mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20250205

Browse Source
This commit is contained in:
Wietse Z Venema 2025-02-05 00:00:00 -05:00 committed by Viktor Dukhovni
parent 70fe1107cf
commit 226326ea50
18 changed files with 484 additions and 273 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
postfix/HISTORY
View File

@ -28918,4 +28918,19 @@ Apologies for any names omitted.
Debug logging: cleanup/cleanup_api.c. tls/tlsrpt_wrapper.c.
proto/TLSRPT_README.html.
20250204
Feature: with "smtpd_hide_client_session = yes", the Postfix
SMTP server generates a Received: header without client
session info (EHLO, hostname, IP address, TLS session
details, SASL login details, SMTP protocol details). Files:
conf/master.cf, mantools/postlink, proto/postconf.proto,
global/mail_params.h, smtpd/smtpd.c.
20250205
Documentation: updated TLSRPT_README, added postfix-tlspol
policy plugin, deprecated the policy_ttl attribute. File:
proto/TLSRPT_README.html.
Postfix 3.10 code freeze.

83
postfix/README_FILES/TLSRPT_README
View File

@ -48,11 +48,12 @@ are collected and processed into daily summary reports.
TLSRPT report generator produces daily summary reports.
The TLSRPT client library, and the infrastructure to collect, fetch, and report
TLSRPT information are maintained by sys4 at https://github.com/sys4/libtlsrpt
and https://github.com/sys4/tlsrpt-reporter, respectively.
TLSRPT information, are implemented and maintained by sys4 at https://
github.com/sys4/libtlsrpt and https://github.com/sys4/tlsrpt-reporter,
respectively.
The Postfix implementation supports both DANE (Postfix built-in) and MTA-STS
(through an smtp_tls_policy_maps plug-in).
The Postfix implementation supports domains with DANE (Postfix built-in) and
MTA-STS (through an smtp_tls_policy_maps plug-in).
The Postfix smtp(8) client process implements the SMTP client engine. With
"smtp_tls_connection_reuse = no", the smtp(8) client process also implements
@ -228,19 +229,25 @@ Options:
MMTTAA--SSTTSS SSuuppppoorrtt vviiaa ssmmttpp__ttllss__ppoolliiccyy__mmaappss
Postfix supports MTA-STS though an smtp_tls_policy_maps policy plugin, which
replies with a TLS security level and optional matching requirements. Postfix
3.10 and later optionally also accept the name=value attributes described
below. Specify { name = value } when a value may contain whitespace.
replies with a TLS security level and name=value attributes with certificate
matching requirements. Postfix 3.10 and later accept additional name=value
attributes that are needed for TLSRPT.
Note 1: Postfix 3.10 and later will accept these attributes in an MTA-STS
response even if TLSRPT support is disabled (at build time or run time).
With TLSRPT support turned off, Postfix will use the ttl and policy_failure
attributes, and will ignore the attributes that are used only for TLSRPT.
Examples of smtp_tls_policy_maps plugins with MTA-STS support are:
Note 2: It is an error to specify these attributes for a non-STS policy.
* postfix-tlspol, supports domains with DANE (using Postfix built-in DANE),
and domains with MTA-STS.
The examples in the table apply to the MTA-STS policy example given in RFC 8461
Section 3.2:
* postfix-mta-sts-resolver, supports domains with MTA-STS.
Both plugins can generate the additional name=value attributes that Postfix
needs for TLSRPT support (as of February 2025). This is enabled by setting a
tlsrpt boolean in a plugin configuration file. This setting is safe with
Postfix 3.10 and later, even if Postfix TLSRPT support is disabled (at build
time or at run time).
The examples in the text below apply to this MTA-STS policy example given in
RFC 8461 Section 3.2:
version: STSv1
mode: enforce
@ -249,7 +256,9 @@ Section 3.2:
mx: backupmx.example.com
max_age: 604800
A policy response may contain line breaks.
The list of supported attributes is given below. Instead of name=value, specify
{ name = value } when a value may contain whitespace. A policy response may
contain line breaks.
* policy_type=type
@ -259,45 +268,49 @@ A policy response may contain line breaks.
The domain that the MTA-STS policy applies to.
* policy_ttl=time
How long (in seconds) a Postfix SMTP client process will cache the MTA-STS
plugin response.
Example: policy_domain=example.com
* { policy_string = value }
Specify one policy_string instance for each MTA-STS policy feature,
enclosed inside "{" and "}" to protect whitespace in attribute values.
Example:
Example: { policy_string = version: STSv1 } { policy_string = mode: enforce
} ...
{ policy_string = version: STSv1 } { policy_string = mode: enforce }
...
This form ignores whitespace after the opening "{", around the "=", and
before the closing "}".
The above form ignores whitespace after the opening "{", around the "=",
and before the closing "}".
* mx_host_pattern=pattern
Specify one mx_host_pattern instance for each "mx:" feature in the MTA-STS
policy.
Example:
mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
Example: mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
* policy_failure=type
If specified, forces MTA-STS policy enforcement to fail with the indicated
error, even if a server certificate would satisfy conventional PKI
constraints.
constraints. Valid errors are sts-policy-fetch-error, sts-policy-invalid,
sts-webpki-invalid, or the less informative validation-failure.
Valid errors are sts-policy-fetch-error, sts-policy-invalid, sts-webpki-
invalid, or the less informative validation-failure.
Example: policy_failure=sts-webpki-invalid
Example:
* policy_ttl=time
policy_failure=sts-webpki-invalid
This attribute is deprecated. The time value is not used, and support for
this attribute will eventually be removed from the code.
Notes:
* Postfix 3.10 and later will accept these additional attributes in an MTA-
STS response even if TLSRPT support is disabled (at build time or at run
time). With TLSRPT support turned off, Postfix may still use the
policy_failure attribute, and will ignore the attributes that are used only
for TLSRPT.
* It is an error to specify these attributes for a non-STS policy.
LLiimmiittaattiioonnss
@ -314,7 +327,7 @@ SMTP protocol engine. It just is not how Postfix works internally.
CCrreeddiittss
* The TLSRPT client library and report generator are implemented and
maintained by sys4.
* The TLSRPT client library, and the infrastructure to collect, fetch, and
report TLSRPT information, are implemented and maintained by sys4.
* Wietse Venema implemented the integration with Postfix.

2
postfix/conf/master.cf
View File

@ -23,6 +23,7 @@ smtp inet n - n - - smtpd
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"
@ -42,6 +43,7 @@ smtp inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o local_header_rewrite_clients=static:all
# -o smtpd_hide_client_session=yes
# -o smtpd_reject_unlisted_recipient=no
# Instead of specifying complex smtpd_<xxx>_restrictions here,
# specify "smtpd_<xxx>_restrictions=$mua_<xxx>_restrictions"

125
postfix/html/TLSRPT_README.html
View File

@ -98,12 +98,13 @@ and a central TLSRPT report generator produces daily summary reports.
</ul>
<p> The TLSRPT client library, and the infrastructure to collect,
fetch, and report TLSRPT information are maintained by sys4 at
<a href="https://github.com/sys4/libtlsrpt">https://github.com/sys4/libtlsrpt</a> and
fetch, and report TLSRPT information, are implemented and maintained
by sys4 at <a href="https://github.com/sys4/libtlsrpt">https://github.com/sys4/libtlsrpt</a> and
<a href="https://github.com/sys4/tlsrpt-reporter">https://github.com/sys4/tlsrpt-reporter</a>, respectively. </p>
<p> The Postfix implementation supports both DANE (Postfix built-in)
and MTA-STS (through an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plug-in). </p>
<p> The Postfix implementation supports domains with DANE (Postfix
built-in) and MTA-STS (through an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plug-in).
</p>
<p> The Postfix <a href="smtp.8.html">smtp(8)</a> client process implements the SMTP client
engine. With "<a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> = no", the <a href="smtp.8.html">smtp(8)</a> client
@ -332,25 +333,33 @@ generator's sender address): </p>
</a></h2>
<p> Postfix supports MTA-STS though an <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> policy
plugin, which replies with a TLS security level and optional matching
requirements. Postfix 3.10 and later optionally also accept the
name=value attributes described below. Specify <tt>{ name = value
}</tt> when a value may contain whitespace. </p>
plugin, which replies with a TLS security level and name=value
attributes with certificate matching requirements. Postfix 3.10 and
later accept additional name=value attributes that are needed for
TLSRPT. </p>
<blockquote>
<p> Examples of <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> plugins with MTA-STS support
are: </p>
<p> Note 1: Postfix 3.10 and later will accept these attributes in
an MTA-STS response even if TLSRPT support is disabled (at build
time or run time). With TLSRPT support turned off, Postfix
will use the <tt>ttl</tt> and <tt>policy_failure</tt> attributes,
and will ignore the attributes that are used only for TLSRPT. </p>
<ul>
<p> Note 2: It is an error to specify these attributes for a non-STS
policy. </p>
<li> <p> <a href="https://github.com/Zuplu/postfix-tlspol">
postfix-tlspol</a>, supports domains with DANE (using Postfix
built-in DANE), and domains with MTA-STS. </p>
</blockquote>
<li> <p> <a href="https://github.com/Snawoot/postfix-mta-sts-resolver">
postfix-mta-sts-resolver</a>, supports domains with MTA-STS. </p>
<p> The examples in the table apply to the MTA-STS policy example
</ul>
<p> Both plugins can generate the additional name=value attributes
that Postfix needs for TLSRPT support (as of February 2025). This
is enabled by setting a <tt>tlsrpt</tt> boolean in a plugin
configuration file. This setting is safe with Postfix 3.10 and
later, even if Postfix TLSRPT support is disabled (at build time
or at run time). </p>
<p> The examples in the text below apply to this MTA-STS policy example
given in <a
href="https://datatracker.ietf.org/doc/html/rfc8461#section-3.2">
RFC 8461 Section 3.2</a>: </p>
@ -366,72 +375,77 @@ max_age: 604800
</pre>
</blockquote>
<p> A policy response may contain line breaks. </p>
<p> The list of supported attributes is given below. Instead of
<tt>name=value</tt>, specify <tt>{ name = value }</tt> when a value
may contain whitespace. A policy response may contain line breaks.
</p>
<ul>
<li> <p> <tt> policy_type=<i>type</i> </tt>
<li> <p> <tt> policy_type=<i>type</i> </tt> </p>
<p> Specify <tt>sts</tt> or <tt>no-policy-found</tt>. </p> </li>
<li> <p> <tt> policy_domain=<i>name</i> </tt> </p>
<p> The domain that the MTA-STS policy applies to. </p> </li>
<p> The domain that the MTA-STS policy applies to. </p>
<li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<p> How long (in seconds) a Postfix SMTP client process will cache
the MTA-STS plugin response. </p> </li>
<p> Example: <tt>policy_domain=example.com</tt> </p>
</li>
<li> <p> <tt> { policy_string = <i>value</i> } </tt> </p>
<p> Specify one <tt>policy_string</tt> instance for each MTA-STS
policy feature, enclosed inside "{" and "}" to protect whitespace
in attribute values. </p>
in attribute values. <p>
<p> Example: </p>
<p> Example: <tt> { policy_string = version: STSv1 } { policy_string
= mode: enforce } ...</tt> </p>
<blockquote>
<pre>
{ policy_string = version: STSv1 } { policy_string = mode: enforce } ...
</pre>
</blockquote>
<p> This form ignores whitespace after the opening "{", around the "=",
and before the closing "}".</p> </li>
<p> The above form ignores whitespace after the opening "{", around
the "=", and before the closing "}".</p> </li>
<li> <p> <tt> mx_host_pattern=<i>pattern</i> </tt> </p>
<p> Specify one <tt>mx_host_pattern</tt> instance for each "mx:" feature
in the MTA-STS policy. </p>
<p> Example: </p>
<blockquote>
<pre>
mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
</pre>
</blockquote>
</li>
<p> Example: <tt>mx_host_pattern=mail.example.com
mx_host_pattern=*.example.net ...</tt> </p> </li>
<li> <p> <tt> policy_failure=<i>type</i> </tt> </p>
<p> If specified, forces MTA-STS policy enforcement to fail with
the indicated error, even if a server certificate would satisfy
conventional PKI constraints. </p>
conventional PKI constraints. Valid errors are <tt>sts-policy-fetch-error,
sts-policy-invalid</tt>, <tt>sts-webpki-invalid</tt>, or the less
informative <tt>validation-failure</tt>. </p>
<p> Valid errors are <tt>sts-policy-fetch-error, sts-policy-invalid</tt>,
<tt>sts-webpki-invalid</tt>, or the less informative
<tt>validation-failure</tt>. </p>
<p> Example: <tt>policy_failure=sts-webpki-invalid</tt> </p> </li>
<p> Example: </p>
<li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<blockquote>
<pre>
policy_failure=sts-webpki-invalid
</pre>
</blockquote>
</li>
<p> This attribute is deprecated. The <i>time</i> value is not used,
and support for this attribute will eventually be removed from the
code. </p> </li>
</ul>
<p> Notes: </p>
<ul>
<li> <p> Postfix 3.10 and later will accept these additional
attributes in an MTA-STS response even if TLSRPT support is disabled
(at build time or at run time). With TLSRPT support turned off,
Postfix may still use the <tt>policy_failure</tt>
attribute, and will ignore the attributes that are used only for
TLSRPT. </p>
<li> <p> It is an error to specify these attributes for a non-STS
policy. </p>
</ul>
@ -453,8 +467,9 @@ engine. It just is not how Postfix works internally. </p>
<ul>
<li> The TLSRPT client library and report generator are implemented
and maintained by sys4. </li>
<li> The TLSRPT client library, and the infrastructure to collect,
fetch, and report TLSRPT information, are implemented and maintained
by sys4. </li>
<li> Wietse Venema implemented the integration with Postfix.
</li>

41
postfix/html/postconf.5.html
View File

@ -16550,6 +16550,47 @@ Examples:
</pre>
</DD>
<DT><b><a name="smtpd_hide_client_session">smtpd_hide_client_session</a>
(default: no)</b></DT><DD>
<p> Do not include SMTP client session information in the Postfix
SMTP server's Received: message header. </p>
<ul>
<li> <p> The default setting, "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = no",
must be used for the port 25 MTA service. It provides information
that is required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. </p>
<li> <p> The setting "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = yes" may be used
for the port 587 and 465 MUA services. This hides the SMTP client
hostname and IP address, TLS session details, SASL login details,
and SMTP protocol details. </p>
</ul>
<p> Depending on the number of recipients, a redacted Received:
header has one of the following forms: </p>
<blockquote>
<pre>
Received: by mail.example.com (Postfix) id postfix-queue-id
for &lt;user@example.com&gt;; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
<br>
Received: by mail.example.com (Postfix) id postfix-queue-id
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
</pre>
</blockquote>
<p> The redacted form hides that a message was received with SMTP,
and therefore it does not need to provide the information required by
<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. The form does still meet <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> requirements. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
</DD>
<DT><b><a name="smtpd_history_flush_threshold">smtpd_history_flush_threshold</a>

6
postfix/html/smtpd.8.html
View File

@ -1431,6 +1431,12 @@ SMTPD(8) SMTPD(8)
Lookup tables, indexed by the complete Postfix SMTP server 4xx
or 5xx response, with reject footer templates.
Available in Postfix 3.10 and later:
<b><a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> (no)</b>
Do not include SMTP client session information in the Postfix
SMTP server's Received: message header.
<b><a name="see_also">SEE ALSO</a></b>
<a href="anvil.8.html">anvil(8)</a>, connection/rate limiting
<a href="cleanup.8.html">cleanup(8)</a>, message canonicalization

34
postfix/man/man5/postconf.5
View File

@ -11187,6 +11187,40 @@ smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname
smtpd_helo_restrictions = permit_mynetworks, reject_unknown_helo_hostname
.fi
.ad
.SH smtpd_hide_client_session (default: no)
Do not include SMTP client session information in the Postfix
SMTP server's Received: message header.
.IP \(bu
The default setting, "smtpd_hide_client_session = no",
must be used for the port 25 MTA service. It provides information
that is required by RFC 5321.
.IP \(bu
The setting "smtpd_hide_client_session = yes" may be used
for the port 587 and 465 MUA services. This hides the SMTP client
hostname and IP address, TLS session details, SASL login details,
and SMTP protocol details.
.br
.PP
Depending on the number of recipients, a redacted Received:
header has one of the following forms:
.sp
.in +4
.nf
.na
Received: by mail.example.com (Postfix) id postfix\-queue\-id
for <user@example.com>; Day, dd Mon yyyy hh:mm:ss tz\-offset (zone)
.br
Received: by mail.example.com (Postfix) id postfix\-queue\-id
Day, dd Mon yyyy hh:mm:ss tz\-offset (zone)
.fi
.ad
.in -4
.PP
The redacted form hides that a message was received with SMTP,
and therefore it does not need to provide the information required by
RFC 5321. The form does still meet RFC 5322 requirements.
.PP
This feature is available in Postfix >= 3.10.
.SH smtpd_history_flush_threshold (default: 100)
The maximal number of lines in the Postfix SMTP server command history
before it is flushed upon receipt of EHLO, RSET, or end of DATA.

5
postfix/man/man8/smtpd.8
View File

@ -1232,6 +1232,11 @@ Available in Postfix 3.4 and later:
.IP "\fBsmtpd_reject_footer_maps (empty)\fR"
Lookup tables, indexed by the complete Postfix SMTP server 4xx or
5xx response, with reject footer templates.
.PP
Available in Postfix 3.10 and later:
.IP "\fBsmtpd_hide_client_session (no)\fR"
Do not include SMTP client session information in the Postfix
SMTP server's Received: message header.
.SH "SEE ALSO"
.na
.nf

1
postfix/mantools/postlink
View File

@ -1188,6 +1188,7 @@ while (<>) {
s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g;
s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g;
s;\bsmtpd_hide_client_session\b;<a href="postconf.5.html#smtpd_hide_client_session">$&</a>;g;
# Service-defined parameters...

125
postfix/proto/TLSRPT_README.html
View File

@ -98,12 +98,13 @@ and a central TLSRPT report generator produces daily summary reports.
</ul>
<p> The TLSRPT client library, and the infrastructure to collect,
fetch, and report TLSRPT information are maintained by sys4 at
https://github.com/sys4/libtlsrpt and
fetch, and report TLSRPT information, are implemented and maintained
by sys4 at https://github.com/sys4/libtlsrpt and
https://github.com/sys4/tlsrpt-reporter, respectively. </p>
<p> The Postfix implementation supports both DANE (Postfix built-in)
and MTA-STS (through an smtp_tls_policy_maps plug-in). </p>
<p> The Postfix implementation supports domains with DANE (Postfix
built-in) and MTA-STS (through an smtp_tls_policy_maps plug-in).
</p>
<p> The Postfix smtp(8) client process implements the SMTP client
engine. With "smtp_tls_connection_reuse = no", the smtp(8) client
@ -332,25 +333,33 @@ generator's sender address): </p>
</a></h2>
<p> Postfix supports MTA-STS though an smtp_tls_policy_maps policy
plugin, which replies with a TLS security level and optional matching
requirements. Postfix 3.10 and later optionally also accept the
name=value attributes described below. Specify <tt>{ name = value
}</tt> when a value may contain whitespace. </p>
plugin, which replies with a TLS security level and name=value
attributes with certificate matching requirements. Postfix 3.10 and
later accept additional name=value attributes that are needed for
TLSRPT. </p>
<blockquote>
<p> Examples of smtp_tls_policy_maps plugins with MTA-STS support
are: </p>
<p> Note 1: Postfix 3.10 and later will accept these attributes in
an MTA-STS response even if TLSRPT support is disabled (at build
time or run time). With TLSRPT support turned off, Postfix
will use the <tt>ttl</tt> and <tt>policy_failure</tt> attributes,
and will ignore the attributes that are used only for TLSRPT. </p>
<ul>
<p> Note 2: It is an error to specify these attributes for a non-STS
policy. </p>
<li> <p> <a href="https://github.com/Zuplu/postfix-tlspol">
postfix-tlspol</a>, supports domains with DANE (using Postfix
built-in DANE), and domains with MTA-STS. </p>
</blockquote>
<li> <p> <a href="https://github.com/Snawoot/postfix-mta-sts-resolver">
postfix-mta-sts-resolver</a>, supports domains with MTA-STS. </p>
<p> The examples in the table apply to the MTA-STS policy example
</ul>
<p> Both plugins can generate the additional name=value attributes
that Postfix needs for TLSRPT support (as of February 2025). This
is enabled by setting a <tt>tlsrpt</tt> boolean in a plugin
configuration file. This setting is safe with Postfix 3.10 and
later, even if Postfix TLSRPT support is disabled (at build time
or at run time). </p>
<p> The examples in the text below apply to this MTA-STS policy example
given in <a
href="https://datatracker.ietf.org/doc/html/rfc8461#section-3.2">
RFC 8461 Section 3.2</a>: </p>
@ -366,72 +375,77 @@ max_age: 604800
</pre>
</blockquote>
<p> A policy response may contain line breaks. </p>
<p> The list of supported attributes is given below. Instead of
<tt>name=value</tt>, specify <tt>{ name = value }</tt> when a value
may contain whitespace. A policy response may contain line breaks.
</p>
<ul>
<li> <p> <tt> policy_type=<i>type</i> </tt>
<li> <p> <tt> policy_type=<i>type</i> </tt> </p>
<p> Specify <tt>sts</tt> or <tt>no-policy-found</tt>. </p> </li>
<li> <p> <tt> policy_domain=<i>name</i> </tt> </p>
<p> The domain that the MTA-STS policy applies to. </p> </li>
<p> The domain that the MTA-STS policy applies to. </p>
<li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<p> How long (in seconds) a Postfix SMTP client process will cache
the MTA-STS plugin response. </p> </li>
<p> Example: <tt>policy_domain=example.com</tt> </p>
</li>
<li> <p> <tt> { policy_string = <i>value</i> } </tt> </p>
<p> Specify one <tt>policy_string</tt> instance for each MTA-STS
policy feature, enclosed inside "{" and "}" to protect whitespace
in attribute values. </p>
in attribute values. <p>
<p> Example: </p>
<p> Example: <tt> { policy_string = version: STSv1 } { policy_string
= mode: enforce } ...</tt> </p>
<blockquote>
<pre>
{ policy_string = version: STSv1 } { policy_string = mode: enforce } ...
</pre>
</blockquote>
<p> This form ignores whitespace after the opening "{", around the "=",
and before the closing "}".</p> </li>
<p> The above form ignores whitespace after the opening "{", around
the "=", and before the closing "}".</p> </li>
<li> <p> <tt> mx_host_pattern=<i>pattern</i> </tt> </p>
<p> Specify one <tt>mx_host_pattern</tt> instance for each "mx:" feature
in the MTA-STS policy. </p>
<p> Example: </p>
<blockquote>
<pre>
mx_host_pattern=mail.example.com mx_host_pattern=*.example.net ...
</pre>
</blockquote>
</li>
<p> Example: <tt>mx_host_pattern=mail.example.com
mx_host_pattern=*.example.net ...</tt> </p> </li>
<li> <p> <tt> policy_failure=<i>type</i> </tt> </p>
<p> If specified, forces MTA-STS policy enforcement to fail with
the indicated error, even if a server certificate would satisfy
conventional PKI constraints. </p>
conventional PKI constraints. Valid errors are <tt>sts-policy-fetch-error,
sts-policy-invalid</tt>, <tt>sts-webpki-invalid</tt>, or the less
informative <tt>validation-failure</tt>. </p>
<p> Valid errors are <tt>sts-policy-fetch-error, sts-policy-invalid</tt>,
<tt>sts-webpki-invalid</tt>, or the less informative
<tt>validation-failure</tt>. </p>
<p> Example: <tt>policy_failure=sts-webpki-invalid</tt> </p> </li>
<p> Example: </p>
<li> <p> <tt> policy_ttl=<i>time</i> </tt> </p>
<blockquote>
<pre>
policy_failure=sts-webpki-invalid
</pre>
</blockquote>
</li>
<p> This attribute is deprecated. The <i>time</i> value is not used,
and support for this attribute will eventually be removed from the
code. </p> </li>
</ul>
<p> Notes: </p>
<ul>
<li> <p> Postfix 3.10 and later will accept these additional
attributes in an MTA-STS response even if TLSRPT support is disabled
(at build time or at run time). With TLSRPT support turned off,
Postfix may still use the <tt>policy_failure</tt>
attribute, and will ignore the attributes that are used only for
TLSRPT. </p>
<li> <p> It is an error to specify these attributes for a non-STS
policy. </p>
</ul>
@ -453,8 +467,9 @@ engine. It just is not how Postfix works internally. </p>
<ul>
<li> The TLSRPT client library and report generator are implemented
and maintained by sys4. </li>
<li> The TLSRPT client library, and the infrastructure to collect,
fetch, and report TLSRPT information, are implemented and maintained
by sys4. </li>
<li> Wietse Venema implemented the integration with Postfix.
</li>

37
postfix/proto/postconf.proto
View File

@ -19486,3 +19486,40 @@ will add that header to a delivery status notification for that
message. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
%PARAM smtpd_hide_client_session no
<p> Do not include SMTP client session information in the Postfix
SMTP server's Received: message header. </p>
<ul>
<li> <p> The default setting, "smtpd_hide_client_session = no",
must be used for the port 25 MTA service. It provides information
that is required by RFC 5321. </p>
<li> <p> The setting "smtpd_hide_client_session = yes" may be used
for the port 587 and 465 MUA services. This hides the SMTP client
hostname and IP address, TLS session details, SASL login details,
and SMTP protocol details. </p>
</ul>
<p> Depending on the number of recipients, a redacted Received:
header has one of the following forms: </p>
<blockquote>
<pre>
Received: by mail.example.com (Postfix) id postfix-queue-id
for &lt;user@example.com&gt;; Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
<br>
Received: by mail.example.com (Postfix) id postfix-queue-id
Day, dd Mon yyyy hh:mm:ss tz-offset (zone)
</pre>
</blockquote>
<p> The redacted form hides that a message was received with SMTP,
and therefore it does not need to provide the information required by
RFC 5321. The form does still meet RFC 5322 requirements. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>

1
postfix/proto/stop
View File

@ -1664,3 +1664,4 @@ REQUIRETLS
RequireTLS
requiretls
sendopts
tz

4
postfix/proto/stop.double-history
View File

@ -160,3 +160,7 @@ proto proto socketmap_table
smtp smtp_proto c smtpd smtpd c verify verify c
operations Files cleanup cleanup h cleanup cleanup_message c
proto postconf proto pipe pipe c
bounce bounce c bounce bounce_notify_util c cleanup cleanup c
cleanup cleanup_message c smtp smtp c smtp smtp_connect c
Documentation edited for clarity Files pipe pipe c
global mail_params h smtpd smtpd c

1
postfix/proto/stop.spell-history
View File

@ -99,3 +99,4 @@ CLOSEFROM
Roessner
bitflags
Schulze
tlspol

3
postfix/proto/stop.spell-proto-html
View File

@ -397,3 +397,6 @@ dtd
marc
LP
collectd
Snawoot
Zuplu
tlspol

7
postfix/src/global/mail_params.h
View File

@ -4502,6 +4502,13 @@ extern char *var_full_name_encoding_charset;
#define DEF_SOCKMAP_MAX_REPLY 100000 /* reply size limit */
extern int var_sockmap_max_reply;
/*
* Client privacy.
*/
#define VAR_SMTPD_HIDE_CLIENT_SESSION "smtpd_hide_client_session"
#define DEF_SMTPD_HIDE_CLIENT_SESSION "no"
extern int var_smtpd_hide_client_session;
/* LICENSE
/* .ad
/* .fi

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20250202"
#define MAIL_RELEASE_DATE "20250205"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT

39
postfix/src/smtpd/smtpd.c
View File

@ -1174,6 +1174,11 @@
/* .IP "\fBsmtpd_reject_footer_maps (empty)\fR"
/* Lookup tables, indexed by the complete Postfix SMTP server 4xx or
/* 5xx response, with reject footer templates.
/* .PP
/* Available in Postfix 3.10 and later:
/* .IP "\fBsmtpd_hide_client_session (no)\fR"
/* Do not include SMTP client session information in the Postfix
/* SMTP server's Received: message header.
/* SEE ALSO
/* anvil(8), connection/rate limiting
/* cleanup(8), message canonicalization
@ -1558,6 +1563,7 @@ char *var_smtpd_forbid_bare_lf_excl;
int var_smtpd_forbid_bare_lf_code;
static int bare_lf_mask;
static NAMADR_LIST *bare_lf_excl;
bool var_smtpd_hide_client_session;
/*
* Silly little macros.
@ -3434,10 +3440,13 @@ static void common_pre_message_handling(SMTPD_STATE *state,
{
SMTPD_PROXY *proxy = state->proxy;
char **cpp;
const char *rfc3848_sess;
const char *rfc3848_auth;
const char *rfc3848_sess = "";
const char *rfc3848_auth = "";
const char *with_verb = " with ";
const char *with_protocol = (state->flags & SMTPD_FLAG_SMTPUTF8) ?
"UTF8SMTP" : state->protocol;
const char *id_verb = state->cleanup ? " id " : "";
const char *id_value = state->cleanup ? state->queue_id : "";
#ifdef USE_TLS
VSTRING *peer_CN;
@ -3483,6 +3492,7 @@ static void common_pre_message_handling(SMTPD_STATE *state,
* intermediate proxy.
*/
if (!proxy || state->xforward.flags == 0) {
if (!var_smtpd_hide_client_session) {
out_fprintf(out_stream, REC_TYPE_NORM,
"Received: from %s (%s [%s])",
state->helo_name ? state->helo_name : state->name,
@ -3593,9 +3603,7 @@ static void common_pre_message_handling(SMTPD_STATE *state,
if (state->tls_context != 0
&& strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0)
rfc3848_sess = "S";
else
#endif
rfc3848_sess = "";
#ifdef USE_SASL_AUTH
if (var_smtpd_sasl_auth_hdr && state->sasl_username) {
username = VSTRING_STRDUP(state->sasl_username);
@ -3608,27 +3616,29 @@ static void common_pre_message_handling(SMTPD_STATE *state,
if (state->sasl_username
&& strcmp(state->protocol, MAIL_PROTO_ESMTP) == 0)
rfc3848_auth = "A";
else
#endif
rfc3848_auth = "";
} else {
with_verb = "";
with_protocol = "";
}
if (state->rcpt_count == 1 && state->recipient) {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s" :
"\tby %s (%s) with %s%s%s",
"%sby %s (%s)%s%s%s%s%s%s",
var_smtpd_hide_client_session ? "Received: " : "\t",
var_myhostname, var_mail_name,
with_protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
with_verb, with_protocol, rfc3848_sess,
rfc3848_auth, id_verb, id_value);
quote_822_local(state->buffer, state->recipient);
out_fprintf(out_stream, REC_TYPE_NORM,
"\tfor <%s>; %s", STR(state->buffer),
mail_date(state->arrival_time.tv_sec));
} else {
out_fprintf(out_stream, REC_TYPE_NORM,
state->cleanup ? "\tby %s (%s) with %s%s%s id %s;" :
"\tby %s (%s) with %s%s%s;",
"%sby %s (%s)%s%s%s%s%s%s;",
var_smtpd_hide_client_session ? "Received: " : "\t",
var_myhostname, var_mail_name,
with_protocol, rfc3848_sess,
rfc3848_auth, state->queue_id);
with_verb, with_protocol, rfc3848_sess,
rfc3848_auth, id_verb, id_value);
out_fprintf(out_stream, REC_TYPE_NORM,
"\t%s", mail_date(state->arrival_time.tv_sec));
}
@ -6790,6 +6800,7 @@ int main(int argc, char **argv)
static const CONFIG_NBOOL_TABLE nbool_table[] = {
VAR_RELAY_BEFORE_RCPT_CHECKS, DEF_RELAY_BEFORE_RCPT_CHECKS, &var_relay_before_rcpt_checks,
VAR_SMTPD_REQ_DEADLINE, DEF_SMTPD_REQ_DEADLINE, &var_smtpd_req_deadline,
VAR_SMTPD_HIDE_CLIENT_SESSION, DEF_SMTPD_HIDE_CLIENT_SESSION, &var_smtpd_hide_client_session,
0,
};
static const CONFIG_STR_TABLE str_table[] = {