mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.10-20250202

Browse Source
This commit is contained in:
Wietse Z Venema 2025-02-02 00:00:00 -05:00 committed by Viktor Dukhovni
parent 592931cd01
commit 70fe1107cf
34 changed files with 368 additions and 251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
postfix/HISTORY
View File

@ -28866,7 +28866,7 @@ Apologies for any names omitted.
Feature: support for the RFC 8689 "TLS-Required: no" message
header. This limits the Postfix SMTP client TLS security
level to "smtp_tls_security = may", which does not authenticate
level to "smtp_tls_security = may", which does not verify
remote SMTP server TLS certificates, and which allows falling
back to plaintext. This is needed for the delivery of
messages such as TLSRPT summaries, which should be sent
@ -28898,3 +28898,24 @@ Apologies for any names omitted.
Debug: verbose logging for the tlsrpt_wrapper functions.
File: tls/tlsrpt_wrapper.c.
20250201
Cleanup: simplified the code in cleanup_envelope_test.c.
Feature: configuration parameter "tls_required_enable
(default: yes) to control support for the "TLS-Required:
no" message header. Files: global/mail_params.[hc],
bounce/bounce.c, bounce/bounce_notify_util.c, cleanup/cleanup.c,
cleanup/cleanup_message.c, smtp/smtp.c, smtp/smtp_connect.c,
mantools/postlink.
20250202
Documentation: edited for clarity. Files: pipe/pipe.c,
proto/postconf.proto.
Debug logging: cleanup/cleanup_api.c. tls/tlsrpt_wrapper.c.
proto/TLSRPT_README.html.
Postfix 3.10 code freeze.

4
postfix/README_FILES/TLSRPT_README
View File

@ -30,8 +30,8 @@ successful and failed SMTP over TLS connections to domain example.com, and to
report those summaries via email to the specified address. Instead of mailto:,
a policy may specify an https: destination.
The high-level diagram below shows how TLS handshake success and failure events
from Postfix are collected and processed into daily summary reports.
The diagram below shows how Postfix TLS handshake success and failure events
are collected and processed into daily summary reports.
Postfix SMTP and TLSRPT client TLSRPT collector, Email or HTTP
TLS client engines -> library (linked -> fetcher, and -> delivery

6
postfix/html/TLSRPT_README.html
View File

@ -55,9 +55,9 @@ summaries of successful and failed SMTP over TLS connections to domain
specified address. Instead of <tt>mailto:</tt>, a policy may specify an
<tt>https:</tt> destination. </p>
<p> The high-level diagram below shows how TLS handshake success
and failure events from Postfix are collected and processed into
daily summary reports. </p>
<p> The diagram below shows how Postfix TLS handshake success and
failure events are collected and processed into daily summary
reports. </p>
<blockquote>

6
postfix/html/bounce.8.html
View File

@ -166,6 +166,12 @@ BOUNCE(8) BOUNCE(8)
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
Available in Postfix 3.10 and later:
<b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="files">FILES</a></b>
/var/spool/postfix/bounce/* non-delivery records
/var/spool/postfix/defer/* non-delivery records

8
postfix/html/cleanup.8.html
View File

@ -70,6 +70,7 @@ CLEANUP(8) CLEANUP(8)
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
<a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required: message header)
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -461,6 +462,13 @@ CLEANUP(8) CLEANUP(8)
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b><a name="tls_support">TLS SUPPORT</a></b>
Available in Postfix version 3.10 and later:
<b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-

6
postfix/html/defer.8.html
View File

@ -166,6 +166,12 @@ BOUNCE(8) BOUNCE(8)
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
Available in Postfix 3.10 and later:
<b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="files">FILES</a></b>
/var/spool/postfix/bounce/* non-delivery records
/var/spool/postfix/defer/* non-delivery records

7
postfix/html/lmtp.8.html
View File

@ -174,6 +174,7 @@ SMTP(8) SMTP(8)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required message header)
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -746,6 +747,8 @@ SMTP(8) SMTP(8)
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
Available in Postfix version 3.10 and later:
<b><a href="postconf.5.html#smtp_tlsrpt_enable">smtp_tlsrpt_enable</a> (no)</b>
Enable support for <a href="https://tools.ietf.org/html/rfc8460">RFC 8460</a> TLSRPT notifications.
@ -758,6 +761,10 @@ SMTP(8) SMTP(8)
reuse a previously-negotiated TLS session (there is no new
information to report).
<b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a

3
postfix/html/pipe.8.html
View File

@ -170,6 +170,7 @@ PIPE(8) PIPE(8)
as an argument by itself:
<i>Right</i>: command -f $sender -- $recipient
NOTE: DO NOT put quotes around the command, $sender, or $recipi-
ent.
@ -422,7 +423,7 @@ PIPE(8) PIPE(8)
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
ging sub-second delay values.
ging delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
The list of environment variables that a Postfix process will

17
postfix/html/postconf.5.html
View File

@ -20603,6 +20603,23 @@ gives timeout errors. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="tls_required_enable">tls_required_enable</a>
(default: yes)</b></DT><DD>
<p> Enable support for the "TLS-Required: no" message header, defined
in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>. By adding this header to a message, a sender requests
no enforcement of TLS policy. This limits the Postfix SMTP client
TLS security level to "may", that is, do not verify remote SMTP
server certificates, and fall back to plaintext if TLS is unavailable.
If a message contains a "TLS-Required: no" header, then Postfix
will add that header to a delivery status notification for that
message. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
</DD>
<DT><b><a name="tls_server_sni_maps">tls_server_sni_maps</a>

7
postfix/html/smtp.8.html
View File

@ -174,6 +174,7 @@ SMTP(8) SMTP(8)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required message header)
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -746,6 +747,8 @@ SMTP(8) SMTP(8)
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
Available in Postfix version 3.10 and later:
<b><a href="postconf.5.html#smtp_tlsrpt_enable">smtp_tlsrpt_enable</a> (no)</b>
Enable support for <a href="https://tools.ietf.org/html/rfc8460">RFC 8460</a> TLSRPT notifications.
@ -758,6 +761,10 @@ SMTP(8) SMTP(8)
reuse a previously-negotiated TLS session (there is no new
information to report).
<b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a

6
postfix/html/trace.8.html
View File

@ -166,6 +166,12 @@ BOUNCE(8) BOUNCE(8)
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
Available in Postfix 3.10 and later:
<b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="files">FILES</a></b>
/var/spool/postfix/bounce/* non-delivery records
/var/spool/postfix/defer/* non-delivery records

11
postfix/man/man5/postconf.5
View File

@ -14331,6 +14331,17 @@ Note: on OpenBSD systems specify dev:/dev/arandom when dev:/dev/urandom
gives timeout errors.
.PP
This feature is available in Postfix 2.2 and later.
.SH tls_required_enable (default: yes)
Enable support for the "TLS\-Required: no" message header, defined
in RFC 8689. By adding this header to a message, a sender requests
no enforcement of TLS policy. This limits the Postfix SMTP client
TLS security level to "may", that is, do not verify remote SMTP
server certificates, and fall back to plaintext if TLS is unavailable.
If a message contains a "TLS\-Required: no" header, then Postfix
will add that header to a delivery status notification for that
message.
.PP
This feature is available in Postfix >= 3.10.
.SH tls_server_sni_maps (default: empty)
Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the

5
postfix/man/man8/bounce.8
View File

@ -146,6 +146,11 @@ header with the original Message\-ID value.
Available in Postfix 3.7 and later:
.IP "\fBheader_from_format (standard)\fR"
The format of the Postfix\-generated \fBFrom:\fR header.
.PP
Available in Postfix 3.10 and later:
.IP "\fBtls_required_enable (yes)\fR"
Enable support for the "TLS\-Required: no" message header, defined
in RFC 8689.
.SH "FILES"
.na
.nf

10
postfix/man/man8/cleanup.8
View File

@ -78,6 +78,7 @@ RFC 2822 (Internet Message Format)
RFC 3463 (Enhanced Status Codes)
RFC 3464 (Delivery status notifications)
RFC 5322 (Internet Message Format)
RFC 8689 (TLS\-Required: message header)
.SH DIAGNOSTICS
.ad
.fi
@ -422,6 +423,15 @@ Available in Postfix version 3.2 and later:
Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
when converting UTF\-8 domain names to/from the ASCII form that is
used for DNS lookups.
.SH "TLS SUPPORT"
.na
.nf
.ad
.fi
Available in Postfix version 3.10 and later:
.IP "\fBtls_required_enable (yes)\fR"
Enable support for the "TLS\-Required: no" message header, defined
in RFC 8689.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf

3
postfix/man/man8/pipe.8
View File

@ -180,6 +180,7 @@ specify \fB$sender\fR as an argument by itself:
.nf
\fIRight\fR: command \-f $sender \-\- $recipient
.fi
.IP
NOTE: DO NOT put quotes around the command, $sender, or $recipient.
.IP
This feature is available as of Postfix 2.3.
@ -412,7 +413,7 @@ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
sub\-second delay values.
delay values.
.IP "\fBexport_environment (see 'postconf -d' output)\fR"
The list of environment variables that a Postfix process will export
to non\-Postfix processes.

7
postfix/man/man8/smtp.8
View File

@ -190,6 +190,7 @@ RFC 5321 (SMTP protocol)
RFC 6531 (Internationalized SMTP)
RFC 6533 (Internationalized Delivery Status Notifications)
RFC 7672 (SMTP security via opportunistic DANE TLS)
RFC 8689 (TLS\-Required message header)
.SH DIAGNOSTICS
.ad
.fi
@ -672,7 +673,8 @@ Available in Postfix version 3.9 and later:
.IP "\fBsmtp_tls_enable_rpk (no)\fR"
Request that remote SMTP servers send an RFC7250 raw public key
instead of an X.509 certificate.
.PP Available in Postfix version 3.10 and later:
.PP
Available in Postfix version 3.10 and later:
.IP "\fBsmtp_tlsrpt_enable (no)\fR"
Enable support for RFC 8460 TLSRPT notifications.
.IP "\fBsmtp_tlsrpt_socket_name (empty)\fR"
@ -682,6 +684,9 @@ by a local TLSRPT reporting service.
Do not report the TLSRPT status for TLS protocol handshakes
that reuse a previously\-negotiated TLS session (there is no new
information to report).
.IP "\fBtls_required_enable (yes)\fR"
Enable support for the "TLS\-Required: no" message header, defined
in RFC 8689.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf

1
postfix/mantools/postlink
View File

@ -1186,6 +1186,7 @@ while (<>) {
s;\ballow_srv_lookup_fallback\b;<a href="postconf.5.html#allow_srv_lookup_fallback">$&</a>;g;
s;\bignore_srv_lookup_error\b;<a href="postconf.5.html#ignore_srv_lookup_error">$&</a>;g;
s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g;
s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g;
# Service-defined parameters...

6
postfix/proto/TLSRPT_README.html
View File

@ -55,9 +55,9 @@ summaries of successful and failed SMTP over TLS connections to domain
specified address. Instead of <tt>mailto:</tt>, a policy may specify an
<tt>https:</tt> destination. </p>
<p> The high-level diagram below shows how TLS handshake success
and failure events from Postfix are collected and processed into
daily summary reports. </p>
<p> The diagram below shows how Postfix TLS handshake success and
failure events are collected and processed into daily summary
reports. </p>
<blockquote>

13
postfix/proto/postconf.proto
View File

@ -19473,3 +19473,16 @@ skip the full name. </p>
including the netstring encapsulation. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>
%PARAM tls_required_enable yes
<p> Enable support for the "TLS-Required: no" message header, defined
in RFC 8689. By adding this header to a message, a sender requests
no enforcement of TLS policy. This limits the Postfix SMTP client
TLS security level to "may", that is, do not verify remote SMTP
server certificates, and fall back to plaintext if TLS is unavailable.
If a message contains a "TLS-Required: no" header, then Postfix
will add that header to a delivery status notification for that
message. </p>
<p> This feature is available in Postfix &ge; 3.10. </p>

1
postfix/proto/stop.double-history
View File

@ -159,3 +159,4 @@ proto proto socketmap_table
qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c
smtp smtp_proto c smtpd smtpd c verify verify c
operations Files cleanup cleanup h cleanup cleanup_message c
proto postconf proto pipe pipe c

1
postfix/proto/stop.spell-cc
View File

@ -1857,3 +1857,4 @@ cntrl
TINYCDB
getdata
XXXSENDOPTS
xtra

5
postfix/src/bounce/bounce.c
View File

@ -134,6 +134,11 @@
/* Available in Postfix 3.7 and later:
/* .IP "\fBheader_from_format (standard)\fR"
/* The format of the Postfix-generated \fBFrom:\fR header.
/* .PP
/* Available in Postfix 3.10 and later:
/* .IP "\fBtls_required_enable (yes)\fR"
/* Enable support for the "TLS-Required: no" message header, defined
/* in RFC 8689.
/* FILES
/* /var/spool/postfix/bounce/* non-delivery records
/* /var/spool/postfix/defer/* non-delivery records

7
postfix/src/bounce/bounce_notify_util.c
View File

@ -533,6 +533,13 @@ int bounce_header(VSTREAM *bounce, BOUNCE_INFO *bounce_info,
post_mail_fprintf(bounce, "In-Reply-To: %s", STR(bounce_info->orig_msgid));
}
/*
* Trade confidentiality against availability.
*/
if (var_tls_required_enable
&& (bounce_info->sendopts & SOPT_REQUIRETLS_HEADER) != 0)
post_mail_fprintf(bounce, "TLS-Required: no");
/*
* Auto-Submitted header, as per RFC 3834.
*/

8
postfix/src/cleanup/cleanup.c
View File

@ -70,6 +70,7 @@
/* RFC 3463 (Enhanced Status Codes)
/* RFC 3464 (Delivery status notifications)
/* RFC 5322 (Internet Message Format)
/* RFC 8689 (TLS-Required: message header)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8).
@ -390,6 +391,13 @@
/* Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
/* when converting UTF-8 domain names to/from the ASCII form that is
/* used for DNS lookups.
/* TLS SUPPORT
/* .ad
/* .fi
/* Available in Postfix version 3.10 and later:
/* .IP "\fBtls_required_enable (yes)\fR"
/* Enable support for the "TLS-Required: no" message header, defined
/* in RFC 8689.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi

4
postfix/src/cleanup/cleanup_api.c
View File

@ -202,7 +202,7 @@ void cleanup_control(CLEANUP_STATE *state, int flags)
* definition.
*/
if (msg_verbose)
msg_info("cleanup flags = %s", cleanup_strflags(flags));
msg_info("client flags = %s", cleanup_strflags(flags));
if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) {
state->err_mask = CLEANUP_STAT_MASK_INCOMPLETE;
} else {
@ -211,6 +211,8 @@ void cleanup_control(CLEANUP_STATE *state, int flags)
if (state->flags & CLEANUP_FLAG_SMTPUTF8)
state->sendopts |= SMTPUTF8_FLAG_REQUESTED;
/* TODO(wietse) REQUIRETLS. */
if (msg_verbose)
msg_info("server flags = %s", cleanup_strflags(state->flags));
}
/* cleanup_flush - finish queue file */

98
postfix/src/cleanup/cleanup_envelope_test.c
View File

@ -5,7 +5,6 @@
#include <sys_defs.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h> /* ssscanf() */
#include <ctype.h>
/*
@ -20,7 +19,6 @@
/*
* Global library.
*/
#include <been_here.h>
#include <record.h>
#include <rec_type.h>
#include <cleanup_user.h>
@ -135,10 +133,8 @@ static int overrides_size_fields(const TEST_CASE *tp)
* Process the test SIZE record payload, clear some bits from the
* sendopts field, and write an all-zeroes preliminary SIZE record.
*/
VSTRING *output_stream_buf = vstring_alloc(100);
if ((state->dst = vstream_memopen(output_stream_buf, O_WRONLY)) == 0) {
msg_warn("vstream_memopen(output_stream_buf, O_WRONLY): %m");
if ((state->dst = vstream_fopen("/dev/null", O_WRONLY, 0)) == 0) {
msg_warn("vstream_fopen(\"/dev/null\", O_WRONLY, 0): %m");
return (FAIL);
}
cleanup_envelope(state, REC_TYPE_SIZE, vstring_str(input_buf),
@ -151,94 +147,50 @@ static int overrides_size_fields(const TEST_CASE *tp)
}
vstring_free(input_buf);
input_buf = 0;
/*
* Overwrite the SIZE record with an updated version that includes the
* modified sendopts field.
*/
cleanup_final(state);
if (state->errs != CLEANUP_STAT_OK) {
msg_warn("cleanup_final: got: '%s', want: '%s'",
cleanup_strerror(state->errs),
cleanup_strerror(CLEANUP_STAT_OK));
return (FAIL);
}
(void) vstream_fclose(state->dst);
state->dst = 0;
/*
* Read the final SIZE record content. This normally happens in the queue
* manager, and in the pickup daemon after a message is re-queued.
* Compare the updated state against the expected content. We expect that
* the fields for xtra_offset, data_offset, rcpt_count, qmgr_opts, and
* cont_length, are consistent with the saved CLEANUP_STATE, and we
* expect to see a specific value for the sendopts field that was
* assigned in cleanup_envelope().
*/
VSTREAM *fp;
if ((fp = vstream_memopen(output_stream_buf, O_RDONLY)) == 0) {
msg_warn("vstream_memopen(output_stream_buf, O_RDONLY): %m");
if (state->xtra_offset != saved_state.xtra_offset) {
msg_warn("state->xtra_offset: got %ld, want: %ld",
(long) state->xtra_offset, (long) saved_state.xtra_offset);
return (FAIL);
}
VSTRING *got_size_payload = vstring_alloc(VSTRING_LEN(output_stream_buf));
int got_rec_type;
if ((got_rec_type = rec_get(fp, got_size_payload, 0)) != REC_TYPE_SIZE) {
msg_warn("rec_get: got: %s, want: %s",
rec_type_name(got_rec_type), rec_type_name(REC_TYPE_SIZE));
if (state->data_offset != saved_state.data_offset) {
msg_warn("state->data_offset: got %ld, want: %ld",
(long) state->data_offset, (long) saved_state.data_offset);
return (FAIL);
}
(void) vstream_fclose(fp);
vstring_free(output_stream_buf);
/*
* Compare the stored SIZE record content against the expected content.
* We expect that the fields for data_size, data_offset, rcpt_count,
* qmgr_opts, and cont_length, are consistent with the saved
* CLEANUP_STATE, and we expect to see a specific value for the sendopts
* field that was made by cleanup_envelope().
*/
int got_conv;
long data_size, data_offset, cont_length;
int rcpt_count, qmgr_opts, sendopts;
if ((got_conv = sscanf(vstring_str(got_size_payload), "%ld %ld %d %d %ld %d",
&data_size, &data_offset, &rcpt_count, &qmgr_opts,
&cont_length, &sendopts)) != 6) {
msg_warn("sscanf SIZE record fields: got: %d, want 6", got_conv);
if (state->rcpt_count != saved_state.rcpt_count) {
msg_warn("state->rcpt_count: got: %ld, want: %ld",
(long) state->rcpt_count, (long) saved_state.rcpt_count);
return (FAIL);
}
if (data_size != saved_state.xtra_offset - saved_state.data_offset) {
msg_warn("SIZE.data_size: got %ld, want: %ld", (long) data_size,
(long) (saved_state.xtra_offset - saved_state.data_offset));
if (state->qmgr_opts != saved_state.qmgr_opts) {
msg_warn("state=>qmgr_opts: got: %d, want: %d",
state->qmgr_opts, saved_state.qmgr_opts);
return (FAIL);
}
if (data_offset != saved_state.data_offset) {
msg_warn("SIZE.data_offset: got %ld, want: %ld", (long) data_offset,
(long) saved_state.data_offset);
if (state->cont_length != saved_state.cont_length) {
msg_warn("state->cont_length: got %ld, want: %ld",
(long) state->cont_length, (long) saved_state.cont_length);
return (FAIL);
}
if (rcpt_count != saved_state.rcpt_count) {
msg_warn("SIZE.rcpt_count: got: %d, want: %d", rcpt_count,
(int) saved_state.rcpt_count);
return (FAIL);
}
if (qmgr_opts != saved_state.qmgr_opts) {
msg_warn("SIZE.qmgr_opts: got: %d, want: %d", qmgr_opts,
saved_state.qmgr_opts);
return (FAIL);
}
if (cont_length != saved_state.cont_length) {
msg_warn("SIZE.cont_length: got %ld, want: %ld", (long) cont_length,
(long) saved_state.cont_length);
return (FAIL);
}
if (sendopts != (SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED)) {
msg_warn("SIZE.sendopts: got: 0x%x, want: 0x%x",
sendopts, SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED);
if (state->sendopts != (SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED)) {
msg_warn("state->sendopts: got: 0x%x, want: 0x%x",
state->sendopts, SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED);
return (FAIL);
}
/*
* Cleanup.
*/
vstring_free(got_size_payload);
cleanup_state_free(state);
return (PASS);
}

2
postfix/src/cleanup/cleanup_message.c
View File

@ -653,7 +653,7 @@ static void cleanup_header_callback(void *context, int header_class,
if (state->hop_count == 1)
argv_add(state->auto_hdrs, vstring_str(header_buf), ARGV_END);
}
if (hdr_opts->type == HDR_TLS_REQUIRED) {
if (hdr_opts->type == HDR_TLS_REQUIRED && var_tls_required_enable) {
char *cp = vstring_str(header_buf) + strlen(hdr_opts->name) + 1;
while (ISSPACE(*cp))

5
postfix/src/global/mail_params.c
View File

@ -125,9 +125,10 @@
/* bool var_long_queue_ids;
/* bool var_daemon_open_fatal;
/* char *var_dsn_filter;
/* int var_smtputf8_enable
/* int var_smtputf8_enable;
/* int var_strict_smtputf8;
/* char *var_smtputf8_autoclass;
/* int var_tls_required_enable;
/* int var_idna2003_compat;
/* char *var_compatibility_level;
/* char *var_drop_hdrs;
@ -369,6 +370,7 @@ char *var_dsn_filter;
int var_smtputf8_enable;
int var_strict_smtputf8;
char *var_smtputf8_autoclass;
int var_tls_required_enable;
int var_idna2003_compat;
char *var_compatibility_level;
char *var_drop_hdrs;
@ -755,6 +757,7 @@ void mail_params_init()
VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable,
VAR_IDNA2003_COMPAT, DEF_IDNA2003_COMPAT, &var_idna2003_compat,
VAR_RESPECTFUL_LOGGING, DEF_RESPECTFUL_LOGGING, &var_respectful_logging,
VAR_TLSREQUIRED_ENABLE, DEF_TLSREQUIRED_ENABLE, &var_tls_required_enable,
0,
};
static const CONFIG_STR_FN_TABLE function_str_defaults[] = {

7
postfix/src/global/mail_params.h
View File

@ -4376,6 +4376,13 @@ extern char *var_smtputf8_autoclass;
#define DEF_IDNA2003_COMPAT "no"
extern int var_idna2003_compat;
/*
* REQUIRETLS support (RFC 8689).
*/
#define VAR_TLSREQUIRED_ENABLE "tls_required_enable"
#define DEF_TLSREQUIRED_ENABLE "yes"
extern int var_tls_required_enable;
/*
* Workaround for future incompatibility. Our implementation of RFC 2308
* negative reply caching relies on the promise that res_query() and

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20250131"
#define MAIL_RELEASE_DATE "20250202"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT

3
postfix/src/pipe/pipe.c
View File

@ -170,6 +170,7 @@
/* .nf
/* \fIRight\fR: command -f $sender -- $recipient
/* .fi
/* .IP
/* NOTE: DO NOT put quotes around the command, $sender, or $recipient.
/* .IP
/* This feature is available as of Postfix 2.3.
@ -390,7 +391,7 @@
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
/* sub-second delay values.
/* delay values.
/* .IP "\fBexport_environment (see 'postconf -d' output)\fR"
/* The list of environment variables that a Postfix process will export
/* to non-Postfix processes.

7
postfix/src/smtp/smtp.c
View File

@ -172,6 +172,7 @@
/* RFC 6531 (Internationalized SMTP)
/* RFC 6533 (Internationalized Delivery Status Notifications)
/* RFC 7672 (SMTP security via opportunistic DANE TLS)
/* RFC 8689 (TLS-Required message header)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8).
@ -638,7 +639,8 @@
/* .IP "\fBsmtp_tls_enable_rpk (no)\fR"
/* Request that remote SMTP servers send an RFC7250 raw public key
/* instead of an X.509 certificate.
/* .PP Available in Postfix version 3.10 and later:
/* .PP
/* Available in Postfix version 3.10 and later:
/* .IP "\fBsmtp_tlsrpt_enable (no)\fR"
/* Enable support for RFC 8460 TLSRPT notifications.
/* .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR"
@ -648,6 +650,9 @@
/* Do not report the TLSRPT status for TLS protocol handshakes
/* that reuse a previously-negotiated TLS session (there is no new
/* information to report).
/* .IP "\fBtls_required_enable (yes)\fR"
/* Enable support for the "TLS-Required: no" message header, defined
/* in RFC 8689.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi

2
postfix/src/smtp/smtp_connect.c
View File

@ -534,7 +534,7 @@ static int smtp_get_effective_tls_level(DSN_BUF *why, SMTP_STATE *state)
* the message contains a "TLS-Required: no" header, limit the level to
* TLS_LEV_MAY.
*/
else if (tls->level > TLS_LEV_NONE
else if (var_tls_required_enable && tls->level > TLS_LEV_NONE
&& (state->request->sendopts & SOPT_REQUIRETLS_HEADER)) {
tls->level = TLS_LEV_MAY;
}

16
postfix/src/util/Makefile.in
View File

@ -1391,6 +1391,14 @@ cidr_match.o: stringops.h
cidr_match.o: sys_defs.h
cidr_match.o: vbuf.h
cidr_match.o: vstring.h
clean_ascii_cntrl_space.o: check_arg.h
clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
clean_ascii_cntrl_space.o: stringops.h
clean_ascii_cntrl_space.o: sys_defs.h
clean_ascii_cntrl_space.o: vbuf.h
clean_ascii_cntrl_space.o: vstream.h
clean_ascii_cntrl_space.o: vstring.h
clean_env.o: argv.h
clean_env.o: check_arg.h
clean_env.o: clean_env.c
@ -2837,14 +2845,6 @@ trimblanks.o: sys_defs.h
trimblanks.o: trimblanks.c
trimblanks.o: vbuf.h
trimblanks.o: vstring.h
clean_ascii_cntrl_space.o: check_arg.h
clean_ascii_cntrl_space.o: stringops.h
clean_ascii_cntrl_space.o: sys_defs.h
clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
clean_ascii_cntrl_space.o: vbuf.h
clean_ascii_cntrl_space.o: vstream.h
clean_ascii_cntrl_space.o: vstring.h
unescape.o: check_arg.h
unescape.o: stringops.h
unescape.o: sys_defs.h