Forward secrecy does not protect against active attacks such +as forged DNS replies or forged TLS server certificates. If such +attacks are a concern, then the SMTP client will need to authenticate +the remote SMTP server in a sufficiently-secure manner. For example, +by the fingerprint of the public key or certificate. Conventional +PKI relies on many trusted parties and is easily subverted by a +state-funded adversary.
+Postfix supports forward secrecy of TLS network communication @@ -55,13 +65,6 @@ all past traffic is generally infeasible, and even recovery of individual sessions may be infeasible given a sufficiently-strong key agreement method.
-Forward secrecy protects network communication in the absence -of active attacks, i.e. no forged DNS replies, and no forged TLS -server certificates. If active attacks are a concern, then you will -need to authenticate the remote SMTP server in a secure manner. -For example, by the fingerprint of the public key or certificate. -Conventional PKI relies on too many trusted parties.
-Topics covered in this document:
The key-exchange algorithms used for forward secrecy require the TLS server to designate appropriate "parameters" consisting of a mathematical "group" and an element of that group called a "generator". -There are two flavors of "groups" that work with PFS:
+Presently, there are two flavors of "groups" that work with PFS:Prime-field groups (EDH): The server needs to be +configured with a suitably-large prime and a corresponding "generator". +The acronym for forward secrecy over prime fields is EDH or Ephemeral +Diffie-Hellman (sometimes also abbreviated as DHE).
-Elliptic-curve groups (EECDH): The server needs +to be configured with a "named curve". These offer better security +at lower computational cost than prime field groups, but are not +as widely implemented. The acronym for the elliptic curve version +is EECDH which is short for Ephemeral Elliptic Curve Diffie-Hellman. +
The acronym for forward secrecy over prime fields is EDH or -Ephemeral Diffie-Hellman (sometimes also abbreviated as DHE). The -acronym for the elliptic curve version is EECDH which is short for -Ephemeral Elliptic Curve Diffie-Hellman.
-It is not essential to know what these are, but one does need to know that OpenSSL only supports EECDH as of version 1.0.0. Thus the configuration parameters related to Elliptic Curve forward secrecy @@ -156,8 +166,6 @@ the main.cf setting "Forward Secrecy in the Postfix SMTP Client
The Postfix ≥ 2.2 SMTP client supports forward secrecy in -its default configuration. If the remote SMTP server supports -cipher suites with forward secrecy (and does not override the SMTP -client cipher preference), then the traffic between the server and -client will resist decryption even if the server's long-term -authentication keys are later compromised.
+its default configuration. No configuration changes are needed +besides turning on elliptic-curve support with Postfix 2.6 and 2.7 +(see the quick-start section). If the +remote SMTP server supports cipher suites with forward secrecy (and +does not override the SMTP client's cipher preference), then the +traffic between the server and client will resist decryption even +if the server's long-term authentication keys are later +compromised. -The default Postfix SMTP client cipher lists are correctly ordered -to prefer EECDH and EDH cipher suites ahead of similar cipher suites -that don't implement forward secrecy. Administrators are strongly -discouraged from changing the cipher list definitions. It is likely -safe to set "smtp_tls_ciphers = medium" if you wish to disable the -obsolete "export" and "low" grade ciphers even with opportunistic -TLS. Setting a minimum strength does not change the preference +
The default Postfix SMTP client cipher lists are correctly +ordered to prefer EECDH and EDH cipher suites ahead of similar +cipher suites that don't implement forward secrecy. Administrators +are strongly discouraged from changing the cipher list definitions. +It is likely safe to set "smtp_tls_ciphers = medium" if you wish +to disable the obsolete "export" and "low" grade ciphers even with +opportunistic TLS. Setting a minimum strength does not change the +preference order. Note that strengths higher than "medium" exclude Exchange 2003 and likely other widely used MTAs, thus "high" grade ciphers should only be used on a case-by-case basis via the TLS policy table.
At least one time as root (prime group generation can take a +
Postfix 2.6 and 2.7: Enable elliptic-curve support. This +is the default with Postfix ≥ 2.8. + +
++ ++/etc/postfix/main.cf: + # Postfix 2.6 or 2.7 only. This is default with Postfix 2.8 and later. + smtpd_tls_eecdh_grade = strong ++
Optionally generate non-default EDH parameters for improved +security against pre-computation attacks and for compatibility with +Debian-patched EXIM SMTP clients (these require a minimum 2048-bit +length for the non-export prime). The parameter files are not +secret, after all these parameters are sent to all SMTP clients in +the clear. Mode 0644 is fine.
+ +Execute as root (prime group generation can take a few seconds to a few minutes):
@@ -270,20 +302,15 @@ few seconds to a few minutes):-
Note: greater security against "pre-computation" attacks against -EDH can be obtained by periodically regenerating the EDH parameters -as above (an hourly or daily cron job running as root can automate -this task). The parameter files are not secret, after all these are -sent to all SMTP clients in the clear. Mode 0644 is fine.
+You can improve security against pre-computation attacks further +by regenerating the EDH parameters periodically (an hourly or daily +cron job running as root can automate this task).
Once the parameters are in place, update main.cf as follows:
-/etc/postfix/main.cf: - # Postfix ≥ 2.6 - smtpd_tls_eecdh_grade = strong - # All versions of Postfix: smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem@@ -305,44 +332,67 @@ need to adjust the submission entry in master.cf acc
Postfix reports TLS connection information in several ways:
+Postfix can be configured to report information about the +negotiated cipher, the corresponding key lengths, and the remote +peer certificate or public-key verification status.
With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1", -the Postfix SMTP client and server will log information about, among -others, the remote peer certificate or public-key verification -status, the negotiated cipher, and key lengths. The general logfile -format is:
+the Postfix SMTP client and server will log TLS connection information +to the maillog file. The general logfile format is:-postfix/smtp[xxx]: Trusted TLS connection established to host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits) +postfix/smtp[process-id]: Untrusted TLS connection established +to host.example.com[192.168.0.2]:25: TLSv1 with cipher cipher-name +(actual-key-size/raw-key-size bits) -postfix/smtpd[xxx]: Untrusted TLS connection established from host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits) +postfix/smtpd[process-id]: Anonymous TLS connection established +from host.example.com[192.168.0.2]: TLSv1 with cipher cipher-name +(actual-key-size/raw-key-size bits)
With "smtpd_tls_received_header = yes", the Postfix SMTP -server will record similar information in the Received: header in -the form of comments (text inside parentheses). The general format -is:
+server will record TLS connection information in the Received: +header in the form of comments (text inside parentheses). The general +format depends on the smtpd_tls_ask_ccert setting:Received: from host.example.com (host.example.com [192.168.0.2]) - (using TLSv1 with cipher XXX (YYY/ZZZ bits)) - (Client CN "host.example.com", Issuer "Wietse Venema" (not verified)) + (using TLSv1 with cipher cipher-name + (actual-key-size/raw-key-size bits)) + (Client CN "host.example.com", Issuer "John Doe" (not verified)) + +Received: from host.example.com (host.example.com [192.168.0.2]) + (using TLSv1 with cipher cipher-name + (actual-key-size/raw-key-size bits)) + (No client certificate requested)
There are dozens of ciphers that support forward secrecy. What +
The next sections will explain what cipher-name, +key-size, and peer verification status information to expect. +
+ +There are dozens of ciphers that support forward secrecy. What follows is the beginning of a list of 51 ciphers available with -OpenSSL 1.0.1e:
+OpenSSL 1.0.1e. The list is sorted in the default Postfix preference +order. It excludes null ciphers that only authenticate and don't +encrypt, together with export and low-grade ciphers whose encryption +is too weak to offer meaningful secrecy. The first column shows the +cipher name, and the second shows the key exchange method.+@@ -367,6 +417,112 @@ DHE-RSA-AES256-SHA256 Kx=DH
To date, all ciphers that support forward secrecy have one of +five values for the first component of their OpenSSL name: "AECDH", +"ECDHE", "ADH", "EDH" or "DHE". Ciphers that don't implement forward +secrecy have names that don't start with one of these prefixes. +This pattern is likely to persist until some new key-exchange +mechanism is invented that also supports forward secrecy.
+ +The actual key length and raw algorithm key length +are generally the same with non-export ciphers, but may they +differ for the legacy export ciphers where the actual key +is artificially shortened.
+ +The verification levels below are subject to man-in-the-middle +attacks to different degrees. If such attacks are a concern, then +the SMTP client will need to authenticate the remote SMTP server +in a sufficiently-secure manner. For example, by the fingerprint +of the public key or certificate. Remember that conventional PKI +relies on many trusted parties and is easily subverted by a +state-funded adversary.
+ +Postfix SMTP client: With opportunistic TLS (the "may" security level) the Postfix +SMTP client does not verify any information in the peer certificate. +In this case it enables and prefers anonymous cipher suites in which +the remote SMTP server does not present a certificate (these ciphers +offer forward secrecy of necessity). When the remote SMTP server +also supports anonymous TLS, and agrees to such a cipher suite, the +verification status will be logged as "Anonymous".
Postfix SMTP server: This is by far most common, +as client certificates are optional, and the Postfix SMTP server +does not request client certificates by default (see smtpd_tls_ask_ccert). +Even when client certificates are requested, the remote SMTP client +might not send a certificate. Unlike the Postfix SMTP client, the +Postfix SMTP server "anonymous" verification status does not imply +that the cipher suite is anonymous, which corresponds to the +server not sending a certificate.
Postfix SMTP client: The remote SMTP server presented +a certificate, but the Postfix SMTP client was unable to check the +issuing CA signature. With opportunistic TLS this is common with +remote SMTP servers that don't support anonymous cipher suites. +
+ +Postfix SMTP server: The remote SMTP client presented +a certificate, but the Postfix SMTP server was unable to check the +issuing CA signature. This can happen when the server is configured +to request client certificates (see smtpd_tls_ask_ccert).
+ +Postfix SMTP client: The remote SMTP server's certificate +was signed by a CA that the Postfix SMTP client trusts, but either +the client was not configured to verify the destination server name +against the certificate, or the server certificate did not contain +any matching names. This is common with opportunistic TLS +(smtp_tls_security_level is "may" or else "dane" with no usable +TLSA DNS records) when the Postfix SMTP client's trusted CAs can +verify the authenticity of the remote SMTP server's certificate, +but the client is not configured or unable to verify the server +name.
+ +Postfix SMTP server: The remote SMTP client certificate +was signed by a CA that the Postfix SMTP server trusts. The Postfix +SMTP server never verifies the remote SMTP client name against the +names in the certificate. Since the client chooses to connect to +the server, the Postfix SMTP server has no expectation of a particular +client hostname.
+ +Postfix SMTP client: The remote SMTP server's certificate +was signed by a CA that the Postfix SMTP client trusts, and it +matches one of the expected server names. This implies that the +Postfix SMTP client enforced verification for the destination server +name, otherwise the verification status would have been just +"Trusted".
+ +Postfix SMTP server: The status is never "Verified", +as the Postfix SMTP server never verifies the remote SMTP client +name against the names in the certificate.
+ +Communication between the Postfix SMTP server and Dovecot SASL -happens over a UNIX-domain socket or over a TCP socket. Dovecot 1 -supports UNIX-domain socket communication only.
+happens over a UNIX-domain socket or over a TCP socket. We will +be using a UNIX-domain socket for better privacy. - The socket
-pathname and the list of mechanisms offered to Postfix need to be
-specified on the Dovecot server side in dovecot.conf.
-
The following example assumes that the Postfix queue is under
-/var/spool/postfix/.
Note: the example uses Dovecot 1 syntax, See http://www.dovecot.org/ -for newer syntax.
+ The following fragment for Dovecot version 2 assumes that the
+Postfix queue is under /var/spool/postfix/.
- 1 /etc/dovecot.conf:
- 2 auth default {
- 3 mechanisms = plain login
- 4 passdb pam {
- 5 }
- 6 userdb passwd {
- 7 }
- 8 socket listen {
- 9 client {
-10 path = /var/spool/postfix/private/auth
-11 mode = 0660
-12 user = postfix
-13 group = postfix
-14 }
-15 }
-16 }
+ 1 conf.d/10-master.conf:
+ 2 service auth {
+ 3 ...
+ 4 unix_listener /var/spool/postfix/private/auth {
+ 5 mode = 0660
+ 6 # Assuming the default Postfix user and group
+ 7 user = postfix
+ 8 group = postfix
+ 9 }
+10 ...
+11 }
+12
+13 conf.d/10-auth.conf
+14 auth_mechanisms = plain login
- Line 3 provides plain and login as
-mechanisms for the Postfix SMTP server, line 10 places the Dovecot
-SASL socket in /var/spool/postfix/private/auth, and
-lines 11-13 limit read+write permissions to user and group
-postfix only.
Proceed with the section "Enabling -SASL authentication and authorization in the Postfix SMTP server" -to turn on and use SASL in the Postfix SMTP server.
- - The TCP port and the list of mechanisms offered to Postfix need
-to be specified on the Dovecot server side in 10-auth.conf
-and 10-master.conf.
The following examples assume that Postfix should communicate -with Dovecot on TCP port 12345.
- -Note: the examples use Dovecot 1 syntax, See http://www.dovecot.org/ -for newer syntax.
- --- --1 /etc/dovecot/conf.d/10-auth.conf: -2 auth_mechanisms = plain login --
Line 2 provides plain and login as mechanisms for the Postfix -SMTP server.
- -
-
-1 /etc/dovecot/conf.d/10-master.conf:
-2 service auth {
-3 unix_listener auth-userdb {
-4 }
-5 inet_listener {
-6 port = 12345
-7 }
-8 }
-
-
-
-Line 5 creates a new TCP socket and line 6 specifies port 12345 -where Dovecot SASL should wait for Postfix authentication requests. -
+ Line 4 places the Dovecot SASL socket in
+/var/spool/postfix/private/auth, lines 5-8 limit
+read+write permissions to user and group postfix only,
+and line 14 provides plain and login as
+mechanisms for the Postfix SMTP server.
Proceed with the section "Enabling SASL authentication and authorization in the Postfix SMTP server" diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 2f3914ffd..e28df07cb 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -14620,6 +14620,19 @@ Example: + + +
The service name that is passed to the SASL plug-in that is +selected with smtpd_sasl_type and smtpd_sasl_path. +
+ +This feature is available in Postfix 2.11 and later. Prior +versions behave as if "smtp" is specified.
+ +Forward secrecy does not protect against active attacks such +as forged DNS replies or forged TLS server certificates. If such +attacks are a concern, then the SMTP client will need to authenticate +the remote SMTP server in a sufficiently-secure manner. For example, +by the fingerprint of the public key or certificate. Conventional +PKI relies on many trusted parties and is easily subverted by a +state-funded adversary.
+Postfix supports forward secrecy of TLS network communication @@ -55,13 +65,6 @@ all past traffic is generally infeasible, and even recovery of individual sessions may be infeasible given a sufficiently-strong key agreement method.
-Forward secrecy protects network communication in the absence -of active attacks, i.e. no forged DNS replies, and no forged TLS -server certificates. If active attacks are a concern, then you will -need to authenticate the remote SMTP server in a secure manner. -For example, by the fingerprint of the public key or certificate. -Conventional PKI relies on too many trusted parties.
-Topics covered in this document:
The key-exchange algorithms used for forward secrecy require the TLS server to designate appropriate "parameters" consisting of a mathematical "group" and an element of that group called a "generator". -There are two flavors of "groups" that work with PFS:
+Presently, there are two flavors of "groups" that work with PFS:Prime-field groups (EDH): The server needs to be +configured with a suitably-large prime and a corresponding "generator". +The acronym for forward secrecy over prime fields is EDH or Ephemeral +Diffie-Hellman (sometimes also abbreviated as DHE).
-Elliptic-curve groups (EECDH): The server needs +to be configured with a "named curve". These offer better security +at lower computational cost than prime field groups, but are not +as widely implemented. The acronym for the elliptic curve version +is EECDH which is short for Ephemeral Elliptic Curve Diffie-Hellman. +
The acronym for forward secrecy over prime fields is EDH or -Ephemeral Diffie-Hellman (sometimes also abbreviated as DHE). The -acronym for the elliptic curve version is EECDH which is short for -Ephemeral Elliptic Curve Diffie-Hellman.
-It is not essential to know what these are, but one does need to know that OpenSSL only supports EECDH as of version 1.0.0. Thus the configuration parameters related to Elliptic Curve forward secrecy @@ -156,8 +166,6 @@ the main.cf setting "tls_preempt_cipherlist = yes". However, this will likely cause interoperability issues with older Exchange servers and is not recommended for now.
-Postfix ≥ 2.2 support 1024-bit-prime EDH out of the box, @@ -215,7 +223,7 @@ code for making this possible is not yet released as of late 2013 (it is available only in OpenSSL development snapshots).
At some point Postfix will need to adjust to the new API for -setting the elliptic curve options. Fortunately, when EECDH support +setting the elliptic-curve options. Fortunately, when EECDH support was added to Postfix, it introduced a layer of indirection:
@@ -237,19 +245,23 @@ main.cf.Forward Secrecy in the Postfix SMTP Client
The Postfix ≥ 2.2 SMTP client supports forward secrecy in -its default configuration. If the remote SMTP server supports -cipher suites with forward secrecy (and does not override the SMTP -client cipher preference), then the traffic between the server and -client will resist decryption even if the server's long-term -authentication keys are later compromised.
+its default configuration. No configuration changes are needed +besides turning on elliptic-curve support with Postfix 2.6 and 2.7 +(see the quick-start section). If the +remote SMTP server supports cipher suites with forward secrecy (and +does not override the SMTP client's cipher preference), then the +traffic between the server and client will resist decryption even +if the server's long-term authentication keys are later +compromised. -The default Postfix SMTP client cipher lists are correctly ordered -to prefer EECDH and EDH cipher suites ahead of similar cipher suites -that don't implement forward secrecy. Administrators are strongly -discouraged from changing the cipher list definitions. It is likely -safe to set "smtp_tls_ciphers = medium" if you wish to disable the -obsolete "export" and "low" grade ciphers even with opportunistic -TLS. Setting a minimum strength does not change the preference +
The default Postfix SMTP client cipher lists are correctly +ordered to prefer EECDH and EDH cipher suites ahead of similar +cipher suites that don't implement forward secrecy. Administrators +are strongly discouraged from changing the cipher list definitions. +It is likely safe to set "smtp_tls_ciphers = medium" if you wish +to disable the obsolete "export" and "low" grade ciphers even with +opportunistic TLS. Setting a minimum strength does not change the +preference order. Note that strengths higher than "medium" exclude Exchange 2003 and likely other widely used MTAs, thus "high" grade ciphers should only be used on a case-by-case basis via the TLS policy table.
Getting started, quick and dirty
-At least one time as root (prime group generation can take a +
+ +
-Postfix 2.6 and 2.7: Enable elliptic-curve support. This +is the default with Postfix ≥ 2.8. + +
++ ++/etc/postfix/main.cf: + # Postfix 2.6 or 2.7 only. This is default with Postfix 2.8 and later. + smtpd_tls_eecdh_grade = strong ++Optionally generate non-default EDH parameters for improved +security against pre-computation attacks and for compatibility with +Debian-patched EXIM SMTP clients (these require a minimum 2048-bit +length for the non-export prime). The parameter files are not +secret, after all these parameters are sent to all SMTP clients in +the clear. Mode 0644 is fine.
+ +Execute as root (prime group generation can take a few seconds to a few minutes):
@@ -270,20 +302,15 @@ few seconds to a few minutes):-Note: greater security against "pre-computation" attacks against -EDH can be obtained by periodically regenerating the EDH parameters -as above (an hourly or daily cron job running as root can automate -this task). The parameter files are not secret, after all these are -sent to all SMTP clients in the clear. Mode 0644 is fine.
+You can improve security against pre-computation attacks further +by regenerating the EDH parameters periodically (an hourly or daily +cron job running as root can automate this task).
Once the parameters are in place, update main.cf as follows:
-/etc/postfix/main.cf: - # Postfix ≥ 2.6 - smtpd_tls_eecdh_grade = strong - # All versions of Postfix: smtpd_tls_dh1024_param_file = ${config_directory}/dh2048.pem smtpd_tls_dh512_param_file = ${config_directory}/dh512.pem@@ -305,44 +332,67 @@ need to adjust the submission entry in master.cf accordingly:How do I know that it works?
+Postfix reports TLS connection information in several ways:
+How can I see that a connection has forward +secrecy?
+ +Postfix can be configured to report information about the +negotiated cipher, the corresponding key lengths, and the remote +peer certificate or public-key verification status.
-
With "smtp_tls_loglevel = 1" and "smtpd_tls_loglevel = 1", -the Postfix SMTP client and server will log information about, among -others, the remote peer certificate or public-key verification -status, the negotiated cipher, and key lengths. The general logfile -format is:
+the Postfix SMTP client and server will log TLS connection information +to the maillog file. The general logfile format is:-postfix/smtp[xxx]: Trusted TLS connection established to host.example.com[192.168.0.2]:25: TLSv1 with cipher XXX (YYY/ZZZ bits) +postfix/smtp[process-id]: Untrusted TLS connection established +to host.example.com[192.168.0.2]:25: TLSv1 with cipher cipher-name +(actual-key-size/raw-key-size bits) -postfix/smtpd[xxx]: Untrusted TLS connection established from host.example.com[192.168.0.2]: TLSv1 with cipher XXX (YYY/ZZZ bits) +postfix/smtpd[process-id]: Anonymous TLS connection established +from host.example.com[192.168.0.2]: TLSv1 with cipher cipher-name +(actual-key-size/raw-key-size bits)With "smtpd_tls_received_header = yes", the Postfix SMTP -server will record similar information in the Received: header in -the form of comments (text inside parentheses). The general format -is:
+server will record TLS connection information in the Received: +header in the form of comments (text inside parentheses). The general +format depends on the smtpd_tls_ask_ccert setting:Received: from host.example.com (host.example.com [192.168.0.2]) - (using TLSv1 with cipher XXX (YYY/ZZZ bits)) - (Client CN "host.example.com", Issuer "Wietse Venema" (not verified)) + (using TLSv1 with cipher cipher-name + (actual-key-size/raw-key-size bits)) + (Client CN "host.example.com", Issuer "John Doe" (not verified)) + +Received: from host.example.com (host.example.com [192.168.0.2]) + (using TLSv1 with cipher cipher-name + (actual-key-size/raw-key-size bits)) + (No client certificate requested)There are dozens of ciphers that support forward secrecy. What +
The next sections will explain what cipher-name, +key-size, and peer verification status information to expect. +
+ +What ciphers provide forward secrecy?
+ +There are dozens of ciphers that support forward secrecy. What follows is the beginning of a list of 51 ciphers available with -OpenSSL 1.0.1e:
+OpenSSL 1.0.1e. The list is sorted in the default Postfix preference +order. It excludes null ciphers that only authenticate and don't +encrypt, together with export and low-grade ciphers whose encryption +is too weak to offer meaningful secrecy. The first column shows the +cipher name, and the second shows the key exchange method.+@@ -367,6 +417,112 @@ DHE-RSA-AES256-SHA256 Kx=DHTo date, all ciphers that support forward secrecy have one of +five values for the first component of their OpenSSL name: "AECDH", +"ECDHE", "ADH", "EDH" or "DHE". Ciphers that don't implement forward +secrecy have names that don't start with one of these prefixes. +This pattern is likely to persist until some new key-exchange +mechanism is invented that also supports forward secrecy.
+ +The actual key length and raw algorithm key length +are generally the same with non-export ciphers, but may they +differ for the legacy export ciphers where the actual key +is artificially shortened.
+ +What do "Anonymous", "Untrusted", etc. in +Postfix logging mean?
+ +The verification levels below are subject to man-in-the-middle +attacks to different degrees. If such attacks are a concern, then +the SMTP client will need to authenticate the remote SMTP server +in a sufficiently-secure manner. For example, by the fingerprint +of the public key or certificate. Remember that conventional PKI +relies on many trusted parties and is easily subverted by a +state-funded adversary.
+ ++ +
+- Anonymous (no peer certificate)
+ +- + +
Postfix SMTP client: With opportunistic TLS (the "may" security level) the Postfix +SMTP client does not verify any information in the peer certificate. +In this case it enables and prefers anonymous cipher suites in which +the remote SMTP server does not present a certificate (these ciphers +offer forward secrecy of necessity). When the remote SMTP server +also supports anonymous TLS, and agrees to such a cipher suite, the +verification status will be logged as "Anonymous".
- + +
Postfix SMTP server: This is by far most common, +as client certificates are optional, and the Postfix SMTP server +does not request client certificates by default (see smtpd_tls_ask_ccert). +Even when client certificates are requested, the remote SMTP client +might not send a certificate. Unlike the Postfix SMTP client, the +Postfix SMTP server "anonymous" verification status does not imply +that the cipher suite is anonymous, which corresponds to the +server not sending a certificate.
- Untrusted (peer certificate not signed by trusted CA)
+ +- + +
+ +Postfix SMTP client: The remote SMTP server presented +a certificate, but the Postfix SMTP client was unable to check the +issuing CA signature. With opportunistic TLS this is common with +remote SMTP servers that don't support anonymous cipher suites. +
+ +Postfix SMTP server: The remote SMTP client presented +a certificate, but the Postfix SMTP server was unable to check the +issuing CA signature. This can happen when the server is configured +to request client certificates (see smtpd_tls_ask_ccert).
+ +- Trusted (peer certificate signed by trusted CA, unverified +peer name)
+ +- + +
+ +Postfix SMTP client: The remote SMTP server's certificate +was signed by a CA that the Postfix SMTP client trusts, but either +the client was not configured to verify the destination server name +against the certificate, or the server certificate did not contain +any matching names. This is common with opportunistic TLS +(smtp_tls_security_level is "may" or else "dane" with no usable +TLSA DNS records) when the Postfix SMTP client's trusted CAs can +verify the authenticity of the remote SMTP server's certificate, +but the client is not configured or unable to verify the server +name.
+ +Postfix SMTP server: The remote SMTP client certificate +was signed by a CA that the Postfix SMTP server trusts. The Postfix +SMTP server never verifies the remote SMTP client name against the +names in the certificate. Since the client chooses to connect to +the server, the Postfix SMTP server has no expectation of a particular +client hostname.
+ +- Verified (peer certificate signed by trusted CA, verified +peer name)
+ +- + +
+ +Postfix SMTP client: The remote SMTP server's certificate +was signed by a CA that the Postfix SMTP client trusts, and it +matches one of the expected server names. This implies that the +Postfix SMTP client enforced verification for the destination server +name, otherwise the verification status would have been just +"Trusted".
+ +Postfix SMTP server: The status is never "Verified", +as the Postfix SMTP server never verifies the remote SMTP client +name against the names in the certificate.
+ +Credits
diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index e490c2eea..d1a0a00de 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -185,91 +185,36 @@ to configure and operate the Dovecot authentication server.
Postfix to Dovecot SASL communication
Communication between the Postfix SMTP server and Dovecot SASL -happens over a UNIX-domain socket or over a TCP socket. Dovecot 1 -supports UNIX-domain socket communication only.
+happens over a UNIX-domain socket or over a TCP socket. We will +be using a UNIX-domain socket for better privacy. -UNIX-domain socket communication
- -The socket -pathname and the list of mechanisms offered to Postfix need to be -specified on the Dovecot server side in
- -dovecot.conf. -The following example assumes that the Postfix queue is under -
- -/var/spool/postfix/.Note: the example uses Dovecot 1 syntax, See http://www.dovecot.org/ -for newer syntax.
+The following fragment for Dovecot version 2 assumes that the +Postfix queue is under
/var/spool/postfix/.-- 1 /etc/dovecot.conf: - 2 auth default { - 3 mechanisms = plain login - 4 passdb pam { - 5 } - 6 userdb passwd { - 7 } - 8 socket listen { - 9 client { -10 path = /var/spool/postfix/private/auth -11 mode = 0660 -12 user = postfix -13 group = postfix -14 } -15 } -16 } + 1 conf.d/10-master.conf: + 2 service auth { + 3 ... + 4 unix_listener /var/spool/postfix/private/auth { + 5 mode = 0660 + 6 # Assuming the default Postfix user and group + 7 user = postfix + 8 group = postfix + 9 } +10 ... +11 } +12 +13 conf.d/10-auth.conf +14 auth_mechanisms = plain loginLine 3 provides
- -plainandloginas -mechanisms for the Postfix SMTP server, line 10 places the Dovecot -SASL socket in/var/spool/postfix/private/auth, and -lines 11-13 limit read+write permissions to user and group -postfixonly.Proceed with the section "Enabling -SASL authentication and authorization in the Postfix SMTP server" -to turn on and use SASL in the Postfix SMTP server.
- -TCP socket communication
- -The TCP port and the list of mechanisms offered to Postfix need -to be specified on the Dovecot server side in
- -10-auth.conf-and10-master.conf.The following examples assume that Postfix should communicate -with Dovecot on TCP port 12345.
- -Note: the examples use Dovecot 1 syntax, See http://www.dovecot.org/ -for newer syntax.
- --- --1 /etc/dovecot/conf.d/10-auth.conf: -2 auth_mechanisms = plain login --Line 2 provides plain and login as mechanisms for the Postfix -SMTP server.
- --- --1 /etc/dovecot/conf.d/10-master.conf: -2 service auth { -3 unix_listener auth-userdb { -4 } -5 inet_listener { -6 port = 12345 -7 } -8 } --Line 5 creates a new TCP socket and line 6 specifies port 12345 -where Dovecot SASL should wait for Postfix authentication requests. -
+Line 4 places the Dovecot SASL socket in +
/var/spool/postfix/private/auth, lines 5-8 limit +read+write permissions to user and grouppostfixonly, +and line 14 providesplainandloginas +mechanisms for the Postfix SMTP server.Proceed with the section "Enabling SASL authentication and authorization in the Postfix SMTP server" diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index b4204fc6c..40e948c7a 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -10389,6 +10389,15 @@ configuration file or rendezvous point.
This feature is available in Postfix 2.3 and later. In earlier releases it was called smtpd_sasl_application_name.
+%PARAM smtpd_sasl_service smtp + +The service name that is passed to the SASL plug-in that is +selected with smtpd_sasl_type and smtpd_sasl_path. +
+ +This feature is available in Postfix 2.11 and later. Prior +versions behave as if "smtp" is specified.
+ %PARAM cyrus_sasl_config_pathSearch path for Cyrus SASL application configuration files, diff --git a/postfix/proto/stop b/postfix/proto/stop index 7c9860793..0603576d3 100644 --- a/postfix/proto/stop +++ b/postfix/proto/stop @@ -1282,3 +1282,4 @@ XXX YYY ZZZ kEECDH +EXIM diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index 2d919776c..9da2e67f7 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -179,7 +179,7 @@ #ifdef HAS_DB #include
#endif -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) #include #endif #include @@ -725,7 +725,7 @@ void mail_params_init() #ifdef HAS_DB dict_db_cache_size = var_db_read_buf; #endif -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) dict_lmdb_map_size = var_lmdb_map_size; #endif inet_windowsize = var_inet_windowsize; diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 45168f97a..12fd0e157 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1560,6 +1560,10 @@ extern char *var_smtpd_sasl_opts; #define DEF_SMTPD_SASL_PATH "smtpd" extern char *var_smtpd_sasl_path; +#define VAR_SMTPD_SASL_SERVICE "smtpd_sasl_service" +#define DEF_SMTPD_SASL_SERVICE "smtp" +extern char *var_smtpd_sasl_service; + #define VAR_CYRUS_CONF_PATH "cyrus_sasl_config_path" #define DEF_CYRUS_CONF_PATH "" extern char *var_cyrus_conf_path; diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 730615784..c4e730f26 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20131221" +#define MAIL_RELEASE_DATE "20131228" #define MAIL_VERSION_NUMBER "2.11" #ifdef SNAPSHOT diff --git a/postfix/src/global/mkmap_lmdb.c b/postfix/src/global/mkmap_lmdb.c index 9aebd25c8..b75f2ba42 100644 --- a/postfix/src/global/mkmap_lmdb.c +++ b/postfix/src/global/mkmap_lmdb.c @@ -45,7 +45,7 @@ #include #include -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) #ifdef PATH_LMDB_H #include PATH_LMDB_H #else diff --git a/postfix/src/global/mkmap_open.c b/postfix/src/global/mkmap_open.c index dfa9bc2ff..3e2aac745 100644 --- a/postfix/src/global/mkmap_open.c +++ b/postfix/src/global/mkmap_open.c @@ -102,7 +102,7 @@ static const MKMAP_OPEN_INFO mkmap_types[] = { DICT_TYPE_HASH, mkmap_hash_open, DICT_TYPE_BTREE, mkmap_btree_open, #endif -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) DICT_TYPE_LMDB, mkmap_lmdb_open, #endif DICT_TYPE_FAIL, mkmap_fail_open, diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 08aa2e2b4..8acf91f13 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -315,6 +315,11 @@ /* .IP "\fBcyrus_sasl_config_path (empty)\fR" /* Search path for Cyrus SASL application configuration files, /* currently used only to locate the $smtpd_sasl_path.conf file. +/* .PP +/* Available in Postfix version 2.11 and later: +/* .IP "\fBsmtpd_sasl_service (smtp)\fR" +/* The service name that is passed to the SASL plug-in that is +/* selected with \fBsmtpd_sasl_type\fR and \fBsmtpd_sasl_path\fR. /* STARTTLS SUPPORT CONTROLS /* .ad /* .fi @@ -1179,6 +1184,7 @@ bool var_smtpd_sasl_enable; bool var_smtpd_sasl_auth_hdr; char *var_smtpd_sasl_opts; char *var_smtpd_sasl_path; +char *var_smtpd_sasl_service; char *var_cyrus_conf_path; char *var_smtpd_sasl_realm; char *var_smtpd_sasl_exceptions_networks; @@ -5382,6 +5388,7 @@ int main(int argc, char **argv) VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0, VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0, VAR_SMTPD_SASL_PATH, DEF_SMTPD_SASL_PATH, &var_smtpd_sasl_path, 1, 0, + VAR_SMTPD_SASL_SERVICE, DEF_SMTPD_SASL_SERVICE, &var_smtpd_sasl_service, 1, 0, VAR_CYRUS_CONF_PATH, DEF_CYRUS_CONF_PATH, &var_cyrus_conf_path, 0, 0, VAR_SMTPD_SASL_REALM, DEF_SMTPD_SASL_REALM, &var_smtpd_sasl_realm, 0, 0, VAR_SMTPD_SASL_EXCEPTIONS_NETWORKS, DEF_SMTPD_SASL_EXCEPTIONS_NETWORKS, &var_smtpd_sasl_exceptions_networks, 0, 0, diff --git a/postfix/src/smtpd/smtpd_sasl_glue.c b/postfix/src/smtpd/smtpd_sasl_glue.c index 29021cd0d..740d62750 100644 --- a/postfix/src/smtpd/smtpd_sasl_glue.c +++ b/postfix/src/smtpd/smtpd_sasl_glue.c @@ -202,7 +202,6 @@ void smtpd_sasl_activate(SMTPD_STATE *state, const char *sasl_opts_name, /* * Set up a new server context for this connection. */ -#define SMTPD_SASL_SERVICE "smtp" #ifdef USE_TLS tls_flag = state->tls_context != 0; #else @@ -218,7 +217,7 @@ void smtpd_sasl_activate(SMTPD_STATE *state, const char *sasl_opts_name, state->dest_addr : ""), client_addr = ADDR_OR_EMPTY(state->addr, CLIENT_ADDR_UNKNOWN), - service = SMTPD_SASL_SERVICE, + service = var_smtpd_sasl_service, user_realm = REALM_OR_NULL(var_smtpd_sasl_realm), security_options = sasl_opts_val, tls_flag = tls_flag)) == 0) diff --git a/postfix/src/tls/tls_dane.sh b/postfix/src/tls/tls_dane.sh index 7afc4a1de..a950857bb 100644 --- a/postfix/src/tls/tls_dane.sh +++ b/postfix/src/tls/tls_dane.sh @@ -17,14 +17,19 @@ key() { } req() { + local key=$1; shift local cn=$1; shift + key "$key" openssl req -new -sha256 -key "${key}.pem" 2>/dev/null \ -config <(printf "[req]\n%s\n%s\n[dn]\nCN=%s\n" \ "prompt = no" "distinguished_name = dn" "${cn}") } req_nocn() { + local key=$1; shift + + key "$key" openssl req -new -sha256 -subj / -key "${key}.pem" 2>/dev/null \ -config <(printf "[req]\n%s\n[dn]\nCN_default =\n" \ "distinguished_name = dn") @@ -46,8 +51,7 @@ genroot() { local akid=$1; shift exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true") - key "$key" - req "$cn" | + req "$key" "$cn" | cert "$cert" "$exts" -signkey "${key}.pem" -set_serial 1 -days 30 } @@ -61,8 +65,7 @@ genca() { local cakey=$1; shift exts=$(printf "%s\n%s\n%s\n" "$skid" "$akid" "basicConstraints = CA:true") - key "$key" - req "$cn" | + req "$key" "$cn" | cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ -set_serial 2 -days 30 "$@" } @@ -80,8 +83,7 @@ genee() { "basicConstraints = CA:false" \ "extendedKeyUsage = serverAuth" \ "subjectAltName = @alts" "DNS=${cn}") - key "$key" - req "$cn" | + req "$key" "$cn" | cert "$cert" "$exts" -CA "${ca}.pem" -CAkey "${cakey}.pem" \ -set_serial 2 -days 30 "$@" } @@ -97,8 +99,7 @@ genss() { "basicConstraints = CA:true" \ "extendedKeyUsage = serverAuth" \ "subjectAltName = @alts" "DNS=${cn}") - key "$key" - req "$cn" | + req "$key" "$cn" | cert "$cert" "$exts" -set_serial 1 -days 30 -signkey "${key}.pem" "$@" } @@ -106,8 +107,7 @@ gennocn() { local key=$1; shift local cert=$1; shift - key "$key" - req_nocn | + req_nocn "$key" | cert "$cert" "" -signkey "${key}.pem" -set_serial 1 -days -1 "$@" } diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 8040e419e..5ab223260 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -115,7 +115,7 @@ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \ unix_recv_fd unix_send_fd stream_recv_fd stream_send_fd hex_code \ myaddrinfo myaddrinfo4 inet_proto sane_basename format_tv \ valid_utf_8 ip_match base32_code msg_rate_delay netstring \ - vstream timecmp + vstream timecmp dict_cache LIB_DIR = ../../lib INC_DIR = ../../include @@ -460,6 +460,11 @@ timecmp: $(LIB) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) mv junk $@.o +dict_cache: $(LIB) + mv $@.o junk + $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(SYSLIBS) + mv junk $@.o + tests: valid_hostname_test mac_expand_test dict_test unescape_test \ hex_quote_test ctable_test inet_addr_list_test base64_code_test \ attr_scan64_test attr_scan0_test dict_pcre_test host_port_test \ diff --git a/postfix/src/util/dict_cache.c b/postfix/src/util/dict_cache.c index 3007d6da6..40cfced39 100644 --- a/postfix/src/util/dict_cache.c +++ b/postfix/src/util/dict_cache.c @@ -682,3 +682,437 @@ const char *dict_cache_name(DICT_CACHE *cp) */ return (cp->name); } + + /* + * Test driver with support for interleaved access. First, enter a number of + * requests to look up, update or delete a sequence of cache entries, then + * interleave those sequences with the "run" command. + */ +#ifdef TEST +#include +#include +#include +#include + +#define DELIMS " " +#define USAGE "\n\tTo manage settings:" \ + "\n\tverbose (verbosity level)" \ + "\n\telapsed (0=don't show elapsed time)" \ + "\n\tlmdb_map_size (initial LMDB size limit)" \ + "\n\tcache : (switch to named database)" \ + "\n\tstatus (show map size, cache, pending requests)" \ + "\n\n\tTo manage pending requests:" \ + "\n\treset (discard pending requests)" \ + "\n\trun (execute pending requests in interleaved order)" \ + "\n\n\tTo add a pending request:" \ + "\n\tquery (negative to reverse order)" \ + "\n\tupdate (negative to reverse order)" \ + "\n\tdelete (negative to reverse order)" \ + "\n\tpurge " \ + "\n\tcount " + + /* + * For realism, open the cache with the same flags as postscreen(8) and + * verify(8). + */ +#define DICT_CACHE_OPEN_FLAGS (DICT_FLAG_DUP_REPLACE | DICT_FLAG_SYNC_UPDATE | \ + DICT_FLAG_OPEN_LOCK) + + /* + * Storage for one request to access a sequence of cache entries. + */ +typedef struct DICT_CACHE_SREQ { + int flags; /* per-request: reverse, purge */ + char *cmd; /* command for status report */ + void (*action) (struct DICT_CACHE_SREQ *, DICT_CACHE *, VSTRING *); + char *prefix; /* key prefix */ + int done; /* progress indicator */ + int todo; /* number of entries to process */ + int first_next; /* first/next */ +} DICT_CACHE_SREQ; + +#define DICT_CACHE_SREQ_FLAG_PURGE (1<<1) /* purge instead of count */ +#define DICT_CACHE_SREQ_FLAG_REVERSE (1<<2) /* reverse instead of forward */ + +#define DICT_CACHE_SREQ_LIMIT 10 + + /* + * All test requests combined. + */ +typedef struct DICT_CACHE_TEST { + int flags; /* exclusion flags */ + int size; /* allocated slots */ + int used; /* used slots */ + DICT_CACHE_SREQ job_list[1]; /* actually, a bunch */ +} DICT_CACHE_TEST; + +#define DICT_CACHE_TEST_FLAG_ITER (1<<0) /* count or purge */ + +#define STR(x) vstring_str(x) + +int show_elapsed = 1; /* show elapsed time */ + +#if defined(SNAPSHOT) && defined(HAS_LMDB) +extern size_t dict_lmdb_map_size; /* LMDB-specific */ + +#endif + +/* usage - command-line usage message */ + +static NORETURN usage(const char *progname) +{ + msg_fatal("usage: %s (no argument)", progname); +} + +/* make_tagged_key - make tagged search key */ + +static void make_tagged_key(VSTRING *bp, DICT_CACHE_SREQ *cp) +{ + if (cp->done < 0) + msg_panic("make_tagged_key: bad done count: %d", cp->done); + if (cp->todo < 1) + msg_panic("make_tagged_key: bad todo count: %d", cp->todo); + vstring_sprintf(bp, "%s-%d", cp->prefix, + (cp->flags & DICT_CACHE_SREQ_FLAG_REVERSE) ? + cp->todo - cp->done - 1 : cp->done); +} + +/* create_requests - create request list */ + +static DICT_CACHE_TEST *create_requests(int count) +{ + DICT_CACHE_TEST *tp; + DICT_CACHE_SREQ *cp; + + tp = (DICT_CACHE_TEST *) mymalloc(sizeof(DICT_CACHE_TEST) + + (count - 1) *sizeof(DICT_CACHE_SREQ)); + tp->flags = 0; + tp->size = count; + tp->used = 0; + for (cp = tp->job_list; cp < tp->job_list + count; cp++) { + cp->flags = 0; + cp->cmd = 0; + cp->action = 0; + cp->prefix = 0; + cp->todo = 0; + cp->first_next = DICT_SEQ_FUN_FIRST; + } + return (tp); +} + +/* reset_requests - reset request list */ + +static void reset_requests(DICT_CACHE_TEST *tp) +{ + DICT_CACHE_SREQ *cp; + + tp->flags = 0; + tp->used = 0; + for (cp = tp->job_list; cp < tp->job_list + tp->size; cp++) { + cp->flags = 0; + if (cp->cmd) { + myfree(cp->cmd); + cp->cmd = 0; + } + cp->action = 0; + if (cp->prefix) { + myfree(cp->prefix); + cp->prefix = 0; + } + cp->todo = 0; + cp->first_next = DICT_SEQ_FUN_FIRST; + } +} + +/* free_requests - destroy request list */ + +static void free_requests(DICT_CACHE_TEST *tp) +{ + reset_requests(tp); + myfree((char *) tp); +} + +/* run_requests - execute pending requests in interleaved order */ + +static void run_requests(DICT_CACHE_TEST *tp, DICT_CACHE *dp, VSTRING *bp) +{ + DICT_CACHE_SREQ *cp; + int todo; + struct timeval start; + struct timeval finish; + struct timeval elapsed; + + if (dp == 0) { + msg_warn("no cache"); + return; + } + GETTIMEOFDAY(&start); + do { + todo = 0; + for (cp = tp->job_list; cp < tp->job_list + tp->used; cp++) { + if (cp->done < cp->todo) { + todo = 1; + cp->action(cp, dp, bp); + } + } + } while (todo); + GETTIMEOFDAY(&finish); + timersub(&finish, &start, &elapsed); + if (show_elapsed) + vstream_printf("Elapsed: %g\n", + elapsed.tv_sec + elapsed.tv_usec / 1000000.0); + + reset_requests(tp); +} + +/* show_status - show settings and pending requests */ + +static void show_status(DICT_CACHE_TEST *tp, DICT_CACHE *dp) +{ + DICT_CACHE_SREQ *cp; + +#if defined(SNAPSHOT) && defined(HAS_LMDB) + vstream_printf("lmdb_map_size\t%ld\n", (long) dict_lmdb_map_size); +#endif + vstream_printf("cache\t%s\n", dp ? dp->name : "(none)"); + + vstream_printf("%s\t%s\t%s\t%s\t%s\t%s\n", + "cmd", "dir", "prefix", "count", "done", "first/next"); + + for (cp = tp->job_list; cp < tp->job_list + tp->used; cp++) + if (cp->todo > 0) + vstream_printf("%s\t%s\t%s\t%d\t%d\t%d\n", + cp->cmd, + (cp->flags & DICT_CACHE_SREQ_FLAG_REVERSE) ? + "reverse" : "forward", + cp->prefix ? cp->prefix : "(null)", cp->todo, + cp->done, cp->first_next); +} + +/* query_action - lookup cache entry */ + +static void query_action(DICT_CACHE_SREQ *cp, DICT_CACHE *dp, VSTRING *bp) +{ + const char *lookup; + + make_tagged_key(bp, cp); + if ((lookup = dict_cache_lookup(dp, STR(bp))) == 0) { + if (dp->error) + msg_warn("query_action: query failed: %s: %m", STR(bp)); + else + msg_warn("query_action: query failed: %s", STR(bp)); + } else if (strcmp(STR(bp), lookup) != 0) { + msg_warn("lookup result \"%s\" differs from key \"%s\"", + lookup, STR(bp)); + } + cp->done += 1; +} + +/* update_action - update cache entry */ + +static void update_action(DICT_CACHE_SREQ *cp, DICT_CACHE *dp, VSTRING *bp) +{ + make_tagged_key(bp, cp); + if (dict_cache_update(dp, STR(bp), STR(bp)) != 0) { + if (dp->error) + msg_warn("update_action: update failed: %s: %m", STR(bp)); + else + msg_warn("update_action: update failed: %s", STR(bp)); + } + cp->done += 1; +} + +/* delete_action - delete cache entry */ + +static void delete_action(DICT_CACHE_SREQ *cp, DICT_CACHE *dp, VSTRING *bp) +{ + make_tagged_key(bp, cp); + if (dict_cache_delete(dp, STR(bp)) != 0) { + if (dp->error) + msg_warn("delete_action: delete failed: %s: %m", STR(bp)); + else + msg_warn("delete_action: delete failed: %s", STR(bp)); + } + cp->done += 1; +} + +/* iter_action - iterate over cache and act on entries with given prefix */ + +static void iter_action(DICT_CACHE_SREQ *cp, DICT_CACHE *dp, VSTRING *bp) +{ + const char *cache_key; + const char *cache_val; + const char *what; + int len; + + if (dict_cache_sequence(dp, cp->first_next, &cache_key, &cache_val) == 0) { + if (strcmp(cache_key, cache_val) != 0) + msg_warn("value \"%s\" differs from key \"%s\"", + cache_val, cache_key); + len = strlen(cp->prefix); + if (strncmp(cache_key, cp->prefix, len) == 0 && cache_key[len] == '-') { + cp->done += 1; + cp->todo = cp->done + 1; /* XXX */ + if ((cp->flags & DICT_CACHE_SREQ_FLAG_PURGE) + && dict_cache_delete(dp, cache_key) != 0) { + if (dp->error) + msg_warn("purge_action: delete failed: %s: %m", STR(bp)); + else + msg_warn("purge_action: delete failed: %s", STR(bp)); + } + } + cp->first_next = DICT_SEQ_FUN_NEXT; + } else { + what = (cp->flags & DICT_CACHE_SREQ_FLAG_PURGE) ? "purge" : "count"; + if (dp->error) + msg_warn("%s error after %d: %m", what, cp->done); + else + vstream_printf("prefix=%s %s=%d\n", cp->prefix, what, cp->done); + cp->todo = 0; + } +} + + /* + * Table-driven support. + */ +typedef struct DICT_CACHE_SREQ_INFO { + const char *name; + int argc; + void (*action) (DICT_CACHE_SREQ *, DICT_CACHE *, VSTRING *); + int test_flags; + int req_flags; +} DICT_CACHE_SREQ_INFO; + +static DICT_CACHE_SREQ_INFO req_info[] = { + {"query", 3, query_action}, + {"update", 3, update_action}, + {"delete", 3, delete_action}, + {"count", 2, iter_action, DICT_CACHE_TEST_FLAG_ITER}, + {"purge", 2, iter_action, DICT_CACHE_TEST_FLAG_ITER, DICT_CACHE_SREQ_FLAG_PURGE}, + 0, +}; + +/* add_request - add a request to the list */ + +static void add_request(DICT_CACHE_TEST *tp, ARGV *argv) +{ + DICT_CACHE_SREQ_INFO *rp; + DICT_CACHE_SREQ *cp; + int req_flags; + int count; + char *cmd = argv->argv[0]; + char *prefix = (argv->argc > 1 ? argv->argv[1] : 0); + char *todo = (argv->argc > 2 ? argv->argv[2] : "1"); /* XXX */ + + if (tp->used >= tp->size) { + msg_warn("%s: request list is full", cmd); + return; + } + for (rp = req_info; /* See below */ ; rp++) { + if (rp->name == 0) { + vstream_printf("usage: %s\n", USAGE); + return; + } + if (strcmp(rp->name, argv->argv[0]) == 0 + && rp->argc == argv->argc) + break; + } + req_flags = rp->req_flags; + if (todo[0] == '-') { + req_flags |= DICT_CACHE_SREQ_FLAG_REVERSE; + todo += 1; + } + if (!alldig(todo) || (count = atoi(todo)) == 0) { + msg_warn("%s: bad count: %s", cmd, todo); + return; + } + if (tp->flags & rp->test_flags) { + msg_warn("%s: command conflicts with other command", cmd); + return; + } + tp->flags |= rp->test_flags; + cp = tp->job_list + tp->used; + cp->cmd = mystrdup(cmd); + cp->action = rp->action; + if (prefix) + cp->prefix = mystrdup(prefix); + cp->done = 0; + cp->flags = req_flags; + cp->todo = count; + tp->used += 1; +} + +/* main - main program */ + +int main(int argc, char **argv) +{ + DICT_CACHE_TEST *test_job; + VSTRING *inbuf = vstring_alloc(100); + char *bufp; + ARGV *args; + DICT_CACHE *cache = 0; + int stdin_is_tty; + + msg_vstream_init(argv[0], VSTREAM_ERR); + if (argc != 1) + usage(argv[0]); + + + test_job = create_requests(DICT_CACHE_SREQ_LIMIT); + + stdin_is_tty = isatty(0); + + for (;;) { + if (stdin_is_tty) { + vstream_printf("> "); + vstream_fflush(VSTREAM_OUT); + } + if (vstring_fgets_nonl(inbuf, VSTREAM_IN) == 0) + break; + bufp = vstring_str(inbuf); + if (!stdin_is_tty) { + vstream_printf("> %s\n", bufp); + vstream_fflush(VSTREAM_OUT); + } + if (*bufp == '#') + continue; + args = argv_split(bufp, DELIMS); + if (argc == 0) { + vstream_printf("usage: %s\n", USAGE); + vstream_fflush(VSTREAM_OUT); + continue; + } + if (strcmp(args->argv[0], "verbose") == 0 && args->argc == 2) { + msg_verbose = atoi(args->argv[1]); + } else if (strcmp(args->argv[0], "elapsed") == 0 && args->argc == 2) { + show_elapsed = atoi(args->argv[1]); +#if defined(SNAPSHOT) && defined(HAS_LMDB) + } else if (strcmp(args->argv[0], "lmdb_map_size") == 0 && args->argc == 2) { + dict_lmdb_map_size = atol(args->argv[1]); +#endif + } else if (strcmp(args->argv[0], "cache") == 0 && args->argc == 2) { + if (cache) + dict_cache_close(cache); + cache = dict_cache_open(args->argv[1], O_CREAT | O_RDWR, + DICT_CACHE_OPEN_FLAGS); + } else if (strcmp(args->argv[0], "reset") == 0 && args->argc == 1) { + reset_requests(test_job); + } else if (strcmp(args->argv[0], "run") == 0 && args->argc == 1) { + run_requests(test_job, cache, inbuf); + } else if (strcmp(args->argv[0], "status") == 0 && args->argc == 1) { + show_status(test_job, cache); + } else { + add_request(test_job, args); + } + vstream_fflush(VSTREAM_OUT); + argv_free(args); + } + + vstring_free(inbuf); + free_requests(test_job); + if (cache) + dict_cache_close(cache); + return (0); +} + +#endif diff --git a/postfix/src/util/dict_lmdb.c b/postfix/src/util/dict_lmdb.c index 0db22b937..276b6155b 100644 --- a/postfix/src/util/dict_lmdb.c +++ b/postfix/src/util/dict_lmdb.c @@ -46,7 +46,7 @@ #include -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) /* System library. */ diff --git a/postfix/src/util/dict_open.c b/postfix/src/util/dict_open.c index c8706da4e..616631413 100644 --- a/postfix/src/util/dict_open.c +++ b/postfix/src/util/dict_open.c @@ -307,7 +307,7 @@ static const DICT_OPEN_INFO dict_open_info[] = { DICT_TYPE_HASH, dict_hash_open, DICT_TYPE_BTREE, dict_btree_open, #endif -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) DICT_TYPE_LMDB, dict_lmdb_open, #endif #ifdef HAS_NIS diff --git a/postfix/src/util/slmdb.c b/postfix/src/util/slmdb.c index fcfcf4b7d..5259d3a76 100644 --- a/postfix/src/util/slmdb.c +++ b/postfix/src/util/slmdb.c @@ -187,7 +187,7 @@ /* Yorktown Heights, NY 10598, USA /*--*/ -#ifdef HAS_LMDB +#if defined(SNAPSHOT) && defined(HAS_LMDB) /* System library. */