mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.7-20211022

Browse Source
This commit is contained in:
Wietse Venema 2021-10-22 00:00:00 -05:00 committed by Viktor Dukhovni
parent d87dc6f21c
commit 6b8941f03e
59 changed files with 536 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
postfix/HISTORY
View File

@ -25795,3 +25795,23 @@ Apologies for any names omitted.
smtp/smtp.h, smtp/smtp_chat.c, smtp/smtp_params.c,
smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_chat.c, and test
data.
20211006
Documentation: http://tools.ietf.org/html/rfc[0-9]+ sometimes
does not redirect to the https site. Max-Julian Pogner.
Fixed by updating mantools/postlink and rebuilding the HTML
files that reference RFCs.
20211016
Documentation: clarified the difference between private and
public services in master.cf. File: proto/master.
20211022
Bugfix: the known_tcp_ports setting had no effect. Reported
by Peter. It also wasn't fully implemented. Files:
config_known_tcp_ports.c, mail_params.c,
posttls-finger/posttls-finger.c, smtp/smtp_connect.c,
util/find_inet.c, util/myaddrinfo.c.

5
postfix/TODO
View File

@ -1,5 +0,0 @@
Add a note to tlsproxy source why it does not enforce deadlines or
minimum data rates. Reason: tlsproxy relies on the plaintext client
to enforce their context-dependent deadlines and data rates. When
a plaintext client times out, it will close the tlsproxy connection,
and then tlsproxy will also hang up.

7
postfix/WISHLIST
View File

@ -1,6 +1,11 @@
Wish list:
Add verp=+= to the qmgr "from=" logging.
Add a pointer to
http://mmogilvi.users.sourceforge.net/software/oauthbearer.html
in documentation or on-line howtos.
Add verp=+= to the qmgr "from=" logging. This is already
implemented but not yet integrated.
Need canonical Dovecot example that has virtual_mailbox_domains,
(virtual_mailbox_maps or reject unverified_recipient), and

8
postfix/html/BDAT_README.html
View File

@ -20,7 +20,7 @@ BDAT (CHUNKING) support</h1>
<h2>Overview </h2>
<p> Postfix SMTP server supports <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> CHUNKING (the BDAT command)
<p> Postfix SMTP server supports <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> CHUNKING (the BDAT command)
without BINARYMIME, in both <a href="smtpd.8.html">smtpd(8)</a> and <a href="postscreen.8.html">postscreen(8)</a>. It is enabled
by default. </p>
@ -155,7 +155,7 @@ signatures, so conversion would have to happen before signing. </p>
<h2> <a name="downsides">Downsides of CHUNKING (BDAT) support</a>
</h2>
<p> The <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> authors did not specify any limitations on how
<p> The <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> authors did not specify any limitations on how
clients may pipeline commands (i.e. send commands without waiting
for a server response). If a server announces PIPELINING support,
like Postfix does, then a remote SMTP client can pipeline all
@ -167,10 +167,10 @@ behavior. If you require "<a href="postconf.5.html#reject_unauth_pipelining">rej
then turn off Postfix's CHUNKING announcement as described above.
</p>
<p> In <a href="http://tools.ietf.org/html/rfc4468">RFC 4468</a>, the authors write that a client may pipeline
<p> In <a href="https://tools.ietf.org/html/rfc4468">RFC 4468</a>, the authors write that a client may pipeline
commands, and that after sending BURL LAST or BDAT LAST, a client
must wait for the server's response. But as this text does not
appear in <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> which defines BDAT, is it a useless restriction
appear in <a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> which defines BDAT, is it a useless restriction
that Postfix will not enforce. </p>
</body>

4
postfix/html/BUILTIN_FILTER_README.html
View File

@ -222,9 +222,9 @@ header/body checks for mail to some domains only</a>". </p>
<li> <p> Header/body checks do not decode message headers or message
body content. For example, if text in the message body is BASE64
encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) then your regular expressions will have to match
encoded (<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>) then your regular expressions will have to match
the BASE64 encoded form. Likewise, message headers with encoded
non-ASCII characters (<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>) need to be matched in their encoded
non-ASCII characters (<a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>) need to be matched in their encoded
form. </p>
<li> <p> Header/body checks cannot filter on a combination of

2
postfix/html/DSN_README.html
View File

@ -21,7 +21,7 @@ DSN Support </h1>
<h2>Introduction</h2>
<p> Postfix version 2.3 introduces support for Delivery Status
Notifications as described in <a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a>. This gives senders control
Notifications as described in <a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a>. This gives senders control
over successful and failed delivery notifications. </p>
<p> Specifically, DSN support gives an email sender the ability to

2
postfix/html/FORWARD_SECRECY_README.html
View File

@ -227,7 +227,7 @@ setting the <a href="postconf.5.html">main.cf</a> parameter <a href="postconf.5.
</p> </blockquote>
<p> The elliptic curve standards are evolving, with new curves
introduced in <a href="http://tools.ietf.org/html/rfc8031">RFC 8031</a> to augment or replace the NIST curves tarnished
introduced in <a href="https://tools.ietf.org/html/rfc8031">RFC 8031</a> to augment or replace the NIST curves tarnished
by the Snowden revelations. Fortunately, TLS clients advertise
their list of supported curves to the server so that servers can
choose newer stronger curves when mutually supported. OpenSSL 1.0.2

2
postfix/html/IPV6_README.html
View File

@ -228,7 +228,7 @@ to the LMTP client. </p>
<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
commands are specified as [ipv6:<i>ipv6address</i>], as
described in <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
described in <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
<li> <p> The IPv6 network address matching code was rewritten from
the ground up, and is expected to be closer to the specification.

6
postfix/html/LDAP_README.html
View File

@ -199,7 +199,7 @@ server listening at port 389 on ldap.example.com. It will bind anonymously,
search for any directory entries whose mailacceptinggeneralid
attribute is "ldapuser", read the "maildrop" attributes of those
found, and build a list of their maildrops, which will be treated
as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be delivered. </p>
as <a href="https://tools.ietf.org/html/rfc822">RFC822</a> addresses to which the message will be delivered. </p>
<h2><a name="example_virtual">Example: virtual domains/addresses</a></h2>
@ -592,10 +592,10 @@ contents, please include the applicable bits of some directory entries. </p>
<li>Prabhat K Singh: Wrote the initial Postfix LDAP lookups and connection caching.
<li>Keith Stevenson: <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a> escaping in queries.
<li>Keith Stevenson: <a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a> escaping in queries.
<li>Samuel Tardieu: Noticed that searches could include wildcards, prompting
the work on <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a> escaping in queries. Spotted a bug
the work on <a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a> escaping in queries. Spotted a bug
in binding.
<li>Sami Haahtinen: Referral chasing and v3 support.

2
postfix/html/MAILDROP_README.html
View File

@ -85,7 +85,7 @@ becoming clogged with undeliverable messages. Specify an empty
value ("<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> =") to disable this feature. </p>
<li> <p> Lines 6 and 13-15 redirect mail for postmaster to the
local postmaster. <a href="http://tools.ietf.org/html/rfc821">RFC 821</a> requires that every domain has a postmaster
local postmaster. <a href="https://tools.ietf.org/html/rfc821">RFC 821</a> requires that every domain has a postmaster
address. </p>
</ul>

2
postfix/html/SASL_README.html
View File

@ -25,7 +25,7 @@ mail to remote destinations when the client's IP address is in the
<p> SMTP clients outside the SMTP server's network need a different
way to get "same network" privileges. To address this need, Postfix
supports SASL authentication (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>, formerly <a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a>). With
supports SASL authentication (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>, formerly <a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a>). With
this a remote SMTP client can authenticate to the Postfix SMTP
server, and the Postfix SMTP client can authenticate to a remote
SMTP server. Once a client is authenticated, a server can give it

2
postfix/html/SMTPD_ACCESS_README.html
View File

@ -145,7 +145,7 @@ no"). </p>
<ul>
<li> <p> Disallowing <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> address syntax (example: "MAIL FROM: the
<li> <p> Disallowing <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> address syntax (example: "MAIL FROM: the
dude &lt;dude@example.com&gt;"). </p>
<li> <p> Disallowing addresses that are not enclosed with &lt;&gt;

10
postfix/html/SMTPUTF8_README.html
View File

@ -22,8 +22,8 @@ Postfix SMTPUTF8 support
<h2> Overview </h2>
<p> This document describes Postfix support for Email Address
Internationalization (EAI) as defined in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (SMTPUTF8 extension),
<a href="http://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized email headers) and <a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized
Internationalization (EAI) as defined in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (SMTPUTF8 extension),
<a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized email headers) and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized
delivery status notifications). Introduced with Postfix version
3.0, this fully supports UTF-8 email addresses and UTF-8 message
header values. </p>
@ -288,7 +288,7 @@ at one point in time. </p>
<h3> No automatic conversions between ASCII and UTF-8 domain names. </h3>
<p> Some background: According to <a href="http://tools.ietf.org/html/rfc6530">RFC 6530</a> and related documents,
<p> Some background: According to <a href="https://tools.ietf.org/html/rfc6530">RFC 6530</a> and related documents,
an internationalized domain name can appear in two forms: the UTF-8
form, and the ASCII (xn--mumble) form. An internationalized address
localpart must be encoded in UTF-8; the RFCs do not define an ASCII
@ -336,7 +336,7 @@ environments</a> </h2>
non-UTF-8 members. Postfix will try to deliver the non-UTF8 subscribers
over "traditional" non-SMTPUTF8 sessions, as long as the message
has an ASCII envelope sender address and all-ASCII header values.
The mailing list manager may have to apply <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a> encoding to
The mailing list manager may have to apply <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encoding to
satisfy that last condition. </p>
<h3> Pre-existing non-ASCII email flows </h3>
@ -352,7 +352,7 @@ if pre-SMTPUTF8 standards do not support such practice. </p>
requires that non-ASCII address information is encoded in UTF-8 and
will reject other encodings such as ISO-8859. It is not practical
for Postfix to support multiple encodings at the same time. There
is no problem with <a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a> encodings such as "=?ISO-8859-1?Q?text?=",
is no problem with <a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a> encodings such as "=?ISO-8859-1?Q?text?=",
because those use only characters from the ASCII characterset. </p>
<h3> Rejecting non-ASCII addresses in non-SMTPUTF8 transactions </h3>

2
postfix/html/SOHO_README.html
View File

@ -191,7 +191,7 @@ discussed the first half of this document. </p>
<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
use a domain name that is already in use by real organizations
on the Internet. See <a href="http://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
on the Internet. See <a href="https://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
names that are guaranteed not to be owned by anyone. </p>
<li> <p> Lines 5, 9, 10: This provides the mapping from

2
postfix/html/STANDARD_CONFIGURATION_README.html
View File

@ -823,7 +823,7 @@ discussed the first half of this document. </p>
<li> <p> Lines 2-3: Substitute your fantasy hostname here. Do not
use a domain name that is already in use by real organizations
on the Internet. See <a href="http://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
on the Internet. See <a href="https://tools.ietf.org/html/rfc2606">RFC 2606</a> for examples of domain
names that are guaranteed not to be owned by anyone. </p>
<li> <p> Lines 5, 9, 10: This provides the mapping from

12
postfix/html/TLS_LEGACY_README.html
View File

@ -33,7 +33,7 @@ encrypted session protects the information that is transmitted with
SMTP mail or with SASL authentication.
<p> Postfix version 2.2 introduces support for TLS as described in
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a>. TLS Support for older Postfix versions was available as
<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a>. TLS Support for older Postfix versions was available as
an add-on patch. The section "<a href="#compat">Compatibility with
Postfix < 2.2 TLS support</a>" below discusses the differences
between these implementations. </p>
@ -425,7 +425,7 @@ private key. This is intended behavior. </p>
<p> You can ENFORCE the use of TLS, so that the Postfix SMTP server
announces STARTTLS and accepts no mail without TLS encryption, by
setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes". According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST
setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes". According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST
NOT be applied in case of a publicly-referenced Postfix SMTP server.
This option is off by default and should only seldom be used. </p>
@ -575,7 +575,7 @@ $<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is l
<p> Cached Postfix SMTP server session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600sec (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
default of 300s, but a longer time of 3600sec (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -949,7 +949,7 @@ $<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is l
<p> Cached Postfix SMTP client session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600s (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
default of 300s, but a longer time of 3600s (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -1004,7 +1004,7 @@ CommonName is checked. Verification may be turned off with the
<p> Enforcing the use of TLS is useful if you know that you will
only
connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that present server
connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that present server
certificates that meet the above requirements. An example would
be a client only sends email to one specific mailhub that offers
the necessary STARTTLS support. </p>
@ -1021,7 +1021,7 @@ the necessary STARTTLS support. </p>
<h3> <a name="client_tls_nopeer"> Disabling server certificate
verification </a> </h3>
<p> As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking for MTA
<p> As of <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking for MTA
clients are not set. When TLS is required (<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes),
the option <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> can be set to "no" to disable
strict remote SMTP server hostname checking. In this case, the mail

42
postfix/html/TLS_README.html
View File

@ -188,8 +188,8 @@ Certificate-less operation is not recommended. <p>
Most sites only have RSA certificates. You can configure all three
at the same time, in which case the ciphersuite negotiated with the
remote SMTP client determines which certificate is used. If your
DNS zone is signed, and you want to publish DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>,
<a href="http://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>) records, these must match all of the configured
DNS zone is signed, and you want to publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>,
<a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) records, these must match all of the configured
certificate chains. Since the best practice is to publish "3 1 1"
certificate associations, create a separate TLSA record to match
each public-key certificate digest. </p>
@ -224,7 +224,7 @@ size of the server TLS handshake. </p>
</pre>
</blockquote>
<li> <p> If you publish DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="http://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>)
<li> <p> If you publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>)
"2 0 1" or "2 1 1" records to specify root CA certificate digests,
you must include the corresponding root CA certificates in the
"server.pem" certificate file. </p>
@ -526,7 +526,7 @@ private key. This is intended behavior. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt". According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this
"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt". According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this
MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
@ -685,9 +685,9 @@ the cost of repeatedly negotiating TLS session keys is high.</p>
<p> Starting with Postfix 2.11, linked with a compatible OpenSSL
library (at least 0.9.8h, preferably 1.0.0 or later) the Postfix
SMTP server supports <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session resumption without
server-side state when the remote SMTP client also supports <a href="http://tools.ietf.org/html/rfc5077">RFC</a>
<a href="http://tools.ietf.org/html/rfc5077">5077</a>. The session is encrypted by the server in a <i>session
SMTP server supports <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session resumption without
server-side state when the remote SMTP client also supports <a href="https://tools.ietf.org/html/rfc5077">RFC</a>
<a href="https://tools.ietf.org/html/rfc5077">5077</a>. The session is encrypted by the server in a <i>session
ticket</i> returned to client for storage. When a client sends a
valid session ticket, the server decrypts it and resumes the session,
provided neither the ticket nor the session have expired. This
@ -720,7 +720,7 @@ Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a
<p> Cached Postfix SMTP server session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600sec (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
default of 300s, but a longer time of 3600sec (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -1273,14 +1273,14 @@ just in case the transport table entries are not specified consistently. </p>
<h4><a name="client_tls_dane">DANE TLS authentication.</a> </h4>
<p> The Postfix SMTP client supports two TLS security levels based
on DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="http://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>) records. The opportunistic
on DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) records. The opportunistic
"dane" level and the mandatory "dane-only" level. </p>
<p> The "dane" level is a stronger form of <a
href="#client_tls_may">opportunistic</a> TLS that is resistant to
man in the middle and downgrade attacks when the destination domain
uses DNSSEC to publish DANE TLSA records for its MX hosts. If a
remote SMTP server has "usable" (see section 3 of <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>) DANE
remote SMTP server has "usable" (see section 3 of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) DANE
TLSA records, the server connection will be authenticated. When
DANE authentication fails, there is no fallback to unauthenticated
or plaintext delivery. </p>
@ -1315,7 +1315,7 @@ be signed and the Postfix SMTP client's operating system must be
configured to send its DNS queries to a recursive DNS nameserver
that is able to validate the signed records. Each MX host's DNS
zone needs to also be signed, and needs to publish DANE TLSA (see
section 3 of <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>) records that specify how that MX host's TLS
section 3 of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) records that specify how that MX host's TLS
certificate is to be verified. </p>
<p> TLSA records do not preempt the normal SMTP MX host
@ -1327,7 +1327,7 @@ see the documentation for the <a href="postconf.5.html#smtp_dns_support_level">s
parameter. The <a href="postconf.5.html#tls_dane_digests">tls_dane_digests</a> parameter controls the list of
supported digests. </p>
<p> As explained in section 3 of <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>, certificate usages "0"
<p> As explained in section 3 of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>, certificate usages "0"
and "1", which are intended to "constrain" existing Web-PKI trust,
are not supported with MTA-to-MTA SMTP. Rather, TLSA records with
usages "0" and "1" are treated as "unusable". </p>
@ -1346,8 +1346,8 @@ records. </p>
security level is treated like a "mandatory" TLS security level,
and weak ciphers and protocols are disabled. Since DANE authenticates
server certificates the "aNULL" cipher-suites are transparently
excluded at this level, no need to configure this manually. <a href="http://tools.ietf.org/html/rfc7672">RFC</a>
<a href="http://tools.ietf.org/html/rfc7672">7672</a> (DANE) TLS authentication is available with Postfix 2.11 and
excluded at this level, no need to configure this manually. <a href="https://tools.ietf.org/html/rfc7672">RFC</a>
<a href="https://tools.ietf.org/html/rfc7672">7672</a> (DANE) TLS authentication is available with Postfix 2.11 and
later. </p>
<p> When a DANE TLSA record specifies a trust-anchor (TA) certificate
@ -1613,7 +1613,7 @@ verification as a default policy. </p>
<p> Mandatory server certificate verification as a default security
level may be appropriate if you know that you will only connect to
servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present verifiable
servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present verifiable
server certificates. An example would be a client that sends all
email to a central mailhub that offers the necessary STARTTLS
support. In such cases, you can often use a <a
@ -1687,7 +1687,7 @@ as a default policy. </p>
<p> Mandatory secure server certificate verification as a default
security level may be appropriate if you know that you will only
connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present
connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> <i>and</i> that present
verifiable server certificates. An example would be a client that
sends all email to a central mailhub that offers the necessary
STARTTLS support. </p>
@ -2102,7 +2102,7 @@ Postfix-owned <a href="postconf.5.html#data_directory">data_directory</a>, and a
<p> Cached Postfix SMTP client session information expires after
a certain amount of time. Postfix/TLS does not use the OpenSSL
default of 300s, but a longer time of 3600s (=1 hour). <a href="http://tools.ietf.org/html/rfc2246">RFC 2246</a>
default of 300s, but a longer time of 3600s (=1 hour). <a href="https://tools.ietf.org/html/rfc2246">RFC 2246</a>
recommends a maximum of 24 hours. </p>
<p> Example: </p>
@ -2177,7 +2177,7 @@ When, as is current practice, the client verifies the insecurely
obtained MX hostname, it is subject to a DNS man-in-the-middle
attack. </p>
<p> Adoption of DNSSEC and <a href="http://tools.ietf.org/html/rfc6698">RFC6698</a> (DANE) may gradually (as domains
<p> Adoption of DNSSEC and <a href="https://tools.ietf.org/html/rfc6698">RFC6698</a> (DANE) may gradually (as domains
implement DNSSEC and publish TLSA records for their MX hosts) address
the DNS man-in-the-middle risk and provide scalable key management
for SMTP with TLS. Postfix &ge; 2.11 supports the new <a
@ -2290,7 +2290,7 @@ found, but none are usable, the effective security level is <a
href="#client_tls_encrypt">encrypt</a>. When usable TLSA records
are obtained for the remote SMTP server, SSLv2+3 are automatically
disabled (see <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>), and the server certificate
must match the TLSA records. <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS authentication
must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS authentication
and DNSSEC support is available with Postfix 2.11 and later. </dd>
<dt><b>dane-only</b></dt> <dd><a href="#client_tls_dane">Mandatory DANE TLS</a>.
@ -2299,7 +2299,7 @@ DNSSEC. If no TLSA records are found, or none are usable, no
connection is made to the server. When usable TLSA records are
obtained for the remote SMTP server, SSLv2+3 are automatically disabled
(see <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>), and the server certificate must
match the TLSA records. <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS authentication and
match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS authentication and
DNSSEC support is available with Postfix 2.11 and later. </dd>
<dt><b>fingerprint</b></dt> <dd><a href="#client_tls_fprint">Certificate
@ -2996,7 +2996,7 @@ receiving and sending mail. It also enables logging of TLS connections
and recording of TLS use in the "Received" header. TLS session
caching is also enabled in the Postfix SMTP client. With Postfix
&ge; 2.10, the SMTP server does not need an explicit session cache
since session reuse is better handled via <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session
since session reuse is better handled via <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session
tickets. </p>
<h3><a name="private-ca">Private Certification Authority</a></h3>

4
postfix/html/XCLIENT_README.html
View File

@ -89,7 +89,7 @@ names are shown in upper case, they are in fact case insensitive.
<ul>
<li> <p> Attribute values are xtext encoded as per <a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>.
<li> <p> Attribute values are xtext encoded as per <a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>.
</p>
<li> <p> The NAME attribute specifies a remote SMTP client
@ -260,7 +260,7 @@ before each MAIL FROM command. </p>
<h2> References </h2>
<p> Moore, K, "SMTP Service Extension for Delivery Status Notifications",
<a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
<a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
</body>

4
postfix/html/XFORWARD_README.html
View File

@ -81,7 +81,7 @@ names are shown in upper case, they are in fact case insensitive.
<ul>
<li> <p> Attribute values are xtext encoded as per <a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>.
<li> <p> Attribute values are xtext encoded as per <a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>.
</p>
<li> <p> The NAME attribute specifies the up-stream hostname,
@ -234,7 +234,7 @@ so there is no risk of information leakage. </p>
<h2> References </h2>
<p> Moore, K, "SMTP Service Extension for Delivery Status Notifications",
<a href="http://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
<a href="https://tools.ietf.org/html/rfc1891">RFC 1891</a>, January 1996. </p>
</body>

4
postfix/html/access.5.html
View File

@ -160,7 +160,7 @@ ACCESS(5) ACCESS(5)
<b>REJECT ACTIONS</b>
Postfix version 2.3 and later support enhanced status codes as defined
in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified at the beginning of the <i>text</i>
in <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>. When no code is specified at the beginning of the <i>text</i>
below, Postfix inserts a default enhanced status code of "5.7.1" in the
case of reject actions, and "4.7.1" in the case of defer actions. See
"ENHANCED STATUS CODES" below.
@ -340,7 +340,7 @@ ACCESS(5) ACCESS(5)
<b>ENHANCED STATUS CODES</b>
Postfix version 2.3 and later support enhanced status codes as defined
in <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status code is specified in an access
in <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>. When an enhanced status code is specified in an access
table, it is subject to modification. The following transformations are
needed when the same access table is used for client, helo, sender, or
recipient access restrictions; they happen regardless of whether Post-

6
postfix/html/aliases.5.html
View File

@ -63,8 +63,8 @@ ALIASES(5) ALIASES(5)
The <i>value</i> contains one or more of the following:
<i>address</i>
Mail is forwarded to <i>address</i>, which is compatible with the <a href="http://tools.ietf.org/html/rfc822">RFC</a>
<a href="http://tools.ietf.org/html/rfc822">822</a> standard.
Mail is forwarded to <i>address</i>, which is compatible with the <a href="https://tools.ietf.org/html/rfc822">RFC</a>
<a href="https://tools.ietf.org/html/rfc822">822</a> standard.
<i>/file/name</i>
Mail is appended to <i>/file/name</i>. See <a href="local.8.html"><b>local</b>(8)</a> for details of
@ -177,7 +177,7 @@ ALIASES(5) ALIASES(5)
while expanding aliases or .forward files.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<a href="local.8.html">local(8)</a>, local delivery agent

20
postfix/html/bounce.8.html
View File

@ -39,16 +39,16 @@ BOUNCE(8) BOUNCE(8)
and that depend on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="http://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

16
postfix/html/cleanup.8.html
View File

@ -62,13 +62,13 @@ CLEANUP(8) CLEANUP(8)
trouble.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -422,7 +422,7 @@ CLEANUP(8) CLEANUP(8)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-

20
postfix/html/defer.8.html
View File

@ -39,16 +39,16 @@ BOUNCE(8) BOUNCE(8)
and that depend on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="http://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

4
postfix/html/discard.8.html
View File

@ -17,7 +17,7 @@ DISCARD(8) DISCARD(8)
the queue manager. Each request specifies a queue file, a sender
address, a next-hop destination that is treated as the reason for dis-
carding the mail, and recipient information. The reason may be pre-
fixed with an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
fixed with an <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code. This program expects to
be run from the <a href="master.8.html"><b>master</b>(8)</a> process manager.
The <a href="discard.8.html"><b>discard</b>(8)</a> delivery agent pretends to deliver all recipients in the
@ -33,7 +33,7 @@ DISCARD(8) DISCARD(8)
the network, and can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

4
postfix/html/error.8.html
View File

@ -17,7 +17,7 @@ ERROR(8) ERROR(8)
the queue manager. Each request specifies a queue file, a sender
address, the reason for non-delivery (specified as the next-hop desti-
nation), and recipient information. The reason may be prefixed with an
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code; if none is specified a default 4.0.0
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-compatible detail code; if none is specified a default 4.0.0
or 5.0.0 code is used instead. This program expects to be run from the
<a href="master.8.html"><b>master</b>(8)</a> process manager.
@ -34,7 +34,7 @@ ERROR(8) ERROR(8)
network, and can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

10
postfix/html/header_checks.5.html
View File

@ -173,7 +173,7 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
Note 1: the BCC address is added as if it was specified with
NOTIFY=NONE. The sender will not be notified when the BCC
address is undeliverable, as long as all down-stream software
implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
Note 2: this ignores duplicate addresses (with the same delivery
status notification options).
@ -376,10 +376,10 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
line at a time. A decision made for one line is not carried over
to the next line.
<b>o</b> If text in the message body is encoded (<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules
<b>o</b> If text in the message body is encoded (<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>) then the rules
need to be specified for the encoded form.
<b>o</b> Likewise, when message headers are encoded (<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the
<b>o</b> Likewise, when message headers are encoded (<a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>) then the
rules need to be specified for the encoded form.
Message headers added by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon itself are excluded from
@ -462,8 +462,8 @@ HEADER_CHECKS(5) HEADER_CHECKS(5)
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table management
<a href="postsuper.1.html">postsuper(1)</a>, Postfix janitor
<a href="postcat.1.html">postcat(1)</a>, show Postfix queue file contents
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules
<a href="http://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a>, base64 and quoted-printable encoding rules
<a href="https://tools.ietf.org/html/rfc2047">RFC 2047</a>, message header encoding for non-ASCII text
<b>README FILES</b>
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview

24
postfix/html/ldap_table.5.html
View File

@ -102,7 +102,7 @@ LDAP_TABLE(5) LDAP_TABLE(5)
timeout = 5
<b>search_base (No default; you must configure this)</b>
The <a href="http://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search, e.g.
The <a href="https://tools.ietf.org/html/rfc2253">RFC2253</a> base DN at which to conduct the search, e.g.
search_base = dc=your, dc=com
@ -111,18 +111,18 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>%%</b> This is replaced by a literal '%' character.
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a> quoting is
<b>%s</b> This is replaced by the input key. <a href="https://tools.ietf.org/html/rfc2253">RFC 2253</a> quoting is
used to make sure that the input key does not add unex-
pected metacharacters.
<b>%u</b> When the input key is an address of the form user@domain,
<b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted local part of the
<b>%u</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted local part of the
address. Otherwise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the search is sup-
pressed and returns no results.
<b>%d</b> When the input key is an address of the form user@domain,
<b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted domain part of
<b>%d</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2253">RFC 2253</a>) quoted domain part of
the address. Otherwise, the search is suppressed and
returns no results.
@ -142,7 +142,7 @@ LDAP_TABLE(5) LDAP_TABLE(5)
pressed and returns no results.
<b>query_filter (default: mailacceptinggeneralid=%s)</b>
The <a href="http://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory, where <b>%s</b> is a
The <a href="https://tools.ietf.org/html/rfc2254">RFC2254</a> filter used to search the directory, where <b>%s</b> is a
substitute for the address Postfix is trying to resolve, e.g.
query_filter = (&amp;(mail=%s)(paid_up=true))
@ -152,18 +152,18 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>%%</b> This is replaced by a literal '%' character. (Postfix 2.2
and later).
<b>%s</b> This is replaced by the input key. <a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a> quoting is
<b>%s</b> This is replaced by the input key. <a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a> quoting is
used to make sure that the input key does not add unex-
pected metacharacters.
<b>%u</b> When the input key is an address of the form user@domain,
<b>%u</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted local part of the
<b>%u</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted local part of the
address. Otherwise, <b>%u</b> is replaced by the entire search
string. If the localpart is empty, the search is sup-
pressed and returns no results.
<b>%d</b> When the input key is an address of the form user@domain,
<b>%d</b> is replaced by the (<a href="http://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted domain part of
<b>%d</b> is replaced by the (<a href="https://tools.ietf.org/html/rfc2254">RFC 2254</a>) quoted domain part of
the address. Otherwise, the search is suppressed and
returns no results.
@ -281,7 +281,7 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>special_result_attribute (default: empty)</b>
The attribute(s) of directory entries that can contain DNs or
<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recursive search is performed to
<a href="https://tools.ietf.org/html/rfc2255">RFC 2255</a> LDAP URLs. If found, a recursive search is performed to
retrieve the entry referenced by the DN, or the entries matched
by the URL query.
@ -295,13 +295,13 @@ LDAP_TABLE(5) LDAP_TABLE(5)
special, leaf or terminal) in the Postfix table definition. If
the URL lists any of the table's special result attributes,
these are retrieved and used recursively. A URL that does not
specify any attribute selection, is equivalent (<a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a
specify any attribute selection, is equivalent (<a href="https://tools.ietf.org/html/rfc2255">RFC 2255</a>) to a
URL that selects all attributes, in which case the selected
attributes will be the full set of result attributes in the
Postfix table.
If an LDAP URL attribute-descriptor or the corresponding Postfix
LDAP table result attribute (but not both) uses <a href="http://tools.ietf.org/html/rfc2255">RFC 2255</a>
LDAP table result attribute (but not both) uses <a href="https://tools.ietf.org/html/rfc2255">RFC 2255</a>
sub-type options ("attr;option"), the attribute requested from
the LDAP server will include the sub-type option. In all other
cases, the URL attribute and the table attribute must match
@ -629,7 +629,7 @@ LDAP_TABLE(5) LDAP_TABLE(5)
ing at port 389 on ldap.example.com. It will bind anonymously, search
for any directory entries whose mailacceptinggeneralid attribute is
"ldapuser", read the "maildrop" attributes of those found, and build a
list of their maildrops, which will be treated as <a href="http://tools.ietf.org/html/rfc822">RFC822</a> addresses to
list of their maildrops, which will be treated as <a href="https://tools.ietf.org/html/rfc822">RFC822</a> addresses to
which the message will be delivered.
<b>OBSOLETE MAIN.CF PARAMETERS</b>

48
postfix/html/lmtp.8.html
View File

@ -141,26 +141,26 @@ SMTP(8) SMTP(8)
low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
<a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
<a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -231,7 +231,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP servers one
@ -635,10 +635,10 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.11-3.1:
<b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
<b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
digests of trust-anchors with certificate usage "2".
Available in Postfix version 2.11 and later:
@ -854,7 +854,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-

6
postfix/html/local.8.html
View File

@ -159,7 +159,7 @@ LOCAL(8) LOCAL(8)
follow the conventions defined in &lt;<b>sysexits.h</b>&gt;. Exit status 0 means
normal successful completion.
Postfix version 2.3 and later support <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a>-style enhanced status
Postfix version 2.3 and later support <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a>-style enhanced status
codes. If a command terminates with a non-zero exit status, and the
command output begins with an enhanced status code, this status code
takes precedence over the non-zero exit status.
@ -279,8 +279,8 @@ LOCAL(8) LOCAL(8)
the <b><a href="postconf.5.html#default_privs">default_privs</a></b> configuration parameter.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

6
postfix/html/master.5.html
View File

@ -122,8 +122,10 @@ MASTER(5) MASTER(5)
This feature is available as of Postfix version 2.5.
<b>Private (default: y)</b>
Whether or not access is restricted to the mail system. Inter-
net (type <b>inet</b>) services can't be private.
Whether a service is internal to Postfix (pathname starts with
<b>private/</b>), or exposed through Postfix command-line tools (path-
name starts with <b>public/</b>). Internet (type <b>inet</b>) services can't
be private.
<b>Unprivileged (default: y)</b>
Whether the service runs with root privileges or as the owner of

4
postfix/html/oqmgr.8.html
View File

@ -133,8 +133,8 @@ OQMGR(8) OQMGR(8)
queue manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>oqmgr</b>(8)</a> daemon is not security sensitive. It reads single-charac-

6
postfix/html/pipe.8.html
View File

@ -121,7 +121,7 @@ PIPE(8) PIPE(8)
command-line <b>$sender</b>, <b>$original_recipient</b> and <b>$recipient</b>
address localparts (text to the left of the right-most <b>@</b>
character), according to an 8-bit transparent version of
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a>. This is recommended for delivery via <b>UUCP</b> or
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a>. This is recommended for delivery via <b>UUCP</b> or
<b>BSMTP</b>.
The result is compatible with the address parsing of com-
@ -306,7 +306,7 @@ PIPE(8) PIPE(8)
<b>${sasl_sender}</b>
This macro expands to the SASL sender name (i.e. the
original submitter as per <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) in the MAIL FROM com-
original submitter as per <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) in the MAIL FROM com-
mand when the Postfix SMTP server received the message.
This feature is available as of Postfix 2.2.
@ -343,7 +343,7 @@ PIPE(8) PIPE(8)
ing.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<b>DIAGNOSTICS</b>
Command exit status codes are expected to follow the conventions

4
postfix/html/postalias.1.html
View File

@ -204,7 +204,7 @@ POSTALIAS(1) POSTALIAS(1)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
@ -219,7 +219,7 @@ POSTALIAS(1) POSTALIAS(1)
The initial OpenLDAP LMDB database size limit in bytes.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE ALSO</b>
<a href="aliases.5.html">aliases(5)</a>, format of alias database input file.

116
postfix/html/postconf.5.html
View File

@ -124,7 +124,7 @@ is hard-coded as "450".
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -143,7 +143,7 @@ an <a href="access.5.html">access(5)</a> map "reject" action.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -828,7 +828,7 @@ that is received by the Postfix mail system.
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
</p>
<p>
@ -1357,7 +1357,7 @@ is placed into the Postfix configuration directory. </p>
<p>
Enable interoperability with remote SMTP clients that implement an obsolete
version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients
version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>). Examples of such clients
are MicroSoft Outlook Express version 4 and MicroSoft Exchange
version 5.0.
</p>
@ -2519,7 +2519,7 @@ address, or Recipient address. </dd>
<a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> configuration parameter. Note: The numerical
SMTP response code is required, and must appear at the start of the
reply. With Postfix version 2.3 and later this information may be followed
by an <a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd>
by an <a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> enhanced status code. </dd>
<dt><b>$rbl_domain</b></dt>
@ -2752,7 +2752,7 @@ client request is rejected by the "defer" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -3014,7 +3014,7 @@ Example:
(default: no)</b></DT><DD>
<p> Enable a workaround for future libc incompatibility. The Postfix
implementation of <a href="http://tools.ietf.org/html/rfc2308">RFC 2308</a> negative reply caching relies on the
implementation of <a href="https://tools.ietf.org/html/rfc2308">RFC 2308</a> negative reply caching relies on the
promise that res_query() and res_search() invoke res_send(), which
returns the server response in an application buffer even if the
requested record does not exist. If this promise is broken, specify
@ -3871,7 +3871,7 @@ address is empty. This is the same behavior as prior to Postfix
3.3. </p>
<li> <p> In the <b>standard</b> form, the <i>name</i> will be quoted
if it contains <b>specials</b> as defined in <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a>, or the "!%"
if it contains <b>specials</b> as defined in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a>, or the "!%"
address operators. </p>
<li> <p> The Postfix <a href="sendmail.1.html">sendmail(1)</a> command gets <i>name</i> information
@ -4126,7 +4126,7 @@ workaround will be phased out as IPv6 deployment becomes more common.
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>), an
<p> On systems that pre-date IPV6_V6ONLY support (<a href="https://tools.ietf.org/html/rfc3493">RFC 3493</a>), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
@ -4137,7 +4137,7 @@ corresponding protocol. </p>
Postfix will look up DNS type A records, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (<a href="http://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p>
IPV6_V6ONLY support (<a href="https://tools.ietf.org/html/rfc3493">RFC 3493</a>). </p>
<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
Postfix will do DNS type AAAA record lookups. </p>
@ -4262,7 +4262,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -5874,7 +5874,7 @@ a neighboring system. </dd>
<dt><b><a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> </b></dt>
<dd> Append the domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a> when the
client is successfully authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH)
client is successfully authenticated via the <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH)
protocol. </dd>
<dt><b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a> </b></dt>
@ -6621,7 +6621,7 @@ client request is blocked by the <a href="postconf.5.html#reject_rbl_client">rej
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -7418,7 +7418,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -9657,7 +9657,7 @@ equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.ht
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
</p>
<p>
@ -9798,7 +9798,7 @@ client request is rejected by the "reject" restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -9937,7 +9937,7 @@ restriction.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -10204,7 +10204,7 @@ in multiple deliveries of the same message to mailing list members.
looking inside quotes. </p>
<p> By default, the Postfix address resolver does not quote the
address localpart as per <a href="http://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or !
address localpart as per <a href="https://tools.ietf.org/html/rfc822">RFC 822</a>, so that additional @ or % or !
operators remain visible. This behavior is safe but it is also
technically incorrect. </p>
@ -10355,7 +10355,7 @@ equals $<a href="postconf.5.html#myorigin">myorigin</a>, $<a href="postconf.5.ht
Note: with Postfix 2.3 and later the BCC address is added as if it
was specified with NOTIFY=NONE. The sender will not be notified
when the BCC address is undeliverable, as long as all down-stream
software implements <a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a>.
software implements <a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a>.
</p>
<p>
@ -11401,7 +11401,7 @@ the CommonName is checked. The behavior may be changed with the
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> option. </p>
<p> This option is useful only if you are definitely sure that you
will only connect to servers that support <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that
will only connect to servers that support <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> _and_ that
provide valid server certificates. Typical use is for clients that
send all their email to a dedicated mailhub. </p>
@ -11848,12 +11848,12 @@ The default time unit is s (seconds).
<p>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
as required
by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart
by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. This includes putting quotes around an address localpart
that ends in ".".
</p>
<p>
The default is to comply with <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to
The default is to comply with <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>. If you have to send mail to
a broken SMTP server, configure a special SMTP client in <a href="master.5.html">master.cf</a>:
</p>
@ -12325,7 +12325,7 @@ Skip remote SMTP servers that greet with a 5XX status code.
<p> By default, the Postfix SMTP client moves on the next mail
exchanger. Specify "<a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> = no" if Postfix should
bounce the mail immediately. Caution: the latter behavior appears
to contradict <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
to contradict <a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a>. </p>
</DD>
@ -12849,7 +12849,7 @@ compiled and linked with OpenSSL 1.0.0 or later. </p>
<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking
certificate. As of <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> the requirements for hostname checking
for MTA clients are not specified. </p>
<p> This option can be set to "no" to disable strict peer name
@ -13475,7 +13475,7 @@ href="TLS_README.html#client_tls_may">may</a>. If TLSA records are
found, but none are usable, the effective security level is <a
href="TLS_README.html#client_tls_encrypt">encrypt</a>. When usable
TLSA records are obtained for the remote SMTP server, the
server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE)
server certificate must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE)
TLS authentication and DNSSEC support is available with Postfix
2.11 and later. The optional "connection_reuse" attribute (Postfix
&ge; 3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter.
@ -13486,7 +13486,7 @@ TLS authentication and DNSSEC support is available with Postfix
obtained via TLSA records in DNSSEC. If no TLSA records are found,
or none are usable, no connection is made to the server. When
usable TLSA records are obtained for the remote SMTP server, the
server certificate must match the TLSA records. <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS
server certificate must match the TLSA records. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE) TLS
authentication and DNSSEC support is available with Postfix 2.11
and later. The optional "connection_reuse" attribute (Postfix &ge;
3.4) overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> parameter.
@ -13780,7 +13780,7 @@ in effect, the destination domain's containing DNS zone must be
signed and the Postfix SMTP client's operating system must be
configured to send its DNS queries to a recursive DNS nameserver
that is able to validate the signed records. Each MX host's DNS
zone should also be signed, and should publish DANE TLSA (<a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>)
zone should also be signed, and should publish DANE TLSA (<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>)
records that specify how that MX host's TLS certificate is to be
verified. TLSA records do not preempt the normal SMTP MX host
selection algorithm, if some MX hosts support TLSA and others do
@ -13795,13 +13795,13 @@ purposes of protocol and cipher selection, the "dane" security level
is treated like a "mandatory" TLS security level, and weak ciphers
and protocols are disabled. Since DANE authenticates server
certificates the "aNULL" cipher-suites are transparently excluded
at this level, no need to configure this manually. <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE)
at this level, no need to configure this manually. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE)
TLS authentication is available with Postfix 2.11 and later. </dd>
<dt><b><a href="TLS_README.html#client_tls_dane">dane-only</a></b></dt>
<dd>Mandatory DANE TLS. This is just like "dane" above, but DANE
TLSA authentication is required. There is no fallback to "may" or
"encrypt" when TLSA records are missing or unusable. <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>
"encrypt" when TLSA records are missing or unusable. <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>
(DANE) TLS authentication is available with Postfix 2.11 and later.
</dd>
@ -13902,7 +13902,7 @@ Examples:
<p> Optional name to send to the remote SMTP server in the TLS Server
Name Indication (SNI) extension. The SNI extension is always on when
DANE is used to authenticate the server, and in that case the SNI name
sent is the one required by <a href="http://tools.ietf.org/html/rfc7672">RFC7672</a> and this parameter is ignored. </p>
sent is the one required by <a href="https://tools.ietf.org/html/rfc7672">RFC7672</a> and this parameter is ignored. </p>
<p> Some SMTP servers use the received SNI name to select an appropriate
certificate chain to present to the client. While this may improve
@ -14018,7 +14018,7 @@ trust-anchor files are used at all, they will be specified on a
per-destination basis via the "tafile" attribute of the "verify"
and "secure" levels in <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>. </p>
<p> The underlying mechanism is in support of <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE TLSA),
<p> The underlying mechanism is in support of <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (DANE TLSA),
which defines mechanisms for an SMTP client MTA to securely determine
server TLS certificates via DNS. </p>
@ -14730,7 +14730,7 @@ network or network address listed in $<a href="postconf.5.html#mynetworks">myne
<dt><b><a name="permit_sasl_authenticated">permit_sasl_authenticated</a></b></dt>
<dd> Permit the request when the client is successfully
authenticated via the <a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd>
authenticated via the <a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH) protocol. </dd>
<dt><b><a name="permit_tls_all_clientcerts">permit_tls_all_clientcerts</a></b></dt>
@ -15262,7 +15262,7 @@ restriction lists" for a discussion of evaluation context and time.
(default: no)</b></DT><DD>
<p> Mandatory TLS: announce STARTTLS support to remote SMTP clients,
and require that clients use TLS encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a>
and require that clients use TLS encryption. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a>
this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is therefore off by default. </p>
@ -16797,7 +16797,7 @@ releases it was called <b><a href="postconf.5.html#smtpd_sasl_application_name">
When the client's "initial response" is longer than the normal limit for
SMTP commands, the client must omit its initial response, and wait for an
empty server challenge; it can then send what would have been its "initial
response" as a response to the empty server challenge. <a href="http://tools.ietf.org/html/rfc4954">RFC4954</a> requires the
response" as a response to the empty server challenge. <a href="https://tools.ietf.org/html/rfc4954">RFC4954</a> requires the
server to accept client responses up to at least 12288 octets of
base64-encoded text. The default value is therefore also the minimum value
accepted for this parameter.</p>
@ -18321,7 +18321,7 @@ to remote SMTP clients, but do not require that clients use TLS encryption.
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to remote SMTP clients, and require that clients use TLS
encryption. According to <a href="http://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
encryption. According to <a href="https://tools.ietf.org/html/rfc2487">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers. </dd>
@ -18372,7 +18372,7 @@ under a non-Postfix directory is redirected to the Postfix-owned
<a href="postconf.5.html#data_directory">data_directory</a>, and a warning is logged. </p>
<p> As of Postfix 2.11 the preferred mechanism for session resumption
is <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
is <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
storage. Consequently, for Postfix &ge; 2.11 this parameter should
generally be left empty. TLS session tickets require an OpenSSL
library (at least version 0.9.8h) that provides full support for
@ -18401,7 +18401,7 @@ are not possible. </p>
<p> As of Postfix 2.11 this setting cannot exceed 100 days. If set
&le; 0, session caching is disabled, not just via the database, but
also via <a href="http://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
also via <a href="https://tools.ietf.org/html/rfc5077">RFC 5077</a> TLS session tickets, which don't require server-side
storage. If set to a positive value less than 2 minutes, the minimum
value of 2 minutes is used instead. TLS session tickets require
an OpenSSL library (at least version 0.9.8h) that provides full
@ -18540,7 +18540,7 @@ mail. </dd>
(default: yes)</b></DT><DD>
<p> Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. This requires that Postfix is built to support
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533. This requires that Postfix is built to support
these protocols. </p>
<p> This feature is available in Postfix 3.0 and later. </p>
@ -18708,12 +18708,12 @@ This feature is available in Postfix 2.0 and later.
<p>
Require that addresses received in SMTP MAIL FROM and RCPT TO
commands are enclosed with &lt;&gt;, and that those addresses do
not contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail
not contain <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases. This stops mail
from poorly written software.
</p>
<p>
By default, the Postfix SMTP server accepts <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL
By default, the Postfix SMTP server accepts <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> syntax in MAIL
FROM and RCPT TO addresses.
</p>
@ -18891,10 +18891,10 @@ bytes (equivalent to 256 bits) is sufficient to generate a 128bit
<DT><b><a name="tls_dane_digest_agility">tls_dane_digest_agility</a>
(default: on)</b></DT><DD>
<p> Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
<p> Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
Do not change this setting from its default value. </p>
<p> See Section 8 of <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> for correct key rotation procedures. </p>
<p> See Section 8 of <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> for correct key rotation procedures. </p>
<p> This feature is available in Postfix 2.11 through 3.1. Postfix
3.2 and later ignore this configuration parameter and behave as
@ -18906,7 +18906,7 @@ though it were set to "on". </p>
<DT><b><a name="tls_dane_digests">tls_dane_digests</a>
(default: sha512 sha256)</b></DT><DD>
<p> DANE TLSA (<a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="http://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a>) resource-record "matching
<p> DANE TLSA (<a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, <a href="https://tools.ietf.org/html/rfc7671">RFC 7671</a>, <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a>) resource-record "matching
type" digest algorithms in descending preference order. All the
specified algorithms must be supported by the underlying OpenSSL
library, otherwise the Postfix SMTP client will not support DANE
@ -18929,7 +18929,7 @@ ignored with a warning. </p>
<p> Note: It is unwise to omit sha256 from the digest list. This
digest algorithm is the only mandatory to implement digest algorithm
in <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected publish TLSA records
in <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a>, and many servers are expected publish TLSA records
with just sha256 digests. Unless one of the standard digests is
seriously compromised and servers have had ample time to update their
TLSA records you should not omit any standard digests, just arrange
@ -18943,7 +18943,7 @@ them in order from strongest to weakest. </p>
<DT><b><a name="tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a>
(default: yes)</b></DT><DD>
<p> Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
<p> Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
digests of trust-anchors with certificate usage "2". Do not change
this setting from its default value. </p>
@ -19047,15 +19047,15 @@ be using 0.9.6! </dd>
SMTP client and server. These curves are used by the Postfix SMTP
server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = auto". The selected curves
must be implemented by OpenSSL and be standardized for use in TLS
(<a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a> or its imminent successor). It is unwise to list only
(<a href="https://tools.ietf.org/html/rfc4492">RFC 4492</a> or its imminent successor). It is unwise to list only
"bleeding-edge" curves supported by a small subset of clients. The
default list is suitable for most users. </p>
<p> Postfix skips curve names that are unknown to OpenSSL, or that
are known but not yet implemented. This makes it possible to
"anticipate" support for curves that should be used once they become
available. In particular, in some OpenSSL versions, the new <a href="http://tools.ietf.org/html/rfc8031">RFC</a>
<a href="http://tools.ietf.org/html/rfc8031">8031</a> curves "X25519" and "X448" may be known by name, but ECDH
available. In particular, in some OpenSSL versions, the new <a href="https://tools.ietf.org/html/rfc8031">RFC</a>
<a href="https://tools.ietf.org/html/rfc8031">8031</a> curves "X25519" and "X448" may be known by name, but ECDH
support for either or both may be missing. These curves may appear
in the default value of this parameter, even though they'll only
be usable with later versions of OpenSSL. </p>
@ -19077,7 +19077,7 @@ server when "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_gra
strong" means approximately 128-bit security based on best known
attacks. The selected curve must be implemented by OpenSSL (as
reported by ecparam(1) with the "-list_curves" option) and be one
of the curves listed in Section 5.1.1 of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not
of the curves listed in Section 5.1.1 of <a href="https://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not
generally change this setting. Remote SMTP client implementations
must support this curve for EECDH key exchange to take place. It
is unwise to choose an "bleeding-edge" curve supported by only a
@ -19122,7 +19122,7 @@ This additional strength comes at a significant computational cost, most
users should instead set "<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a> = strong". The selected
curve must be implemented by OpenSSL (as reported by ecparam(1) with the
"-list_curves" option) and be one of the curves listed in Section 5.1.1
of <a href="http://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p>
of <a href="https://tools.ietf.org/html/rfc4492">RFC 4492</a>. You should not generally change this setting. </p>
<p> This default "ultra" curve is rated in NSA <a
href="https://web.archive.org/web/20160330034144/https://www.nsa.gov/ia/programs/suiteb_cryptography/">Suite
@ -19472,7 +19472,7 @@ listed before the corresponding certificates. </p>
<DT><b><a name="tls_session_ticket_cipher">tls_session_ticket_cipher</a>
(default: Postfix &ge; 3.0: aes-256-cbc, Postfix &lt; 3.0: aes-128-cbc)</b></DT><DD>
<p> Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets. This
<p> Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets. This
algorithm must use CBC mode, have a 128-bit block size, and must
have a key length between 128 and 256 bits. The default is
aes-256-cbc. Overriding the default to choose a different algorithm
@ -20627,7 +20627,7 @@ is one of the possible replies from the restrictions
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -20660,7 +20660,7 @@ with 450 when the mapping failed due to a temporary error condition.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -20691,7 +20691,7 @@ specified with the HELO or EHLO command is rejected by the
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
@ -20791,7 +20791,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -20815,7 +20815,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -20873,7 +20873,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>
@ -20897,7 +20897,7 @@ accept the address anyway.
</p>
<p>
Do not change this unless you have a complete understanding of <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
Do not change this unless you have a complete understanding of <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
</p>
<p>

8
postfix/html/postmap.1.html
View File

@ -47,7 +47,7 @@ POSTMAP(1) POSTMAP(1)
will store the base64-encoded result instead of the <i>value</i>.
When the <i>key</i> specifies email address information, the localpart should
be enclosed with double quotes if required by <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a>. For example, an
be enclosed with double quotes if required by <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a>. For example, an
address localpart that contains ";", or a localpart that starts or ends
with ".".
@ -62,7 +62,7 @@ POSTMAP(1) POSTMAP(1)
<b>COMMAND-LINE ARGUMENTS</b>
<b>-b</b> Enable message body query mode. When reading lookup keys from
standard input with "<b>-q -</b>", process the input as if it is an
email message in <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> format. Each line of body content
email message in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> format. Each line of body content
becomes one lookup key.
By default, the <b>-b</b> option starts generating lookup keys at the
@ -107,7 +107,7 @@ POSTMAP(1) POSTMAP(1)
<b>-h</b> Enable message header query mode. When reading lookup keys from
standard input with "<b>-q -</b>", process the input as if it is an
email message in <a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> format. Each logical header line
email message in <a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> format. Each logical header line
becomes one lookup key. A multi-line header becomes one lookup
key with one or more embedded newline characters.
@ -276,7 +276,7 @@ POSTMAP(1) POSTMAP(1)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.

6
postfix/html/postqueue.1.html
View File

@ -87,8 +87,8 @@ POSTQUEUE(1) POSTQUEUE(1)
<b>-s</b> <i>site</i>
Schedule immediate delivery of all mail that is queued for the
named <i>site</i>. A numerical site must be specified as a valid <a href="http://tools.ietf.org/html/rfc5321">RFC</a>
<a href="http://tools.ietf.org/html/rfc5321">5321</a> address literal enclosed in [], just like in email
named <i>site</i>. A numerical site must be specified as a valid <a href="https://tools.ietf.org/html/rfc5321">RFC</a>
<a href="https://tools.ietf.org/html/rfc5321">5321</a> address literal enclosed in [], just like in email
addresses. The site must be eligible for the "fast flush" ser-
vice. See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast flush"
service.
@ -156,7 +156,7 @@ POSTQUEUE(1) POSTQUEUE(1)
it can connect to Postfix daemon processes.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc7159">RFC 7159</a> (JSON notation)
<a href="https://tools.ietf.org/html/rfc7159">RFC 7159</a> (JSON notation)
<b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>, and to the standard

28
postfix/html/postscreen.8.html
View File

@ -55,20 +55,20 @@ POSTSCREEN(8) POSTSCREEN(8)
fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
Not: <a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol, including multi-line 220 banners)
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
<a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="https://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
<a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="https://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
<a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
Not: <a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME)
<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol, including multi-line 220 banners)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

4
postfix/html/qmgr.8.html
View File

@ -138,8 +138,8 @@ QMGR(8) QMGR(8)
queue manager of the arrival of new mail one would request <b>I</b>.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<b>SECURITY</b>
The <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon is not security sensitive. It reads single-character

2
postfix/html/qmqpd.8.html
View File

@ -60,7 +60,7 @@ QMQPD(8) QMQPD(8)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-

2
postfix/html/smtp-sink.1.html
View File

@ -269,7 +269,7 @@ SMTP-SINK(1) SMTP-SINK(1)
dom portion of the per-message capture file name.
<i>time-stamp</i>
A time stamp as defined in <a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a>.
A time stamp as defined in <a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a>.
<b>SEE ALSO</b>
<a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message generator

48
postfix/html/smtp.8.html
View File

@ -141,26 +141,26 @@ SMTP(8) SMTP(8)
low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="http://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc1651">RFC 1651</a> (SMTP service extensions)
<a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message Size Declaration)
<a href="https://tools.ietf.org/html/rfc2033">RFC 2033</a> (LMTP protocol)
<a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP Enhanced Error Codes)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (MIME: Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2046">RFC 2046</a> (MIME: Media Types)
<a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP Pipelining)
<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN Extension)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -231,7 +231,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO
commands as required by <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a>.
commands as required by <a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a>.
<b><a href="postconf.5.html#smtp_reply_filter">smtp_reply_filter</a> (empty)</b>
A mechanism to transform replies from remote SMTP servers one
@ -635,10 +635,10 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.11-3.1:
<b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
<b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
digests of trust-anchors with certificate usage "2".
Available in Postfix version 2.11 and later:
@ -854,7 +854,7 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
Detect that a message requires SMTPUTF8 support for the speci-

54
postfix/html/smtpd.8.html
View File

@ -40,27 +40,27 @@ SMTPD(8) SMTPD(8)
chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
<a href="http://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="http://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
<a href="http://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message size declaration)
<a href="http://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
<a href="http://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP enhanced status codes)
<a href="http://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP pipelining)
<a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME)
<a href="http://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="http://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN extension)
<a href="http://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="http://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types)
<a href="http://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission)
<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
<a href="https://tools.ietf.org/html/rfc821">RFC 821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc1123">RFC 1123</a> (Host requirements)
<a href="https://tools.ietf.org/html/rfc1652">RFC 1652</a> (8bit-MIME transport)
<a href="https://tools.ietf.org/html/rfc1869">RFC 1869</a> (SMTP service extensions)
<a href="https://tools.ietf.org/html/rfc1870">RFC 1870</a> (Message size declaration)
<a href="https://tools.ietf.org/html/rfc1985">RFC 1985</a> (ETRN command)
<a href="https://tools.ietf.org/html/rfc2034">RFC 2034</a> (SMTP enhanced status codes)
<a href="https://tools.ietf.org/html/rfc2554">RFC 2554</a> (AUTH command)
<a href="https://tools.ietf.org/html/rfc2821">RFC 2821</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc2920">RFC 2920</a> (SMTP pipelining)
<a href="https://tools.ietf.org/html/rfc3030">RFC 3030</a> (CHUNKING without BINARYMIME)
<a href="https://tools.ietf.org/html/rfc3207">RFC 3207</a> (STARTTLS command)
<a href="https://tools.ietf.org/html/rfc3461">RFC 3461</a> (SMTP DSN extension)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced status codes)
<a href="https://tools.ietf.org/html/rfc3848">RFC 3848</a> (ESMTP transmission types)
<a href="https://tools.ietf.org/html/rfc4409">RFC 4409</a> (Message submission)
<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a> (AUTH command)
<a href="https://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -84,7 +84,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable interoperability with remote SMTP clients that implement
an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
an obsolete version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>).
<b><a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a> (no)</b>
Disable the SMTP VRFY command.
@ -97,7 +97,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#strict_rfc821_envelopes">strict_rfc821_envelopes</a> (no)</b>
Require that addresses received in SMTP MAIL FROM and RCPT TO
commands are enclosed with &lt;&gt;, and that those addresses do not
contain <a href="http://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases.
contain <a href="https://tools.ietf.org/html/rfc822">RFC 822</a> style comments or phrases.
Available in Postfix version 2.1 and later:
@ -350,14 +350,14 @@ SMTPD(8) SMTPD(8)
ture.
<b>SASL AUTHENTICATION CONTROLS</b>
Postfix SASL support (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
Postfix SASL support (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>) can be used to authenticate remote SMTP
clients to the Postfix SMTP server, and to authenticate the Postfix
SMTP client to a remote SMTP server. See the <a href="SASL_README.html">SASL_README</a> document for
details.
<b><a href="postconf.5.html#broken_sasl_auth_clients">broken_sasl_auth_clients</a> (no)</b>
Enable interoperability with remote SMTP clients that implement
an obsolete version of the AUTH command (<a href="http://tools.ietf.org/html/rfc4954">RFC 4954</a>).
an obsolete version of the AUTH command (<a href="https://tools.ietf.org/html/rfc4954">RFC 4954</a>).
<b><a href="postconf.5.html#smtpd_sasl_auth_enable">smtpd_sasl_auth_enable</a> (no)</b>
Enable SASL authentication in the Postfix SMTP server.
@ -601,7 +601,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> &gt;<b>= 3.0: aes-256-cbc, Postfix</b> &lt; <b>3.0:</b>
<b>aes-128-cbc)</b>
Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
Available in Postfix version 3.2 and later:
@ -654,7 +654,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> (no)</b>
Enable stricter enforcement of the SMTPUTF8 protocol.

6
postfix/html/tlsproxy.8.html
View File

@ -111,10 +111,10 @@ TLSPROXY(8) TLSPROXY(8)
Available in Postfix version 2.11-3.1:
<b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
Configure <a href="https://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
<b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
Enable support for <a href="https://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
digests of trust-anchors with certificate usage "2".
Available in Postfix version 2.11 and later:
@ -126,7 +126,7 @@ TLSPROXY(8) TLSPROXY(8)
<b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> &gt;<b>= 3.0: aes-256-cbc, Postfix</b> &lt; <b>3.0:</b>
<b>aes-128-cbc)</b>
Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
Algorithm used to encrypt <a href="https://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
<b><a href="postconf.5.html#openssl_path">openssl_path</a> (openssl)</b>
The location of the OpenSSL command line program <b>openssl</b>(1).

20
postfix/html/trace.8.html
View File

@ -39,16 +39,16 @@ BOUNCE(8) BOUNCE(8)
and that depend on retry logic in their own client.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="http://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="http://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="http://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<a href="http://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="http://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
<a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc2045">RFC 2045</a> (Format of Internet Message Bodies)
<a href="https://tools.ietf.org/html/rfc2822">RFC 2822</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc3462">RFC 3462</a> (Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc3834">RFC 3834</a> (Auto-Submitted: message header)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a> (Internationalized Message Format)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.

2
postfix/html/virtual.8.html
View File

@ -118,7 +118,7 @@ VIRTUAL(8) VIRTUAL(8)
fatal error.
<b>STANDARDS</b>
<a href="http://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<a href="https://tools.ietf.org/html/rfc822">RFC 822</a> (ARPA Internet Text Messages)
<b>DIAGNOSTICS</b>
Mail bounces when the recipient has no mailbox or when the recipient is

4
postfix/man/man5/master.5
View File

@ -123,7 +123,9 @@ implemented with streams sockets.
This feature is available as of Postfix version 2.5.
.RE
.IP "\fBPrivate (default: y)\fR"
Whether or not access is restricted to the mail system.
Whether a service is internal to Postfix (pathname starts
with \fBprivate/\fR), or exposed through Postfix command\-line
tools (pathname starts with \fBpublic/\fR).
Internet (type \fBinet\fR) services can't be private.
.IP "\fBUnprivileged (default: y)\fR"
Whether the service runs with root privileges or as the

2
postfix/mantools/postlink
View File

@ -1160,7 +1160,7 @@ while (<>) {
if (!/href=/) { s/(https?:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/; }
s/(ftp:\/\/[^ ,"\(\)]*[^ ,"\(\):;!?.])/<a href="$1">$1<\/a>/;
s/\bRFC\s*([1-9]\d*)/<a href="http:\/\/tools.ietf.org\/html\/rfc$1">$&<\/a>/g;
s/\bRFC\s*([1-9]\d*)/<a href="https:\/\/tools.ietf.org\/html\/rfc$1">$&<\/a>/g;
# Split README/RFC/parameter/restriction hyperlinks that span line breaks

4
postfix/proto/master
View File

@ -117,7 +117,9 @@
# This feature is available as of Postfix version 2.5.
# .RE
# .IP "\fBPrivate (default: y)\fR"
# Whether or not access is restricted to the mail system.
# Whether a service is internal to Postfix (pathname starts
# with \fBprivate/\fR), or exposed through Postfix command-line
# tools (pathname starts with \fBpublic/\fR).
# Internet (type \fBinet\fR) services can't be private.
# .IP "\fBUnprivileged (default: y)\fR"
# Whether the service runs with root privileges or as the

1
postfix/src/global/Makefile.in
View File

@ -1941,6 +1941,7 @@ mail_params.o: ../../include/vbuf.h
mail_params.o: ../../include/vstream.h
mail_params.o: ../../include/vstring.h
mail_params.o: ../../include/vstring_vstream.h
mail_params.o: config_known_tcp_ports.h
mail_params.o: compat_level.h
mail_params.o: mail_conf.h
mail_params.o: mail_params.c

2
postfix/src/global/config_known_tcp_ports.c
View File

@ -58,6 +58,8 @@ void config_known_tcp_ports(const char *source, const char *settings)
ARGV *association;
char **cpp;
clear_known_tcp_ports();
/*
* The settings is in the form of associations separated by comma. Split
* it into separate associations.

6
postfix/src/global/mail_params.c
View File

@ -237,6 +237,7 @@
#include <own_inet_addr.h>
#include <mail_params.h>
#include <compat_level.h>
#include <config_known_tcp_ports.h>
/*
* Special configuration variables.
@ -922,6 +923,11 @@ void mail_params_init()
#endif
util_utf8_enable = var_smtputf8_enable;
/*
* Configure the known TCP port mappings.
*/
config_known_tcp_ports(VAR_KNOWN_TCP_PORTS, var_known_tcp_ports);
/*
* What protocols should we attempt to support? The result is stored in
* the global inet_proto_table variable.

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20211002"
#define MAIL_RELEASE_DATE "20211022"
#define MAIL_VERSION_NUMBER "3.7"
#ifdef SNAPSHOT

6
postfix/src/posttls-finger/posttls-finger.c
View File

@ -1490,12 +1490,14 @@ static char *parse_destination(char *destination, char *def_service,
/*
* Convert service to port number, network byte order.
*/
service = (char *) filter_known_tcp_port(service);
if (alldig(service)) {
if ((port = atoi(service)) >= 65536 || port == 0)
msg_fatal("bad network port in destination: %s", destination);
msg_fatal("bad network port: %s for destination: %s",
service, destination);
*portp = htons(port);
} else {
if ((sp = getservbyname(filter_known_tcp_port(service), protocol)) != 0)
if ((sp = getservbyname(service, protocol)) != 0)
*portp = sp->s_port;
else if (strcmp(service, "smtp") == 0)
*portp = htons(25);

6
postfix/src/smtp/smtp_connect.c
View File

@ -356,12 +356,14 @@ static char *smtp_parse_destination(char *destination, char *def_service,
/*
* Convert service to port number, network byte order.
*/
service = (char *) filter_known_tcp_port(service);
if (alldig(service)) {
if ((port = atoi(service)) >= 65536 || port == 0)
msg_fatal("bad network port in destination: %s", destination);
msg_fatal("bad network port: %s for destination: %s",
service, destination);
*portp = htons(port);
} else {
if ((sp = getservbyname(filter_known_tcp_port(service), protocol)) == 0)
if ((sp = getservbyname(service, protocol)) == 0)
msg_fatal("unknown service: %s/%s", service, protocol);
*portp = sp->s_port;
}

12
postfix/src/util/Makefile.in
View File

@ -140,7 +140,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \
valid_utf8_string ip_match base32_code msg_rate_delay netstring \
vstream timecmp dict_cache midna_domain casefold strcasecmp_utf8 \
vbuf_print split_qnameval vstream msg_logger byte_mask \
known_tcp_ports dict_stream
known_tcp_ports dict_stream find_inet
PLUGIN_MAP_SO = $(LIB_PREFIX)pcre$(LIB_SUFFIX)
LIB_DIR = ../../lib
@ -472,6 +472,11 @@ sane_basename: $(LIB)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
mv junk $@.o
find_inet: $(LIB)
mv $@.o junk
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS)
mv junk $@.o
stream_test: stream_test.c $(LIB)
$(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(SYSLIBS)
@ -1010,6 +1015,11 @@ dict_inline_cidr_test: dict_open dict_inline_cidr.ref
diff dict_inline_cidr.ref dict_inline_cidr.tmp
rm -f dict_inline_cidr.tmp
find_inet_test: find_inet find_inet.ref
$(SHLIB_ENV) ${VALGRIND} ./find_inet >find_inet.tmp 2>&1
diff find_inet.ref find_inet.tmp
rm -f find_inet.tmp
depend: $(MAKES)
(sed '1,/^# do not edit/!d' Makefile.in; \
set -e; for i in [a-z][a-z0-9]*.c; do \

158
postfix/src/util/find_inet.c
View File

@ -35,6 +35,11 @@
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
/*--*/
/* System libraries. */
@ -58,6 +63,12 @@
#define INADDR_NONE 0xffffffff
#endif
#ifdef TEST
extern NORETURN PRINTFLIKE(1, 2) test_msg_fatal(const char *,...);
#define msg_fatal test_msg_fatal
#endif
/* find_inet_addr - translate numerical or symbolic host name */
unsigned find_inet_addr(const char *host)
@ -85,13 +96,158 @@ int find_inet_port(const char *service, const char *protocol)
struct servent *sp;
int port;
service = filter_known_tcp_port(service);
if (alldig(service) && (port = atoi(service)) != 0) {
if (port < 0 || port > 65535)
msg_fatal("bad port number: %s", service);
return (htons(port));
} else {
if ((sp = getservbyname(filter_known_tcp_port(service), protocol)) == 0)
if ((sp = getservbyname(service, protocol)) == 0)
msg_fatal("unknown service: %s/%s", service, protocol);
return (sp->s_port);
}
}
#ifdef TEST
#include <stdlib.h>
#include <setjmp.h>
#include <string.h>
#include <vstream.h>
#include <vstring.h>
#include <msg_vstream.h>
#define STR(x) vstring_str(x)
/* TODO(wietse) make this a proper VSTREAM interface */
/* vstream_swap - kludge to capture output for testing */
static void vstream_swap(VSTREAM *one, VSTREAM *two)
{
VSTREAM save;
save = *one;
*one = *two;
*two = save;
}
jmp_buf test_fatal_jbuf;
#undef msg_fatal
/* test_msg_fatal - does not return, and does not terminate */
void test_msg_fatal(const char *fmt,...)
{
va_list ap;
va_start(ap, fmt);
vmsg_warn(fmt, ap);
va_end(ap);
longjmp(test_fatal_jbuf, 1);
}
struct association {
const char *lhs; /* service name */
const char *rhs; /* service port */
};
struct test_case {
const char *label; /* identifies test case */
struct association associations[10];
const char *service;
const char *proto;
const char *exp_warning; /* expected error */
int exp_hport; /* expected port, host byte order */
};
struct test_case test_cases[] = {
{"good-symbolic",
/* association */ {{"foobar", "25252"}, 0},
/* service */ "foobar",
/* proto */ "tcp",
/* exp_warning */ "",
/* exp_hport */ 25252,
},
{"good-numeric",
/* association */ {{"foobar", "25252"}, 0},
/* service */ "25252",
/* proto */ "tcp",
/* exp_warning */ "",
/* exp_hport */ 25252,
},
{"bad-symbolic",
/* association */ {{"foobar", "25252"}, 0},
/* service */ "an-impossible-name",
/* proto */ "tcp",
/* exp_warning */ "find_inet: warning: unknown service: an-impossible-name/tcp\n",
},
{"bad-numeric",
/* association */ {{"foobar", "25252"}, 0},
/* service */ "123456",
/* proto */ "tcp",
/* exp_warning */ "find_inet: warning: bad port number: 123456\n",
},
};
int main(int argc, char **argv) {
struct test_case *tp;
struct association *ap;
int pass = 0;
int fail = 0;
const char *err;
int test_failed;
int nport;
VSTRING *msg_buf;
VSTREAM *memory_stream;
msg_vstream_init("find_inet", VSTREAM_ERR);
msg_buf = vstring_alloc(100);
for (tp = test_cases; tp->label != 0; tp++) {
test_failed = 0;
VSTRING_RESET(msg_buf);
VSTRING_TERMINATE(msg_buf);
clear_known_tcp_ports();
for (err = 0, ap = tp->associations; err == 0 && ap->lhs != 0; ap++)
err = add_known_tcp_port(ap->lhs, ap->rhs);
if (err != 0) {
msg_warn("test case %s: got err: \"%s\"", tp->label, err);
test_failed = 1;
} else {
if ((memory_stream = vstream_memopen(msg_buf, O_WRONLY)) == 0)
msg_fatal("open memory stream: %m");
vstream_swap(VSTREAM_ERR, memory_stream);
if (setjmp(test_fatal_jbuf) == 0)
nport = find_inet_port(tp->service, tp->proto);
vstream_swap(memory_stream, VSTREAM_ERR);
if (vstream_fclose(memory_stream))
msg_fatal("close memory stream: %m");
if (strcmp(STR(msg_buf), tp->exp_warning) != 0) {
msg_warn("test case %s: got error: \"%s\", want: \"%s\"",
tp->label, STR(msg_buf), tp->exp_warning);
test_failed = 1;
} else if (tp->exp_warning[0] == 0) {
if (ntohs(nport) != tp->exp_hport) {
msg_warn("test case %s: got port \"%d\", want: \"%d\"",
tp->label, ntohs(nport), tp->exp_hport);
test_failed = 1;
}
}
}
if (test_failed) {
msg_info("%s: FAIL", tp->label);
fail++;
} else {
msg_info("%s: PASS", tp->label);
pass++;
}
}
msg_info("PASS=%d FAIL=%d", pass, fail);
vstring_free(msg_buf);
exit(fail != 0);
}
#endif

5
postfix/src/util/find_inet.ref Normal file
View File

@ -0,0 +1,5 @@
find_inet: good-symbolic: PASS
find_inet: good-numeric: PASS
find_inet: bad-symbolic: PASS
find_inet: bad-numeric: PASS
find_inet: PASS=4 FAIL=0

22
postfix/src/util/myaddrinfo.c
View File

@ -179,6 +179,11 @@
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* Google, Inc.
/* 111 8th Avenue
/* New York, NY 10011, USA
/*--*/
/* System library. */
@ -271,6 +276,7 @@ static int find_service(const char *service, int socktype)
const char *proto;
unsigned port;
service = filter_known_tcp_port(service);
if (alldig(service)) {
port = atoi(service);
return (port < 65536 ? htons(port) : -1);
@ -282,7 +288,7 @@ static int find_service(const char *service, int socktype)
} else {
return (-1);
}
if ((sp = getservbyname(filter_known_tcp_port(service), proto)) != 0) {
if ((sp = getservbyname(service, proto)) != 0) {
return (sp->s_port);
} else {
return (-1);
@ -445,7 +451,12 @@ int hostname_to_sockaddr_pf(const char *hostname, int pf,
}
#endif
}
err = getaddrinfo(hostname, filter_known_tcp_port(service), &hints, res);
if (service) {
service = filter_known_tcp_port(service);
if (alldig(service))
hints.ai_flags |= AI_NUMERICSERV;
}
err = getaddrinfo(hostname, service, &hints, res);
#if defined(BROKEN_AI_NULL_SERVICE)
if (service == 0 && err == 0) {
struct addrinfo *r;
@ -561,7 +572,12 @@ int hostaddr_to_sockaddr(const char *hostaddr, const char *service,
}
#endif
}
err = getaddrinfo(hostaddr, filter_known_tcp_port(service), &hints, res);
if (service) {
service = filter_known_tcp_port(service);
if (alldig(service))
hints.ai_flags |= AI_NUMERICSERV;
}
err = getaddrinfo(hostaddr, service, &hints, res);
#if defined(BROKEN_AI_NULL_SERVICE)
if (service == 0 && err == 0) {
struct addrinfo *r;