postfix-3.11-20250807

2025-08-22 09:57:34 +00:00 · 2025-08-07 00:00:00 -05:00 · 2025-08-07 00:00:00 -05:00 · 643c8e5e85
commit 643c8e5e85
parent 1c43ccaf44
6 changed files with 43 additions and 11 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@ -29193,7 +29193,6 @@ Apologies for any names omitted.
 	setting from "yes" to "no". The new default is enabled with
 	compatibility level >= 3.11. Files: smtp/smtp_tlsrpt.c,
 	global/mail_params.[hc], proto/COMPATIBILITY_README.html.
-	proto/memcache_table, global/dict_memcache.c, util/hex_code.[hc].

 20250608

@ -29548,3 +29547,15 @@ Apologies for any names omitted.
 	and DANE policies. This prevents TLSRPT notifications for
 	all SMTP deliveries that do not require TLS. File:
 	smtp/smtp_connect.c.
+
+20250806
+
+	Documentation: updated the smtpd_hide_client_session
+	description with specific reference to RFC 5321 section
+	4.4. File: proto/postconf.proto.
+
+20250807
+
+	Bugfix (defect introduced: 20250803): "TLS-Required: no" was
+	no longer in effect for LMTP deliveries. Viktor Dukhovni.
+	File: smtp/smtp_connect.c.
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@ -16637,7 +16637,7 @@ SMTP server's Received: message header. </p>

 <li> <p> The default setting, "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = no",
 must be used for the port 25 MTA service. It provides information
-that is required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. </p>
+that is required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> section 4.4. </p>

 <li> <p> The setting "<a href="postconf.5.html#smtpd_hide_client_session">smtpd_hide_client_session</a> = yes" may be used
 for the port 587 and 465 MUA services. This hides the SMTP client
@ -16660,8 +16660,9 @@ Received: by mail.example.com (Postfix) id postfix-queue-id
 </blockquote>

 <p> The redacted form hides that a message was received with SMTP,
-and therefore it does not need to provide the information required by
-<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. The form does still meet <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> requirements. </p>
+and therefore it does not need to provide the FROM clause according
+to <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> section 4.4. The redacted form still meets <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a>
+requirements. </p>

 <p> This feature is available in Postfix &ge; 3.10. </p>

--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@ -11272,7 +11272,7 @@ SMTP server's Received: message header.
 .IP \(bu
 The default setting, "smtpd_hide_client_session = no",
 must be used for the port 25 MTA service. It provides information
-that is required by RFC 5321.
+that is required by RFC 5321 section 4.4.
 .IP \(bu
 The setting "smtpd_hide_client_session = yes" may be used
 for the port 587 and 465 MUA services. This hides the SMTP client
@ -11296,8 +11296,9 @@ Received: by mail.example.com (Postfix) id postfix\-queue\-id
 .in -4
 .PP
 The redacted form hides that a message was received with SMTP,
-and therefore it does not need to provide the information required by
-RFC 5321. The form does still meet RFC 5322 requirements.
+and therefore it does not need to provide the FROM clause according
+to RFC 5321 section 4.4. The redacted form still meets RFC 5322
+requirements.
 .PP
 This feature is available in Postfix >= 3.10.
 .SH smtpd_history_flush_threshold (default: 100)
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@ -19634,7 +19634,7 @@ SMTP server's Received: message header. </p>

 <li> <p> The default setting, "smtpd_hide_client_session = no",
 must be used for the port 25 MTA service. It provides information
-that is required by RFC 5321. </p>
+that is required by RFC 5321 section 4.4. </p>

 <li> <p> The setting "smtpd_hide_client_session = yes" may be used
 for the port 587 and 465 MUA services. This hides the SMTP client
@ -19657,8 +19657,9 @@ Received: by mail.example.com (Postfix) id postfix-queue-id
 </blockquote>

 <p> The redacted form hides that a message was received with SMTP,
-and therefore it does not need to provide the information required by
-RFC 5321. The form does still meet RFC 5322 requirements. </p>
+and therefore it does not need to provide the FROM clause according
+to RFC 5321 section 4.4. The redacted form still meets RFC 5322
+requirements. </p>

 <p> This feature is available in Postfix &ge; 3.10. </p>

--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20250803"
+#define MAIL_RELEASE_DATE	"20250807"
 #define MAIL_VERSION_NUMBER	"3.11"

 #ifdef SNAPSHOT
--- a/postfix/src/smtp/smtp_connect.c
+++ b/postfix/src/smtp/smtp_connect.c
@ -575,6 +575,24 @@ static void smtp_connect_local(SMTP_STATE *state, const char *path)

    SMTP_ITER_INIT(iter, path, var_myhostname, path, NO_PORT, state);

+    /*
+     * If a "TLS-Required: no" header is in effect, update the iterator to
+     * override TLS policy selection and to limit the security level to
+     * "may". Do not reset the security level after policy selection, as that
+     * would result in errors. For example, when TLSA records are looked up
+     * for security level "dane", and then the security level is reset to
+     * "may", the activation of those TLSA records will fail.
+     * 
+     * Note that the REQUIRETLS verb in ESMTP overrides the "TLS-Required: no"
+     * header.
+     */
+#ifdef USE_TLS
+    if (var_tls_required_enable
+	&& (state->request->sendopts & SOPT_REQUIRETLS_HEADER)) {
+	iter->tlsreqno = 1;
+    }
+#endif
+
    /*
     * Opportunistic TLS for unix domain sockets does not make much sense,
     * since the channel is private, mere encryption without authentication