The high-level diagram below shows how TLS handshake success -and failure events from Postfix are collected and processed into -daily summary reports.
+The diagram below shows how Postfix TLS handshake success and +failure events are collected and processed into daily summary +reports.
diff --git a/postfix/html/bounce.8.html b/postfix/html/bounce.8.html index 212ec8f6b..695478942 100644 --- a/postfix/html/bounce.8.html +++ b/postfix/html/bounce.8.html @@ -166,6 +166,12 @@ BOUNCE(8) BOUNCE(8) header_from_format (standard) The format of the Postfix-generated From: header. + Available in Postfix 3.10 and later: + + tls_required_enable (yes) + Enable support for the "TLS-Required: no" message header, + defined in RFC 8689. + FILES /var/spool/postfix/bounce/* non-delivery records /var/spool/postfix/defer/* non-delivery records diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index ab9990bc4..655275a9e 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -70,6 +70,7 @@ CLEANUP(8) CLEANUP(8) RFC 3463 (Enhanced Status Codes) RFC 3464 (Delivery status notifications) RFC 5322 (Internet Message Format) + RFC 8689 (TLS-Required: message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8) or postlogd(8). @@ -461,29 +462,36 @@ CLEANUP(8) CLEANUP(8) IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. +TLS SUPPORT + Available in Postfix version 3.10 and later: + + tls_required_enable (yes) + Enable support for the "TLS-Required: no" message header, + defined in RFC 8689. + MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging delay values. delay_warning_time (0h) - The time after which the sender receives a copy of the message + The time after which the sender receives a copy of the message headers of mail that is still queued. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -494,7 +502,7 @@ CLEANUP(8) CLEANUP(8) The internet hostname of this mail system. myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -507,21 +515,21 @@ CLEANUP(8) CLEANUP(8) The location of the Postfix top-level queue directory. soft_bounce (no) - Safety net to keep mail queued that would otherwise be returned + Safety net to keep mail queued that would otherwise be returned to the sender. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix version 2.1 and later: enable_original_recipient (yes) - Enable support for the original recipient address after an - address is rewritten to a different address (for example with + Enable support for the original recipient address after an + address is rewritten to a different address (for example with aliasing or with canonical mapping). Available in Postfix 3.3 and later: @@ -532,14 +540,14 @@ CLEANUP(8) CLEANUP(8) Available in Postfix 3.5 and later: info_log_address_format (external) - The email address form that will be used in non-debug logging + The email address form that will be used in non-debug logging (info, warning, etc.). Available in Postfix 3.9 and later: force_mime_input_conversion (no) - Convert body content that claims to be 8-bit into quoted-print- - able, before header_checks, body_checks, Milters, and before + Convert body content that claims to be 8-bit into quoted-print- + able, before header_checks, body_checks, Milters, and before after-queue content filters. FILES diff --git a/postfix/html/defer.8.html b/postfix/html/defer.8.html index 212ec8f6b..695478942 100644 --- a/postfix/html/defer.8.html +++ b/postfix/html/defer.8.html @@ -166,6 +166,12 @@ BOUNCE(8) BOUNCE(8) header_from_format (standard) The format of the Postfix-generated From: header. + Available in Postfix 3.10 and later: + + tls_required_enable (yes) + Enable support for the "TLS-Required: no" message header, + defined in RFC 8689. + FILES /var/spool/postfix/bounce/* non-delivery records /var/spool/postfix/defer/* non-delivery records diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 3170f70ca..5c5b16847 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -174,6 +174,7 @@ SMTP(8) SMTP(8) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) RFC 7672 (SMTP security via opportunistic DANE TLS) + RFC 8689 (TLS-Required message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8) or postlogd(8). @@ -746,6 +747,8 @@ SMTP(8) SMTP(8) Request that remote SMTP servers send an RFC7250 raw public key instead of an X.509 certificate. + Available in Postfix version 3.10 and later: + smtp_tlsrpt_enable (no) Enable support for RFC 8460 TLSRPT notifications. @@ -758,41 +761,45 @@ SMTP(8) SMTP(8) reuse a previously-negotiated TLS session (there is no new information to report). + tls_required_enable (yes) + Enable support for the "TLS-Required: no" message header, + defined in RFC 8689. + OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -804,19 +811,19 @@ SMTP(8) SMTP(8) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -830,13 +837,13 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -846,17 +853,17 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -870,23 +877,23 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 - 3.6: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). Available in Postfix version 3.4 and later: @@ -897,13 +904,13 @@ SMTP(8) SMTP(8) Available in Postfix version 3.7 and later: smtp_per_request_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per plaintext or TLS read or write call, to a com- - bined time limit for sending a complete SMTP request and for + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for receiving a complete SMTP response. smtp_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for + The minimum plaintext data transfer rate in bytes/second for DATA requests, when deadlines are enabled with smtp_per_request_deadline. @@ -911,54 +918,54 @@ SMTP(8) SMTP(8) transport_destination_concurrency_limit ($default_destination_concur- rency_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_limit parameter value, where transport is the master.cf name of the message delivery transport. transport_destination_recipient_limit ($default_destination_recipi- ent_limit) A transport-specific override for the default_destination_recip- - ient_limit parameter value, where transport is the master.cf + ient_limit parameter value, where transport is the master.cf name of the message delivery transport. SMTPUTF8 CONTROLS Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. Available in Postfix version 3.2 and later: enable_idna2003_compatibility (no) - Enable 'transitional' compatibility between IDNA2003 and - IDNA2008, when converting UTF-8 domain names to/from the ASCII + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a nexthop destina- - tion, remote client or server name or network address matches a + The increment in verbose logging level when a nexthop destina- + tion, remote client or server name or network address matches a pattern given with the debug_peer_list parameter. debug_peer_list (empty) - Optional list of nexthop destination, remote client or server - name or network address patterns that, if matched, cause the - verbose logging level to increase by the amount specified in + Optional list of nexthop destination, remote client or server + name or network address patterns that, if matched, cause the + verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to - before-queue content inspection by non_smtpd_milters, + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) @@ -966,46 +973,46 @@ SMTP(8) SMTP(8) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The local network interface addresses that this mail system + The local network interface addresses that this mail system receives mail on. inet_protocols (see 'postconf -d' output) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1019,21 +1026,21 @@ SMTP(8) SMTP(8) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The remote network interface addresses that this mail system - receives mail on by way of a proxy or network address transla- + The remote network interface addresses that this mail system + receives mail on by way of a proxy or network address transla- tion unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -1053,7 +1060,7 @@ SMTP(8) SMTP(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available with Postfix 2.2 and earlier: @@ -1065,14 +1072,14 @@ SMTP(8) SMTP(8) Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay destinations that will be used when an - SMTP destination is not found, or when delivery fails due to a + Optional list of relay destinations that will be used when an + SMTP destination is not found, or when delivery fails due to a non-permanent error. Available with Postfix 3.0 and later: smtp_address_verify_target (rcpt) - In the context of email address verification, the SMTP protocol + In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. Available with Postfix 3.1 and later: @@ -1094,7 +1101,7 @@ SMTP(8) SMTP(8) Available in Postfix 3.7 and later: smtp_bind_address_enforce (no) - Defer delivery when the Postfix SMTP client cannot apply the + Defer delivery when the Postfix SMTP client cannot apply the smtp_bind_address or smtp_bind_address6 setting. SEE ALSO diff --git a/postfix/html/pipe.8.html b/postfix/html/pipe.8.html index a714cacb8..911a740eb 100644 --- a/postfix/html/pipe.8.html +++ b/postfix/html/pipe.8.html @@ -170,6 +170,7 @@ PIPE(8) PIPE(8) as an argument by itself: Right: command -f $sender -- $recipient + NOTE: DO NOT put quotes around the command, $sender, or $recipi- ent. @@ -422,7 +423,7 @@ PIPE(8) PIPE(8) delay_logging_resolution_limit (2) The maximal number of digits after the decimal point when log- - ging sub-second delay values. + ging delay values. export_environment (see 'postconf -d' output) The list of environment variables that a Postfix process will diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index b673b46c4..e67cfb18e 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -20603,6 +20603,23 @@ gives timeout errors.This feature is available in Postfix 2.2 and later.
+ + +tls_required_enable +(default: yes) + + Enable support for the "TLS-Required: no" message header, defined +in RFC 8689. By adding this header to a message, a sender requests +no enforcement of TLS policy. This limits the Postfix SMTP client +TLS security level to "may", that is, do not verify remote SMTP +server certificates, and fall back to plaintext if TLS is unavailable. +If a message contains a "TLS-Required: no" header, then Postfix +will add that header to a delivery status notification for that +message.
+ +This feature is available in Postfix ≥ 3.10.
+ +tls_server_sni_maps diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 3170f70ca..5c5b16847 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -174,6 +174,7 @@ SMTP(8) SMTP(8) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) RFC 7672 (SMTP security via opportunistic DANE TLS) + RFC 8689 (TLS-Required message header) DIAGNOSTICS Problems and transactions are logged to syslogd(8) or postlogd(8). @@ -746,6 +747,8 @@ SMTP(8) SMTP(8) Request that remote SMTP servers send an RFC7250 raw public key instead of an X.509 certificate. + Available in Postfix version 3.10 and later: + smtp_tlsrpt_enable (no) Enable support for RFC 8460 TLSRPT notifications. @@ -758,41 +761,45 @@ SMTP(8) SMTP(8) reuse a previously-negotiated TLS session (there is no new information to report). + tls_required_enable (yes) + Enable support for the "TLS-Required: no" message header, + defined in RFC 8689. + OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -804,19 +811,19 @@ SMTP(8) SMTP(8) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -830,13 +837,13 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -846,17 +853,17 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -870,23 +877,23 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 - 3.6: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). Available in Postfix version 3.4 and later: @@ -897,13 +904,13 @@ SMTP(8) SMTP(8) Available in Postfix version 3.7 and later: smtp_per_request_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per plaintext or TLS read or write call, to a com- - bined time limit for sending a complete SMTP request and for + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for receiving a complete SMTP response. smtp_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for + The minimum plaintext data transfer rate in bytes/second for DATA requests, when deadlines are enabled with smtp_per_request_deadline. @@ -911,54 +918,54 @@ SMTP(8) SMTP(8) transport_destination_concurrency_limit ($default_destination_concur- rency_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_limit parameter value, where transport is the master.cf name of the message delivery transport. transport_destination_recipient_limit ($default_destination_recipi- ent_limit) A transport-specific override for the default_destination_recip- - ient_limit parameter value, where transport is the master.cf + ient_limit parameter value, where transport is the master.cf name of the message delivery transport. SMTPUTF8 CONTROLS Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. Available in Postfix version 3.2 and later: enable_idna2003_compatibility (no) - Enable 'transitional' compatibility between IDNA2003 and - IDNA2008, when converting UTF-8 domain names to/from the ASCII + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a nexthop destina- - tion, remote client or server name or network address matches a + The increment in verbose logging level when a nexthop destina- + tion, remote client or server name or network address matches a pattern given with the debug_peer_list parameter. debug_peer_list (empty) - Optional list of nexthop destination, remote client or server - name or network address patterns that, if matched, cause the - verbose logging level to increase by the amount specified in + Optional list of nexthop destination, remote client or server + name or network address patterns that, if matched, cause the + verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to - before-queue content inspection by non_smtpd_milters, + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) @@ -966,46 +973,46 @@ SMTP(8) SMTP(8) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The local network interface addresses that this mail system + The local network interface addresses that this mail system receives mail on. inet_protocols (see 'postconf -d' output) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1019,21 +1026,21 @@ SMTP(8) SMTP(8) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The remote network interface addresses that this mail system - receives mail on by way of a proxy or network address transla- + The remote network interface addresses that this mail system + receives mail on by way of a proxy or network address transla- tion unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -1053,7 +1060,7 @@ SMTP(8) SMTP(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available with Postfix 2.2 and earlier: @@ -1065,14 +1072,14 @@ SMTP(8) SMTP(8) Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay destinations that will be used when an - SMTP destination is not found, or when delivery fails due to a + Optional list of relay destinations that will be used when an + SMTP destination is not found, or when delivery fails due to a non-permanent error. Available with Postfix 3.0 and later: smtp_address_verify_target (rcpt) - In the context of email address verification, the SMTP protocol + In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. Available with Postfix 3.1 and later: @@ -1094,7 +1101,7 @@ SMTP(8) SMTP(8) Available in Postfix 3.7 and later: smtp_bind_address_enforce (no) - Defer delivery when the Postfix SMTP client cannot apply the + Defer delivery when the Postfix SMTP client cannot apply the smtp_bind_address or smtp_bind_address6 setting. SEE ALSO diff --git a/postfix/html/trace.8.html b/postfix/html/trace.8.html index 212ec8f6b..695478942 100644 --- a/postfix/html/trace.8.html +++ b/postfix/html/trace.8.html @@ -166,6 +166,12 @@ BOUNCE(8) BOUNCE(8) header_from_format (standard) The format of the Postfix-generated From: header. + Available in Postfix 3.10 and later: + + tls_required_enable (yes) + Enable support for the "TLS-Required: no" message header, + defined in RFC 8689. + FILES /var/spool/postfix/bounce/* non-delivery records /var/spool/postfix/defer/* non-delivery records diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 46d3c24ef..060983545 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -14331,6 +14331,17 @@ Note: on OpenBSD systems specify dev:/dev/arandom when dev:/dev/urandom gives timeout errors. .PP This feature is available in Postfix 2.2 and later. +.SH tls_required_enable (default: yes) +Enable support for the "TLS\-Required: no" message header, defined +in RFC 8689. By adding this header to a message, a sender requests +no enforcement of TLS policy. This limits the Postfix SMTP client +TLS security level to "may", that is, do not verify remote SMTP +server certificates, and fall back to plaintext if TLS is unavailable. +If a message contains a "TLS\-Required: no" header, then Postfix +will add that header to a delivery status notification for that +message. +.PP +This feature is available in Postfix >= 3.10. .SH tls_server_sni_maps (default: empty) Optional lookup tables that map names received from remote SMTP clients via the TLS Server Name Indication (SNI) extension to the diff --git a/postfix/man/man8/bounce.8 b/postfix/man/man8/bounce.8 index 8581c3c1e..781eb86b2 100644 --- a/postfix/man/man8/bounce.8 +++ b/postfix/man/man8/bounce.8 @@ -146,6 +146,11 @@ header with the original Message\-ID value. Available in Postfix 3.7 and later: .IP "\fBheader_from_format (standard)\fR" The format of the Postfix\-generated \fBFrom:\fR header. +.PP +Available in Postfix 3.10 and later: +.IP "\fBtls_required_enable (yes)\fR" +Enable support for the "TLS\-Required: no" message header, defined +in RFC 8689. .SH "FILES" .na .nf diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index d1e4bf9c1..66a757838 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -78,6 +78,7 @@ RFC 2822 (Internet Message Format) RFC 3463 (Enhanced Status Codes) RFC 3464 (Delivery status notifications) RFC 5322 (Internet Message Format) +RFC 8689 (TLS\-Required: message header) .SH DIAGNOSTICS .ad .fi @@ -422,6 +423,15 @@ Available in Postfix version 3.2 and later: Enable 'transitional' compatibility between IDNA2003 and IDNA2008, when converting UTF\-8 domain names to/from the ASCII form that is used for DNS lookups. +.SH "TLS SUPPORT" +.na +.nf +.ad +.fi +Available in Postfix version 3.10 and later: +.IP "\fBtls_required_enable (yes)\fR" +Enable support for the "TLS\-Required: no" message header, defined +in RFC 8689. .SH "MISCELLANEOUS CONTROLS" .na .nf diff --git a/postfix/man/man8/pipe.8 b/postfix/man/man8/pipe.8 index 566cf89c8..770a459bc 100644 --- a/postfix/man/man8/pipe.8 +++ b/postfix/man/man8/pipe.8 @@ -180,6 +180,7 @@ specify \fB$sender\fR as an argument by itself: .nf \fIRight\fR: command \-f $sender \-\- $recipient .fi +.IP NOTE: DO NOT put quotes around the command, $sender, or $recipient. .IP This feature is available as of Postfix 2.3. @@ -412,7 +413,7 @@ How much time a Postfix daemon process may take to handle a request before it is terminated by a built\-in watchdog timer. .IP "\fBdelay_logging_resolution_limit (2)\fR" The maximal number of digits after the decimal point when logging -sub\-second delay values. +delay values. .IP "\fBexport_environment (see 'postconf -d' output)\fR" The list of environment variables that a Postfix process will export to non\-Postfix processes. diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index aa2298dfc..ee3cefc5f 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -190,6 +190,7 @@ RFC 5321 (SMTP protocol) RFC 6531 (Internationalized SMTP) RFC 6533 (Internationalized Delivery Status Notifications) RFC 7672 (SMTP security via opportunistic DANE TLS) +RFC 8689 (TLS\-Required message header) .SH DIAGNOSTICS .ad .fi @@ -672,7 +673,8 @@ Available in Postfix version 3.9 and later: .IP "\fBsmtp_tls_enable_rpk (no)\fR" Request that remote SMTP servers send an RFC7250 raw public key instead of an X.509 certificate. -.PP Available in Postfix version 3.10 and later: +.PP +Available in Postfix version 3.10 and later: .IP "\fBsmtp_tlsrpt_enable (no)\fR" Enable support for RFC 8460 TLSRPT notifications. .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR" @@ -682,6 +684,9 @@ by a local TLSRPT reporting service. Do not report the TLSRPT status for TLS protocol handshakes that reuse a previously\-negotiated TLS session (there is no new information to report). +.IP "\fBtls_required_enable (yes)\fR" +Enable support for the "TLS\-Required: no" message header, defined +in RFC 8689. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 5c59da4ee..2a6558538 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -1186,6 +1186,7 @@ while (<>) { s;\ballow_srv_lookup_fallback\b;$&;g; s;\bignore_srv_lookup_error\b;$&;g; + s;\btls_required_enable\b;$&;g; s;\bfull_name_encoding_charset\b;$&;g; # Service-defined parameters... diff --git a/postfix/proto/TLSRPT_README.html b/postfix/proto/TLSRPT_README.html index 32a3fd9db..11bdc5510 100644 --- a/postfix/proto/TLSRPT_README.html +++ b/postfix/proto/TLSRPT_README.html @@ -55,9 +55,9 @@ summaries of successful and failed SMTP over TLS connections to domain specified address. Instead of mailto:, a policy may specify an https: destination. - The high-level diagram below shows how TLS handshake success -and failure events from Postfix are collected and processed into -daily summary reports.
+The diagram below shows how Postfix TLS handshake success and +failure events are collected and processed into daily summary +reports.
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 5a06d3fb5..abb606368 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -19473,3 +19473,16 @@ skip the full name. including the netstring encapsulation.This feature is available in Postfix ≥ 3.10.
+ +%PARAM tls_required_enable yes + +Enable support for the "TLS-Required: no" message header, defined +in RFC 8689. By adding this header to a message, a sender requests +no enforcement of TLS policy. This limits the Postfix SMTP client +TLS security level to "may", that is, do not verify remote SMTP +server certificates, and fall back to plaintext if TLS is unavailable. +If a message contains a "TLS-Required: no" header, then Postfix +will add that header to a delivery status notification for that +message.
+ +This feature is available in Postfix ≥ 3.10.
diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index ef83bc3c8..15d98a3c3 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -159,3 +159,4 @@ proto proto socketmap_table qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c smtp smtp_proto c smtpd smtpd c verify verify c operations Files cleanup cleanup h cleanup cleanup_message c + proto postconf proto pipe pipe c diff --git a/postfix/proto/stop.spell-cc b/postfix/proto/stop.spell-cc index 7ecd9ce84..34e439196 100644 --- a/postfix/proto/stop.spell-cc +++ b/postfix/proto/stop.spell-cc @@ -1857,3 +1857,4 @@ cntrl TINYCDB getdata XXXSENDOPTS +xtra diff --git a/postfix/src/bounce/bounce.c b/postfix/src/bounce/bounce.c index 1567bada0..04f51553b 100644 --- a/postfix/src/bounce/bounce.c +++ b/postfix/src/bounce/bounce.c @@ -134,6 +134,11 @@ /* Available in Postfix 3.7 and later: /* .IP "\fBheader_from_format (standard)\fR" /* The format of the Postfix-generated \fBFrom:\fR header. +/* .PP +/* Available in Postfix 3.10 and later: +/* .IP "\fBtls_required_enable (yes)\fR" +/* Enable support for the "TLS-Required: no" message header, defined +/* in RFC 8689. /* FILES /* /var/spool/postfix/bounce/* non-delivery records /* /var/spool/postfix/defer/* non-delivery records diff --git a/postfix/src/bounce/bounce_notify_util.c b/postfix/src/bounce/bounce_notify_util.c index 3a077f651..f089e4c04 100644 --- a/postfix/src/bounce/bounce_notify_util.c +++ b/postfix/src/bounce/bounce_notify_util.c @@ -533,6 +533,13 @@ int bounce_header(VSTREAM *bounce, BOUNCE_INFO *bounce_info, post_mail_fprintf(bounce, "In-Reply-To: %s", STR(bounce_info->orig_msgid)); } + /* + * Trade confidentiality against availability. + */ + if (var_tls_required_enable + && (bounce_info->sendopts & SOPT_REQUIRETLS_HEADER) != 0) + post_mail_fprintf(bounce, "TLS-Required: no"); + /* * Auto-Submitted header, as per RFC 3834. */ diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index 6ef7a02d6..46b225218 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -70,6 +70,7 @@ /* RFC 3463 (Enhanced Status Codes) /* RFC 3464 (Delivery status notifications) /* RFC 5322 (Internet Message Format) +/* RFC 8689 (TLS-Required: message header) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8) /* or \fBpostlogd\fR(8). @@ -390,6 +391,13 @@ /* Enable 'transitional' compatibility between IDNA2003 and IDNA2008, /* when converting UTF-8 domain names to/from the ASCII form that is /* used for DNS lookups. +/* TLS SUPPORT +/* .ad +/* .fi +/* Available in Postfix version 3.10 and later: +/* .IP "\fBtls_required_enable (yes)\fR" +/* Enable support for the "TLS-Required: no" message header, defined +/* in RFC 8689. /* MISCELLANEOUS CONTROLS /* .ad /* .fi diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c index 60fb49a59..6a0c6dac0 100644 --- a/postfix/src/cleanup/cleanup_api.c +++ b/postfix/src/cleanup/cleanup_api.c @@ -202,7 +202,7 @@ void cleanup_control(CLEANUP_STATE *state, int flags) * definition. */ if (msg_verbose) - msg_info("cleanup flags = %s", cleanup_strflags(flags)); + msg_info("client flags = %s", cleanup_strflags(flags)); if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) { state->err_mask = CLEANUP_STAT_MASK_INCOMPLETE; } else { @@ -211,6 +211,8 @@ void cleanup_control(CLEANUP_STATE *state, int flags) if (state->flags & CLEANUP_FLAG_SMTPUTF8) state->sendopts |= SMTPUTF8_FLAG_REQUESTED; /* TODO(wietse) REQUIRETLS. */ + if (msg_verbose) + msg_info("server flags = %s", cleanup_strflags(state->flags)); } /* cleanup_flush - finish queue file */ diff --git a/postfix/src/cleanup/cleanup_envelope_test.c b/postfix/src/cleanup/cleanup_envelope_test.c index 2fa168961..eda68e110 100644 --- a/postfix/src/cleanup/cleanup_envelope_test.c +++ b/postfix/src/cleanup/cleanup_envelope_test.c @@ -5,7 +5,6 @@ #include#include #include -#include /* ssscanf() */ #include /* @@ -20,7 +19,6 @@ /* * Global library. */ -#include #include #include #include @@ -135,10 +133,8 @@ static int overrides_size_fields(const TEST_CASE *tp) * Process the test SIZE record payload, clear some bits from the * sendopts field, and write an all-zeroes preliminary SIZE record. */ - VSTRING *output_stream_buf = vstring_alloc(100); - - if ((state->dst = vstream_memopen(output_stream_buf, O_WRONLY)) == 0) { - msg_warn("vstream_memopen(output_stream_buf, O_WRONLY): %m"); + if ((state->dst = vstream_fopen("/dev/null", O_WRONLY, 0)) == 0) { + msg_warn("vstream_fopen(\"/dev/null\", O_WRONLY, 0): %m"); return (FAIL); } cleanup_envelope(state, REC_TYPE_SIZE, vstring_str(input_buf), @@ -151,94 +147,50 @@ static int overrides_size_fields(const TEST_CASE *tp) } vstring_free(input_buf); input_buf = 0; - - /* - * Overwrite the SIZE record with an updated version that includes the - * modified sendopts field. - */ - cleanup_final(state); - if (state->errs != CLEANUP_STAT_OK) { - msg_warn("cleanup_final: got: '%s', want: '%s'", - cleanup_strerror(state->errs), - cleanup_strerror(CLEANUP_STAT_OK)); - return (FAIL); - } (void) vstream_fclose(state->dst); state->dst = 0; /* - * Read the final SIZE record content. This normally happens in the queue - * manager, and in the pickup daemon after a message is re-queued. + * Compare the updated state against the expected content. We expect that + * the fields for xtra_offset, data_offset, rcpt_count, qmgr_opts, and + * cont_length, are consistent with the saved CLEANUP_STATE, and we + * expect to see a specific value for the sendopts field that was + * assigned in cleanup_envelope(). */ - VSTREAM *fp; - - if ((fp = vstream_memopen(output_stream_buf, O_RDONLY)) == 0) { - msg_warn("vstream_memopen(output_stream_buf, O_RDONLY): %m"); + if (state->xtra_offset != saved_state.xtra_offset) { + msg_warn("state->xtra_offset: got %ld, want: %ld", + (long) state->xtra_offset, (long) saved_state.xtra_offset); return (FAIL); } - VSTRING *got_size_payload = vstring_alloc(VSTRING_LEN(output_stream_buf)); - int got_rec_type; - - if ((got_rec_type = rec_get(fp, got_size_payload, 0)) != REC_TYPE_SIZE) { - msg_warn("rec_get: got: %s, want: %s", - rec_type_name(got_rec_type), rec_type_name(REC_TYPE_SIZE)); + if (state->data_offset != saved_state.data_offset) { + msg_warn("state->data_offset: got %ld, want: %ld", + (long) state->data_offset, (long) saved_state.data_offset); return (FAIL); } - (void) vstream_fclose(fp); - vstring_free(output_stream_buf); - - /* - * Compare the stored SIZE record content against the expected content. - * We expect that the fields for data_size, data_offset, rcpt_count, - * qmgr_opts, and cont_length, are consistent with the saved - * CLEANUP_STATE, and we expect to see a specific value for the sendopts - * field that was made by cleanup_envelope(). - */ - int got_conv; - long data_size, data_offset, cont_length; - int rcpt_count, qmgr_opts, sendopts; - - if ((got_conv = sscanf(vstring_str(got_size_payload), "%ld %ld %d %d %ld %d", - &data_size, &data_offset, &rcpt_count, &qmgr_opts, - &cont_length, &sendopts)) != 6) { - msg_warn("sscanf SIZE record fields: got: %d, want 6", got_conv); + if (state->rcpt_count != saved_state.rcpt_count) { + msg_warn("state->rcpt_count: got: %ld, want: %ld", + (long) state->rcpt_count, (long) saved_state.rcpt_count); return (FAIL); } - if (data_size != saved_state.xtra_offset - saved_state.data_offset) { - msg_warn("SIZE.data_size: got %ld, want: %ld", (long) data_size, - (long) (saved_state.xtra_offset - saved_state.data_offset)); + if (state->qmgr_opts != saved_state.qmgr_opts) { + msg_warn("state=>qmgr_opts: got: %d, want: %d", + state->qmgr_opts, saved_state.qmgr_opts); return (FAIL); } - if (data_offset != saved_state.data_offset) { - msg_warn("SIZE.data_offset: got %ld, want: %ld", (long) data_offset, - (long) saved_state.data_offset); + if (state->cont_length != saved_state.cont_length) { + msg_warn("state->cont_length: got %ld, want: %ld", + (long) state->cont_length, (long) saved_state.cont_length); return (FAIL); } - if (rcpt_count != saved_state.rcpt_count) { - msg_warn("SIZE.rcpt_count: got: %d, want: %d", rcpt_count, - (int) saved_state.rcpt_count); - return (FAIL); - } - if (qmgr_opts != saved_state.qmgr_opts) { - msg_warn("SIZE.qmgr_opts: got: %d, want: %d", qmgr_opts, - saved_state.qmgr_opts); - return (FAIL); - } - if (cont_length != saved_state.cont_length) { - msg_warn("SIZE.cont_length: got %ld, want: %ld", (long) cont_length, - (long) saved_state.cont_length); - return (FAIL); - } - if (sendopts != (SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED)) { - msg_warn("SIZE.sendopts: got: 0x%x, want: 0x%x", - sendopts, SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED); + if (state->sendopts != (SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED)) { + msg_warn("state->sendopts: got: 0x%x, want: 0x%x", + state->sendopts, SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED); return (FAIL); } /* * Cleanup. */ - vstring_free(got_size_payload); cleanup_state_free(state); return (PASS); } diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index b9a7e9360..cdff5bf05 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -653,7 +653,7 @@ static void cleanup_header_callback(void *context, int header_class, if (state->hop_count == 1) argv_add(state->auto_hdrs, vstring_str(header_buf), ARGV_END); } - if (hdr_opts->type == HDR_TLS_REQUIRED) { + if (hdr_opts->type == HDR_TLS_REQUIRED && var_tls_required_enable) { char *cp = vstring_str(header_buf) + strlen(hdr_opts->name) + 1; while (ISSPACE(*cp)) diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index 5147c0915..5d2171d0a 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -125,9 +125,10 @@ /* bool var_long_queue_ids; /* bool var_daemon_open_fatal; /* char *var_dsn_filter; -/* int var_smtputf8_enable +/* int var_smtputf8_enable; /* int var_strict_smtputf8; /* char *var_smtputf8_autoclass; +/* int var_tls_required_enable; /* int var_idna2003_compat; /* char *var_compatibility_level; /* char *var_drop_hdrs; @@ -369,6 +370,7 @@ char *var_dsn_filter; int var_smtputf8_enable; int var_strict_smtputf8; char *var_smtputf8_autoclass; +int var_tls_required_enable; int var_idna2003_compat; char *var_compatibility_level; char *var_drop_hdrs; @@ -755,6 +757,7 @@ void mail_params_init() VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable, VAR_IDNA2003_COMPAT, DEF_IDNA2003_COMPAT, &var_idna2003_compat, VAR_RESPECTFUL_LOGGING, DEF_RESPECTFUL_LOGGING, &var_respectful_logging, + VAR_TLSREQUIRED_ENABLE, DEF_TLSREQUIRED_ENABLE, &var_tls_required_enable, 0, }; static const CONFIG_STR_FN_TABLE function_str_defaults[] = { diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 253929319..8b54490f5 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -4376,6 +4376,13 @@ extern char *var_smtputf8_autoclass; #define DEF_IDNA2003_COMPAT "no" extern int var_idna2003_compat; + /* + * REQUIRETLS support (RFC 8689). + */ +#define VAR_TLSREQUIRED_ENABLE "tls_required_enable" +#define DEF_TLSREQUIRED_ENABLE "yes" +extern int var_tls_required_enable; + /* * Workaround for future incompatibility. Our implementation of RFC 2308 * negative reply caching relies on the promise that res_query() and diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index e52be6f07..825bcae3d 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20250131" +#define MAIL_RELEASE_DATE "20250202" #define MAIL_VERSION_NUMBER "3.10" #ifdef SNAPSHOT diff --git a/postfix/src/pipe/pipe.c b/postfix/src/pipe/pipe.c index ffc30301b..58ff5e0e7 100644 --- a/postfix/src/pipe/pipe.c +++ b/postfix/src/pipe/pipe.c @@ -170,7 +170,8 @@ /* .nf /* \fIRight\fR: command -f $sender -- $recipient /* .fi -/* NOTE: DO NOT put quotes around the command, $sender, or $recipient. +/* .IP +/* NOTE: DO NOT put quotes around the command, $sender, or $recipient. /* .IP /* This feature is available as of Postfix 2.3. /* .IP "\fBsize\fR=\fIsize_limit\fR (optional)" @@ -390,7 +391,7 @@ /* request before it is terminated by a built-in watchdog timer. /* .IP "\fBdelay_logging_resolution_limit (2)\fR" /* The maximal number of digits after the decimal point when logging -/* sub-second delay values. +/* delay values. /* .IP "\fBexport_environment (see 'postconf -d' output)\fR" /* The list of environment variables that a Postfix process will export /* to non-Postfix processes. diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index b1db77063..38b3771d4 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -172,6 +172,7 @@ /* RFC 6531 (Internationalized SMTP) /* RFC 6533 (Internationalized Delivery Status Notifications) /* RFC 7672 (SMTP security via opportunistic DANE TLS) +/* RFC 8689 (TLS-Required message header) /* DIAGNOSTICS /* Problems and transactions are logged to \fBsyslogd\fR(8) /* or \fBpostlogd\fR(8). @@ -638,7 +639,8 @@ /* .IP "\fBsmtp_tls_enable_rpk (no)\fR" /* Request that remote SMTP servers send an RFC7250 raw public key /* instead of an X.509 certificate. -/* .PP Available in Postfix version 3.10 and later: +/* .PP +/* Available in Postfix version 3.10 and later: /* .IP "\fBsmtp_tlsrpt_enable (no)\fR" /* Enable support for RFC 8460 TLSRPT notifications. /* .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR" @@ -648,6 +650,9 @@ /* Do not report the TLSRPT status for TLS protocol handshakes /* that reuse a previously-negotiated TLS session (there is no new /* information to report). +/* .IP "\fBtls_required_enable (yes)\fR" +/* Enable support for the "TLS-Required: no" message header, defined +/* in RFC 8689. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi diff --git a/postfix/src/smtp/smtp_connect.c b/postfix/src/smtp/smtp_connect.c index e71e68c4b..2bfff1c93 100644 --- a/postfix/src/smtp/smtp_connect.c +++ b/postfix/src/smtp/smtp_connect.c @@ -534,7 +534,7 @@ static int smtp_get_effective_tls_level(DSN_BUF *why, SMTP_STATE *state) * the message contains a "TLS-Required: no" header, limit the level to * TLS_LEV_MAY. */ - else if (tls->level > TLS_LEV_NONE + else if (var_tls_required_enable && tls->level > TLS_LEV_NONE && (state->request->sendopts & SOPT_REQUIRETLS_HEADER)) { tls->level = TLS_LEV_MAY; } diff --git a/postfix/src/util/Makefile.in b/postfix/src/util/Makefile.in index 7df6ffd94..32ad7fa34 100644 --- a/postfix/src/util/Makefile.in +++ b/postfix/src/util/Makefile.in @@ -1391,6 +1391,14 @@ cidr_match.o: stringops.h cidr_match.o: sys_defs.h cidr_match.o: vbuf.h cidr_match.o: vstring.h +clean_ascii_cntrl_space.o: check_arg.h +clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c +clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h +clean_ascii_cntrl_space.o: stringops.h +clean_ascii_cntrl_space.o: sys_defs.h +clean_ascii_cntrl_space.o: vbuf.h +clean_ascii_cntrl_space.o: vstream.h +clean_ascii_cntrl_space.o: vstring.h clean_env.o: argv.h clean_env.o: check_arg.h clean_env.o: clean_env.c @@ -2837,14 +2845,6 @@ trimblanks.o: sys_defs.h trimblanks.o: trimblanks.c trimblanks.o: vbuf.h trimblanks.o: vstring.h -clean_ascii_cntrl_space.o: check_arg.h -clean_ascii_cntrl_space.o: stringops.h -clean_ascii_cntrl_space.o: sys_defs.h -clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c -clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h -clean_ascii_cntrl_space.o: vbuf.h -clean_ascii_cntrl_space.o: vstream.h -clean_ascii_cntrl_space.o: vstring.h unescape.o: check_arg.h unescape.o: stringops.h unescape.o: sys_defs.h