From 4632b19c12f5f15c8e544bc97f164a58a8847233 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Wed, 7 May 2014 00:00:00 -0500 Subject: [PATCH] postfix-2.11.1 --- postfix/HISTORY | 46 +++++++++++++++++ postfix/README_FILES/TLS_README | 80 ++++++++++++++---------------- postfix/html/TLS_README.html | 32 ++++++------ postfix/html/postconf.1.html | 10 +++- postfix/html/postconf.5.html | 27 +++++----- postfix/makedefs | 3 ++ postfix/man/man1/postconf.1 | 10 +++- postfix/man/man5/postconf.5 | 29 +++++------ postfix/proto/TLS_README.html | 32 ++++++------ postfix/proto/postconf.proto | 27 +++++----- postfix/src/global/mail_version.h | 4 +- postfix/src/postconf/postconf.c | 10 +++- postfix/src/smtp/smtp.h | 2 +- postfix/src/smtp/smtp_connect.c | 7 +-- postfix/src/smtp/smtp_tls_policy.c | 12 +++-- postfix/src/tls/tls_client.c | 4 +- 16 files changed, 195 insertions(+), 140 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 8482b6195..225b98fea 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -19528,3 +19528,49 @@ Apologies for any names omitted. 20140110-15 Miscellaneous documentation cleanups. + +20140116 + + Workaround: prepend "-I. -I../../include" to CCARGS, to + avoid name clashes with non-Postfix header files. File: + makedefs. + +20140125 + + Cleanup: postconf(1) manpage missing version attribution + and incorrect "author" formatting. File: postconf/postconf.c. + +20140223 + + Logging: the TLS client logged that an "Untrusted" TLS + connection was established instead of "Anonymous". Viktor + Dukhovni. File: tls/tls_client.c. + +20140227 + + Bugfix: Enforce TLS when TLSA records exist, but all are + unusable; Don't leak dane handle when all TLSA records are + unusable. Viktor Dukhovni. File: smtp/smtp_tls_policy.c. + + Cleanup: log TLS policy lookup errors as warnings. Viktor + Dukhovni. File: smtp/smtp_connect.c. + +20140407 + + Documentation: the documentation for Postfix > 2.8 TLS + activity logging was incorrect. Loglevel 0 produces no + logging. Instead, information is logged only with loglevel + 1 or higher. Viktor Dukhovni. Files: proto/TLS_README.html, + proto/postconf.proto. + +20140507 + + Bugfix (introduced: Postfix 2.11): with connection caching + enabled (the default), recipients could be given to the + wrong mail server. Root cause: due to an incorrect predicate, + the Postfix SMTP client could save and restore plaintext + connections that should not be cached, under nonsensical + lookup keys that did not distinguish by destination. Problem + reported by Sahil Tandon, predicate error found by Viktor, + redundant connection restore request eliminated by Wietse. + File: smtp/smtp_connect.c. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 404bde7c5..26ac64b42 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -247,27 +247,25 @@ To get additional information about Postfix SMTP server TLS activity you can increase the log level from 0..4. Each logging level also includes the information that is logged at a lower logging level. - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr |EEaarrlliieerr rreelleeaasseess.. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |0 |Log only a summary message on TLS |Disable logging of TLS activity.| - | |handshake completion -- no logging| | - | |of client certificate trust-chain | | - | |verification errors if client | | - | |certificate verification is not | | - | |required. | | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |1 |Also log trust-chain verification |Also log TLS handshake and | - | |errors and peer certificate |certificate information. | - | |summary information. | | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |2 |Also log levels during TLS negotiation. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |3 |Also log hexadecimal and ASCII dump of TLS negotiation process. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |4 |Also log hexadecimal and ASCII dump of complete transmission after | - | |STARTTLS. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr |EEaarrlliieerr rreelleeaasseess.. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |0 |Disable logging of TLS activity. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |1 |Log only a summary message on TLS |Log the summary message, peer | + | |handshake completion -- no logging|certificate summary information| + | |of client certificate trust-chain |and unconditionally log trust- | + | |verification errors if client |chain verification errors. | + | |certificate verification is not | | + | |required. | | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |2 |Also log levels during TLS negotiation. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |3 |Also log hexadecimal and ASCII dump of TLS negotiation process. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |4 |Also log hexadecimal and ASCII dump of complete transmission after| + | |STARTTLS. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | Use log level 3 only in case of problems. Use of log level 4 is strongly discouraged. @@ -1321,27 +1319,25 @@ To get additional information about Postfix SMTP client TLS activity you can increase the loglevel from 0..4. Each logging level also includes the information that is logged at a lower logging level. - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ - |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr |EEaarrlliieerr rreelleeaasseess.. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |0 |Log only a summary message on TLS |Disable logging of TLS activity.| - | |handshake completion -- no logging| | - | |of remote SMTP server certificate | | - | |trust-chain verification errors if| | - | |server certificate verification is| | - | |not required. | | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |1 |Also log remote SMTP server trust-|Also log TLS handshake and | - | |chain verification errors and peer|certificate information. | - | |certificate summary information. | | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |2 |Also log levels during TLS negotiation. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |3 |Also log hexadecimal and ASCII dump of TLS negotiation process. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | - |4 |Also log hexadecimal and ASCII dump of complete transmission after | - | |STARTTLS. | - |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ + |LLeevveell|PPoossttffiixx 22..99 aanndd llaatteerr |EEaarrlliieerr rreelleeaasseess.. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |0 |Disable logging of TLS activity. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |1 |Log only a summary message on TLS |Log the summary message and | + | |handshake completion -- no logging|unconditionally log trust-chain| + | |of remote SMTP server certificate |verification errors. | + | |trust-chain verification errors if| | + | |server certificate verification is| | + | |not required. | | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |2 |Also log levels during TLS negotiation. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |3 |Also log hexadecimal and ASCII dump of TLS negotiation process. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | + |4 |Also log hexadecimal and ASCII dump of complete transmission after| + | |STARTTLS. | + |_ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | Example: diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 50713e4e0..77c09f926 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -384,16 +384,15 @@ logging level.

Level Postfix 2.9 and later Earlier releases. - 0 Log only a summary + 0 Disable +logging of TLS activity. + + 1 Log only a summary message on TLS handshake completion — no logging of client certificate trust-chain verification errors if client certificate -verification is not required. Disable logging -of TLS activity. - - 1 Also log trust-chain -verification errors and peer certificate summary information. - Also log TLS handshake and certificate information. - +verification is not required. Log the summary +message, peer certificate summary information and unconditionally log +trust-chain verification errors. 2 Also log levels during TLS negotiation. @@ -1750,16 +1749,15 @@ logging level.

Level Postfix 2.9 and later Earlier releases. - 0 Log only a summary -message on TLS handshake completion — no logging of remote -SMTP server certificate trust-chain verification errors if server -certificate verification is not required. -Disable logging of TLS activity. + 0 Disable +logging of TLS activity. - 1 Also log remote -SMTP server trust-chain verification errors and peer certificate -summary information. Also log TLS handshake -and certificate information. + 1 Log only a summary +message on TLS handshake completion — no logging of remote SMTP +server certificate trust-chain verification errors if server certificate +verification is not required. Log the summary +message and unconditionally log trust-chain verification errors. + 2 Also log levels during TLS negotiation. diff --git a/postfix/html/postconf.1.html b/postfix/html/postconf.1.html index ecaed1a25..aa16a13a4 100644 --- a/postfix/html/postconf.1.html +++ b/postfix/html/postconf.1.html @@ -123,6 +123,8 @@ POSTCONF(1) POSTCONF(1) The default is as if "-C all" is specified. + This feature is available with Postfix 2.9 and later. + -d Print main.cf default parameter settings instead of actual set- tings. Specify -df to fold long lines for human readability (Postfix 2.9 and later). @@ -330,6 +332,8 @@ POSTCONF(1) POSTCONF(1) -p Show main.cf parameter settings. This is the default. + This feature is available with Postfix 2.11 and later. + -P Show master.cf service parameter settings (by default all ser- vices and all parameters). formatted as one "ser- vice/type/parameter=value" per line. Specify -Pf to fold long @@ -444,8 +448,10 @@ POSTCONF(1) POSTCONF(1) The Secure Mailer license must be distributed with this software. AUTHOR(S) - Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown - Heights, NY 10598, USA + Wietse Venema + IBM T.J. Watson Research + P.O. Box 704 + Yorktown Heights, NY 10598, USA POSTCONF(1) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 592ea1daa..f7959d212 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -8600,7 +8600,7 @@ Examples: 
 # Handle both Postfix and qmail extensions (Postfix 2.11 and later).
-recipient_delimiters = +-
+recipient_delimiter = +-
 
@@ -11362,14 +11362,13 @@ a lower logging level.  

 
 

 
-
 
 
 0 Log only a summary message on TLS handshake completion
+
 
 
 0 Disable logging of TLS activity. 

+
+
 
 
 1 Log only a summary message on TLS handshake completion
 — no logging of remote SMTP server certificate trust-chain
 verification errors if server certificate verification is not required.
-With Postfix 2.8 and earlier, disable logging of TLS activity.  

-
-
 
 
 1 Also log remote SMTP server trust-chain verification
-errors and peer certificate summary information. With Postfix 2.8
-and earlier, log TLS handshake and certificate information.  

+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust-chain verification errors.  
 
 
 
 
 2 Also log levels during TLS negotiation.  

 
@@ -15555,15 +15554,13 @@ a lower logging level.  

 
 

 
-
 
 
 0 Log only a summary message on TLS handshake completion
-— no logging of remote SMTP client certificate trust-chain verification
-errors
-if client certificate verification is not required. With Postfix 2.8
-and earlier, disable logging of TLS activity. 

+
 
 
 0 Disable logging of TLS activity. 

 
-
 
 
 1 Also log trust-chain verification errors and peer
-certificate name and issuer. With Postfix 2.8 and earlier, log TLS
-handshake and certificate information. 

+
 
 
 1 Log only a summary message on TLS handshake completion
+— no logging of client certificate trust-chain verification errors
+if client certificate verification is not required.  With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust-chain verification errors.  

 
 
 
 
 2 Also log levels during TLS negotiation. 

 
diff --git a/postfix/makedefs b/postfix/makedefs
index 316173dcd..dd5f2564e 100644
--- a/postfix/makedefs
+++ b/postfix/makedefs
@@ -638,6 +638,9 @@ export SYSTYPE AR ARFL RANLIB SYSLIBS CC OPT DEBUG AWK OPTS
 # needed before the code stabilizes.
 #CCARGS="$CCARGS -DNONPROD"
 
+# Workaround: prepend Postfix include files before other include files.
+CCARGS="-I. -I../../include $CCARGS"
+
 sed 's/  / /g' <
   Level   Postfix 2.9 and later  Earlier
 releases.  
 
-  0   Log only a summary
+  0   Disable
+logging of TLS activity.  
+
+  1   Log only a summary
 message on TLS handshake completion — no logging of client
 certificate trust-chain verification errors if client certificate
-verification is not required.   Disable logging
-of TLS activity. 
-
-  1   Also log trust-chain
-verification errors and peer certificate summary information. 
- Also log TLS handshake and certificate information.
- 
+verification is not required.   Log the summary
+message, peer certificate summary information and unconditionally log
+trust-chain verification errors.   
 
   2   Also
 log levels during TLS negotiation.   
@@ -1750,16 +1749,15 @@ logging level. 

   Level   Postfix 2.9 and later  Earlier
 releases.  
 
-  0   Log only a summary
-message on TLS handshake completion — no logging of remote
-SMTP server certificate trust-chain verification errors if server
-certificate verification is not required.  
-Disable logging of TLS activity. 
+  0   Disable
+logging of TLS activity.   
 
-  1   Also log remote
-SMTP server trust-chain verification errors and peer certificate
-summary information.   Also log TLS handshake
-and certificate information.   
+  1   Log only a summary
+message on TLS handshake completion — no logging of remote SMTP
+server certificate trust-chain verification errors if server certificate
+verification is not required.   Log the summary
+message and unconditionally log trust-chain verification errors.
+ 
 
   2   Also
 log levels during TLS negotiation.  
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto
index f62ce69c1..703511075 100644
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -3546,7 +3546,7 @@ recipient_delimiter = +
 
 
 # Handle both Postfix and qmail extensions (Postfix 2.11 and later).
-recipient_delimiters = +-
+recipient_delimiter = +-
 

 
 
@@ -9127,15 +9127,13 @@ a lower logging level.  

 
 

 
-
 
 
 0 Log only a summary message on TLS handshake completion
-— no logging of remote SMTP client certificate trust-chain verification 
-errors
-if client certificate verification is not required. With Postfix 2.8
-and earlier, disable logging of TLS activity. 

+
 
 
 0 Disable logging of TLS activity. 

 
-
 
 
 1 Also log trust-chain verification errors and peer
-certificate name and issuer. With Postfix 2.8 and earlier, log TLS
-handshake and certificate information. 

+
 
 
 1 Log only a summary message on TLS handshake completion
+— no logging of client certificate trust-chain verification errors
+if client certificate verification is not required.  With Postfix 2.8 and
+earlier, log the summary message, peer certificate summary information
+and unconditionally log trust-chain verification errors.  

 
 
 
 
 2 Also log levels during TLS negotiation. 

 
@@ -9551,14 +9549,13 @@ a lower logging level.  

 
 

 
-
 
 
 0 Log only a summary message on TLS handshake completion
+
 
 
 0 Disable logging of TLS activity. 

+
+
 
 
 1 Log only a summary message on TLS handshake completion
 — no logging of remote SMTP server certificate trust-chain
 verification errors if server certificate verification is not required.
-With Postfix 2.8 and earlier, disable logging of TLS activity.  

-
-
 
 
 1 Also log remote SMTP server trust-chain verification
-errors and peer certificate summary information. With Postfix 2.8
-and earlier, log TLS handshake and certificate information.  

+With Postfix 2.8 and earlier, log the summary message and unconditionally
+log trust-chain verification errors.  
 
 
 
 
 2 Also log levels during TLS negotiation.  

 
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 0ed67a1d6..f7fb696a1 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,8 +20,8 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20140115"
-#define MAIL_VERSION_NUMBER	"2.11.0"
+#define MAIL_RELEASE_DATE	"20140507"
+#define MAIL_VERSION_NUMBER	"2.11.1"
 
 #ifdef SNAPSHOT
 #define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
diff --git a/postfix/src/postconf/postconf.c b/postfix/src/postconf/postconf.c
index df8ab4d45..23bcbb082 100644
--- a/postfix/src/postconf/postconf.c
+++ b/postfix/src/postconf/postconf.c
@@ -137,6 +137,8 @@
 /* .IP
 /*	The default is as if "\fB-C all\fR" is
 /*	specified.
+/*
+/*	This feature is available with Postfix 2.9 and later.
 /* .IP \fB-d\fR
 /*	Print \fBmain.cf\fR default parameter settings instead of
 /*	actual settings.
@@ -341,6 +343,8 @@
 /*	This feature is available with Postfix 2.10 and later.
 /* .IP \fB-p\fR
 /*	Show \fBmain.cf\fR parameter settings. This is the default.
+/*
+/*	This feature is available with Postfix 2.11 and later.
 /* .IP \fB-P\fR
 /*	Show \fBmaster.cf\fR service parameter settings (by default
 /*	all services and all parameters).  formatted as one
@@ -464,8 +468,10 @@
 /*	The Secure Mailer license must be distributed with this
 /*	software.
 /* AUTHOR(S)
-/*	Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-/*	Heights, NY 10598, USA
+/*	Wietse Venema
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
 /*--*/
 
 /* System library. */
diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h
index 336a4f47f..5437088e2 100644
--- a/postfix/src/smtp/smtp.h
+++ b/postfix/src/smtp/smtp.h
@@ -195,7 +195,7 @@ typedef struct SMTP_STATE {
 	STR((state)->iterator->request_nexthop)[0] = 0; \
     }
 
-#define HAVE_NEXTHOP_STATE(state) (STR((state)->iterator->request_nexthop) != 0)
+#define HAVE_NEXTHOP_STATE(state) (STR((state)->iterator->request_nexthop)[0] != 0)
 
 
  /*
diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c
index ff278c1ff..2e7fc87cf 100644
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@@ -510,7 +510,7 @@ static void smtp_connect_local(SMTP_STATE *state, const char *path)
      */
 #ifdef USE_TLS
     if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
-	msg_info("TLS policy lookup error for %s/%s: %s",
+	msg_warn("TLS policy lookup error for %s/%s: %s",
 		 STR(iter->host), STR(iter->addr), STR(why->reason));
 	return;
     }
@@ -666,6 +666,7 @@ static int smtp_reuse_session(SMTP_STATE *state, DNS_RR **addr_list,
 #endif
     SMTP_ITER_SAVE_DEST(state->iterator);
     if (*addr_list && SMTP_RCPT_LEFT(state) > 0
+	&& HAVE_NEXTHOP_STATE(state)
 	&& (session = smtp_reuse_nexthop(state, SMTP_KEY_MASK_SCACHE_DEST_LABEL)) != 0) {
 	session_count = 1;
 	smtp_update_addr_list(addr_list, STR(iter->addr), session_count);
@@ -716,7 +717,7 @@ static int smtp_reuse_session(SMTP_STATE *state, DNS_RR **addr_list,
 	iter->rr = addr;
 #ifdef USE_TLS
 	if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
-	    msg_info("TLS policy lookup error for %s/%s: %s",
+	    msg_warn("TLS policy lookup error for %s/%s: %s",
 		     STR(iter->dest), STR(iter->host), STR(why->reason));
 	    continue;
 	    /* XXX Assume there is no code at the end of this loop. */
@@ -956,7 +957,7 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 	    iter->rr = addr;
 #ifdef USE_TLS
 	    if (!smtp_tls_policy_cache_query(why, state->tls, iter)) {
-		msg_info("TLS policy lookup for %s/%s: %s",
+		msg_warn("TLS policy lookup for %s/%s: %s",
 			 STR(iter->dest), STR(iter->host), STR(why->reason));
 		continue;
 		/* XXX Assume there is no code at the end of this loop. */
diff --git a/postfix/src/smtp/smtp_tls_policy.c b/postfix/src/smtp/smtp_tls_policy.c
index 15880a316..f280810e1 100644
--- a/postfix/src/smtp/smtp_tls_policy.c
+++ b/postfix/src/smtp/smtp_tls_policy.c
@@ -525,8 +525,8 @@ static void *policy_create(const char *unused_key, void *context)
     /*
      * DANE initialization may change the security level to something else,
      * so do this early, so that we use the right level below.  Note that
-     * "dane-only" changes to "dane" after any fallback strategies are
-     * applied.
+     * "dane-only" changes to "dane" once we obtain the requisite TLSA
+     * records.
      */
     if (tls->level == TLS_LEV_DANE || tls->level == TLS_LEV_DANE_ONLY)
 	dane_init(tls, iter);
@@ -706,6 +706,7 @@ static int global_tls_level(void)
 
 #define NONDANE_CONFIG	0		/* Administrator's fault */
 #define NONDANE_DEST	1		/* Remote server's fault */
+#define DANE_UNUSABLE	2		/* Remote server's fault */
 
 static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls,
 					           SMTP_ITERATOR *iter,
@@ -716,12 +717,12 @@ static void PRINTFLIKE(4, 5) dane_incompat(SMTP_TLS_POLICY *tls,
 
     va_start(ap, fmt);
     if (tls->level == TLS_LEV_DANE) {
-	tls->level = TLS_LEV_MAY;
+	tls->level = (errtype == DANE_UNUSABLE) ? TLS_LEV_ENCRYPT : TLS_LEV_MAY;
 	if (errtype == NONDANE_CONFIG)
 	    vmsg_warn(fmt, ap);
 	else if (msg_verbose)
 	    vmsg_info(fmt, ap);
-    } else {
+    } else {					/* dane-only */
 	if (errtype == NONDANE_CONFIG) {
 	    vmsg_warn(fmt, ap);
 	    MARK_INVALID(tls->why, &tls->level);
@@ -816,7 +817,8 @@ static void dane_init(SMTP_TLS_POLICY *tls, SMTP_ITERATOR *iter)
      * given verifier some of the CAs are surely not trustworthy).
      */
     if (tls_dane_unusable(dane)) {
-	dane_incompat(tls, iter, NONDANE_DEST, "TLSA records unusable");
+	dane_incompat(tls, iter, DANE_UNUSABLE, "TLSA records unusable");
+	tls_dane_free(dane);
 	return;
     }
 
diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c
index 7732cfa7b..039e70482 100644
--- a/postfix/src/tls/tls_client.c
+++ b/postfix/src/tls/tls_client.c
@@ -1045,7 +1045,9 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
      */
     if (log_mask & TLS_LOG_SUMMARY)
 	msg_info("%s TLS connection established to %s: %s with cipher %s "
-	      "(%d/%d bits)", TLS_CERT_IS_MATCHED(TLScontext) ? "Verified" :
+		 "(%d/%d bits)",
+		 !TLS_CERT_IS_PRESENT(TLScontext) ? "Anonymous" :
+		 TLS_CERT_IS_MATCHED(TLScontext) ? "Verified" :
 		 TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
 	      props->namaddr, TLScontext->protocol, TLScontext->cipher_name,
 		 TLScontext->cipher_usebits, TLScontext->cipher_algbits);