MTA-STS policy enforcement to fail with
the indicated error, even if a server certificate would satisfy the indicated error, even if a server certificate would satisfy
conventional PKI constraints. </p> conventional PKI constraints. Valid errors are <tt>sts-policy-fetch-error,
sts-policy-invalid</tt>, <tt>sts-webpki-invalid</tt>, or the less
informative <tt>validation-failure</tt>. </p>
<p> Valid errors are <tt>sts-policy-fetch-error, sts-policy-invalid</tt>, <p> Example: <tt>policy_failure=sts-webpki-invalid</tt> </p> </li>
<tt>sts-webpki-invalid</tt>, or the less informative
<tt>validation-failure</tt>. </p>
<p> Example: </p> <li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<blockquote> <p> This attribute is deprecated. The <i>time</i> value is not used,
<pre> and support for this attribute will eventually be removed from the
policy_failure=sts-webpki-invalid code. </p> </li>
</pre>
</blockquote> </ul>
</li>
<p> Notes: </p>
<ul>
<li> <p> Postfix 3.10 and later will accept these additional
attributes in an MTA-STS response even if TLSRPT support is disabled
(at build time or at run time). With TLSRPT support turned off,
Postfix may still use the <tt>policy_failure</tt>
attribute, and will ignore the attributes that are used only for
TLSRPT. </p>
<li> <p> It is an error to specify these attributes for a non-STS
policy. </p>
</ul> </ul>
@ -453,8 +467,9 @@ engine. It just is not how Postfix works internally. </p>
<ul> <ul>
<li> The TLSRPT client library and report generator are implemented <li> The TLSRPT client library, and the infrastructure to collect,
and maintained by sys4. </li> fetch, and report TLSRPT information, are implemented and maintained
by sys4. </li>
<li> Wietse Venema implemented the integration with Postfix. <li> Wietse Venema implemented the integration with Postfix.
</li> </li>

41
postfix/html/postconf.5.html
View File

@ -16550,6 +16550,47 @@ Examples:
</pre> </pre>
</DD>
<DT><b><a name="smtpd_hide_client_session">smtpd_hide_client_session</a>
(default: no)</b></DT><DD>
<p> Do not include SMTP client session information in the Postfix
SMTP server's Received: message header. </p>
<ul>
<li> <p> The default setting, "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = no",
must be used for the port 25 MTA service. It provides information
that is required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. </p>
<li> <p> The setting "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = yes" may be used
for the port 587 and 465 MUA services. This hides the SMTP client
hostname and IP address, TLS session details, SASL login details,
and SMTP protocol details. </p>
</ul>
<p> Depending on the number of recipients, a redacted Received:
header has one of the following forms: </p>
<blockquote>
<pre>
Received: by mail.example.com (Postfix) id postfix-queue-id
for &lt;user@example.com&gt;; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
<br>
Received: by mail.example.com (Postfix) id postfix-queue-id
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
</pre>
</blockquote>
<p> The redacted form hides that a message was received with SMTP,
and therefore it does not need to provide the information required by
<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. The form does still meet <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> requirements. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
</DD> </DD>
<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> <DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a>

6
postfix/html/smtpd.8.html
View File

@ -1431,6 +1431,12 @@ SMTPD(8) SMTPD(8)
Lookup tables, indexed by the complete Postfix SMTP server 4xx Lookup tables, indexed by the complete Postfix SMTP server 4xx
or 5xx response, with reject footer templates. or 5xx response, with reject footer templates.
Available in Postfix 3.10 and later:
<b><a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> (no)</b>
Do not include SMTP client session information in the Postfix
SMTP server's Received: message header.
<b><a name="see_also">SEE ALSO</a></b> <b><a name="see_also">SEE ALSO</a></b>
<a href="anvil.8.html">anvil(8)</a>, connection/rate limiting <a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization <a href="cleanup.8.html">cleanup(8)</a>, message canonicalization

34
postfix/man/man5/postconf.5
View File

@ -11187,6 +11187,40 @@ smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname
.fi .fi
.ad .ad
.SH smtpd_hide_client_session (default: no)
Do not include SMTP client session information in the Postfix
SMTP server's Received: message header.
.IP \(bu
The default setting, "smtpd_hide_client_session = no",
must be used for the port 25 MTA service. It provides information
that is required by RFC 5321.
.IP \(bu
The setting "smtpd_hide_client_session = yes" may be used
for the port 587 and 465 MUA services. This hides the SMTP client
hostname and IP address, TLS session details, SASL login details,
and SMTP protocol details.
.br
.PP
Depending on the number of recipients, a redacted Received:
header has one of the following forms:
.sp
.in +4
.nf
.na
Received: by mail.example.com (Postfix) id postfix\-queue\-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz\-offset (zone)
.br
Received: by mail.example.com (Postfix) id postfix\-queue\-id
Day, dd Mon yyyy hh:mm:ss tz\-offset (zone)
.fi
.ad
.in -4
.PP
The redacted form hides that a message was received with SMTP,
and therefore it does not need to provide the information required by
RFC 5321. The form does still meet RFC 5322 requirements.
.PP
This feature is available in Postfix >= 3.10.
.SH smtpd_history_flush_threshold (default: 100) .SH smtpd_history_flush_threshold (default: 100)
The maximal number of lines in the Postfix SMTP server command history The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA. before it is flushed upon receipt of EHLO, RSET, or end of DATA.

5
postfix/man/man8/smtpd.8
View File

@ -1232,6 +1232,11 @@ Available in Postfix 3.4 and later:
.IP "\fBsmtpd_reject_footer_maps (empty)\fR" .IP "\fBsmtpd_reject_footer_maps (empty)\fR"
Lookup tables, indexed by the complete Postfix SMTP server 4xx or Lookup tables, indexed by the complete Postfix SMTP server 4xx or
5xx response, with reject footer templates. 5xx response, with reject footer templates.
.PP
Available in Postfix 3.10 and later:
.IP "\fBsmtpd_hide_client_session (no)\fR"
Do not include SMTP client session information in the Postfix
SMTP server's Received: message header.
.SH "SEE ALSO" .SH "SEE ALSO"
.na .na
.nf .nf

1
postfix/mantools/postlink
View File

@ -1188,6 +1188,7 @@ while (<>) {
s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g; s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g;
s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g; s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g;
s;\bsmtpd_hide_client_session\b;<a href="postconf.5.html#smtpd_hide_client_session">$&</a>;g;
# Service-defined parameters... # Service-defined parameters...

125
postfix/proto/TLSRPT_README.html
View File

@ -98,12 +98,13 @@ and a central TLSRPT report generator produces daily summary reports.
</ul> </ul>
<p> The TLSRPT client library, and the infrastructure to collect, <p> The TLSRPT client library, and the infrastructure to collect,
fetch, and report TLSRPT information are maintained by sys4 at fetch, and report TLSRPT information, are implemented and maintained
https://github.com/sys4/libtlsrpt and by sys4 at https://github.com/sys4/libtlsrpt and
https://github.com/sys4/tlsrpt-reporter, respectively. </p> https://github.com/sys4/tlsrpt-reporter, respectively. </p>
<p> The Postfix implementation supports both DANE (Postfix built-in) <p> The Postfix implementation supports domains with DANE (Postfix
and MTA-STS (through an smtp_tls_policy_maps plug-in). </p> built-in) and MTA-STS (through an smtp_tls_policy_maps plug-in).
</p>
<p> The Postfix smtp(8) client process implements the SMTP client <p> The Postfix smtp(8) client process implements the SMTP client
engine. With "smtp_tls_connection_reuse = no", the smtp(8) client engine. With "smtp_tls_connection_reuse = no", the smtp(8) client
@ -332,25 +333,33 @@ generator's sender address): </p>
</a></h2> </a></h2>
<p> Postfix supports MTA-STS though an smtp_tls_policy_maps policy <p> Postfix supports MTA-STS though an smtp_tls_policy_maps policy
plugin, which replies with a TLS security level and optional matching plugin, which replies with a TLS security level and name=value
requirements. Postfix 3.10 and later optionally also accept the attributes with certificate matching requirements. Postfix 3.10 and
name=value attributes described below. Specify <tt>{ name = value later accept additional name=value attributes that are needed for
}</tt> when a value may contain whitespace. </p> TLSRPT. </p>
<blockquote> <p> Examples of smtp_tls_policy_maps plugins with MTA-STS support
are: </p>
<p> Note 1: Postfix 3.10 and later will accept these attributes in <ul>
an MTA-STS response even if TLSRPT support is disabled (at build
time or run time). With TLSRPT support turned off, Postfix
will use the <tt>ttl</tt> and <tt>policy_failure</tt> attributes,
and will ignore the attributes that are used only for TLSRPT. </p>
<p> Note 2: It is an error to specify these attributes for a non-STS <li> <p> <a href="https://github.com/Zuplu/postfix-tlspol">
policy. </p> postfix-tlspol</a>, supports domains with DANE (using Postfix
built-in DANE), and domains with MTA-STS. </p>
</blockquote> <li> <p> <a href="https://github.com/Snawoot/postfix-mta-sts-resolver">
postfix-mta-sts-resolver</a>, supports domains with MTA-STS. </p>
<p> The examples in the table apply to the MTA-STS policy example </ul>
<p> Both plugins can generate the additional name=value attributes
that Postfix needs for TLSRPT support (as of February 2025). This
is enabled by setting a <tt>tlsrpt</tt> boolean in a plugin
configuration file. This setting is safe with Postfix 3.10 and
later, even if Postfix TLSRPT support is disabled (at build time
or at run time). </p>
<p> The examples in the text below apply to this MTA-STS policy example
given in <a given in <a
href="https://datatracker.ietf.org/doc/html/rfc8461#section-3.2"> href="https://datatracker.ietf.org/doc/html/rfc8461#section-3.2">
RFC 8461 Section 3.2</a>: </p> RFC 8461 Section 3.2</a>: </p>
@ -366,72 +375,77 @@ max_age: 604800
</pre> </pre>
</blockquote> </blockquote>
<p> A policy response may contain line breaks. </p> <p> The list of supported attributes is given below. Instead of
<tt>name=value</tt>, specify <tt>{ name = value }</tt> when a value
may contain whitespace. A policy response may contain line breaks.
</p>
<ul> <ul>
<li> <p> <tt> policy_type=<i>type</i> </tt> <li> <p> <tt> policy_type=<i>type</i> </tt> </p>
<p> Specify <tt>sts</tt> or <tt>no-policy-found</tt>. </p> </li> <p> Specify <tt>sts</tt> or <tt>no-policy-found</tt>. </p> </li>
<li> <p> <tt> policy_domain=<i>name</i> </tt> </p> <li> <p> <tt> policy_domain=<i>name</i> </tt> </p>
<p> The domain that the MTA-STS policy applies to. </p> </li> <p> The domain that the MTA-STS policy applies to. </p>
<li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<p> How long (in seconds) a Postfix SMTP client process will cache <p> Example: <tt>policy_domain=example.com</tt> </p>
the MTA-STS plugin response. </p> </li>
</li>
<li> <p> <tt> { policy_string = <i>value</i> } </tt> </p> <li> <p> <tt> { policy_string = <i>value</i> } </tt> </p>
<p> Specify one <tt>policy_string</tt> instance for each MTA-STS <p> Specify one <tt>policy_string</tt> instance for each MTA-STS
policy feature, enclosed inside "{" and "}" to protect whitespace policy feature, enclosed inside "{" and "}" to protect whitespace
in attribute values. </p> in attribute values. <p>
<p> Example: </p> <p> Example: <tt> { policy_string = version: STSv1 } { policy_string
= mode: enforce } ...</tt> </p>
<blockquote> <p> The above form ignores whitespace after the opening "{", around
<pre> the "=", and before the closing "}".</p> </li>
{ policy_string = version: STSv1 } { policy_string = mode: enforce } ...
</pre>
</blockquote>
<p> This form ignores whitespace after the opening "{", around the "=",
and before the closing "}".</p> </li>
<li> <p> <tt> mx_host_pattern=<i>pattern</i> </tt> </p> <li> <p> <tt> mx_host_pattern=<i>pattern</i> </tt> </p>
<p> Specify one <tt>mx_host_pattern</tt> instance for each "mx:" feature <p> Specify one <tt>mx_host_pattern</tt> instance for each "mx:" feature
in the MTA-STS policy. </p> in the MTA-STS policy. </p>
<p> Example: </p> <p> Example: <tt>mx_host_pattern=mail.example.com
mx_host_pattern=*.example.net ...</tt> </p> </li>
<blockquote>
<pre>
mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
</pre>
</blockquote>
</li>
<li> <p> <tt> policy_failure=<i>type</i> </tt> </p> <li> <p> <tt> policy_failure=<i>type</i> </tt> </p>
<p> If specified, forces MTA-STS policy enforcement to fail with <p> If specified, forces MTA-STS policy enforcement to fail with
the indicated error, even if a server certificate would satisfy the indicated error, even if a server certificate would satisfy
conventional PKI constraints. </p> conventional PKI constraints. Valid errors are <tt>sts-policy-fetch-error,
sts-policy-invalid</tt>, <tt>sts-webpki-invalid</tt>, or the less
informative <tt>validation-failure</tt>. </p>
<p> Valid errors are <tt>sts-policy-fetch-error, sts-policy-invalid</tt>, <p> Example: <tt>policy_failure=sts-webpki-invalid</tt> </p> </li>
<tt>sts-webpki-invalid</tt>, or the less informative
<tt>validation-failure</tt>. </p>
<p> Example: </p> <li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<blockquote> <p> This attribute is deprecated. The <i>time</i> value is not used,
<pre> and support for this attribute will eventually be removed from the
policy_failure=sts-webpki-invalid code. </p> </li>
</pre>
</blockquote> </ul>
</li>
<p> Notes: </p>
<ul>
<li> <p> Postfix 3.10 and later will accept these additional
attributes in an MTA-STS response even if TLSRPT support is disabled
(at build time or at run time). With TLSRPT support turned off,
Postfix may still use the <tt>policy_failure</tt>
attribute, and will ignore the attributes that are used only for
TLSRPT. </p>
<li> <p> It is an error to specify these attributes for a non-STS
policy. </p>
</ul> </ul>
@ -453,8 +467,9 @@ engine. It just is not how Postfix works internally. </p>
<ul> <ul>
<li> The TLSRPT client library and report generator are implemented <li> The TLSRPT client library, and the infrastructure to collect,
and maintained by sys4. </li> fetch, and report TLSRPT information, are implemented and maintained
by sys4. </li>
<li> Wietse Venema implemented the integration with Postfix. <li> Wietse Venema implemented the integration with Postfix.
</li> </li>

37
postfix/proto/postconf.proto
View File

@ -19486,3 +19486,40 @@ will add that header to a delivery status notification for that
message. </p> message. </p>
<p> This feature is available in Postfix &ge; 3.10. </p> <p> This feature is available in Postfix &ge; 3.10. </p>
%PARAM smtpd_hide_client_session no
<p> Do not include SMTP client session information in the Postfix
SMTP server's Received: message header. </p>
<ul>
<li> <p> The default setting, "smtpd_hide_client_session = no",
must be used for the port 25 MTA service. It provides information
that is required by RFC 5321. </p>
<li> <p> The setting "smtpd_hide_client_session = yes" may be used
for the port 587 and 465 MUA services. This hides the SMTP client
hostname and IP address, TLS session details, SASL login details,
and SMTP protocol details. </p>
</ul>
<p> Depending on the number of recipients, a redacted Received:
header has one of the following forms: </p>
<blockquote>
<pre>
Received: by mail.example.com (Postfix) id postfix-queue-id
for &lt;user@example.com&gt;; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
<br>
Received: by mail.example.com (Postfix) id postfix-queue-id
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
</pre>
</blockquote>
<p> The redacted form hides that a message was received with SMTP,
and therefore it does not need to provide the information required by
RFC 5321. The form does still meet RFC 5322 requirements. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>

1
postfix/proto/stop
View File

@ -1664,3 +1664,4 @@ REQUIRETLS
RequireTLS RequireTLS
requiretls requiretls
sendopts sendopts
tz

4
postfix/proto/stop.double-history
View File

@ -160,3 +160,7 @@ proto proto socketmap_table
smtp smtp_proto c smtpd smtpd c verify verify c smtp smtp_proto c smtpd smtpd c verify verify c
operations Files cleanup cleanup h cleanup cleanup_message c operations Files cleanup cleanup h cleanup cleanup_message c
proto postconf proto pipe pipe c proto postconf proto pipe pipe c
bounce bounce c bounce bounce_notify_util c cleanup cleanup c
cleanup cleanup_message c smtp smtp c smtp smtp_connect c
Documentation edited for clarity Files pipe pipe c
global mail_params h smtpd smtpd c

1
postfix/proto/stop.spell-history
View File

@ -99,3 +99,4 @@ CLOSEFROM
Roessner Roessner
bitflags bitflags
Schulze Schulze
tlspol

3
postfix/proto/stop.spell-proto-html
View File

@ -397,3 +397,6 @@ dtd
marc marc
LP LP
collectd collectd
Snawoot
Zuplu
tlspol

7
postfix/src/global/mail_params.h
View File

@ -4502,6 +4502,13 @@ extern char *var_full_name_encoding_charset;
#define DEF_SOCKMAP_MAX_REPLY 100000 /* reply size limit */ #define DEF_SOCKMAP_MAX_REPLY 100000 /* reply size limit */
extern int var_sockmap_max_reply; extern int var_sockmap_max_reply;
/*
* Client privacy.
*/
#define VAR_SMTPD_HIDE_CLIENT_SESSION "smtpd_hide_client_session"
#define DEF_SMTPD_HIDE_CLIENT_SESSION "no"
extern int var_smtpd_hide_client_session;
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20250202" #define MAIL_RELEASE_DATE "20250205"
#define MAIL_VERSION_NUMBER "3.10" #define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT #ifdef SNAPSHOT

39
postfix/src/smtpd/smtpd.c
View File

@ -1174,6 +1174,11 @@
/* .IP "\fBsmtpd_reject_footer_maps (empty)\fR" /* .IP "\fBsmtpd_reject_footer_maps (empty)\fR"
/* Lookup tables, indexed by the complete Postfix SMTP server 4xx or /* Lookup tables, indexed by the complete Postfix SMTP server 4xx or
/* 5xx response, with reject footer templates. /* 5xx response, with reject footer templates.
/* .PP
/* Available in Postfix 3.10 and later:
/* .IP "\fBsmtpd_hide_client_session (no)\fR"
/* Do not include SMTP client session information in the Postfix
/* SMTP server's Received: message header.
/* SEE ALSO /* SEE ALSO
/* anvil(8), connection/rate limiting /* anvil(8), connection/rate limiting
/* cleanup(8), message canonicalization /* cleanup(8), message canonicalization
@ -1558,6 +1563,7 @@ char *var_smtpd_forbid_bare_lf_excl;
int var_smtpd_forbid_bare_lf_code; int var_smtpd_forbid_bare_lf_code;
static int bare_lf_mask; static int bare_lf_mask;
static NAMADR_LIST *bare_lf_excl; static NAMADR_LIST *bare_lf_excl;
bool var_smtpd_hide_client_session;
/* /*
* Silly little macros. * Silly little macros.
@ -3434,10 +3440,13 @@ static void common_pre_message_handling(SMTPD_STATE *state,
{ {
SMTPD_PROXY *proxy = state->proxy; SMTPD_PROXY *proxy = state->proxy;
char **cpp; char **cpp;
const char *rfc3848_sess; const char *rfc3848_sess = "";
const char *rfc3848_auth; const char *rfc3848_auth = "";
const char *with_verb = " with ";
const char *with_protocol = (state->flags & SMTPD_FLAG_SMTPUTF8) ? const char *with_protocol = (state->flags & SMTPD_FLAG_SMTPUTF8) ?
"UTF8SMTP" : state->protocol; "UTF8SMTP" : state->protocol;
const char *id_verb = state->cleanup ? " id " : "";
const char *id_value = state->cleanup ? state->queue_id : "";
#ifdef USE_TLS #ifdef USE_TLS
VSTRING *peer_CN; VSTRING *peer_CN;
@ -3483,6 +3492,7 @@ static void common_pre_message_handling(SMTPD_STATE *state,
* intermediate proxy. * intermediate proxy.
*/ */
if (!proxy || state->xforward.flags == 0) { if (!proxy || state->xforward.flags == 0) {
if (!var_smtpd_hide_client_session) {
out_fprintf(out_stream, REC_TYPE_NORM, out_fprintf(out_stream, REC_TYPE_NORM,
"Received: from %s (%s [%s])", "Received: from %s (%s [%s])",
state->helo_name ? state->helo_name : state->name, state->helo_name ? state->helo_name : state->name,
@ -3593,9 +3603,7 @@ static void common_pre_message_handling(SMTPD_STATE *state,
if (state->tls_context != 0 if (state->tls_context != 0
&& strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0) && strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0)
rfc3848_sess = "S"; rfc3848_sess = "S";
else
#endif #endif
rfc3848_sess = "";
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
if (var_smtpd_sasl_auth_hdr && state->sasl_username) { if (var_smtpd_sasl_auth_hdr && state->sasl_username) {
username = VSTRING_STRDUP(state->sasl_username); username = VSTRING_STRDUP(state->sasl_username);
@ -3608,27 +3616,29 @@ static void common_pre_message_handling(SMTPD_STATE *state,
if (state->sasl_username if (state->sasl_username
&& strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0) && strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0)
rfc3848_auth = "A"; rfc3848_auth = "A";
else
#endif #endif
rfc3848_auth = ""; } else {
with_verb = "";
with_protocol = "";
}
if (state->rcpt_count == 1 && state->recipient) { if (state->rcpt_count == 1 && state->recipient) {
out_fprintf(out_stream, REC_TYPE_NORM, out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s" : "%sby %s (%s)%s%s%s%s%s%s",
"\tby %s (%s) with %s%s%s", var_smtpd_hide_client_session ? "Received: " : "\t",
var_myhostname, var_mail_name, var_myhostname, var_mail_name,
with_protocol, rfc3848_sess, with_verb, with_protocol, rfc3848_sess,
rfc3848_auth, state->queue_id); rfc3848_auth, id_verb, id_value);
quote_822_local(state->buffer, state->recipient); quote_822_local(state->buffer, state->recipient);
out_fprintf(out_stream, REC_TYPE_NORM, out_fprintf(out_stream, REC_TYPE_NORM,
"\tfor <%s>; %s", STR(state->buffer), "\tfor <%s>; %s", STR(state->buffer),
mail_date(state->arrival_time.tv_sec)); mail_date(state->arrival_time.tv_sec));
} else { } else {
out_fprintf(out_stream, REC_TYPE_NORM, out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s;" : "%sby %s (%s)%s%s%s%s%s%s;",
"\tby %s (%s) with %s%s%s;", var_smtpd_hide_client_session ? "Received: " : "\t",
var_myhostname, var_mail_name, var_myhostname, var_mail_name,
with_protocol, rfc3848_sess, with_verb, with_protocol, rfc3848_sess,
rfc3848_auth, state->queue_id); rfc3848_auth, id_verb, id_value);
out_fprintf(out_stream, REC_TYPE_NORM, out_fprintf(out_stream, REC_TYPE_NORM,
"\t%s", mail_date(state->arrival_time.tv_sec)); "\t%s", mail_date(state->arrival_time.tv_sec));
} }
@ -6790,6 +6800,7 @@ int main(int argc, char **argv)
static const CONFIG_NBOOL_TABLE nbool_table[] = { static const CONFIG_NBOOL_TABLE nbool_table[] = {
VAR_RELAY_BEFORE_RCPT_CHECKS, DEF_RELAY_BEFORE_RCPT_CHECKS, &var_relay_before_rcpt_checks, VAR_RELAY_BEFORE_RCPT_CHECKS, DEF_RELAY_BEFORE_RCPT_CHECKS, &var_relay_before_rcpt_checks,
VAR_SMTPD_REQ_DEADLINE, DEF_SMTPD_REQ_DEADLINE, &var_smtpd_req_deadline, VAR_SMTPD_REQ_DEADLINE, DEF_SMTPD_REQ_DEADLINE, &var_smtpd_req_deadline,
VAR_SMTPD_HIDE_CLIENT_SESSION, DEF_SMTPD_HIDE_CLIENT_SESSION, &var_smtpd_hide_client_session,
0, 0,
}; };
static const CONFIG_STR_TABLE str_table[] = { static const CONFIG_STR_TABLE str_table[] = {