diff --git a/postfix/HISTORY b/postfix/HISTORY
index c636ce03f..6d9cf025a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -28047,3 +28047,30 @@ Apologies for any names omitted.
queue file, log not only the 'new' name in the incoming
queue, but also log the 'old' name in the maildrop queue.
File: pickup/pickup.c.
+
+20240422
+
+ Cleanup: improved warning text when a local alias contains
+ a domain. File: postalias/postalias.c.
+
+20240502
+
+ Documentation: clarified the spawn(8) manpage BUGS section.
+ File: spawn/spawn.c.
+
+20240504
+
+ Documentation: clarified some text in the Postfix overview.
+ File: proto/OVERVIEW.html.
+
+20240603
+
+ Documentation: with "smtpd_tls_security_level = encrypt",
+ clarified what commands the Postfix will accept during the
+ plaintext phase. File: proto/postconf.proto.
+
+ Documentation: ugly javascript workaround for
+ Google Chrome scrolling to the wrong location with
+ ' dnsbl
migrate smtpd_sasl_tls_security_options to "noanonymous"
diff --git a/postfix/html/OVERVIEW.html b/postfix/html/OVERVIEW.html
index 767e2f09c..eb54740f4 100644
--- a/postfix/html/OVERVIEW.html
+++ b/postfix/html/OVERVIEW.html
@@ -329,7 +329,7 @@ or more recipient addresses. The discard(8) and
-
The queue manager maintains a limited active queue with the
messages that it has opened for delivery. The active queue acts as
a limited window on potentially large incoming or deferred queues.
The limited active queue prevents the queue manager from running
@@ -349,12 +349,13 @@ can be specified with the optional transport(5) t
for recipients whose address has changed; mail for such recipients is
returned to the sender with an explanation.
-
The smtp(8) client looks up a list of mail exchangers for
-the destination host, sorts the list by preference, and tries each
-server in turn until it finds a server that responds. It then
-encapsulates the sender, recipient and message content as required
-by the SMTP protocol; this includes conversion of 8-bit MIME to
-7-bit encoding.
+
The smtp(8) client looks up a list of SMTP servers for
+the destination(s) in a delivery request, sorts the list by preference,
+and tries each server in turn until it has delivered or bounced all
+recipients in the delivery request. It encapsulates the sender,
+recipients and message content as required by the SMTP protocol;
+this includes message body conversion from 8-bit MIME to 7-bit
+encoding, but does not include RFC 2047 header encoding.
The lmtp(8) client speaks a protocol similar to SMTP that
is optimized for delivery to mailbox servers such as Cyrus. The
@@ -384,10 +385,12 @@ small domains on a single machine. This is described in the
The pipe(8) mailer is the outbound interface to other mail
processing systems (the Postfix sendmail(1) command being the
-inbound interface). The interface is UNIX compatible: it provides
-information on the command line and on the standard input stream,
-and expects a process exit status code as defined in <sysexits.h>.
-Examples of delivery via the pipe(8) mailer are in the MAILDROP_README
+inbound interface). The interface is UNIX compatible: the pipe(8)
+mailer provides information to a child process command line,
+environment variables, and standard input stream, and expects a
+child process exit status code as defined in <sysexits.h>.
+Examples of delivery via the pipe(8) mailer are in the FILTER_README,
+MAILDROP_README,
and UUCP_README documents.
@@ -502,7 +505,9 @@ Per- message logfiles
The flush(8) servers maintain per-destination logs and
-implement both ETRN and "sendmail -qRdestination", as described
+implement "sendmail -qRsite", "sendmail -qIqueueid"
+"postqueue -s site", "postqueue -i queueid", and ETRN
+as described
in the ETRN_README document. This moves selected queue files from
the deferred queue back to the incoming queue and requests their
delivery. The flush(8) service is available with Postfix version
@@ -586,15 +591,7 @@ the overhead of connection setup and improves message delivery
rates. After a Postfix smtp(8) client connects to a remote SMTP
server and sends plaintext EHLO and STARTTLS commands, the smtp(8)
client inserts a tlsproxy(8) process into the connection as shown
-below.
-
-
After the mail transaction completes, the Postfix smtp(8) client
-gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
-server, which keeps the connection open for a limited amount of
-time. The smtp(8) client continues with some other mail delivery
-request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
-server for that cached connection and reuse it for mail delivery.
-
After the mail transaction completes, the Postfix smtp(8) client
+gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
+server, which keeps the connection open for a limited amount of
+time. The smtp(8) client continues with some other mail delivery
+request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
+server for that cached connection and reuse it for mail delivery.
+
+
The showq(8) servers list the Postfix queue status. This
is the queue listing service that does the work for the mailq(1)
and postqueue(1) commands.
a = time from message arrival to last active queue entry
+
a = Time from message arrival to last active queue entry.
-
b = time from last active queue entry to connection setup
+
b = Time from last active queue entry to the beginning of
+connection setup.
-
c = time in connection setup, including DNS, EHLO and STARTTLS
+
c = Time in connection setup. With SMTP, that is the time
+before sending the MAIL FROM command: with a new connection, that
+includes DNS lookups, and protocol handshakes with TCP, EHLO, and
+STARTTLS; with a reused connection, that includes DNS lookups,
+connection cache lookup by domain or IP address, and a liveness
+probe with RSET.
-
d = time in message transmission
+
d = Time in message transmission. With SMTP, that starts with
+sending MAIL FROM.
@@ -15852,9 +15874,13 @@ restriction lists" for a discussion of evaluation context and time.
(default: no)
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
-and require that clients use TLS encryption. According to RFC 2487
+and reject all plaintext commands except HELO, EHLO, XCLIENT,
+STARTTLS, NOOP, QUIT, and (Postfix ≥ 3.9) HELP.
+According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced SMTP
-server. This option is therefore off by default.
+server. Instead, this should be used on dedicated servers, for
+example submission (port 587). This option is therefore off by
+default.
@@ -19166,10 +19192,11 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
encrypt
Mandatory TLS encryption: announce
-STARTTLS support to remote SMTP clients, and require that clients use TLS
-encryption. According to RFC 2487 this MUST NOT be applied in case
-of a publicly-referenced SMTP server. Instead, this option should
-be used only on dedicated servers.
+STARTTLS support to remote SMTP clients, and reject all plaintext
+commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix
+≥ 3.9) HELP. According to RFC 2487 this MUST NOT be applied in case
+of a publicly-referenced SMTP server. Instead, this should be used
+on dedicated servers, for example submission (port 587).
diff --git a/postfix/html/spawn.8.html b/postfix/html/spawn.8.html
index 8b2f2f140..227aff4a5 100644
--- a/postfix/html/spawn.8.html
+++ b/postfix/html/spawn.8.html
@@ -44,62 +44,63 @@ SPAWN(8) SPAWN(8)
interpreter.
BUGS
- In order to enforce standard Postfix process resource controls, the
- spawn(8) daemon runs only one external command at a time. As such, it
- presents a noticeable overhead by wasting precious process resources.
- The spawn(8) daemon is expected to be replaced by a more structural
+ In order to enforce standard Postfix process resource controls, each
+ spawn(8) daemon process runs only one external command, and blocks
+ until the command terminates or a time limit is reached. As such, it
+ presents a noticeable overhead by wasting precious process resources.
+ The spawn(8) daemon is expected to be replaced by a more structural
solution.
DIAGNOSTICS
- The spawn(8) daemon reports abnormal child exits. Problems are logged
+ The spawn(8) daemon reports abnormal child exits. Problems are logged
to syslogd(8) or postlogd(8).
SECURITY
This program needs root privilege in order to execute external commands
as the specified user. It is therefore security sensitive. However the
- spawn(8) daemon does not talk to the external command and thus is not
+ spawn(8) daemon does not talk to the external command and thus is not
vulnerable to data-driven attacks.
CONFIGURATION PARAMETERS
- Changes to main.cf are picked up automatically as spawn(8) processes
+ Changes to main.cf are picked up automatically as spawn(8) processes
run for only a limited amount of time. Use the command "postfix reload"
to speed up a change.
- The text below provides only a parameter summary. See postconf(5) for
+ The text below provides only a parameter summary. See postconf(5) for
more details including examples.
- In the text below, transport is the first field of the entry in the
+ In the text below, transport is the first field of the entry in the
master.cf file.
RESOURCE AND RATE CONTROLtransport_time_limit ($command_time_limit)
A transport-specific override for the command_time_limit parame-
- ter value, where transport is the master.cf name of the message
+ ter value, where transport is the master.cf name of the message
delivery transport.
MISCELLANEOUSconfig_directory (see 'postconf -d' output)
- The default location of the Postfix main.cf and master.cf con-
+ The default location of the Postfix main.cf and master.cf con-
figuration files.
daemon_timeout (18000s)
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
export_environment (see 'postconf -d' output)
- The list of environment variables that a Postfix process will
+ The list of environment variables that a Postfix process will
export to non-Postfix processes.
ipc_timeout (3600s)
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
mail_owner (postfix)
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
max_idle (100s)
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
max_use (100)
@@ -119,7 +120,7 @@ SPAWN(8) SPAWN(8)
The syslog facility of Postfix logging.
syslog_name (see 'postconf -d' output)
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix 3.3 and later:
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 67314334f..02a3e0083 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -1893,13 +1893,20 @@ precision.
.PP
The format of the "delays=a/b/c/d" logging is as follows:
.IP \(bu
-a = time from message arrival to last active queue entry
+a = Time from message arrival to last active queue entry.
.IP \(bu
-b = time from last active queue entry to connection setup
+b = Time from last active queue entry to the beginning of
+connection setup.
.IP \(bu
-c = time in connection setup, including DNS, EHLO and STARTTLS
+c = Time in connection setup. With SMTP, that is the time
+before sending the MAIL FROM command: with a new connection, that
+includes DNS lookups, and protocol handshakes with TCP, EHLO, and
+STARTTLS; with a reused connection, that includes DNS lookups,
+connection cache lookup by domain or IP address, and a liveness
+probe with RSET.
.IP \(bu
-d = time in message transmission
+d = Time in message transmission. With SMTP, that starts with
+sending MAIL FROM.
.br
.PP
This feature is available in Postfix 2.3 and later.
@@ -10971,9 +10978,13 @@ This feature is available in Postfix 2.2 and later.
See smtpd_data_restrictions for details and limitations.
.SH smtpd_enforce_tls (default: no)
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
-and require that clients use TLS encryption. According to RFC 2487
+and reject all plaintext commands except HELO, EHLO, XCLIENT,
+STARTTLS, NOOP, QUIT, and (Postfix >= 3.9) HELP.
+According to RFC 2487
this MUST NOT be applied in case of a publicly\-referenced SMTP
-server. This option is therefore off by default.
+server. Instead, this should be used on dedicated servers, for
+example submission (port 587). This option is therefore off by
+default.
.PP
Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".
.PP
@@ -13702,10 +13713,11 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
.br
.IP "\fBencrypt\fR"
Mandatory TLS encryption: announce
-STARTTLS support to remote SMTP clients, and require that clients use TLS
-encryption. According to RFC 2487 this MUST NOT be applied in case
-of a publicly\-referenced SMTP server. Instead, this option should
-be used only on dedicated servers.
+STARTTLS support to remote SMTP clients, and reject all plaintext
+commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix
+>= 3.9) HELP. According to RFC 2487 this MUST NOT be applied in case
+of a publicly\-referenced SMTP server. Instead, this should be used
+on dedicated servers, for example submission (port 587).
.br
.br
.PP
diff --git a/postfix/man/man8/spawn.8 b/postfix/man/man8/spawn.8
index 8baa440b2..65ced92ac 100644
--- a/postfix/man/man8/spawn.8
+++ b/postfix/man/man8/spawn.8
@@ -47,7 +47,9 @@ shell meta characters by a shell command interpreter.
.ad
.fi
In order to enforce standard Postfix process resource controls,
-the \fBspawn\fR(8) daemon runs only one external command at a time.
+each \fBspawn\fR(8) daemon process runs only one external
+command, and blocks until the command terminates or a time
+limit is reached.
As such, it presents a noticeable overhead by wasting precious
process resources. The \fBspawn\fR(8) daemon is expected to be
replaced by a more structural solution.
diff --git a/postfix/proto/OVERVIEW.html b/postfix/proto/OVERVIEW.html
index 64f9185f3..4b7dcabc6 100644
--- a/postfix/proto/OVERVIEW.html
+++ b/postfix/proto/OVERVIEW.html
@@ -329,7 +329,7 @@ or more recipient addresses. The discard(8) and error(8) delivery
agents are special: they discard or bounce all mail, and are not
shown in the figure above.
-
The queue manager maintains a small active queue with the
+
The queue manager maintains a limited active queue with the
messages that it has opened for delivery. The active queue acts as
a limited window on potentially large incoming or deferred queues.
The limited active queue prevents the queue manager from running
@@ -349,12 +349,13 @@ trivial-rewrite(8) server optionally queries the relocated(5) table
for recipients whose address has changed; mail for such recipients is
returned to the sender with an explanation.
-
The smtp(8) client looks up a list of mail exchangers for
-the destination host, sorts the list by preference, and tries each
-server in turn until it finds a server that responds. It then
-encapsulates the sender, recipient and message content as required
-by the SMTP protocol; this includes conversion of 8-bit MIME to
-7-bit encoding.
+
The smtp(8) client looks up a list of SMTP servers for
+the destination(s) in a delivery request, sorts the list by preference,
+and tries each server in turn until it has delivered or bounced all
+recipients in the delivery request. It encapsulates the sender,
+recipients and message content as required by the SMTP protocol;
+this includes message body conversion from 8-bit MIME to 7-bit
+encoding, but does not include RFC 2047 header encoding.
The lmtp(8) client speaks a protocol similar to SMTP that
is optimized for delivery to mailbox servers such as Cyrus. The
@@ -384,10 +385,12 @@ VIRTUAL_README document.
The pipe(8) mailer is the outbound interface to other mail
processing systems (the Postfix sendmail(1) command being the
-inbound interface). The interface is UNIX compatible: it provides
-information on the command line and on the standard input stream,
-and expects a process exit status code as defined in <sysexits.h>.
-Examples of delivery via the pipe(8) mailer are in the MAILDROP_README
+inbound interface). The interface is UNIX compatible: the pipe(8)
+mailer provides information to a child process command line,
+environment variables, and standard input stream, and expects a
+child process exit status code as defined in <sysexits.h>.
+Examples of delivery via the pipe(8) mailer are in the FILTER_README,
+MAILDROP_README,
and UUCP_README documents.
@@ -502,7 +505,9 @@ Per- message logfiles
The flush(8) servers maintain per-destination logs and
-implement both ETRN and "sendmail -qRdestination", as described
+implement "sendmail -qRsite", "sendmail -qIqueueid"
+"postqueue -s site", "postqueue -i queueid", and ETRN
+as described
in the ETRN_README document. This moves selected queue files from
the deferred queue back to the incoming queue and requests their
delivery. The flush(8) service is available with Postfix version
@@ -586,15 +591,7 @@ the overhead of connection setup and improves message delivery
rates. After a Postfix smtp(8) client connects to a remote SMTP
server and sends plaintext EHLO and STARTTLS commands, the smtp(8)
client inserts a tlsproxy(8) process into the connection as shown
-below.
-
-
After the mail transaction completes, the Postfix smtp(8) client
-gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
-server, which keeps the connection open for a limited amount of
-time. The smtp(8) client continues with some other mail delivery
-request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
-server for that cached connection and reuse it for mail delivery.
-
+in the top of the figure below.
@@ -619,6 +616,14 @@ bgcolor="#f0f0ff"> scache(8)
+
After the mail transaction completes, the Postfix smtp(8) client
+gives the smtp(8)-to-tlsproxy(8) connection to the scache(8)
+server, which keeps the connection open for a limited amount of
+time. The smtp(8) client continues with some other mail delivery
+request. Meanwhile, any Postfix smtp(8) client can ask the scache(8)
+server for that cached connection and reuse it for mail delivery.
+
+
The showq(8) servers list the Postfix queue status. This
is the queue listing service that does the work for the mailq(1)
and postqueue(1) commands.
diff --git a/postfix/proto/postconf.html.prolog b/postfix/proto/postconf.html.prolog
index 758623d85..04a9ef279 100644
--- a/postfix/proto/postconf.html.prolog
+++ b/postfix/proto/postconf.html.prolog
@@ -10,6 +10,21 @@
+
+
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index e941e7c0b..9dda8f29e 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -9856,9 +9856,13 @@ Postfix 2.3 and later use smtpd_tls_security_level instead.
%PARAM smtpd_enforce_tls no
Mandatory TLS: announce STARTTLS support to remote SMTP clients,
-and require that clients use TLS encryption. According to RFC 2487
+and reject all plaintext commands except HELO, EHLO, XCLIENT,
+STARTTLS, NOOP, QUIT, and (Postfix ≥ 3.9) HELP.
+According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced SMTP
-server. This option is therefore off by default.
+server. Instead, this should be used on dedicated servers, for
+example submission (port 587). This option is therefore off by
+default.
a = time from message arrival to last active queue entry
+
a = Time from message arrival to last active queue entry.
-
b = time from last active queue entry to connection setup
+
b = Time from last active queue entry to the beginning of
+connection setup.
-
c = time in connection setup, including DNS, EHLO and STARTTLS
+
c = Time in connection setup. With SMTP, that is the time
+before sending the MAIL FROM command: with a new connection, that
+includes DNS lookups, and protocol handshakes with TCP, EHLO, and
+STARTTLS; with a reused connection, that includes DNS lookups,
+connection cache lookup by domain or IP address, and a liveness
+probe with RSET.
-
d = time in message transmission
+
d = Time in message transmission. With SMTP, that starts with
+sending MAIL FROM.
@@ -12683,10 +12694,11 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
encrypt
Mandatory TLS encryption: announce
-STARTTLS support to remote SMTP clients, and require that clients use TLS
-encryption. According to RFC 2487 this MUST NOT be applied in case
-of a publicly-referenced SMTP server. Instead, this option should
-be used only on dedicated servers.
+STARTTLS support to remote SMTP clients, and reject all plaintext
+commands except HELO, EHLO, XCLIENT, STARTTLS, NOOP, QUIT, and (Postfix
+≥ 3.9) HELP. According to RFC 2487 this MUST NOT be applied in case
+of a publicly-referenced SMTP server. Instead, this should be used
+on dedicated servers, for example submission (port 587).
diff --git a/postfix/proto/stop b/postfix/proto/stop
index 1ef4ab4bf..52f34ab43 100644
--- a/postfix/proto/stop
+++ b/postfix/proto/stop
@@ -1603,3 +1603,4 @@ Hamid
LLC
Maadani
GTEST
+javascript
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history
index c09be05de..d6926f8df 100644
--- a/postfix/proto/stop.double-history
+++ b/postfix/proto/stop.double-history
@@ -123,3 +123,5 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
or unimplemented commands File smtpd smtpd c
proto proto mysql_table proto pgsql_table proto ldap_table
File pickup pickup c
+ a domain File postalias postalias c
+ File spawn spawn c
diff --git a/postfix/proto/stop.spell-proto-html b/postfix/proto/stop.spell-proto-html
index 79c1ce533..e76dbfa4d 100644
--- a/postfix/proto/stop.spell-proto-html
+++ b/postfix/proto/stop.spell-proto-html
@@ -374,3 +374,8 @@ srv
viktor
MONGODB
MongoDB
+qIqueueid
+Dextrous
+ar
+liveness
+superset
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index feded4ed4..81ad5407d 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20240422"
+#define MAIL_RELEASE_DATE "20240603"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT
diff --git a/postfix/src/postalias/postalias.c b/postfix/src/postalias/postalias.c
index 72ca72998..5033f9da2 100644
--- a/postfix/src/postalias/postalias.c
+++ b/postfix/src/postalias/postalias.c
@@ -429,7 +429,7 @@ static void postalias(char *map_type, char *path_name, int postalias_flags,
* alias database is being built, so we're guessing a bit.
*/
if (tok822_rfind_type(colon, '@') || tok822_rfind_type(colon, '%')) {
- msg_warn("%s, line %d: name must be local",
+ msg_warn("%s, line %d: name must be local and have no domain",
VSTREAM_PATH(source_fp), lineno);
tok822_free_tree(tok_list);
continue;
diff --git a/postfix/src/spawn/spawn.c b/postfix/src/spawn/spawn.c
index 686b0da15..445329f1e 100644
--- a/postfix/src/spawn/spawn.c
+++ b/postfix/src/spawn/spawn.c
@@ -37,7 +37,9 @@
/* shell meta characters by a shell command interpreter.
/* BUGS
/* In order to enforce standard Postfix process resource controls,
-/* the \fBspawn\fR(8) daemon runs only one external command at a time.
+/* each \fBspawn\fR(8) daemon process runs only one external
+/* command, and blocks until the command terminates or a time
+/* limit is reached.
/* As such, it presents a noticeable overhead by wasting precious
/* process resources. The \fBspawn\fR(8) daemon is expected to be
/* replaced by a more structural solution.