mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00
Code Issues Releases Wiki Activity

postfix-3.11-20250709-nonprod

Browse Source
This commit is contained in:
Wietse Z Venema 2025-07-09 00:00:00 -05:00 committed by Viktor Dukhovni
parent fcc88c9a9c
commit 7703d1e5b0
69 changed files with 2596 additions and 511 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
postfix/.indent.pro vendored
View File

@ -307,7 +307,6 @@
-TRESPONSE -TRESPONSE
-TREST_TABLE -TREST_TABLE
-TRES_CONTEXT -TRES_CONTEXT
-TRING
-TRWR_CONTEXT -TRWR_CONTEXT
-TSCACHE -TSCACHE
-TSCACHE_CLNT -TSCACHE_CLNT

450
postfix/.indent.pro.orig vendored Normal file
View File

@ -0,0 +1,450 @@
-TABOUNCE_STATE
-TADDR_MATCH_LIST
-TADDR_PATTERN
-TALIAS_TOKEN
-TANVIL_CLNT
-TANVIL_LOCAL
-TANVIL_MAX
-TANVIL_REMOTE
-TANVIL_REQ_TABLE
-TARGV
-TASN1_INTEGER
-TASN1_OBJECT
-TATTR_CLNT
-TATTR_OVER_INT
-TATTR_OVER_STR
-TATTR_OVER_TIME
-TATTR_TABLE
-TAUTHORITY_KEYID
-TAUTO_CLNT
-TBH_TABLE
-TBINATTR
-TBINATTR_INFO
-TBINHASH
-TBINHASH_INFO
-TBIO
-TBOUNCE_INFO
-TBOUNCE_LOG
-TBOUNCE_LOG_DSN_BUF
-TBOUNCE_LOG_FORGE
-TBOUNCE_LOG_RCPT_BUF
-TBOUNCE_STAT
-TBOUNCE_STR_PARAMETER
-TBOUNCE_TEMPLATE
-TBOUNCE_TEMPLATES
-TBOUNCE_TIME_DIVISOR
-TBOUNCE_TIME_PARAMETER
-TBYTE_MASK
-TCFG_PARSER
-TCIDR_MATCH
-TCLEANUP_REGION
-TCLEANUP_STATE
-TCLEANUP_STAT_DETAIL
-TCLIENT_LIST
-TCLNT_STREAM
-TCONFIG_BOOL_FN_TABLE
-TCONFIG_BOOL_TABLE
-TCONFIG_INT_FN_TABLE
-TCONFIG_INT_TABLE
-TCONFIG_LONG_FN_TABLE
-TCONFIG_LONG_TABLE
-TCONFIG_NBOOL_FN_TABLE
-TCONFIG_NBOOL_TABLE
-TCONFIG_NCODE_TABLE
-TCONFIG_NINT_FN_TABLE
-TCONFIG_NINT_TABLE
-TCONFIG_RAW_FN_TABLE
-TCONFIG_RAW_TABLE
-TCONFIG_STR_FN_TABLE
-TCONFIG_STR_TABLE
-TCONFIG_TIME_FN_TABLE
-TCONFIG_TIME_TABLE
-TCONST_CHAR_STAR
-TCRYPTO_EX_DATA
-TCTABLE
-TCTABLE_ENTRY
-TDB_COMMON_CTX
-TDELIVERED_HDR_INFO
-TDELIVER_ATTR
-TDELIVER_REQUEST
-TDELTA_TIME
-TDICT
-TDICT_CACHE
-TDICT_CACHE_SREQ
-TDICT_CACHE_SREQ_INFO
-TDICT_CACHE_TEST
-TDICT_CDBM
-TDICT_CDBQ
-TDICT_CIDR
-TDICT_CIDR_ENTRY
-TDICT_DB
-TDICT_DBM
-TDICT_DEBUG
-TDICT_ENV
-TDICT_FAIL
-TDICT_FINAL_WRAPPER
-TDICT_HT
-TDICT_INLINE
-TDICT_LDAP
-TDICT_LMDB
-TDICT_MC
-TDICT_MONGODB
-TDICT_MYSQL
-TDICT_NI
-TDICT_NIS
-TDICT_NISPLUS
-TDICT_NODE
-TDICT_OPEN_EXTEND_FN
-TDICT_OPEN_FN
-TDICT_OPEN_INFO
-TDICT_OWNER
-TDICT_PCRE
-TDICT_PCRE_ENGINE
-TDICT_PCRE_EXPAND_CONTEXT
-TDICT_PCRE_IF_RULE
-TDICT_PCRE_MATCH_RULE
-TDICT_PCRE_PRESCAN_CONTEXT
-TDICT_PCRE_REGEXP
-TDICT_PCRE_RULE
-TDICT_PGSQL
-TDICT_PIPE
-TDICT_PROXY
-TDICT_RAND
-TDICT_RANDOM
-TDICT_REGEXP
-TDICT_REGEXP_EXPAND_CONTEXT
-TDICT_REGEXP_IF_RULE
-TDICT_REGEXP_MATCH_RULE
-TDICT_REGEXP_PATTERN
-TDICT_REGEXP_PRESCAN_CONTEXT
-TDICT_REGEXP_RULE
-TDICT_SDBM
-TDICT_SOCKMAP
-TDICT_SOCKMAP_REFC_HANDLE
-TDICT_SQLITE
-TDICT_STATIC
-TDICT_SURROGATE
-TDICT_TCP
-TDICT_TEXT
-TDICT_THASH
-TDICT_UNION
-TDICT_UNIX
-TDICT_UTF8_BACKUP
-TDICT_WRAPPER
-TDNS_FIXED
-TDNS_REPLY
-TDNS_RR
-TDOMAIN_LIST
-TDSN
-TDSN_BUF
-TDSN_FILTER
-TDSN_SPLIT
-TDSN_STAT
-TDYMAP_INFO
-TEC_GROUP
-TEC_KEY
-TEDIT_FILE
-TEVENT_MASK
-TEVP_CIPHER_CTX
-TEVP_MAC_CTX
-TEVP_MD
-TEVP_MD_CTX
-TEVP_PKEY
-TEXPAND_ATTR
-TFILE
-TFORWARD_INFO
-THBC_ACTION_CALL_BACKS
-THBC_CALL_BACKS
-THBC_CHECKS
-THBC_MAP_INFO
-THBC_OUTPUT_CALL_BACKS
-THBC_TEST_CONTEXT
-THEADER_OPTS
-THEADER_TOKEN
-THMAC_CTX
-THOST
-THTABLE
-THTABLE_INFO
-TINET_ADDR_LIST
-TINET_ADDR_SIZES
-TINET_PROTO_INFO
-TINSTANCE
-TINST_SELECTION
-TINT32_TYPE
-TINTV
-TINT_TABLE
-TJMP_BUF_WRAPPER
-TLDAP
-TLDAPMessage
-TLDAPURLDesc
-TLDAP_CONN
-TLIB_DP
-TLIB_FN
-TLMTP_ATTR
-TLMTP_RESP
-TLMTP_SESSION
-TLMTP_STATE
-TLOCAL_EXP
-TLOCAL_STATE
-TLOGIN_SENDER_MATCH
-TLOGWRITER
-TLONG_NAME_MASK
-TMAC_EXP_CONTEXT
-TMAC_EXP_OP_INFO
-TMAC_HEAD
-TMAC_PARSE
-TMAIL_ADDR_FORMATTER
-TMAIL_ADDR_MAP_TEST
-TMAIL_PRINT
-TMAIL_SCAN
-TMAIL_STREAM
-TMAIL_VERSION
-TMAI_HOSTADDR_STR
-TMAI_HOSTNAME_STR
-TMAI_SERVNAME_STR
-TMAI_SERVPORT_STR
-TMAPS
-TMAP_SEARCH
-TMASTER_INT_WATCH
-TMASTER_PROC
-TMASTER_SERV
-TMASTER_STATUS
-TMASTER_STR_WATCH
-TMATCH_LIST
-TMATCH_OPS
-TMBLOCK
-TMBOX
-TMDB_env
-TMDB_txn
-TMDB_val
-TMILTER
-TMILTER8
-TMILTERS
-TMILTER_MACROS
-TMILTER_MSG_CONTEXT
-TMIME_ENCODING
-TMIME_INFO
-TMIME_STACK
-TMIME_STATE
-TMIME_STATE_DETAIL
-TMIME_TOKEN
-TMKMAP
-TMKMAP_DB
-TMKMAP_DBM
-TMKMAP_OPEN_EXTEND_FN
-TMKMAP_OPEN_FN
-TMKMAP_OPEN_INFO
-TMKMAP_SDBM
-TMSG_STATS
-TMULTI_SERVER
-TMVECT
-TMYSQL
-TMYSQL_NAME
-TMYSQL_RES
-TNAMADR_LIST
-TNAME_ASSIGNMENT
-TNAME_CODE
-TNAME_MASK
-TNBBIO
-TNVTABLE_INFO
-TOPTIONS
-TOSSL_DGST
-TPCF_DBMS_INFO
-TPCF_DEPR_PARAM_INFO
-TPCF_EVAL_CTX
-TPCF_MASTER_EDIT_REQ
-TPCF_MASTER_ENT
-TPCF_MASTER_FLD_REQ
-TPCF_PARAM_CTX
-TPCF_PARAM_NODE
-TPCF_PARAM_TABLE
-TPCF_SERVICE_DEF
-TPCF_SERVICE_PATTERN
-TPCF_STRING_NV
-TPEER_FROM_HAPROXY_CASE
-TPEER_FROM_NON_SOCKET_CASE
-TPEER_FROM_PASS_ATTR_CASE
-TPEER_FROM_UNCONN_SOCKET_CASE
-TPEER_NAME
-TPGSQL_NAME
-TPICKUP_INFO
-TPIPE_ATTR
-TPIPE_PARAMS
-TPIPE_STATE
-TPLMYSQL
-TPLPGSQL
-TPOSTMAP_KEY_STATE
-TPOST_MAIL_FCLOSE_STATE
-TPOST_MAIL_STATE
-TPRIVATE_STR_TABLE
-TPSC_CALL_BACK_ENTRY
-TPSC_CLIENT_INFO
-TPSC_DNSBL_HEAD
-TPSC_DNSBL_SCORE
-TPSC_DNSBL_SITE
-TPSC_ENDPT_LOOKUP_INFO
-TPSC_HAPROXY_STATE
-TPSC_SMTPD_COMMAND
-TPSC_STARTTLS
-TPSC_STATE
-TQMGR_ENTRY
-TQMGR_FEEDBACK
-TQMGR_JOB
-TQMGR_MESSAGE
-TQMGR_PEER
-TQMGR_QUEUE
-TQMGR_RCPT
-TQMGR_RCPT_LIST
-TQMGR_RECIPIENT
-TQMGR_SCAN
-TQMGR_TRANSPORT
-TQMQPD_STATE
-TRCPT_BUF
-TRECIPIENT
-TRECIPIENT_LIST
-TREC_TYPE_NAME
-TRESOLVE_REPLY
-TRESPONSE
-TREST_TABLE
-TRES_CONTEXT
-TRWR_CONTEXT
-TSCACHE
-TSCACHE_CLNT
-TSCACHE_MULTI
-TSCACHE_MULTI_DEST
-TSCACHE_MULTI_ENDP
-TSCACHE_MULTI_HEAD
-TSCACHE_SINGLE
-TSCACHE_SINGLE_DEST
-TSCACHE_SINGLE_ENDP
-TSCACHE_SIZE
-TSCAN_DIR
-TSCAN_INFO
-TSCAN_OBJ
-TSENDER_LOGIN_MATCH
-TSERVER_AC
-TSESSION
-TSHARED_PATH
-TSINGLE_SERVER
-TSINK_COMMAND
-TSINK_STATE
-TSLMDB
-TSMFICTX
-TSMTPD_CMD
-TSMTPD_DEFER
-TSMTPD_ENDPT_LOOKUP_INFO
-TSMTPD_POLICY_CLNT
-TSMTPD_PROXY
-TSMTPD_RBL_EXPAND_CONTEXT
-TSMTPD_RBL_STATE
-TSMTPD_RCPTMAP_ST
-TSMTPD_STATE
-TSMTPD_TOKEN
-TSMTPD_XFORWARD_ATTR
-TSMTP_ADDR
-TSMTP_CLI_ATTR
-TSMTP_CMD
-TSMTP_ITERATOR
-TSMTP_RESP
-TSMTP_SASL_AUTH_CACHE
-TSMTP_SESSION
-TSMTP_STATE
-TSMTP_TLS_POLICY
-TSMTP_TLS_SESS
-TSMTP_TLS_SITE_POLICY
-TSM_STATE
-TSOCKADDR_SIZE
-TSPAWN_ATTR
-TSSL
-TSSL_CTX
-TSSL_SESSION
-TSTATE
-TSTRING_LIST
-TSTRING_TABLE
-TSYS_EXITS_DETAIL
-TTEST_BASE
-TTEST_CASE
-TTLSMGR_SCACHE
-TTLSP_STATE
-TTLSRPT_WRAPPER
-TTLS_APPL_STATE
-TTLS_CERTS
-TTLS_CLIENT_INIT_PROPS
-TTLS_CLIENT_PARAMS
-TTLS_CLIENT_START_PROPS
-TTLS_DANE
-TTLS_PKEYS
-TTLS_PRNG_SEED_INFO
-TTLS_PRNG_SRC
-TTLS_ROLE
-TTLS_SCACHE
-TTLS_SCACHE_ENTRY
-TTLS_SERVER_INIT_PROPS
-TTLS_SERVER_START_PROPS
-TTLS_SESS_STATE
-TTLS_TICKET_KEY
-TTLS_TLSA
-TTLS_USAGE
-TTLS_VINFO
-TTLScontext_t
-TTOK822
-TTRANSPORT_INFO
-TTRIGGER_SERVER
-TUSER_ATTR
-TVBUF
-TVSTREAM
-TVSTREAM_POPEN_ARGS
-TVSTRING
-TWAIT_STATUS_T
-TWATCHDOG
-TWATCH_FD
-TX509
-TX509V3_CTX
-TX509_EXTENSION
-TX509_NAME
-TX509_STORE_CTX
-TXSASL_CLIENT
-TXSASL_CLIENT_CREATE_ARGS
-TXSASL_CLIENT_IMPL
-TXSASL_CLIENT_IMPL_INFO
-TXSASL_CYRUS_CB
-TXSASL_CYRUS_CLIENT
-TXSASL_CYRUS_ERROR_INFO
-TXSASL_CYRUS_SERVER
-TXSASL_DCSRV_MECH
-TXSASL_DOVECOT_SERVER
-TXSASL_DOVECOT_SERVER_IMPL
-TXSASL_DOVECOT_SERVER_MECHS
-TXSASL_SERVER
-TXSASL_SERVER_CREATE_ARGS
-TXSASL_SERVER_IMPL
-TXSASL_SERVER_IMPL_INFO
-Tbind_props
-Tbson_iter_t
-Tcipher_probe_t
-Td2i_X509_t
-Tdane_digest
-Tdane_mtype
-Tfilter_ctx
-Tgeneral_name_stack_t
-Tiana_digest
-Toff_t
-Tpem_load_state_t
-Tregex_t
-Tregmatch_t
-Tsasl_conn_t
-Tsasl_secret_t
-Tsfsistat
-Tsigset_t
-Tsize_t
-Tsockaddr
-Tsockaddr_storage
-Tssize_t
-Tssl_cipher_stack_t
-Tssl_comp_stack_t
-Ttime_t
-Ttlsa_filter
-Tuint16_t
-Tuint32_t
-Tuint8_t
-Tx509_stack_t

136
postfix/HISTORY
View File

@ -29345,3 +29345,139 @@ Apologies for any names omitted.
Cleanup: simplified the rule parser in global/server_acl.c. Cleanup: simplified the rule parser in global/server_acl.c.
Unbroke dict_debug Valgrind checks. File: util/dict_debug_test.sh. Unbroke dict_debug Valgrind checks. File: util/dict_debug_test.sh.
Baseline is postfix-3.11-20250709
NONPROD CODE
Feature: support for the REQUIRETLS verb in SMTP. According
to RFC 8689, this requires TLS server certificate matching.
Files: cleanup/cleanup_api.c, global/cleanup_strflags.c,
global/post_mail.c, global/post_mail.c, global/ehlo_mask.[hc],
global/ehlo_mask_test.c, local/forward.c, smtpd/smtpd.c,
smtp/smtp_connect.c, smtp/smtp_proto.c.
Added a configuration parameter "requiretls_enable" (default:
yes). Files: cleanup/cleanup_api.c, global/cleanup_strflags.c,
global/post_mail.c, global/post_mail.c, global/ehlo_mask.[hc],
global/ehlo_mask_test.c, local/forward.c, smtpd/smtpd.c,
smtp/smtp_connect.c, smtp/smtp_proto.c.
After a certificate check fails, or a remote SMTP server
does not announce REQUIRETLS support, the Postfix SMTP
client will override the RFC 8689 5.x.x. status and treat
it as a soft error, until there are no more alternate MX
servers to try. Files: smtp/smtp.h, smtp/smtp_proto.c,
smtp/smtp_trouble.c.
When a message received with REQUIRETLS is returned in a
delivery status notification, return the message headers
only, and do not request delivery with REQUIRETLS. Files:
bounce/bounce_notify_service.c, bounce/bounce_one_service.c,
bounce/bounce_trace_service.c, bounce/bounce_verp_service.c,
bounce/bounce_warn_service.c.
Completed: new Postfix sendmail command option "-O requiretls"
to request that deliveries over SMTP use the REQUIRETLS
extension. The option value "requiretls" is case-insensitive.
Files: sendmail/sendmail.c, global/rec_types.h, pickup/pickup.c.
Cleanup: new Postfix sendmail command option "-O smtputf8"
to request that deliveries over SMTP use the SMTPUTF8
extension. This reuses logic that was introduced for
REQUIRETLS. The option value "smtputf8" is case-insensitive.
Files: sendmail/sendmail.c.
Cleanup: when message delivery requires that a remote SMTP
server supports SMTPUTF8, try multiple MX servers before
returning a message as undeliverable. This reuses logic
that was introduced for REQUIRETLS. File: smtp/smtp_proto.c.
Completed: support in the pipe(8) daemon to propagate
REQUIRETLS through post-queue content filters that pass
filtered mail to the Postfix sendmail(1) command. This
involves a new a pipe(8) macro ${requiretls} that expands
into a suitable sendmail(1) command-line option. A more
secretive alternative would be to pass the info with a
REQUIRETLS environment variable, but that would require
change to the default import_environment setting. Files:
pipe/pipe.c, sendmail/sendmail.c.
Completed: the SMTP/LMTP client with "flags=X" will not
require REQUIRETLS support in the final server. Files:
smtp/smtp.c, smtp/smtp_proto.c.
Completed: REQUIRETLS support can be disabled in the Postfix
SMTP/LMTP client with "{ -o requiretls_enable = no }". This
is recommended for a perimeter MTA that hands off mail to
internal servers that may not support REQUIRETLS.
Completed: smtp_enforce_requiretls list of next-hop domains
(or UNIX-domain pathnames) that are ready for REQUIRETLS
enforcement. This may help with gradual adoption.
TODO
Encapsulate the sendopts-to-cleanup-flags mapping.
Postfix sendmail -O TlsRequired option?
What REQUIRETLS expectations can we enforce when delivering
over a UNIX-domain channel? The SMTP/LMTP client currently
implements the same behavior as for TCP, except that
opportunistic TLS is converted into 'none'.
Document how REQUIRETLS works (or does not) with external
content filters.
- REQUIRETLS will not affect Milter-based content filters,
assuming that they don't expose message content via some
side channel.
- REQUIRETLS can work with smtpd_proxy_filter as long as
- the Postfix SMTP server passes the entire Postfix SMTP
client's MAIL FROM command line through the filter to
the Postfix SMTP server after the proxy filter,
- the post-filter Postfix SMTP server allows REQUIRETLS
in a plaintext session.
The Postfix proxy filter client does not need to require
REQUIRETLS (or SMTPUTF8) announcements in the filter's
EHLO response.
- REQUIRETLS can work with a local SMTP-based after-queue
content filters as long as
- the filter announces REQUIRETLS in the EHLO response
(this could be 'always', or copied from the after-filter
Postfix SMTP server's EHLO response),
- the filter passes the entire MAIL FROM command from the
before-filter Postfix SMTP client to the after-filter
Postfix SMTP server,
- the post-filter Postfix SMTP server allows MAIL FROM
with REQUIRETLS in a plaintext session.
Apart from that, the content filter does not need to
'know' that REQUIRETLS is active (assuming that it does
not leak message content through some side channel.
- REQUIRETLS can work with pipe(8)-filter-sendmail(1)
after-queue content filters, by specifying a pipe(8) macro
${requiretls} which expands to a suitable sendmail(1)
command-line option. Maybe we can also make this work
with a REQUIRETLS environment variable (requires change
to the (Postfix sendmail) import_environment list.
- The Postfix LMTP client when run with the -X option will
not require that the LMTP server announces REQUIRETLS
support.
- Perimeter MTA configuration: disable REQUIRETLS (or
REQUIRETLS enforcement) on the inbound relay transport
when internal infrastructure may not be suitable for
REQUIRETLS enforcement.
If a message contains "TLS-Required: no", should a bounce
message also contain this header?
Ditto for "tls_required_enable = no" and "TLS-Required:
no". The header is provided by the sender, and enforcement
is up the Postfix SMTP client.

459
postfix/README_FILES/COMPATIBILITY_README
View File

@ -0,0 +1,459 @@
PPoossttffiixx BBaacckkwwaarrddss--CCoommppaattiibbiilliittyy SSaaffeettyy NNeett
-------------------------------------------------------------------------------
PPuurrppoossee ooff tthhiiss ddooccuummeenntt
Postfix 3.0 introduces a safety net that runs Postfix programs with backwards-
compatible default settings after an upgrade. The safety net will log a warning
whenever a "new" default setting could have an negative effect on your mail
flow.
This document provides information on the following topics:
* Detailed descriptions of Postfix backwards-compatibility warnings.
* What backwards-compatible settings you may have to make permanent in
main.cf or master.cf.
* How to turn off Postfix backwards-compatibility warnings.
OOvveerrvviieeww
With backwards compatibility turned on, Postfix logs a message whenever a
backwards-compatible default setting may be required for continuity of service.
Based on this logging the system administrator can decide if any backwards-
compatible settings need to be made permanent in main.cf or master.cf, before
turning off the backwards-compatibility safety net as described at the end of
this document.
Logged with compatibility_level < 1:
* Using backwards-compatible default setting append_dot_mydomain=yes
* Using backwards-compatible default setting chroot=y
* Using backwards-compatible default setting "smtpd_relay_restrictions =
(empty)"
* Using backwards-compatible default setting smtputf8_enable=no
Logged with compatibility_level < 2:
* Using backwards-compatible default setting mynetworks_style=subnet
* Using backwards-compatible default setting relay_domains=$mydestination
Logged with compatibility_level < 3.6:
* Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5
* Using backwards-compatible default setting smtp_tls_fingerprint_digest=md5
* Using backwards-compatible default setting lmtp_tls_fingerprint_digest=md5
* Using backwards-compatible default setting
smtpd_relay_before_recipient_restrictions=no
* Using backwards-compatible default setting respectful_logging=no
Logged with compatibility_level < 3.11:
* using backwards-compatible default setting
smtp_tlsrpt_skip_reused_handshakes=yes
* using backwards-compatible default setting xxx_security_level=(empty)
If such a message is logged in the context of a legitimate request, the system
administrator should make the backwards-compatible setting permanent in main.cf
or master.cf, as detailed in the sections that follow.
When no more backwards-compatible settings need to be made permanent, the
system administrator should turn off the backwards-compatibility safety net as
described at the end of this document.
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg aappppeenndd__ddoott__mmyyddoommaaiinn==yyeess
The append_dot_mydomain default value has changed from "yes" to "no". This
could result in unexpected non-delivery of email after Postfix is updated from
an older version. The backwards-compatibility safety net is designed to prevent
such surprises.
As long as the append_dot_mydomain parameter is left unspecified at its
implicit default value, and the compatibility_level setting is less than 1,
Postfix may log one of the following messages:
* Messages about missing "localhost" in mydestination or other address class:
postfix/trivial-rewrite[14777]: using backwards-compatible
default setting append_dot_mydomain=yes to rewrite
"localhost" to "localhost.example.com"; please add
"localhost" to mydestination or other address class
If Postfix logs the above message, add "localhost" to mydestination (or
virtual_alias_domains, virtual_mailbox_domains, or relay_domains) and
execute the command "ppoossttffiixx rreellooaadd".
* Messages about incomplete domains in email addresses:
postfix/trivial-rewrite[25835]: using backwards-compatible
default setting append_dot_mydomain=yes to rewrite "foo" to
"foo.example.com"
If Postfix logs the above message for domains different from "localhost",
and the sender cannot be changed to use complete domain names in email
addresses, then the system administrator should make the backwards-
compatible setting "append_dot_mydomain = yes" permanent in main.cf:
# ppoossttccoonnff aappppeenndd__ddoott__mmyyddoommaaiinn==yyeess
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg cchhrroooott==yy
The master.cf chroot default value has changed from "y" (yes) to "n" (no). The
new default avoids the need for copies of system files under the Postfix queue
directory. However, sites with strict security requirements may want to keep
the chroot feature enabled after updating Postfix from an older version. The
backwards-compatibility safety net is designed allow the administrator to
choose if they want to keep the old behavior.
As long as a master.cf chroot field is left unspecified at its implicit default
value, and the compatibility_level setting is less than 1, Postfix may log the
following message while it reads the master.cf file:
postfix/master[27664]: /etc/postfix/master.cf: line 72: using
backwards-compatible default setting chroot=y
If this service should remain chrooted, then the system administrator should
make the backwards-compatible setting "chroot = y" permanent in master.cf. For
example, to update the chroot setting for the "smtp inet" service:
# ppoossttccoonnff --FF ssmmttpp//iinneett//cchhrroooott==yy
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss == ((eemmppttyy))
The smtpd_relay_restrictions feature was introduced with Postfix version 2.10,
as a safety mechanism for configuration errors in smtpd_recipient_restrictions
that could make Postfix an open relay.
The smtpd_relay_restrictions implicit default setting forbids mail to remote
destinations from clients that don't match permit_mynetworks or
permit_sasl_authenticated. This could result in unexpected 'Relay access
denied' errors after Postfix is updated from an older Postfix version. The
backwards-compatibility safety net is designed to prevent such surprises.
When the compatibility_level less than 1, and the smtpd_relay_restrictions
parameter is left unspecified at its implicit default setting, Postfix may log
the following message:
postfix/smtpd[38463]: using backwards-compatible default setting
"smtpd_relay_restrictions = (empty)" to avoid "Relay access
denied" error for recipient "user@example.com" from client
"host.example.net[10.0.0.2]"
If this request should not be blocked, then the system administrator should
make the backwards-compatible setting "smtpd_relay_restrictions=" (i.e. empty)
permanent in main.cf:
# ppoossttccoonnff ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss==
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo
The smtputf8_enable default value has changed from "no" to "yes". With the new
"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
that don't request SMTPUTF8 support, after Postfix is updated from an older
version. The backwards-compatibility safety net is designed to prevent such
surprises.
As long as the smtputf8_enable parameter is left unspecified at its implicit
default value, and the compatibility_level setting is less than 1, Postfix logs
a warning each time an SMTP command uses a non-ASCII address localpart without
requesting SMTPUTF8 support:
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
If the address should not be rejected, and the client cannot be updated to use
SMTPUTF8, then the system administrator should make the backwards-compatible
setting "smtputf8_enable = no" permanent in main.cf:
# ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett
The mynetworks_style default value has changed from "subnet" to "host". This
parameter is used to implement the "permit_mynetworks" feature. The change
could cause unexpected 'access denied' errors after Postfix is updated from an
older version. The backwards-compatibility safety net is designed to prevent
such surprises.
As long as the mynetworks and mynetworks_style parameters are left unspecified
at their implicit default values, and the compatibility_level setting is less
than 2, the Postfix SMTP server may log one of the following messages:
postfix/smtpd[17375]: using backwards-compatible default setting
mynetworks_style=subnet to permit request from client
"foo.example.com[10.1.1.1]"
postfix/postscreen[24982]: using backwards-compatible default
setting mynetworks_style=subnet to permit request from client
"10.1.1.1"
If the client request should not be rejected, then the system administrator
should make the backwards-compatible setting "mynetworks_style = subnet"
permanent in main.cf:
# ppoossttccoonnff mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg rreellaayy__ddoommaaiinnss==$$mmyyddeessttiinnaattiioonn
The relay_domains default value has changed from "$mydestination" to the empty
value. This could result in unexpected 'Relay access denied' errors or ETRN
errors after Postfix is updated from an older version. The backwards-
compatibility safety net is designed to prevent such surprises.
As long as the relay_domains parameter is left unspecified at its implicit
default value, and the compatibility_level setting is less than 2, Postfix may
log one of the following messages.
* Messages about accepting mail for a remote domain:
postfix/smtpd[19052]: using backwards-compatible default setting
relay_domains=$mydestination to accept mail for domain
"foo.example.com"
postfix/smtpd[19052]: using backwards-compatible default setting
relay_domains=$mydestination to accept mail for address
"user@foo.example.com"
* Messages about providing ETRN service for a remote domain:
postfix/smtpd[19138]: using backwards-compatible default setting
relay_domains=$mydestination to flush mail for domain
"bar.example.com"
postfix/smtp[13945]: using backwards-compatible default setting
relay_domains=$mydestination to update fast-flush logfile for
domain "bar.example.com"
If Postfix should continue to accept mail for that domain or continue to
provide ETRN service for that domain, then the system administrator should make
the backwards-compatible setting "relay_domains = $mydestination" permanent in
main.cf:
# ppoossttccoonnff ''rreellaayy__ddoommaaiinnss==$$mmyyddeessttiinnaattiioonn''
# ppoossttffiixx rreellooaadd
Note: quotes are required as indicated above.
Instead of $mydestination, it may be better to specify an explicit list of
domain names.
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55
The smtpd_tls_fingerprint_digest default value has changed from "md5" to
"sha256". With the new "sha256" setting, the Postfix SMTP server avoids using
the deprecated "md5" algorithm and computes a more secure digest of the client
certificate.
If you're using the default "md5" setting, or even an explicit "sha1" (also
deprecated) setting, you should consider switching to "sha256". This will
require updating any associated lookup table keys with the "sha256" digests of
the expected client certificate or public key.
As long as the smtpd_tls_fingerprint_digest parameter is left unspecified at
its implicit default value, and the compatibility_level setting is less than
3.6, Postfix logs a warning each time a client certificate or public key
fingerprint is (potentially) used for access control:
postfix/smtpd[27560]: using backwards-compatible default setting
smtpd_tls_fingerprint_digest=md5 to compute certificate fingerprints
Since any client certificate fingerprints are passed in policy service lookups,
and Postfix doesn't know whether the fingerprint will be used, the warning may
also be logged when policy lookups are performed for connections that used a
client certificate, even if the policy service does not in fact examine the
client certificate. To reduce the noise somewhat, such warnings are issued at
most once per smtpd(8) process instance.
If you prefer to stick with "md5", you can suppress the warnings by making that
setting explicit. After addressing any other compatibility warnings, you can
update your compatibility level.
# ppoossttccoonnff ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttpp__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55
The smtp_tls_fingerprint_digest and lmtp_tls_fingerprint_digest default values
have changed from "md5" to "sha256". With the new "sha256" setting, the Postfix
SMTP and LMTP client avoids using the deprecated "md5" algorithm and computes a
more secure digest of the server certificate.
If you're using the default "md5" setting, or even an explicit "sha1" (also
deprecated) setting, you should consider switching to "sha256". This will
require updating any "fingerprint" security level policies in the TLS policy
table to specify matching "sha256" digests of the expected server certificates
or public keys.
As long as the smtp_tls_fingerprint_digest (or LMTP equivalent) parameter is
left unspecified at its implicit default value, and the compatibility_level
setting is less than 3.6, Postfix logs a warning each time the "fingerprint"
security level is used to specify matching "md5" digests of trusted server
certificates or public keys:
postfix/smtp[27560]: using backwards-compatible default setting
smtp_tls_fingerprint_digest=md5 to compute certificate fingerprints
If you prefer to stick with "md5", you can suppress the warnings by making that
setting explicit. After addressing any other compatibility warnings, you can
update your compatibility level.
# ppoossttccoonnff ''ssmmttpp__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt == mmdd55'' \\
''llmmttpp__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt == mmdd55''
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg
ssmmttppdd__rreellaayy__bbeeffoorree__rreecciippiieenntt__rreessttrriiccttiioonnss==nnoo
The smtpd_relay_before_recipient_restrictions feature was introduced in Postfix
version 3.6, to evaluate smtpd_relay_restrictions before
smtpd_recipient_restrictions. Historically, smtpd_relay_restrictions was
evaluated after smtpd_recipient_restrictions, contradicting documented
behavior.
Background: smtpd_relay_restrictions is primarily designed to enforce a
mail relaying policy, while smtpd_recipient_restrictions is primarily
designed to enforce spam blocking policy. Both are evaluated while replying
to the RCPT TO command, and both support the same features.
To maintain compatibility with earlier versions, Postfix will keep evaluating
smtpd_recipient_restrictions before smtpd_relay_restrictions, as long as the
compatibility_level is less than 3.6, and the
smtpd_relay_before_recipient_restrictions parameter is left unspecified at its
implicit default setting. As a reminder, Postfix may log the following message:
postfix/smtpd[54696]: using backwards-compatible default setting
smtpd_relay_before_recipient_restrictions=no to reject recipient
"user@example.com" from client "host.example.net[10.0.0.2]"
If Postfix should keep evaluating smtpd_recipient_restrictions before
smtpd_relay_restrictions, then the system administrator should make the
backwards-compatible setting "smtpd_relay_before_recipient_restrictions=no"
permanent in main.cf:
# ppoossttccoonnff ssmmttppdd__rreellaayy__bbeeffoorree__rreecciippiieenntt__rreessttrriiccttiioonnss==nnoo
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg rreessppeeccttffuull__llooggggiinngg==nnoo
Postfix version 3.6 deprecates configuration parameter names and logging that
suggest white is better than black. Instead it prefers 'allowlist, 'denylist',
and variations of those words. While the renamed configuration parameters have
backwards-compatible default values, the changes in logging could affect
logfile analysis tools.
To avoid breaking existing logfile analysis tools, Postfix will keep logging
the deprecated form, as long as the respectful_logging parameter is left
unspecified at its implicit default value, and the compatibility_level setting
is less than 3.6. As a reminder, Postfix may log the following when a remote
SMTP client is allowlisted or denylisted:
postfix/postscreen[22642]: Using backwards-compatible default setting
respectful_logging=no for client [address]:port
If Postfix should keep logging the deprecated form, then the system
administrator should make the backwards-compatible setting "respectful_logging
= no" permanent in main.cf.
# ppoossttccoonnff ""rreessppeeccttffuull__llooggggiinngg == nnoo""
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg
ssmmttpp__ttllssrrpptt__sskkiipp__rreeuusseedd__hhaannddsshhaakkeess==yyeess
Postfix version 3.11 changes the default value for
smtp_tlsrpt_skip_reused_handshakes from "yes" to "no". The backwards-
compatibility safety net is designed to prevent an unexpected change in
reporting behavior when Postfix is updated from an older version.
As long as the smtp_tlsrpt_skip_reused_handshakes parameter is left unspecified
at its implicit default value, and the compatibility_level setting is less than
3.11, Postfix will log a reminder that it is using the backwards-compatible
default:
postfix/smtp[388157] using backwards-compatible default setting
smtp_tlsrpt_skip_reused_handshakes=yes
To keep the old default setting, the system administrator should make the
backwards-compatible setting "smtp_tlsrpt_skip_reused_handshakes = yes"
permanent in main.cf:
# ppoossttccoonnff ssmmttpp__ttllssrrpptt__sskkiipp__rreeuusseedd__hhaannddsshhaakkeess==yyeess
# ppoossttffiixx rreellooaadd
UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg xxxxxx__sseeccuurriittyy__lleevveell==((eemmppttyy))
Postfix version 3.11 changes the default value for client TLS security levels
from "empty" to "yes". The backwards-compatibility safety net is designed to
prevent an unexpected change in mail sending behavior when Postfix is updated
from an older version.
There is no equivalent change for Postfix server TLS security levels, because
changing the level alone is not sufficient. Server-side TLS requires that at
least one private key and one public-key certificate chain are configured.
As long as a TLS security level parameter is left unspecified at its implicit
default value, and the compatibility_level setting is less than 3.11, Postfix
will log one of the following reminders that it is using the backwards-
compatible default:
postfix/smtp[...] using backwards-compatible default setting
smtp_tls_security_level=(empty)
postfix/tlsproxy[...] using backwards-compatible default setting
tlsproxy_client_security_level=(empty)
To keep the old default setting, the system administrator should make the
backwards-compatible empty setting permanent in main.cf:
# ppoossttccoonnff xxxxxx__sseeccuurriittyy__lleevveell==
# ppoossttffiixx rreellooaadd
where xxx is taken from the above compatibility message.
TTuurrnniinngg ooffff tthhee bbaacckkwwaarrddss--ccoommppaattiibbiilliittyy ssaaffeettyy nneett
Backwards compatibility is turned off by updating the compatibility_level
setting in main.cf.
# ppoossttccoonnff ccoommppaattiibbiilliittyy__lleevveell==NN
# ppoossttffiixx rreellooaadd
For N specify the number that is logged in your postfix(1) warning message:
warning: To disable backwards compatibility use "postconf
compatibility_level=N" and "postfix reload"
Sites that don't care about backwards compatibility may set
"compatibility_level = 9999" at their own risk.
Starting with Postfix version 3.6, the compatibility level in the above warning
message is the Postfix version that introduced the last incompatible change.
The level is formatted as major.minor.patch, where patch is usually omitted and
defaults to zero. Earlier compatibility levels are 0, 1 and 2.
NOTE: Postfix 3.6 also introduces support for the "<level", "<=level", and
other operators to compare compatibility levels. With the standard operators
"<", "<=", etc., compatibility level "3.10" would be smaller than "3.9" which
is undesirable.

17
postfix/html/lmtp.8.html
View File

@ -174,7 +174,7 @@ SMTP(8) SMTP(8)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS) <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required message header) <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (SMTP REQUIRETLS extension)
<b><a name="diagnostics">DIAGNOSTICS</a></b> <b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -507,7 +507,7 @@ SMTP(8) SMTP(8)
The delimiter between username and password in sasl_passwd_maps The delimiter between username and password in sasl_passwd_maps
lookup results. lookup results.
<b><a name="starttls_support_controls">STARTTLS SUPPORT CONTROLS</a></b> <b><a name="tls_support_controls">TLS SUPPORT CONTROLS</a></b>
Detailed information about STARTTLS configuration may be found in the Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document. <a href="TLS_README.html">TLS_README</a> document.
@ -766,7 +766,18 @@ SMTP(8) SMTP(8)
Enable support for the "TLS-Required: no" message header, Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>. defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b> <b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>.
<b><a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a> (empty)</b>
An optional list of next-hop destinations that the Postfix
SMTP/LMTP client will enforce REQUIRETLS for, when a message was
received with the REQUIRETLS option: the next-hop server must
offer a matching TLS server certificate, and the server must
announce REQUIRETLS support).
<b><a name="obsolete_tls_controls">OBSOLETE TLS CONTROLS</a></b>
The following configuration parameters exist for compatibility with The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a Postfix versions before 2.3. Support for these will be removed in a
future release. future release.

28
postfix/html/mailq.1.html
View File

@ -168,12 +168,32 @@ SENDMAIL(1) SENDMAIL(1)
Delivery status notification control. Specify either a Delivery status notification control. Specify either a
comma-separated list with one or more of <b>failure</b> (send notifica- comma-separated list with one or more of <b>failure</b> (send notifica-
tion when delivery fails), <b>delay</b> (send notification when deliv- tion when delivery fails), <b>delay</b> (send notification when deliv-
ery is delayed), or <b>success</b> (send notification when the message ery is delayed), or <b>success</b> (send notification after the message
is delivered); or specify <b>never</b> (don't send any notifications at is delivered); or specify <b>never</b> (don't send any notifications at
all). all).
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later.
<b>-O requiretls</b>
When delivering a message to an SMTP or LMTP server, the connec-
tion must use TLS with a verified server certificate, and the
server must support REQUIRETLS. Try multiple servers if possi-
ble, and return the message as undeliverable when these require-
ments were not satisfied with any of the servers that were
tried. The "requiretls" option value is case-insensitive.
This feature is available in Postfix 3.10 and later.
<b>-O smtputf8</b>
When delivering a message to an SMTP or LMTP server, the server
must support SMTPUTF8. Try multiple servers if possible, and
return the message as undeliverable when a message contains an
UTF8 envelope address or message header, but SMTPUTF8 was not
supported by any of the servers that were tried. The "smtputf8"
option value is case-insensitive.
This feature is available in Postfix 3.10 and later.
<b>-n</b> (ignored) <b>-n</b> (ignored)
Backwards compatibility. Backwards compatibility.
@ -483,6 +503,12 @@ SENDMAIL(1) SENDMAIL(1)
the default Postfix instance, and that are started, stopped, the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance. etc., together with the default Postfix instance.
Postfix 3.10 and later:
<b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>.
<b><a name="files">FILES</a></b> <b><a name="files">FILES</a></b>
/var/spool/postfix, mail queue /var/spool/postfix, mail queue
/etc/postfix, configuration files /etc/postfix, configuration files

28
postfix/html/newaliases.1.html
View File

@ -168,12 +168,32 @@ SENDMAIL(1) SENDMAIL(1)
Delivery status notification control. Specify either a Delivery status notification control. Specify either a
comma-separated list with one or more of <b>failure</b> (send notifica- comma-separated list with one or more of <b>failure</b> (send notifica-
tion when delivery fails), <b>delay</b> (send notification when deliv- tion when delivery fails), <b>delay</b> (send notification when deliv-
ery is delayed), or <b>success</b> (send notification when the message ery is delayed), or <b>success</b> (send notification after the message
is delivered); or specify <b>never</b> (don't send any notifications at is delivered); or specify <b>never</b> (don't send any notifications at
all). all).
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later.
<b>-O requiretls</b>
When delivering a message to an SMTP or LMTP server, the connec-
tion must use TLS with a verified server certificate, and the
server must support REQUIRETLS. Try multiple servers if possi-
ble, and return the message as undeliverable when these require-
ments were not satisfied with any of the servers that were
tried. The "requiretls" option value is case-insensitive.
This feature is available in Postfix 3.10 and later.
<b>-O smtputf8</b>
When delivering a message to an SMTP or LMTP server, the server
must support SMTPUTF8. Try multiple servers if possible, and
return the message as undeliverable when a message contains an
UTF8 envelope address or message header, but SMTPUTF8 was not
supported by any of the servers that were tried. The "smtputf8"
option value is case-insensitive.
This feature is available in Postfix 3.10 and later.
<b>-n</b> (ignored) <b>-n</b> (ignored)
Backwards compatibility. Backwards compatibility.
@ -483,6 +503,12 @@ SENDMAIL(1) SENDMAIL(1)
the default Postfix instance, and that are started, stopped, the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance. etc., together with the default Postfix instance.
Postfix 3.10 and later:
<b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>.
<b><a name="files">FILES</a></b> <b><a name="files">FILES</a></b>
/var/spool/postfix, mail queue /var/spool/postfix, mail queue
/etc/postfix, configuration files /etc/postfix, configuration files

9
postfix/html/pipe.8.html
View File

@ -309,6 +309,15 @@ PIPE(8) PIPE(8)
This information is modified by the <b>hqu</b> flags for quoting This information is modified by the <b>hqu</b> flags for quoting
and case folding. and case folding.
<b>${requiretls}</b>
This feature should be used with content filters that
pass filtered mail to the Postfix <a href="sendmail.1.html">sendmail(1)</a> command.
The macro expands to the <a href="sendmail.1.html">sendmail(1)</a> command-line option
<b>-Orequiretls</b> if the sender requested REQUIRETLS, other-
wise it expands to <b>-Onoop</b>.
This feature is available as of Postfix 3.10.
<b>${sasl_method}</b> <b>${sasl_method}</b>
This macro expands to the name of the SASL authentication This macro expands to the name of the SASL authentication
mechanism in the AUTH command when the Postfix SMTP mechanism in the AUTH command when the Postfix SMTP

131
postfix/html/postconf.5.html
View File

@ -5041,6 +5041,17 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.11 and later. </p> <p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="lmtp_enforce_requiretls">lmtp_enforce_requiretls</a>
(default: empty)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix &ge; 3.11. </p>
</DD> </DD>
<DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a> <DT><b><a name="lmtp_enforce_tls">lmtp_enforce_tls</a>
@ -8218,6 +8229,13 @@ you really want to match subdomains.
<a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a>
</dd> </dd>
<dt> Postfix version 3.11 and later </dt>
<dd>
<a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a>,
<a href="postconf.5.html#lmtp_enforce_requiretls">lmtp_enforce_requiretls</a>
</dd>
</dl> </dl>
@ -10596,6 +10614,37 @@ the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
</p> </p>
</DD>
<DT><b><a name="requiretls_enable">requiretls_enable</a>
(default: yes)</b></DT><DD>
<p> Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>. By issuing this verb in the "MAIL FROM" command, a sender
specifies that a message must be delivered over TLS connections
with a verified server certificate, to a server that announces
"REQUIRETLS" support. This corresponds to the Postfix SMTP client
TLS security levels "secure", "verify", "fingerprint", dane-only,
or opportunistic "dane", with a successful certificate match. The
Postfix SMTP client will try one or more servers, controlled with
the <a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> parameter, until it finds a server that
satisfies requirements. Otherwise, Postfix returns the message as
undeliverable. </p>
<p> Notes: </p>
<ul>
<li> <p> REQUIRETLS enforcement is controlled with <a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a>
or <a href="postconf.5.html#lmtp_enforce_requiretls">lmtp_enforce_requiretls</a>. </p>
<li> <p> REQUIRETLS overrides "TLS-Required: no". </p>
</ul>
<p> This feature is available in Postfix &ge; 3.11. </p>
</DD> </DD>
<DT><b><a name="reset_owner_alias">reset_owner_alias</a> <DT><b><a name="reset_owner_alias">reset_owner_alias</a>
@ -11927,6 +11976,86 @@ RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. </p>
<p> This feature is available in Postfix 2.11 and later. </p> <p> This feature is available in Postfix 2.11 and later. </p>
</DD>
<DT><b><a name="smtp_enforce_requiretls">smtp_enforce_requiretls</a>
(default: empty)</b></DT><DD>
<p> An optional list of next-hop destinations that the Postfix
SMTP/LMTP client will enforce REQUIRETLS for, when a message was
received with the REQUIRETLS option: the next-hop server must offer
a matching TLS server certificate, and the server must announce
REQUIRETLS support). Such a message will be returned to the sender
if some REQUIRETLS requirement cannot be satisfied. These "hard"
REQUIRETLS failures are logged as "REQUIRETLS failure". </p>
<p> Other messages that were received with the REQUIRETLS option
will be delivered with REQUIRETLS if possible. If not, a message
will be delivered as if it was received without the REQUIRETLS
option. This allows a mail sending site to discover when REQUIRETLS
can be enforced, without disrupting email deliveries. These "soft"
REQUIRETLS failures are logged with "REQUIRETLS Debug". </p>
<p> On a perimeter MTA, it can make sense to turn off REQUIRETLS
enforcement, or even to turn off REQUIRETLS support, when delivering
a message to an internal destination. The internal servers may not
support REQUIRETLS, and their connections may be secured with means
other than DANE, STS, and the like. </p>
<p> The supported syntax differs with SMTP and LMTP: </p>
<ul>
<li> <p> With SMTP, specify a list of next-hop domain names (without
the ":port" or ":service" suffix), "/file/name" patterns or
"<a href="DATABASE_README.html">type:table</a>" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents. A "<a href="DATABASE_README.html">type:table</a>"
lookup table is matched when a domain appears as lookup key. Specify
"!pattern" to exclude a domain. </p>
<li> <p> With LMTP, specify list of domain names (without the "inet":
prefix, or ":port" or ":service" suffix), or UNIX-domain socket
"/path/name" (without the "unix:" prefix), or "<a href="DATABASE_README.html">type:table</a>" lookup
tables, separated by commas and/or whitespace. Continue long lines
by starting the next line with whitespace. A "<a href="DATABASE_README.html">type:table</a>" lookup
table is matched when a domain appears as lookup key. Specify
"!pattern" to exclude a domain or socket path. </p>
</ul>
<p> Specify the form ".domain" to match any name ending in ".domain".
To change this behavior, list "<a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a>" or
"<a href="postconf.5.html#lmtp_enforce_requiretls">lmtp_enforce_requiretls</a>" in the <a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a>
parameter value. </p>
<p>
SMTP Examples:
</p>
<pre>
# Enforce REQUIRETLS for SMTP with selected next-hop domains.
<a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a> = example.com, foo.example
<br>
# Enforce REQUIRETLS for SMTP with all but a few next-hop domains.
<a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a> = !foo.example, <a href="DATABASE_README.html#types">static</a>:all
</pre>
<p>
LMTP examples:
</p>
<pre>
# Don't enforce REQUIRETLS
<a href="postconf.5.html#lmtp_enforce_requiretls">lmtp_enforce_requiretls</a> =
<br>
# Enforce REQUIRETLS for specific destinations.
<a href="postconf.5.html#lmtp_enforce_requiretls">lmtp_enforce_requiretls</a> = /path/to/socket, message-store.example
</pre>
<p> This feature is available in Postfix &ge; 3.11. </p>
</DD> </DD>
<DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a> <DT><b><a name="smtp_enforce_tls">smtp_enforce_tls</a>
@ -20789,6 +20918,8 @@ If a message contains a "TLS-Required: no" header, then Postfix
will add that header to a delivery status notification for that will add that header to a delivery status notification for that
message. </p> message. </p>
<p> Note: REQUIRETLS overrides "TLS-Required: no". </p>
<p> This feature is available in Postfix &ge; 3.10. </p> <p> This feature is available in Postfix &ge; 3.10. </p>

42
postfix/html/relocated.5.html
View File

@ -5,7 +5,7 @@
<link rel='stylesheet' type='text/css' href='postfix-doc.css'> <link rel='stylesheet' type='text/css' href='postfix-doc.css'>
<title> Postfix manual - relocated(5) </title> <title> Postfix manual - relocated(5) </title>
</head> <body> <pre> </head> <body> <pre>
<i>RELOCATED</i>(5) File Formats Manual <i>RELOCATED</i>(5) RELOCATED(5) RELOCATED(5)
<b><a name="name">NAME</a></b> <b><a name="name">NAME</a></b>
relocated - Postfix relocated table format relocated - Postfix relocated table format
@ -19,18 +19,18 @@
Normally, the <a href="relocated.5.html"><b>relocated</b>(5)</a> table is specified as a text file that Normally, the <a href="relocated.5.html"><b>relocated</b>(5)</a> table is specified as a text file that
serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. The result, an indexed file
in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system. Ex- in <b>dbm</b> or <b>db</b> format, is used for fast searching by the mail system.
ecute the command "<b>postmap /etc/postfix/relocated</b>" to rebuild an in- Execute the command "<b>postmap /etc/postfix/relocated</b>" to rebuild an
dexed file after changing the corresponding relocated table. indexed file after changing the corresponding relocated table.
When the table is provided via other means such as NIS, LDAP or SQL, When the table is provided via other means such as NIS, LDAP or SQL,
the same lookups are done as for ordinary indexed files. the same lookups are done as for ordinary indexed files.
Alternatively, the table can be provided as a regular-expression map Alternatively, the table can be provided as a regular-expression map
where patterns are given as regular expressions, or lookups can be di- where patterns are given as regular expressions, or lookups can be
rected to a TCP-based server. In those case, the lookups are done in a directed to a TCP-based server. In those case, the lookups are done in
slightly different way as described below under "REGULAR EXPRESSION TA- a slightly different way as described below under "REGULAR EXPRESSION
BLES" or "TCP-BASED TABLES". TABLES" or "TCP-BASED TABLES".
Table lookups are case insensitive. Table lookups are case insensitive.
@ -94,10 +94,10 @@
of the TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This of the TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This
feature is available in Postfix 2.5 and later. feature is available in Postfix 2.5 and later.
Each pattern is a regular expression that is applied to the entire ad- Each pattern is a regular expression that is applied to the entire
dress being looked up. Thus, <i>user@domain</i> mail addresses are not broken address being looked up. Thus, <i>user@domain</i> mail addresses are not bro-
up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> bro- ken up into their <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i>
ken up into <i>user</i> and <i>foo</i>. broken up into <i>user</i> and <i>foo</i>.
Patterns are applied in the order as specified in the table, until a Patterns are applied in the order as specified in the table, until a
pattern is found that matches the search string. pattern is found that matches the search string.
@ -122,9 +122,9 @@
The table format does not understand quoting conventions. The table format does not understand quoting conventions.
<b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b> <b><a name="configuration_parameters">CONFIGURATION PARAMETERS</a></b>
The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text be- The following <a href="postconf.5.html"><b>main.cf</b></a> parameters are especially relevant. The text
low provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for more
including examples. details including examples.
<b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b> <b><a href="postconf.5.html#relocated_maps">relocated_maps</a> (empty)</b>
Optional lookup tables with new contact information for users or Optional lookup tables with new contact information for users or
@ -139,8 +139,8 @@
Other parameters of interest: Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
The local network interface addresses that this mail system re- The local network interface addresses that this mail system
ceives mail on. receives mail on.
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b> <b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a> The list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
@ -151,9 +151,9 @@
and that locally posted mail is delivered to. and that locally posted mail is delivered to.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The remote network interface addresses that this mail system re- The remote network interface addresses that this mail system
ceives mail on by way of a proxy or network address translation receives mail on by way of a proxy or network address transla-
unit. tion unit.
<b><a name="see_also">SEE ALSO</a></b> <b><a name="see_also">SEE ALSO</a></b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a>, address resolver
@ -178,5 +178,5 @@
111 8th Avenue 111 8th Avenue
New York, NY 10011, USA New York, NY 10011, USA
<i>RELOCATED</i>(5) RELOCATED(5)
</pre> </body> </html> </pre> </body> </html>

28
postfix/html/sendmail.1.html
View File

@ -168,12 +168,32 @@ SENDMAIL(1) SENDMAIL(1)
Delivery status notification control. Specify either a Delivery status notification control. Specify either a
comma-separated list with one or more of <b>failure</b> (send notifica- comma-separated list with one or more of <b>failure</b> (send notifica-
tion when delivery fails), <b>delay</b> (send notification when deliv- tion when delivery fails), <b>delay</b> (send notification when deliv-
ery is delayed), or <b>success</b> (send notification when the message ery is delayed), or <b>success</b> (send notification after the message
is delivered); or specify <b>never</b> (don't send any notifications at is delivered); or specify <b>never</b> (don't send any notifications at
all). all).
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later.
<b>-O requiretls</b>
When delivering a message to an SMTP or LMTP server, the connec-
tion must use TLS with a verified server certificate, and the
server must support REQUIRETLS. Try multiple servers if possi-
ble, and return the message as undeliverable when these require-
ments were not satisfied with any of the servers that were
tried. The "requiretls" option value is case-insensitive.
This feature is available in Postfix 3.10 and later.
<b>-O smtputf8</b>
When delivering a message to an SMTP or LMTP server, the server
must support SMTPUTF8. Try multiple servers if possible, and
return the message as undeliverable when a message contains an
UTF8 envelope address or message header, but SMTPUTF8 was not
supported by any of the servers that were tried. The "smtputf8"
option value is case-insensitive.
This feature is available in Postfix 3.10 and later.
<b>-n</b> (ignored) <b>-n</b> (ignored)
Backwards compatibility. Backwards compatibility.
@ -483,6 +503,12 @@ SENDMAIL(1) SENDMAIL(1)
the default Postfix instance, and that are started, stopped, the default Postfix instance, and that are started, stopped,
etc., together with the default Postfix instance. etc., together with the default Postfix instance.
Postfix 3.10 and later:
<b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>.
<b><a name="files">FILES</a></b> <b><a name="files">FILES</a></b>
/var/spool/postfix, mail queue /var/spool/postfix, mail queue
/etc/postfix, configuration files /etc/postfix, configuration files

17
postfix/html/smtp.8.html
View File

@ -174,7 +174,7 @@ SMTP(8) SMTP(8)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS) <a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
<a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required message header) <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (SMTP REQUIRETLS extension)
<b><a name="diagnostics">DIAGNOSTICS</a></b> <b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -507,7 +507,7 @@ SMTP(8) SMTP(8)
The delimiter between username and password in sasl_passwd_maps The delimiter between username and password in sasl_passwd_maps
lookup results. lookup results.
<b><a name="starttls_support_controls">STARTTLS SUPPORT CONTROLS</a></b> <b><a name="tls_support_controls">TLS SUPPORT CONTROLS</a></b>
Detailed information about STARTTLS configuration may be found in the Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document. <a href="TLS_README.html">TLS_README</a> document.
@ -766,7 +766,18 @@ SMTP(8) SMTP(8)
Enable support for the "TLS-Required: no" message header, Enable support for the "TLS-Required: no" message header,
defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>. defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b> <b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>.
<b><a href="postconf.5.html#smtp_enforce_requiretls">smtp_enforce_requiretls</a> (empty)</b>
An optional list of next-hop destinations that the Postfix
SMTP/LMTP client will enforce REQUIRETLS for, when a message was
received with the REQUIRETLS option: the next-hop server must
offer a matching TLS server certificate, and the server must
announce REQUIRETLS support).
<b><a name="obsolete_tls_controls">OBSOLETE TLS CONTROLS</a></b>
The following configuration parameters exist for compatibility with The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a Postfix versions before 2.3. Support for these will be removed in a
future release. future release.

11
postfix/html/smtpd.8.html
View File

@ -62,6 +62,7 @@ SMTPD(8) SMTPD(8)
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP) <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications) <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record) <a href="https://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
<a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (SMTP REQUIRETLS extension)
<b><a name="diagnostics">DIAGNOSTICS</a></b> <b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>. Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
@ -430,7 +431,7 @@ SMTPD(8) SMTPD(8)
If non-empty, a filter for the SASL mechanism names that the If non-empty, a filter for the SASL mechanism names that the
Postfix SMTP server will announce in the EHLO response. Postfix SMTP server will announce in the EHLO response.
<b><a name="starttls_support_controls">STARTTLS SUPPORT CONTROLS</a></b> <b><a name="tls_support_controls">TLS SUPPORT CONTROLS</a></b>
Detailed information about STARTTLS configuration may be found in the Detailed information about STARTTLS configuration may be found in the
<a href="TLS_README.html">TLS_README</a> document. <a href="TLS_README.html">TLS_README</a> document.
@ -655,7 +656,13 @@ SMTPD(8) SMTPD(8)
instead of an X.509 certificate, when asking for or requiring instead of an X.509 certificate, when asking for or requiring
client authentication. client authentication.
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b> Available in Postfix version 3.10 and later:
<b><a href="postconf.5.html#requiretls_enable">requiretls_enable</a> (yes)</b>
Enable support for the ESMTP verb "REQUIRETLS", defined in <a href="https://tools.ietf.org/html/rfc8689">RFC</a>
<a href="https://tools.ietf.org/html/rfc8689">8689</a>.
<b><a name="obsolete_tls_controls">OBSOLETE TLS CONTROLS</a></b>
The following configuration parameters exist for compatibility with The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a Postfix versions before 2.3. Support for these will be removed in a
future release. future release.

2
postfix/makedefs
View File

@ -979,7 +979,7 @@ CCARGS="$CCARGS -DSNAPSHOT"
# Non-production: needs thorough testing, or major changes are still # Non-production: needs thorough testing, or major changes are still
# needed before the code stabilizes. # needed before the code stabilizes.
#CCARGS="$CCARGS -DNONPROD" CCARGS="$CCARGS -DNONPROD"
# Workaround: prepend Postfix include files before other include files. # Workaround: prepend Postfix include files before other include files.
CCARGS="-I. -I../../include $CCARGS" CCARGS="-I. -I../../include $CCARGS"

25
postfix/man/man1/sendmail.1
View File

@ -158,10 +158,28 @@ Delivery status notification control. Specify either a
comma\-separated list with one or more of \fBfailure\fR (send comma\-separated list with one or more of \fBfailure\fR (send
notification when delivery fails), \fBdelay\fR (send notification when delivery fails), \fBdelay\fR (send
notification when delivery is delayed), or \fBsuccess\fR notification when delivery is delayed), or \fBsuccess\fR
(send notification when the message is delivered); or specify (send notification after the message is delivered); or specify
\fBnever\fR (don't send any notifications at all). \fBnever\fR (don't send any notifications at all).
This feature is available in Postfix 2.3 and later. This feature is available in Postfix 2.3 and later.
.IP "\fB\-O requiretls"
When delivering a message to an SMTP or LMTP server, the
connection must use TLS with a verified server certificate,
and the server must support REQUIRETLS. Try multiple servers if
possible, and return the message as undeliverable when these
requirements were not satisfied with any of the servers that
were tried. The "requiretls" option value is case\-insensitive.
This feature is available in Postfix 3.10 and later.
.IP "\fB\-O smtputf8"
When delivering a message to an SMTP or LMTP server, the server
must support SMTPUTF8. Try multiple servers if possible, and
return the message as undeliverable when a message contains an
UTF8 envelope address or message header, but SMTPUTF8 was not
supported by any of the servers that were tried. The "smtputf8"
option value is case\-insensitive.
This feature is available in Postfix 3.10 and later.
.IP "\fB\-n\fR (ignored)" .IP "\fB\-n\fR (ignored)"
Backwards compatibility. Backwards compatibility.
.IP "\fB\-oA\fIalias_database\fR" .IP "\fB\-oA\fIalias_database\fR"
@ -462,6 +480,11 @@ these directories belong to additional Postfix instances that share
the Postfix executable files and documentation with the default the Postfix executable files and documentation with the default
Postfix instance, and that are started, stopped, etc., together Postfix instance, and that are started, stopped, etc., together
with the default Postfix instance. with the default Postfix instance.
.PP
Postfix 3.10 and later:
.IP "\fBrequiretls_enable (yes)\fR"
Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
8689.
.SH "FILES" .SH "FILES"
.na .na
.nf .nf

104
postfix/man/man5/postconf.5
View File

@ -3136,6 +3136,11 @@ The LMTP\-specific version of the smtp_dns_support_level
configuration parameter. See there for details. configuration parameter. See there for details.
.PP .PP
This feature is available in Postfix 2.11 and later. This feature is available in Postfix 2.11 and later.
.SH lmtp_enforce_requiretls (default: empty)
The LMTP\-specific version of the smtp_enforce_requiretls
configuration parameter. See there for details.
.PP
This feature is available in Postfix >= 3.11.
.SH lmtp_enforce_tls (default: no) .SH lmtp_enforce_tls (default: no)
The LMTP\-specific version of the smtp_enforce_tls configuration The LMTP\-specific version of the smtp_enforce_tls configuration
parameter. See there for details. parameter. See there for details.
@ -5046,6 +5051,10 @@ postscreen_access_list
.IP "Postfix version 3.0 and later" .IP "Postfix version 3.0 and later"
smtpd_client_event_limit_exceptions smtpd_client_event_limit_exceptions
.br .br
.IP "Postfix version 3.11 and later"
smtp_enforce_requiretls,
lmtp_enforce_requiretls
.br
.br .br
.SH permit_mx_backup_networks (default: empty) .SH permit_mx_backup_networks (default: empty)
Restrict the use of the permit_mx_backup SMTP access feature to Restrict the use of the permit_mx_backup SMTP access feature to
@ -6600,6 +6609,28 @@ Require that a \fBlocal\fR(8) recipient's home directory exists
before mail delivery is attempted. By default this test is disabled. before mail delivery is attempted. By default this test is disabled.
It can be useful for environments that import home directories to It can be useful for environments that import home directories to
the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED). the mail server (IMPORTING HOME DIRECTORIES IS NOT RECOMMENDED).
.SH requiretls_enable (default: yes)
Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
8689. By issuing this verb in the "MAIL FROM" command, a sender
specifies that a message must be delivered over TLS connections
with a verified server certificate, to a server that announces
"REQUIRETLS" support. This corresponds to the Postfix SMTP client
TLS security levels "secure", "verify", "fingerprint", dane\-only,
or opportunistic "dane", with a successful certificate match. The
Postfix SMTP client will try one or more servers, controlled with
the smtp_mx_address_limit parameter, until it finds a server that
satisfies requirements. Otherwise, Postfix returns the message as
undeliverable.
.PP
Notes:
.IP \(bu
REQUIRETLS enforcement is controlled with smtp_enforce_requiretls
or lmtp_enforce_requiretls.
.IP \(bu
REQUIRETLS overrides "TLS\-Required: no".
.br
.PP
This feature is available in Postfix >= 3.11.
.SH reset_owner_alias (default: no) .SH reset_owner_alias (default: no)
Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias Reset the \fBlocal\fR(8) delivery agent's idea of the owner\-alias
attribute, when delivering mail to a child alias that does not have attribute, when delivering mail to a child alias that does not have
@ -7534,6 +7565,77 @@ reasonably\-modern DNS \fBresolver\fR(3) library that implements the
RES_USE_DNSSEC and RES_USE_EDNS0 resolver options. RES_USE_DNSSEC and RES_USE_EDNS0 resolver options.
.PP .PP
This feature is available in Postfix 2.11 and later. This feature is available in Postfix 2.11 and later.
.SH smtp_enforce_requiretls (default: empty)
An optional list of next\-hop destinations that the Postfix
SMTP/LMTP client will enforce REQUIRETLS for, when a message was
received with the REQUIRETLS option: the next\-hop server must offer
a matching TLS server certificate, and the server must announce
REQUIRETLS support). Such a message will be returned to the sender
if some REQUIRETLS requirement cannot be satisfied. These "hard"
REQUIRETLS failures are logged as "REQUIRETLS failure".
.PP
Other messages that were received with the REQUIRETLS option
will be delivered with REQUIRETLS if possible. If not, a message
will be delivered as if it was received without the REQUIRETLS
option. This allows a mail sending site to discover when REQUIRETLS
can be enforced, without disrupting email deliveries. These "soft"
REQUIRETLS failures are logged with "REQUIRETLS Debug".
.PP
On a perimeter MTA, it can make sense to turn off REQUIRETLS
enforcement, or even to turn off REQUIRETLS support, when delivering
a message to an internal destination. The internal servers may not
support REQUIRETLS, and their connections may be secured with means
other than DANE, STS, and the like.
.PP
The supported syntax differs with SMTP and LMTP:
.IP \(bu
With SMTP, specify a list of next\-hop domain names (without
the ":port" or ":service" suffix), "/file/name" patterns or
"type:table" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents. A "type:table"
lookup table is matched when a domain appears as lookup key. Specify
"!pattern" to exclude a domain.
.IP \(bu
With LMTP, specify list of domain names (without the "inet":
prefix, or ":port" or ":service" suffix), or UNIX\-domain socket
"/path/name" (without the "unix:" prefix), or "type:table" lookup
tables, separated by commas and/or whitespace. Continue long lines
by starting the next line with whitespace. A "type:table" lookup
table is matched when a domain appears as lookup key. Specify
"!pattern" to exclude a domain or socket path.
.br
.PP
Specify the form ".domain" to match any name ending in ".domain".
To change this behavior, list "smtp_enforce_requiretls" or
"lmtp_enforce_requiretls" in the parent_domain_matches_subdomains
parameter value.
.PP
SMTP Examples:
.PP
.nf
.na
# Enforce REQUIRETLS for SMTP with selected next\-hop domains.
smtp_enforce_requiretls = example.com, foo.example
.br
# Enforce REQUIRETLS for SMTP with all but a few next\-hop domains.
smtp_enforce_requiretls = !foo.example, static:all
.fi
.ad
.PP
LMTP examples:
.PP
.nf
.na
# Don't enforce REQUIRETLS
lmtp_enforce_requiretls =
.br
# Enforce REQUIRETLS for specific destinations.
lmtp_enforce_requiretls = /path/to/socket, message\-store.example
.fi
.ad
.PP
This feature is available in Postfix >= 3.11.
.SH smtp_enforce_tls (default: no) .SH smtp_enforce_tls (default: no)
Enforcement mode: require that remote SMTP servers use TLS Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear. This also requires encryption, and never send mail in the clear. This also requires
@ -14522,6 +14624,8 @@ If a message contains a "TLS\-Required: no" header, then Postfix
will add that header to a delivery status notification for that will add that header to a delivery status notification for that
message. message.
.PP .PP
Note: REQUIRETLS overrides "TLS\-Required: no".
.PP
This feature is available in Postfix >= 3.10. This feature is available in Postfix >= 3.10.
.SH tls_server_sni_maps (default: empty) .SH tls_server_sni_maps (default: empty)
Optional lookup tables that map names received from remote SMTP Optional lookup tables that map names received from remote SMTP

8
postfix/man/man8/pipe.8
View File

@ -294,6 +294,14 @@ expands to as many command\-line arguments as there are recipients.
.sp .sp
This information is modified by the \fBhqu\fR flags for quoting This information is modified by the \fBhqu\fR flags for quoting
and case folding. and case folding.
.IP \fB${requiretls}\fR
This feature should be used with content filters that pass
filtered mail to the Postfix sendmail(1) command. The macro
expands to the sendmail(1) command\-line option \fB\-Orequiretls\fR
if the sender requested REQUIRETLS, otherwise it expands to
\fB\-Onoop\fR.
.sp
This feature is available as of Postfix 3.10.
.IP \fB${sasl_method}\fR .IP \fB${sasl_method}\fR
This macro expands to the name of the SASL authentication This macro expands to the name of the SASL authentication
mechanism in the AUTH command when the Postfix SMTP server mechanism in the AUTH command when the Postfix SMTP server

15
postfix/man/man8/smtp.8
View File

@ -190,7 +190,7 @@ RFC 5321 (SMTP protocol)
RFC 6531 (Internationalized SMTP) RFC 6531 (Internationalized SMTP)
RFC 6533 (Internationalized Delivery Status Notifications) RFC 6533 (Internationalized Delivery Status Notifications)
RFC 7672 (SMTP security via opportunistic DANE TLS) RFC 7672 (SMTP security via opportunistic DANE TLS)
RFC 8689 (TLS\-Required message header) RFC 8689 (SMTP REQUIRETLS extension)
.SH DIAGNOSTICS .SH DIAGNOSTICS
.ad .ad
.fi .fi
@ -485,7 +485,7 @@ Available in Postfix version 3.9 and later:
.IP "\fBsmtp_sasl_password_result_delimiter (:)\fR" .IP "\fBsmtp_sasl_password_result_delimiter (:)\fR"
The delimiter between username and password in sasl_passwd_maps lookup The delimiter between username and password in sasl_passwd_maps lookup
results. results.
.SH "STARTTLS SUPPORT CONTROLS" .SH "TLS SUPPORT CONTROLS"
.na .na
.nf .nf
.ad .ad
@ -687,7 +687,16 @@ sessions.
.IP "\fBtls_required_enable (yes)\fR" .IP "\fBtls_required_enable (yes)\fR"
Enable support for the "TLS\-Required: no" message header, defined Enable support for the "TLS\-Required: no" message header, defined
in RFC 8689. in RFC 8689.
.SH "OBSOLETE STARTTLS CONTROLS" .IP "\fBrequiretls_enable (yes)\fR"
Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
8689.
.IP "\fBsmtp_enforce_requiretls (empty)\fR"
An optional list of next\-hop destinations that the Postfix
SMTP/LMTP client will enforce REQUIRETLS for, when a message was
received with the REQUIRETLS option: the next\-hop server must offer
a matching TLS server certificate, and the server must announce
REQUIRETLS support).
.SH "OBSOLETE TLS CONTROLS"
.na .na
.nf .nf
.ad .ad

10
postfix/man/man8/smtpd.8
View File

@ -67,6 +67,7 @@ RFC 5321 (SMTP protocol)
RFC 6531 (Internationalized SMTP) RFC 6531 (Internationalized SMTP)
RFC 6533 (Internationalized Delivery Status Notifications) RFC 6533 (Internationalized Delivery Status Notifications)
RFC 7505 ("Null MX" No Service Resource Record) RFC 7505 ("Null MX" No Service Resource Record)
RFC 8689 (SMTP REQUIRETLS extension)
.SH DIAGNOSTICS .SH DIAGNOSTICS
.ad .ad
.fi .fi
@ -402,7 +403,7 @@ Available in Postfix 3.6 and later:
.IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR" .IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR"
If non\-empty, a filter for the SASL mechanism names that the If non\-empty, a filter for the SASL mechanism names that the
Postfix SMTP server will announce in the EHLO response. Postfix SMTP server will announce in the EHLO response.
.SH "STARTTLS SUPPORT CONTROLS" .SH "TLS SUPPORT CONTROLS"
.na .na
.nf .nf
.ad .ad
@ -578,7 +579,12 @@ Available in Postfix version 3.9 and later:
Request that remote SMTP clients send an RFC7250 raw public key Request that remote SMTP clients send an RFC7250 raw public key
instead of an X.509 certificate, when asking for or requiring client instead of an X.509 certificate, when asking for or requiring client
authentication. authentication.
.SH "OBSOLETE STARTTLS CONTROLS" .PP
Available in Postfix version 3.10 and later:
.IP "\fBrequiretls_enable (yes)\fR"
Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
8689.
.SH "OBSOLETE TLS CONTROLS"
.na .na
.nf .nf
.ad .ad

4
postfix/mantools/postlink
View File

@ -1188,6 +1188,10 @@ while (<>) {
s;\bignore_srv_lookup_error\b;<a href="postconf.5.html#ignore_srv_lookup_error">$&</a>;g; s;\bignore_srv_lookup_error\b;<a href="postconf.5.html#ignore_srv_lookup_error">$&</a>;g;
s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g; s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g;
s;\brequiretls_enable\b;<a href="postconf.5.html#requiretls_enable">$&</a>;g;
s;\bsmtp_enforce_requiretls\b;<a href="postconf.5.html#smtp_enforce_requiretls">$&</a>;g;
s;\blmtp_enforce_requiretls\b;<a href="postconf.5.html#lmtp_enforce_requiretls">$&</a>;g;
s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g; s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g;
s;\bsmtpd_hide_client_session\b;<a href="postconf.5.html#smtpd_hide_client_session">$&</a>;g; s;\bsmtpd_hide_client_session\b;<a href="postconf.5.html#smtpd_hide_client_session">$&</a>;g;

119
postfix/proto/postconf.proto
View File

@ -3374,6 +3374,13 @@ postscreen_access_list
smtpd_client_event_limit_exceptions smtpd_client_event_limit_exceptions
</dd> </dd>
<dt> Postfix version 3.11 and later </dt>
<dd>
smtp_enforce_requiretls,
lmtp_enforce_requiretls
</dd>
</dl> </dl>
%PARAM propagate_unmatched_extensions canonical, virtual %PARAM propagate_unmatched_extensions canonical, virtual
@ -19612,8 +19619,120 @@ If a message contains a "TLS-Required: no" header, then Postfix
will add that header to a delivery status notification for that will add that header to a delivery status notification for that
message. </p> message. </p>
<p> Note: REQUIRETLS overrides "TLS-Required: no". </p>
<p> This feature is available in Postfix &ge; 3.10. </p> <p> This feature is available in Postfix &ge; 3.10. </p>
%PARAM requiretls_enable yes
<p> Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
8689. By issuing this verb in the "MAIL FROM" command, a sender
specifies that a message must be delivered over TLS connections
with a verified server certificate, to a server that announces
"REQUIRETLS" support. This corresponds to the Postfix SMTP client
TLS security levels "secure", "verify", "fingerprint", dane-only,
or opportunistic "dane", with a successful certificate match. The
Postfix SMTP client will try one or more servers, controlled with
the smtp_mx_address_limit parameter, until it finds a server that
satisfies requirements. Otherwise, Postfix returns the message as
undeliverable. </p>
<p> Notes: </p>
<ul>
<li> <p> REQUIRETLS enforcement is controlled with smtp_enforce_requiretls
or lmtp_enforce_requiretls. </p>
<li> <p> REQUIRETLS overrides "TLS-Required: no". </p>
</ul>
<p> This feature is available in Postfix &ge; 3.11. </p>
%PARAM smtp_enforce_requiretls empty
<p> An optional list of next-hop destinations that the Postfix
SMTP/LMTP client will enforce REQUIRETLS for, when a message was
received with the REQUIRETLS option: the next-hop server must offer
a matching TLS server certificate, and the server must announce
REQUIRETLS support). Such a message will be returned to the sender
if some REQUIRETLS requirement cannot be satisfied. These "hard"
REQUIRETLS failures are logged as "REQUIRETLS failure". </p>
<p> Other messages that were received with the REQUIRETLS option
will be delivered with REQUIRETLS if possible. If not, a message
will be delivered as if it was received without the REQUIRETLS
option. This allows a mail sending site to discover when REQUIRETLS
can be enforced, without disrupting email deliveries. These "soft"
REQUIRETLS failures are logged with "REQUIRETLS Debug". </p>
<p> On a perimeter MTA, it can make sense to turn off REQUIRETLS
enforcement, or even to turn off REQUIRETLS support, when delivering
a message to an internal destination. The internal servers may not
support REQUIRETLS, and their connections may be secured with means
other than DANE, STS, and the like. </p>
<p> The supported syntax differs with SMTP and LMTP: </p>
<ul>
<li> <p> With SMTP, specify a list of next-hop domain names (without
the ":port" or ":service" suffix), "/file/name" patterns or
"type:table" lookup tables, separated by commas and/or whitespace.
Continue long lines by starting the next line with whitespace. A
"/file/name" pattern is replaced by its contents. A "type:table"
lookup table is matched when a domain appears as lookup key. Specify
"!pattern" to exclude a domain. </p>
<li> <p> With LMTP, specify list of domain names (without the "inet":
prefix, or ":port" or ":service" suffix), or UNIX-domain socket
"/path/name" (without the "unix:" prefix), or "type:table" lookup
tables, separated by commas and/or whitespace. Continue long lines
by starting the next line with whitespace. A "type:table" lookup
table is matched when a domain appears as lookup key. Specify
"!pattern" to exclude a domain or socket path. </p>
</ul>
<p> Specify the form ".domain" to match any name ending in ".domain".
To change this behavior, list "smtp_enforce_requiretls" or
"lmtp_enforce_requiretls" in the parent_domain_matches_subdomains
parameter value. </p>
<p>
SMTP Examples:
</p>
<pre>
# Enforce REQUIRETLS for SMTP with selected next-hop domains.
smtp_enforce_requiretls = example.com, foo.example
<br>
# Enforce REQUIRETLS for SMTP with all but a few next-hop domains.
smtp_enforce_requiretls = !foo.example, static:all
</pre>
<p>
LMTP examples:
</p>
<pre>
# Don't enforce REQUIRETLS
lmtp_enforce_requiretls =
<br>
# Enforce REQUIRETLS for specific destinations.
lmtp_enforce_requiretls = /path/to/socket, message-store.example
</pre>
<p> This feature is available in Postfix &ge; 3.11. </p>
%PARAM lmtp_enforce_requiretls empty
<p> The LMTP-specific version of the smtp_enforce_requiretls
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix &ge; 3.11. </p>
%PARAM smtpd_hide_client_session no %PARAM smtpd_hide_client_session no
<p> Do not include SMTP client session information in the Postfix <p> Do not include SMTP client session information in the Postfix

3
postfix/proto/stop
View File

@ -1664,6 +1664,9 @@ REQUIRETLS
RequireTLS RequireTLS
requiretls requiretls
sendopts sendopts
TODO
Onoop
Orequiretls
tz tz
GID GID
SIGKILL SIGKILL

9
postfix/proto/stop.double-history
View File

@ -159,10 +159,17 @@ proto proto socketmap_table
qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c
smtp smtp_proto c smtpd smtpd c verify verify c smtp smtp_proto c smtpd smtpd c verify verify c
operations Files cleanup cleanup h cleanup cleanup_message c operations Files cleanup cleanup h cleanup cleanup_message c
proto postconf proto pipe pipe c global ehlo_mask_test c local forward c smtpd smtpd c
more alternate MX servers to try Files smtp smtp h
Files sendmail sendmail c global rec_types h
Files sendmail sendmail c
Files sendmail sendmail c global rec_types h pickup pickup c
pipe pipe c sendmail sendmail c
smtp smtp c smtp smtp_proto c
bounce bounce c bounce bounce_notify_util c cleanup cleanup c bounce bounce c bounce bounce_notify_util c cleanup cleanup c
cleanup cleanup_message c smtp smtp c smtp smtp_connect c cleanup cleanup_message c smtp smtp c smtp smtp_connect c
Documentation edited for clarity Files pipe pipe c Documentation edited for clarity Files pipe pipe c
servers to try Files smtp smtp h smtp smtp_proto c
global mail_params h smtpd smtpd c global mail_params h smtpd smtpd c
global mail_params h proto postconf proto smtp smtp c global mail_params h proto postconf proto smtp smtp c
proto postconf proto proto TLS_README html proto postconf proto proto TLS_README html

1
postfix/proto/stop.spell-cc
View File

@ -1858,6 +1858,7 @@ TINYCDB
getdata getdata
XXXSENDOPTS XXXSENDOPTS
xtra xtra
NODICT
HAPROXY HAPROXY
SRVR SRVR
DGST DGST

1
postfix/proto/stop.spell-history
View File

@ -100,6 +100,7 @@ Roessner
bitflags bitflags
Schulze Schulze
tlspol tlspol
TlsRequired
Gueven Gueven
Oemer Oemer
Kozmenko Kozmenko

12
postfix/src/bounce/bounce_notify_service.c
View File

@ -98,6 +98,15 @@ int bounce_notify_service(int flags, char *service, char *queue_name,
char *postmaster; char *postmaster;
int count; int count;
/*
* If the original sender requested REQUIRETLS, return headers only, and
* do not enforce REQUIRETLS for the delivery status notification.
*/
if ((sendopts & SOPT_REQUIRETLS_ESMTP) != 0) {
dsn_ret = DSN_RET_HDRS;
sendopts &= ~SOPT_REQUIRETLS_ESMTP;
}
/* /*
* Initialize. Open queue file, bounce log, etc. * Initialize. Open queue file, bounce log, etc.
* *
@ -196,7 +205,8 @@ int bounce_notify_service(int flags, char *service, char *queue_name,
&& bounce_header_dsn(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0
&& bounce_diagnostic_dsn(bounce, bounce_info, && bounce_diagnostic_dsn(bounce, bounce_info,
DSN_NOTIFY_OVERRIDE) > 0) { DSN_NOTIFY_OVERRIDE) > 0) {
bounce_original(bounce, bounce_info, DSN_RET_FULL); bounce_original(bounce, bounce_info, dsn_ret ?
dsn_ret : DSN_RET_FULL);
bounce_status = post_mail_fclose(bounce); bounce_status = post_mail_fclose(bounce);
if (bounce_status == 0) if (bounce_status == 0)
msg_info("%s: postmaster non-delivery notification: %s", msg_info("%s: postmaster non-delivery notification: %s",

1
postfix/src/bounce/bounce_notify_util.c
View File

@ -537,6 +537,7 @@ int bounce_header(VSTREAM *bounce, BOUNCE_INFO *bounce_info,
* Trade confidentiality against availability. * Trade confidentiality against availability.
*/ */
if (var_tls_required_enable if (var_tls_required_enable
&& (bounce_info->sendopts & SOPT_REQUIRETLS_ESMTP) == 0
&& (bounce_info->sendopts & SOPT_REQUIRETLS_HEADER) != 0) && (bounce_info->sendopts & SOPT_REQUIRETLS_HEADER) != 0)
post_mail_fprintf(bounce, "TLS-Required: no"); post_mail_fprintf(bounce, "TLS-Required: no");

9
postfix/src/bounce/bounce_notify_verp.c
View File

@ -111,6 +111,15 @@ int bounce_notify_verp(int flags, char *service, char *queue_name,
if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0) if (strcasecmp_utf8(recipient, mail_addr_double_bounce()) == 0)
msg_panic("%s: attempt to bounce a double bounce", myname); msg_panic("%s: attempt to bounce a double bounce", myname);
/*
* If the original sender requested REQUIRETLS, return headers only, and
* do not enforce REQUIRETLS for the delivery status notification.
*/
if ((sendopts & SOPT_REQUIRETLS_ESMTP) != 0) {
dsn_ret = DSN_RET_HDRS;
sendopts &= ~SOPT_REQUIRETLS_ESMTP;
}
/* /*
* Initialize. Open queue file, bounce log, etc. * Initialize. Open queue file, bounce log, etc.
*/ */

12
postfix/src/bounce/bounce_one_service.c
View File

@ -96,6 +96,15 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
var_notify_classes); var_notify_classes);
VSTRING *new_id = vstring_alloc(10); VSTRING *new_id = vstring_alloc(10);
/*
* If the original sender requested REQUIRETLS, return headers only, and
* do not enforce REQUIRETLS for the delivery status notification.
*/
if ((sendopts & SOPT_REQUIRETLS_ESMTP) != 0) {
dsn_ret = DSN_RET_HDRS;
sendopts &= ~SOPT_REQUIRETLS_ESMTP;
}
/* /*
* Initialize. Open queue file, bounce log, etc. * Initialize. Open queue file, bounce log, etc.
*/ */
@ -162,7 +171,8 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
&& bounce_recipient_log(bounce, bounce_info) == 0 && bounce_recipient_log(bounce, bounce_info) == 0
&& bounce_header_dsn(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0
&& bounce_recipient_dsn(bounce, bounce_info) == 0) && bounce_recipient_dsn(bounce, bounce_info) == 0)
bounce_original(bounce, bounce_info, DSN_RET_FULL); bounce_original(bounce, bounce_info, dsn_ret ?
dsn_ret : DSN_RET_FULL);
bounce_status = post_mail_fclose(bounce); bounce_status = post_mail_fclose(bounce);
if (bounce_status == 0) if (bounce_status == 0)
msg_info("%s: postmaster non-delivery notification: %s", msg_info("%s: postmaster non-delivery notification: %s",

9
postfix/src/bounce/bounce_trace_service.c
View File

@ -95,6 +95,15 @@ int bounce_trace_service(int flags, char *service, char *queue_name,
int count; int count;
const char *sender; const char *sender;
/*
* If the original sender requested REQUIRETLS, do not enforce REQUIRETLS
* for the delivery status notification. The trace service always returns
* headers only.
*/
if ((sendopts & SOPT_REQUIRETLS_ESMTP) != 0) {
sendopts &= ~SOPT_REQUIRETLS_ESMTP;
}
/* /*
* For consistency with fail/delay notifications, send notification for a * For consistency with fail/delay notifications, send notification for a
* non-bounce message as a single-bounce message, send notification for a * non-bounce message as a single-bounce message, send notification for a

12
postfix/src/bounce/bounce_warn_service.c
View File

@ -98,6 +98,15 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name,
char *postmaster; char *postmaster;
int count; int count;
/*
* If the original sender requested REQUIRETLS, return headers only, and
* do not enforce REQUIRETLS for the delivery status notification.
*/
if ((sendopts & SOPT_REQUIRETLS_ESMTP) != 0) {
dsn_ret = DSN_RET_HDRS;
sendopts &= ~SOPT_REQUIRETLS_ESMTP;
}
/* /*
* Initialize. Open queue file, bounce log, etc. * Initialize. Open queue file, bounce log, etc.
* *
@ -185,7 +194,8 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name,
&& bounce_header_dsn(bounce, bounce_info) == 0 && bounce_header_dsn(bounce, bounce_info) == 0
&& bounce_diagnostic_dsn(bounce, bounce_info, && bounce_diagnostic_dsn(bounce, bounce_info,
DSN_NOTIFY_OVERRIDE) > 0) { DSN_NOTIFY_OVERRIDE) > 0) {
bounce_original(bounce, bounce_info, DSN_RET_FULL); bounce_original(bounce, bounce_info, dsn_ret ?
dsn_ret : DSN_RET_FULL);
bounce_status = post_mail_fclose(bounce); bounce_status = post_mail_fclose(bounce);
if (bounce_status == 0) if (bounce_status == 0)
msg_info("%s: postmaster delay notification: %s", msg_info("%s: postmaster delay notification: %s",

10
postfix/src/cleanup/cleanup_api.c
View File

@ -80,6 +80,8 @@
/* .IP CLEANUP_FLAG_AUTOUTF8 /* .IP CLEANUP_FLAG_AUTOUTF8
/* Autodetection: request SMTPUTF8 support if the message /* Autodetection: request SMTPUTF8 support if the message
/* contains an UTF8 message header, sender, or recipient. /* contains an UTF8 message header, sender, or recipient.
/* .IP CLEANUP_FLAG_REQUIRETLS
/* The sender requested REQUIRETLS (RFC 8689) enforcement.
/* DIAGNOSTICS /* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8) /* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8). /* or \fBpostlogd\fR(8).
@ -208,9 +210,15 @@ void cleanup_control(CLEANUP_STATE *state, int flags)
} else { } else {
state->err_mask = ~0; state->err_mask = ~0;
} }
/*
* Propagate requests that are specified at the envelope level. This may
* be augmented later with information derived from message content.
*/
if (state->flags & CLEANUP_FLAG_SMTPUTF8) if (state->flags & CLEANUP_FLAG_SMTPUTF8)
state->sendopts |= SMTPUTF8_FLAG_REQUESTED; state->sendopts |= SMTPUTF8_FLAG_REQUESTED;
/* TODO(wietse) REQUIRETLS. */ if (state->flags & CLEANUP_FLAG_REQUIRETLS)
state->sendopts |= SOPT_REQUIRETLS_ESMTP;
if (msg_verbose) if (msg_verbose)
msg_info("server flags = %s", cleanup_strflags(state->flags)); msg_info("server flags = %s", cleanup_strflags(state->flags));
} }

22
postfix/src/global/Makefile.in
View File

@ -124,7 +124,7 @@ TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \
off_cvt quote_822_local rec2stream recdump resolve_clnt \ off_cvt quote_822_local rec2stream recdump resolve_clnt \
resolve_local rewrite_clnt stream2rec string_list tok822_parse \ resolve_local rewrite_clnt stream2rec string_list tok822_parse \
quote_821_local mail_conf_time mime_state strip_addr \ quote_821_local mail_conf_time mime_state strip_addr \
verify_clnt xtext anvil_clnt scache ehlo_mask \ verify_clnt xtext anvil_clnt scache ehlo_mask_test \
valid_mailhost_addr own_inet_addr header_body_checks \ valid_mailhost_addr own_inet_addr header_body_checks \
data_redirect addr_match_list safe_ultostr verify_sender_addr \ data_redirect addr_match_list safe_ultostr verify_sender_addr \
mail_version mail_dict server_acl uxtext mail_parm_split \ mail_version mail_dict server_acl uxtext mail_parm_split \
@ -336,7 +336,7 @@ anvil_clnt: $(LIB) $(LIBS)
scache: scache.c $(LIB) $(LIBS) scache: scache.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
ehlo_mask: ehlo_mask.c $(LIB) $(LIBS) ehlo_mask_test: ehlo_mask_test.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
valid_mailhost_addr: valid_mailhost_addr.c $(LIB) $(LIBS) valid_mailhost_addr: valid_mailhost_addr.c $(LIB) $(LIBS)
@ -416,7 +416,7 @@ config_known_tcp_ports: config_known_tcp_ports.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS) $(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
tests: tok822_test mime_tests strip_addr_test tok822_limit_test \ tests: tok822_test mime_tests strip_addr_test tok822_limit_test \
xtext_test scache_multi_test ehlo_mask_test \ xtext_test scache_multi_test test_ehlo_mask \
namadr_list_test mail_conf_time_test header_body_checks_tests \ namadr_list_test mail_conf_time_test header_body_checks_tests \
mail_version_test server_acl_test resolve_local_test maps_test \ mail_version_test server_acl_test resolve_local_test maps_test \
safe_ultostr_test mail_parm_split_test fold_addr_test \ safe_ultostr_test mail_parm_split_test fold_addr_test \
@ -616,10 +616,8 @@ scache_multi_test: scache scache_multi.in scache_multi.ref
diff scache_multi.ref scache_multi.tmp diff scache_multi.ref scache_multi.tmp
rm -f scache_multi.tmp rm -f scache_multi.tmp
ehlo_mask_test: ehlo_mask ehlo_mask.in ehlo_mask.ref test_ehlo_mask: ehlo_mask_test
$(SHLIB_ENV) $(VALGRIND) ./ehlo_mask <ehlo_mask.in >ehlo_mask.tmp $(SHLIB_ENV) $(VALGRIND) ./ehlo_mask_test
diff ehlo_mask.ref ehlo_mask.tmp
rm -f ehlo_mask.tmp
namadr_list_test: namadr_list namadr_list.in namadr_list.ref namadr_list_test: namadr_list namadr_list.in namadr_list.ref
-$(SHLIB_ENV) sh namadr_list.in >namadr_list.tmp 2>&1 -$(SHLIB_ENV) sh namadr_list.in >namadr_list.tmp 2>&1
@ -1481,6 +1479,16 @@ ehlo_mask.o: ../../include/vbuf.h
ehlo_mask.o: ../../include/vstring.h ehlo_mask.o: ../../include/vstring.h
ehlo_mask.o: ehlo_mask.c ehlo_mask.o: ehlo_mask.c
ehlo_mask.o: ehlo_mask.h ehlo_mask.o: ehlo_mask.h
ehlo_mask_test.o: ../../include/check_arg.h
ehlo_mask_test.o: ../../include/msg.h
ehlo_mask_test.o: ../../include/msg_vstream.h
ehlo_mask_test.o: ../../include/stringops.h
ehlo_mask_test.o: ../../include/sys_defs.h
ehlo_mask_test.o: ../../include/vbuf.h
ehlo_mask_test.o: ../../include/vstream.h
ehlo_mask_test.o: ../../include/vstring.h
ehlo_mask_test.o: ehlo_mask.h
ehlo_mask_test.o: ehlo_mask_test.c
ext_prop.o: ../../include/check_arg.h ext_prop.o: ../../include/check_arg.h
ext_prop.o: ../../include/name_mask.h ext_prop.o: ../../include/name_mask.h
ext_prop.o: ../../include/sys_defs.h ext_prop.o: ../../include/sys_defs.h

7
postfix/src/global/addr_match_list.c
View File

@ -42,6 +42,10 @@
/* Request that addr_match_list_match() logs a warning and /* Request that addr_match_list_match() logs a warning and
/* returns zero with list->error set to a non-zero dictionary /* returns zero with list->error set to a non-zero dictionary
/* error code, instead of raising a fatal error. /* error code, instead of raising a fatal error.
/* .IP MATCH_FLAG_NOFILE
/* Disable special handling for /file/name.
/* .IP MATCH_FLAG_NODICT
/* Disable special handling for type:name.
/* .PP /* .PP
/* Specify MATCH_FLAG_NONE to request none of the above. /* Specify MATCH_FLAG_NONE to request none of the above.
/* The last argument is a list of patterns, or the absolute /* The last argument is a list of patterns, or the absolute
@ -67,6 +71,9 @@
/* IBM T.J. Watson Research /* IBM T.J. Watson Research
/* P.O. Box 704 /* P.O. Box 704
/* Yorktown Heights, NY 10598, USA /* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/ /*--*/
/* System library. */ /* System library. */

1
postfix/src/global/cleanup_strflags.c
View File

@ -55,6 +55,7 @@ static struct cleanup_flag_map cleanup_flag_map[] = {
CLEANUP_FLAG_SMTP_REPLY, "enable_smtp_reply", CLEANUP_FLAG_SMTP_REPLY, "enable_smtp_reply",
CLEANUP_FLAG_SMTPUTF8, "smtputf8_requested", CLEANUP_FLAG_SMTPUTF8, "smtputf8_requested",
CLEANUP_FLAG_AUTOUTF8, "smtputf8_autodetect", CLEANUP_FLAG_AUTOUTF8, "smtputf8_autodetect",
CLEANUP_FLAG_REQUIRETLS, "requiretls_requested",
}; };
/* cleanup_strflags - map flags code to printable string */ /* cleanup_strflags - map flags code to printable string */

1
postfix/src/global/cleanup_user.h
View File

@ -25,6 +25,7 @@
#define CLEANUP_FLAG_SMTP_REPLY (1<<7) /* Enable SMTP reply */ #define CLEANUP_FLAG_SMTP_REPLY (1<<7) /* Enable SMTP reply */
#define CLEANUP_FLAG_SMTPUTF8 (1<<8) /* SMTPUTF8 requested */ #define CLEANUP_FLAG_SMTPUTF8 (1<<8) /* SMTPUTF8 requested */
#define CLEANUP_FLAG_AUTOUTF8 (1<<9) /* Autodetect SMTPUTF8 */ #define CLEANUP_FLAG_AUTOUTF8 (1<<9) /* Autodetect SMTPUTF8 */
#define CLEANUP_FLAG_REQUIRETLS (1<<10) /* REQUIRETLS requested */
#define CLEANUP_FLAG_FILTER_ALL (CLEANUP_FLAG_FILTER | CLEANUP_FLAG_MILTER) #define CLEANUP_FLAG_FILTER_ALL (CLEANUP_FLAG_FILTER | CLEANUP_FLAG_MILTER)

7
postfix/src/global/domain_list.c
View File

@ -45,6 +45,10 @@
/* Request that domain_list_match() logs a warning and returns /* Request that domain_list_match() logs a warning and returns
/* zero, with list->error set to a non-zero dictionary error /* zero, with list->error set to a non-zero dictionary error
/* code, instead of raising a fatal error. /* code, instead of raising a fatal error.
/* .IP MATCH_FLAG_NOFILE
/* Disable special handling for /file/name.
/* .IP MATCH_FLAG_NODICT
/* Disable special handling for type:name.
/* .PP /* .PP
/* Specify MATCH_FLAG_NONE to request none of the above. /* Specify MATCH_FLAG_NONE to request none of the above.
/* The last argument is a list of domain patterns, or the name of /* The last argument is a list of domain patterns, or the name of
@ -69,6 +73,9 @@
/* IBM T.J. Watson Research /* IBM T.J. Watson Research
/* P.O. Box 704 /* P.O. Box 704
/* Yorktown Heights, NY 10598, USA /* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/ /*--*/
/* System library. */ /* System library. */

62
postfix/src/global/ehlo_mask.c
View File

@ -20,6 +20,7 @@
/* #define EHLO_MASK_DSN (1<<11) /* #define EHLO_MASK_DSN (1<<11)
/* #define EHLO_MASK_SMTPUTF8 (1<<12) /* #define EHLO_MASK_SMTPUTF8 (1<<12)
/* #define EHLO_MASK_CHUNKING (1<<13) /* #define EHLO_MASK_CHUNKING (1<<13)
/* #define EHLO_MASK_REQUIRETLS (1<<14)
/* #define EHLO_MASK_SILENT (1<<15) /* #define EHLO_MASK_SILENT (1<<15)
/* /*
/* int ehlo_mask(keyword_list) /* int ehlo_mask(keyword_list)
@ -70,22 +71,22 @@
* The lookup table. * The lookup table.
*/ */
static const NAME_MASK ehlo_mask_table[] = { static const NAME_MASK ehlo_mask_table[] = {
"8BITMIME", EHLO_MASK_8BITMIME, EHLO_VERB_8BITMIME, EHLO_MASK_8BITMIME,
"AUTH", EHLO_MASK_AUTH, EHLO_VERB_AUTH, EHLO_MASK_AUTH,
"ETRN", EHLO_MASK_ETRN, EHLO_VERB_ETRN, EHLO_MASK_ETRN,
"PIPELINING", EHLO_MASK_PIPELINING, EHLO_VERB_PIPELINING, EHLO_MASK_PIPELINING,
"SIZE", EHLO_MASK_SIZE, EHLO_VERB_SIZE, EHLO_MASK_SIZE,
"VERP", EHLO_MASK_VERP, EHLO_VERB_VERP, EHLO_MASK_VERP,
"VRFY", EHLO_MASK_VRFY, EHLO_VERB_VRFY, EHLO_MASK_VRFY,
"XCLIENT", EHLO_MASK_XCLIENT, EHLO_VERB_XCLIENT, EHLO_MASK_XCLIENT,
"XFORWARD", EHLO_MASK_XFORWARD, EHLO_VERB_XFORWARD, EHLO_MASK_XFORWARD,
"STARTTLS", EHLO_MASK_STARTTLS, EHLO_VERB_STARTTLS, EHLO_MASK_STARTTLS,
"ENHANCEDSTATUSCODES", EHLO_MASK_ENHANCEDSTATUSCODES, EHLO_VERB_ENHANCEDSTATUSCODES, EHLO_MASK_ENHANCEDSTATUSCODES,
"DSN", EHLO_MASK_DSN, EHLO_VERB_DSN, EHLO_MASK_DSN,
"EHLO_MASK_SMTPUTF8", EHLO_MASK_SMTPUTF8, EHLO_VERB_SMTPUTF8, EHLO_MASK_SMTPUTF8,
"SMTPUTF8", EHLO_MASK_SMTPUTF8, EHLO_VERB_CHUNKING, EHLO_MASK_CHUNKING,
"CHUNKING", EHLO_MASK_CHUNKING, EHLO_VERB_REQUIRETLS, EHLO_MASK_REQUIRETLS,
"SILENT-DISCARD", EHLO_MASK_SILENT, /* XXX In-band signaling */ EHLO_VERB_SILENT, EHLO_MASK_SILENT,
0, 0,
}; };
@ -114,32 +115,3 @@ const char *str_ehlo_mask(int mask_bits)
*/ */
return (str_name_mask("ehlo bitmask", ehlo_mask_table, mask_bits)); return (str_name_mask("ehlo bitmask", ehlo_mask_table, mask_bits));
} }
#ifdef TEST
/*
* Stand-alone test program.
*/
#include <stdlib.h>
#include <vstream.h>
#include <vstring.h>
#include <vstring_vstream.h>
int main(int unused_argc, char **unused_argv)
{
int mask_bits;
VSTRING *buf = vstring_alloc(1);
const char *mask_string;
while (vstring_get_nonl(buf, VSTREAM_IN) != VSTREAM_EOF) {
mask_bits = ehlo_mask(vstring_str(buf));
mask_string = str_ehlo_mask(mask_bits);
vstream_printf("%s -> 0x%x -> %s\n", vstring_str(buf), mask_bits,
mask_string);
vstream_fflush(VSTREAM_OUT);
}
vstring_free(buf);
exit(0);
}
#endif

28
postfix/src/global/ehlo_mask.h
View File

@ -12,7 +12,7 @@
/* .nf /* .nf
/* /*
* External interface. * Bit flags.
*/ */
#define EHLO_MASK_8BITMIME (1<<0) /* start of first byte */ #define EHLO_MASK_8BITMIME (1<<0) /* start of first byte */
#define EHLO_MASK_PIPELINING (1<<1) #define EHLO_MASK_PIPELINING (1<<1)
@ -29,8 +29,32 @@
#define EHLO_MASK_DSN (1<<11) #define EHLO_MASK_DSN (1<<11)
#define EHLO_MASK_SMTPUTF8 (1<<12) #define EHLO_MASK_SMTPUTF8 (1<<12)
#define EHLO_MASK_CHUNKING (1<<13) #define EHLO_MASK_CHUNKING (1<<13)
#define EHLO_MASK_SILENT (1<<15) #define EHLO_MASK_REQUIRETLS (1<<14)
#define EHLO_MASK_SILENT (1<<15) /* in-band signaling */
/*
* ESMTP verbs.
*/
#define EHLO_VERB_8BITMIME "8BITMIME"
#define EHLO_VERB_PIPELINING "PIPELINING"
#define EHLO_VERB_SIZE "SIZE"
#define EHLO_VERB_VRFY "VRFY"
#define EHLO_VERB_ETRN "ETRN"
#define EHLO_VERB_AUTH "AUTH"
#define EHLO_VERB_VERP "VERP"
#define EHLO_VERB_STARTTLS "STARTTLS"
#define EHLO_VERB_XCLIENT "XCLIENT"
#define EHLO_VERB_XFORWARD "XFORWARD"
#define EHLO_VERB_ENHANCEDSTATUSCODES "ENHANCEDSTATUSCODES"
#define EHLO_VERB_DSN "DSN"
#define EHLO_VERB_SMTPUTF8 "SMTPUTF8"
#define EHLO_VERB_CHUNKING "CHUNKING"
#define EHLO_VERB_REQUIRETLS "REQUIRETLS"
#define EHLO_VERB_SILENT "SILENT-DISCARD" /* in-band signaling */
/*
* Functions.
*/
extern int ehlo_mask(const char *); extern int ehlo_mask(const char *);
extern const char *str_ehlo_mask(int); extern const char *str_ehlo_mask(int);

3
postfix/src/global/ehlo_mask.in
View File

@ -1,3 +0,0 @@
starttls, 8bitmime, verp, etrn, etrn
foobar, auth, pipelining, size, vrfy
xclient, xforward

3
postfix/src/global/ehlo_mask.ref
View File

@ -1,3 +0,0 @@
starttls, 8bitmime, verp, etrn, etrn -> 0xd1 -> 8BITMIME ETRN VERP STARTTLS
foobar, auth, pipelining, size, vrfy -> 0x2e -> AUTH PIPELINING SIZE VRFY
xclient, xforward -> 0x300 -> XCLIENT XFORWARD

121
postfix/src/global/ehlo_mask_test.c Normal file
View File

@ -0,0 +1,121 @@
/*
* System library.
*/
#include <sys_defs.h>
#include <stdlib.h>
#include <string.h>
#include <stringops.h>
/*
* Utility library.
*/
#include <msg.h>
#include <msg_vstream.h>
#include <vstream.h>
#include <vstring.h>
/*
* Global library.
*/
#include <ehlo_mask.h>
/*
* Tests and test cases.
*/
typedef struct TEST_CASE {
const char *label; /* identifies test case */
int mask;
const char *want;
} TEST_CASE;
/*
* Verify that each verb has its unique bit mask.
*/
static const TEST_CASE test_cases[] = {
{"EHLO_MASK_8BITMIME",
EHLO_MASK_8BITMIME,
"8BITMIME"
},
{"EHLO_MASK_PIPELINING",
EHLO_MASK_PIPELINING,
"PIPELINING"
},
{"EHLO_MASK_SIZE",
EHLO_MASK_SIZE,
"SIZE"
},
{"EHLO_MASK_VRFY",
EHLO_MASK_VRFY,
"VRFY"
},
{"EHLO_MASK_ETRN",
EHLO_MASK_ETRN,
"ETRN"
},
{"EHLO_MASK_AUTH",
EHLO_MASK_AUTH,
"AUTH"
},
{"EHLO_MASK_VERP",
EHLO_MASK_VERP,
"VERP"
},
{"EHLO_MASK_STARTTLS",
EHLO_MASK_STARTTLS,
"STARTTLS"
},
{"EHLO_MASK_XCLIENT",
EHLO_MASK_XCLIENT,
"XCLIENT"
},
{"EHLO_MASK_ENHANCEDSTATUSCODES",
EHLO_MASK_ENHANCEDSTATUSCODES,
"ENHANCEDSTATUSCODES"
},
{"EHLO_MASK_DSN",
EHLO_MASK_DSN,
"DSN"
},
{"EHLO_MASK_SMTPUTF8",
EHLO_MASK_SMTPUTF8,
"SMTPUTF8"
},
{"EHLO_MASK_CHUNKING",
EHLO_MASK_CHUNKING,
"CHUNKING"
},
{"EHLO_MASK_REQUIRETLS",
EHLO_MASK_REQUIRETLS,
"REQUIRETLS"
},
{"EHLO_MASK_SILENT",
EHLO_MASK_SILENT,
"SILENT-DISCARD"
},
{0},
};
int main(int argc, char **argv)
{
const TEST_CASE *tp;
int pass = 0;
int fail = 0;
const char *got;
msg_vstream_init(sane_basename((VSTRING *) 0, argv[0]), VSTREAM_ERR);
for (tp = test_cases; tp->label != 0; tp++) {
msg_info("RUN %s", tp->label);
got = str_ehlo_mask(tp->mask);
if (strcmp(got, tp->want) != 0) {
msg_warn("got result '%s', want: '%s'", got, tp->want);
fail++;
msg_info("FAIL %s", tp->label);
} else {
msg_info("PASS %s", tp->label);
pass++;
}
}
msg_info("PASS=%d FAIL=%d", pass, fail);
exit(fail != 0);
}

3
postfix/src/global/mail_params.c
View File

@ -128,6 +128,7 @@
/* int var_smtputf8_enable; /* int var_smtputf8_enable;
/* int var_strict_smtputf8; /* int var_strict_smtputf8;
/* char *var_smtputf8_autoclass; /* char *var_smtputf8_autoclass;
/* int var_requiretls_enable;
/* int var_tls_required_enable; /* int var_tls_required_enable;
/* int var_idna2003_compat; /* int var_idna2003_compat;
/* char *var_compatibility_level; /* char *var_compatibility_level;
@ -370,6 +371,7 @@ char *var_dsn_filter;
int var_smtputf8_enable; int var_smtputf8_enable;
int var_strict_smtputf8; int var_strict_smtputf8;
char *var_smtputf8_autoclass; char *var_smtputf8_autoclass;
int var_requiretls_enable;
int var_tls_required_enable; int var_tls_required_enable;
int var_idna2003_compat; int var_idna2003_compat;
char *var_compatibility_level; char *var_compatibility_level;
@ -793,6 +795,7 @@ void mail_params_init()
VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable, VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable,
VAR_IDNA2003_COMPAT, DEF_IDNA2003_COMPAT, &var_idna2003_compat, VAR_IDNA2003_COMPAT, DEF_IDNA2003_COMPAT, &var_idna2003_compat,
VAR_RESPECTFUL_LOGGING, DEF_RESPECTFUL_LOGGING, &var_respectful_logging, VAR_RESPECTFUL_LOGGING, DEF_RESPECTFUL_LOGGING, &var_respectful_logging,
VAR_REQUIRETLS_ENABLE, DEF_REQUIRETLS_ENABLE, &var_requiretls_enable,
VAR_TLSREQUIRED_ENABLE, DEF_TLSREQUIRED_ENABLE, &var_tls_required_enable, VAR_TLSREQUIRED_ENABLE, DEF_TLSREQUIRED_ENABLE, &var_tls_required_enable,
0, 0,
}; };

11
postfix/src/global/mail_params.h
View File

@ -4403,6 +4403,17 @@ extern int var_idna2003_compat;
#define DEF_TLSREQUIRED_ENABLE "yes" #define DEF_TLSREQUIRED_ENABLE "yes"
extern int var_tls_required_enable; extern int var_tls_required_enable;
#define VAR_REQUIRETLS_ENABLE "requiretls_enable"
#define DEF_REQUIRETLS_ENABLE "yes"
extern int var_requiretls_enable;
#define VAR_SMTP_ENFORCE_REQUIRETLS "smtp_enforce_requiretls"
#define DEF_SMTP_ENFORCE_REQUIRETLS ""
extern char *var_smtp_enforce_requiretls;
#define VAR_LMTP_ENFORCE_REQUIRETLS "lmtp_enforce_requiretls"
#define DEF_LMTP_ENFORCE_REQUIRETLS ""
/* /*
* Workaround for future incompatibility. Our implementation of RFC 2308 * Workaround for future incompatibility. Our implementation of RFC 2308
* negative reply caching relies on the promise that res_query() and * negative reply caching relies on the promise that res_query() and

7
postfix/src/global/namadr_list.c
View File

@ -51,6 +51,10 @@
/* Request that namadr_list_match() logs a warning and returns /* Request that namadr_list_match() logs a warning and returns
/* zero with list->error set to a non-zero dictionary error /* zero with list->error set to a non-zero dictionary error
/* code, instead of raising a fatal error. /* code, instead of raising a fatal error.
/* .IP MATCH_FLAG_NOFILE
/* Disable special handling for /file/name.
/* .IP MATCH_FLAG_NODICT
/* Disable special handling for type:name.
/* .PP /* .PP
/* Specify MATCH_FLAG_NONE to request none of the above. /* Specify MATCH_FLAG_NONE to request none of the above.
/* The last argument is a list of patterns, or the absolute /* The last argument is a list of patterns, or the absolute
@ -75,6 +79,9 @@
/* IBM T.J. Watson Research /* IBM T.J. Watson Research
/* P.O. Box 704 /* P.O. Box 704
/* Yorktown Heights, NY 10598, USA /* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/ /*--*/
/* System library. */ /* System library. */

2
postfix/src/global/post_mail.c
View File

@ -225,8 +225,8 @@ static void post_mail_init(VSTREAM *stream, const char *sender,
int cleanup_flags = int cleanup_flags =
int_filt_flags(source_class) | CLEANUP_FLAG_MASK_INTERNAL int_filt_flags(source_class) | CLEANUP_FLAG_MASK_INTERNAL
| smtputf8_autodetect(source_class) | smtputf8_autodetect(source_class)
| ((sendopts & SOPT_REQUIRETLS_ESMTP) ? CLEANUP_FLAG_REQUIRETLS : 0)
| ((sendopts & SMTPUTF8_FLAG_REQUESTED) ? CLEANUP_FLAG_SMTPUTF8 : 0); | ((sendopts & SMTPUTF8_FLAG_REQUESTED) ? CLEANUP_FLAG_SMTPUTF8 : 0);
/* TODO(wietse) REQUIRETLS. */
GETTIMEOFDAY(&now); GETTIMEOFDAY(&now);
date = mail_date(now.tv_sec); date = mail_date(now.tv_sec);

2
postfix/src/global/rec_type.h
View File

@ -110,7 +110,7 @@
/* /*
* The subset of inputs that the postdrop command allows. * The subset of inputs that the postdrop command allows.
*/ */
#define REC_TYPE_POST_ENVELOPE "MFSRVAin" #define REC_TYPE_POST_ENVELOPE "MCFSRVAin"
#define REC_TYPE_POST_CONTENT "XLN" #define REC_TYPE_POST_CONTENT "XLN"
#define REC_TYPE_POST_EXTRACT "EAR" #define REC_TYPE_POST_EXTRACT "EAR"

7
postfix/src/global/string_list.c
View File

@ -39,6 +39,10 @@
/* Request that string_list_match() logs a warning and returns /* Request that string_list_match() logs a warning and returns
/* zero with list->error set to a non-zero dictionary error /* zero with list->error set to a non-zero dictionary error
/* code, instead of raising a fatal error. /* code, instead of raising a fatal error.
/* .IP MATCH_FLAG_NOFILE
/* Disable special handling for /file/name.
/* .IP MATCH_FLAG_NODICT
/* Disable special handling for type:name.
/* .PP /* .PP
/* Specify MATCH_FLAG_NONE to request none of the above. /* Specify MATCH_FLAG_NONE to request none of the above.
/* The last argument specifies a list of string patterns. /* The last argument specifies a list of string patterns.
@ -61,6 +65,9 @@
/* IBM T.J. Watson Research /* IBM T.J. Watson Research
/* P.O. Box 704 /* P.O. Box 704
/* Yorktown Heights, NY 10598, USA /* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/ /*--*/
/* System library. */ /* System library. */

3
postfix/src/local/forward.c
View File

@ -163,9 +163,10 @@ static FORWARD_INFO *forward_open(DELIVER_REQUEST *request, const char *sender)
#define FORWARD_CLEANUP_FLAGS \ #define FORWARD_CLEANUP_FLAGS \
(CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_INTERNAL \ (CLEANUP_FLAG_BOUNCE | CLEANUP_FLAG_MASK_INTERNAL \
| smtputf8_autodetect(MAIL_SRC_MASK_FORWARD) \ | smtputf8_autodetect(MAIL_SRC_MASK_FORWARD) \
| ((request->sendopts & SOPT_REQUIRETLS_ESMTP) ? \
CLEANUP_FLAG_REQUIRETLS : 0) \
| ((request->sendopts & SMTPUTF8_FLAG_REQUESTED) ? \ | ((request->sendopts & SMTPUTF8_FLAG_REQUESTED) ? \
CLEANUP_FLAG_SMTPUTF8 : 0)) CLEANUP_FLAG_SMTPUTF8 : 0))
/* TODO(wietse) REQUIRETLS. */
attr_print(cleanup, ATTR_FLAG_NONE, attr_print(cleanup, ATTR_FLAG_NONE,
SEND_ATTR_INT(MAIL_ATTR_FLAGS, FORWARD_CLEANUP_FLAGS), SEND_ATTR_INT(MAIL_ATTR_FLAGS, FORWARD_CLEANUP_FLAGS),

6
postfix/src/pickup/pickup.c
View File

@ -236,6 +236,7 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
char *attr_value; char *attr_value;
char *saved_attr; char *saved_attr;
int skip_attr; int skip_attr;
ssize_t count;
/* /*
* Limit the input record size. All front-end programs should protect the * Limit the input record size. All front-end programs should protect the
@ -246,7 +247,7 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
* *
* We must allow PTR records here because of "postsuper -r". * We must allow PTR records here because of "postsuper -r".
*/ */
for (;;) { for (count = 0; /* void */; count++) {
if ((type = rec_get(qfile, buf, var_line_limit)) < 0 if ((type = rec_get(qfile, buf, var_line_limit)) < 0
|| strchr(expected, type) == 0) || strchr(expected, type) == 0)
return (file_read_error(info, type)); return (file_read_error(info, type));
@ -264,6 +265,9 @@ static int copy_segment(VSTREAM *qfile, VSTREAM *cleanup, PICKUP_INFO *info,
} }
if (type == REC_TYPE_TIME) if (type == REC_TYPE_TIME)
time_seen = 1; time_seen = 1;
if (type == REC_TYPE_SIZE && count > 5)
/* Discard SIZE record not at beginning of segment. */
continue;
/* /*
* XXX Workaround: REC_TYPE_FILT (used in envelopes) == REC_TYPE_CONT * XXX Workaround: REC_TYPE_FILT (used in envelopes) == REC_TYPE_CONT

1
postfix/src/pipe/Makefile.in
View File

@ -83,6 +83,7 @@ pipe.o: ../../include/pipe_command.h
pipe.o: ../../include/quote_822_local.h pipe.o: ../../include/quote_822_local.h
pipe.o: ../../include/quote_flags.h pipe.o: ../../include/quote_flags.h
pipe.o: ../../include/recipient_list.h pipe.o: ../../include/recipient_list.h
pipe.o: ../../include/sendopts.h
pipe.o: ../../include/sent.h pipe.o: ../../include/sent.h
pipe.o: ../../include/set_eugid.h pipe.o: ../../include/set_eugid.h
pipe.o: ../../include/split_addr.h pipe.o: ../../include/split_addr.h

14
postfix/src/pipe/pipe.c
View File

@ -284,6 +284,14 @@
/* .sp /* .sp
/* This information is modified by the \fBhqu\fR flags for quoting /* This information is modified by the \fBhqu\fR flags for quoting
/* and case folding. /* and case folding.
/* .IP \fB${requiretls}\fR
/* This feature should be used with content filters that pass
/* filtered mail to the Postfix sendmail(1) command. The macro
/* expands to the sendmail(1) command-line option \fB-Orequiretls\fR
/* if the sender requested REQUIRETLS, otherwise it expands to
/* \fB-Onoop\fR.
/* .sp
/* This feature is available as of Postfix 3.10.
/* .IP \fB${sasl_method}\fR /* .IP \fB${sasl_method}\fR
/* This macro expands to the name of the SASL authentication /* This macro expands to the name of the SASL authentication
/* mechanism in the AUTH command when the Postfix SMTP server /* mechanism in the AUTH command when the Postfix SMTP server
@ -519,6 +527,7 @@
#include <delivered_hdr.h> #include <delivered_hdr.h>
#include <fold_addr.h> #include <fold_addr.h>
#include <mail_parm_split.h> #include <mail_parm_split.h>
#include <sendopts.h>
/* Single server skeleton. */ /* Single server skeleton. */
@ -553,6 +562,7 @@
#define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */ #define PIPE_DICT_SASL_SENDER "sasl_sender" /* key */
#define PIPE_DICT_QUEUE_ID "queue_id" /* key */ #define PIPE_DICT_QUEUE_ID "queue_id" /* key */
#define PIPE_DICT_ENVID "envid" /* key */ #define PIPE_DICT_ENVID "envid" /* key */
#define PIPE_DICT_REQUIRETLS "requiretls" /* key */
/* /*
* Flags used to pass back the type of special parameter found by * Flags used to pass back the type of special parameter found by
@ -659,6 +669,7 @@ static int parse_callback(int type, VSTRING *buf, void *context)
PIPE_DICT_SASL_SENDER, 0, PIPE_DICT_SASL_SENDER, 0,
PIPE_DICT_QUEUE_ID, 0, PIPE_DICT_QUEUE_ID, 0,
PIPE_DICT_ENVID, 0, PIPE_DICT_ENVID, 0,
PIPE_DICT_REQUIRETLS, 0,
0, 0, 0, 0,
}; };
struct cmd_flags *p; struct cmd_flags *p;
@ -1290,6 +1301,9 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
request->queue_id); request->queue_id);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_ENVID, dict_update(PIPE_DICT_TABLE, PIPE_DICT_ENVID,
request->dsn_envid); request->dsn_envid);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_REQUIRETLS,
(request->sendopts & SOPT_REQUIRETLS_ESMTP)
&& var_requiretls_enable ? "-Orequiretls" : "-Onoop");
vstring_free(buf); vstring_free(buf);
if ((expanded_argv = expand_argv(service, attr.command, if ((expanded_argv = expand_argv(service, attr.command,

18
postfix/src/postconf/Makefile.in
View File

@ -1065,15 +1065,6 @@ test76: $(PROG) test76.ref
diff /dev/null test76.tmp diff /dev/null test76.tmp
rm -f main.cf master.cf test76.tmp rm -f main.cf master.cf test76.tmp
test77: $(PROG) test77-main.cf test77.ref
rm -f main.cf master.cf
cp test77-main.cf main.cf
touch master.cf
touch -t 197701010000 main.cf
$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -nc . >test77.tmp 2>&1
diff test77.ref test77.tmp
rm -f main.cf master.cf test77.tmp
# Warn about unused, deprecated, or deleted parameters. # Warn about unused, deprecated, or deleted parameters.
test78: $(PROG) test78.ref test78: $(PROG) test78.ref
rm -f main.cf master.cf rm -f main.cf master.cf
@ -1094,6 +1085,15 @@ test78: $(PROG) test78.ref
diff /dev/null test78.tmp diff /dev/null test78.tmp
rm -f main.cf master.cf test78.tmp rm -f main.cf master.cf test78.tmp
test77: $(PROG) test77-main.cf test77.ref
rm -f main.cf master.cf
cp test77-main.cf main.cf
touch master.cf
touch -t 197701010000 main.cf
$(HTABLE_FIX) $(SHLIB_ENV) $(VALGRIND) ./$(PROG) -nc . >test77.tmp 2>&1
diff test77.ref test77.tmp
rm -f main.cf master.cf test77.tmp
clean: clean:
rm -f *.o *core $(PROG) $(TESTPROG) junk $(MAKES) $(AUTOS) $(DUMMIES) \ rm -f *.o *core $(PROG) $(TESTPROG) junk $(MAKES) $(AUTOS) $(DUMMIES) \
$(TEST_TMP) $(DB_MAKES) $(TEST_TMP) $(DB_MAKES)

1
postfix/src/sendmail/Makefile.in
View File

@ -86,6 +86,7 @@ sendmail.o: ../../include/recipient_list.h
sendmail.o: ../../include/record.h sendmail.o: ../../include/record.h
sendmail.o: ../../include/resolve_clnt.h sendmail.o: ../../include/resolve_clnt.h
sendmail.o: ../../include/safe.h sendmail.o: ../../include/safe.h
sendmail.o: ../../include/sendopts.h
sendmail.o: ../../include/set_ugid.h sendmail.o: ../../include/set_ugid.h
sendmail.o: ../../include/split_at.h sendmail.o: ../../include/split_at.h
sendmail.o: ../../include/stringops.h sendmail.o: ../../include/stringops.h

54
postfix/src/sendmail/sendmail.c
View File

@ -152,10 +152,28 @@
/* comma-separated list with one or more of \fBfailure\fR (send /* comma-separated list with one or more of \fBfailure\fR (send
/* notification when delivery fails), \fBdelay\fR (send /* notification when delivery fails), \fBdelay\fR (send
/* notification when delivery is delayed), or \fBsuccess\fR /* notification when delivery is delayed), or \fBsuccess\fR
/* (send notification when the message is delivered); or specify /* (send notification after the message is delivered); or specify
/* \fBnever\fR (don't send any notifications at all). /* \fBnever\fR (don't send any notifications at all).
/* /*
/* This feature is available in Postfix 2.3 and later. /* This feature is available in Postfix 2.3 and later.
/* .IP "\fB-O requiretls"
/* When delivering a message to an SMTP or LMTP server, the
/* connection must use TLS with a verified server certificate,
/* and the server must support REQUIRETLS. Try multiple servers if
/* possible, and return the message as undeliverable when these
/* requirements were not satisfied with any of the servers that
/* were tried. The "requiretls" option value is case-insensitive.
/*
/* This feature is available in Postfix 3.10 and later.
/* .IP "\fB-O smtputf8"
/* When delivering a message to an SMTP or LMTP server, the server
/* must support SMTPUTF8. Try multiple servers if possible, and
/* return the message as undeliverable when a message contains an
/* UTF8 envelope address or message header, but SMTPUTF8 was not
/* supported by any of the servers that were tried. The "smtputf8"
/* option value is case-insensitive.
/*
/* This feature is available in Postfix 3.10 and later.
/* .IP "\fB-n\fR (ignored)" /* .IP "\fB-n\fR (ignored)"
/* Backwards compatibility. /* Backwards compatibility.
/* .IP "\fB-oA\fIalias_database\fR" /* .IP "\fB-oA\fIalias_database\fR"
@ -434,6 +452,11 @@
/* the Postfix executable files and documentation with the default /* the Postfix executable files and documentation with the default
/* Postfix instance, and that are started, stopped, etc., together /* Postfix instance, and that are started, stopped, etc., together
/* with the default Postfix instance. /* with the default Postfix instance.
/* .PP
/* Postfix 3.10 and later:
/* .IP "\fBrequiretls_enable (yes)\fR"
/* Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
/* 8689.
/* FILES /* FILES
/* /var/spool/postfix, mail queue /* /var/spool/postfix, mail queue
/* /etc/postfix, configuration files /* /etc/postfix, configuration files
@ -537,6 +560,7 @@
#include <user_acl.h> #include <user_acl.h>
#include <dsn_mask.h> #include <dsn_mask.h>
#include <mail_parm_split.h> #include <mail_parm_split.h>
#include <sendopts.h>
/* Application-specific. */ /* Application-specific. */
@ -589,6 +613,11 @@ static const CONFIG_STR_TABLE str_table[] = {
0, 0,
}; };
/*
* Sender options.
*/
static int sm_sendopts;
/* /*
* Silly little macros (SLMs). * Silly little macros (SLMs).
*/ */
@ -788,6 +817,14 @@ static void enqueue(const int flags, const char *encoding,
* With "sendmail -N", instead of a per-message NOTIFY record we store one * With "sendmail -N", instead of a per-message NOTIFY record we store one
* per recipient so that we can simplify the implementation somewhat. * per recipient so that we can simplify the implementation somewhat.
*/ */
if (sm_sendopts)
rec_fprintf(dst, REC_TYPE_SIZE, REC_TYPE_SIZE_FORMAT,
(REC_TYPE_SIZE_CAST1) ~ 0, /* message segment size */
(REC_TYPE_SIZE_CAST2) ~ 0, /* content offset */
(REC_TYPE_SIZE_CAST3) ~ 0, /* recipient count */
(REC_TYPE_SIZE_CAST4) ~ 0, /* qmgr options */
(REC_TYPE_SIZE_CAST5) ~ 0, /* content length */
(REC_TYPE_SIZE_CAST6) sm_sendopts);
if (dsn_envid) if (dsn_envid)
rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s", rec_fprintf(dst, REC_TYPE_ATTR, "%s=%s",
MAIL_ATTR_DSN_ENVID, dsn_envid); MAIL_ATTR_DSN_ENVID, dsn_envid);
@ -1251,7 +1288,20 @@ int main(int argc, char **argv)
break; break;
case 'N': case 'N':
if ((dsn_notify = dsn_notify_mask(optarg)) == 0) if ((dsn_notify = dsn_notify_mask(optarg)) == 0)
msg_warn("bad -N option value -- ignored"); msg_warn("bad -N option value: '%s' -- ignored", optarg);
break;
case 'O':
/* NOOP is used to implement ${requiretls} in pipe(8). */
if (strcasecmp(optarg, "REQUIRETLS") == 0) {
sm_sendopts |= SOPT_REQUIRETLS_ESMTP;
if (var_requiretls_enable == 0)
msg_warn("'-O requiretls' was requested, but the "
"configuration is 'requiretls_enable = no'");
} else if (strcasecmp(optarg, "SMTPUTF8") == 0) {
sm_sendopts |= SOPT_SMTPUTF8_REQUESTED;
} else if (strcasecmp(optarg, "NOOP") != 0) {
msg_warn("bad -O option value: '%s' -- ignored", optarg);
}
break; break;
case 'R': case 'R':
if ((dsn_ret = dsn_ret_code(optarg)) == 0) if ((dsn_ret = dsn_ret_code(optarg)) == 0)

19
postfix/src/smtp/Makefile.in
View File

@ -84,6 +84,7 @@ smtp.o: ../../include/deliver_request.h
smtp.o: ../../include/delivered_hdr.h smtp.o: ../../include/delivered_hdr.h
smtp.o: ../../include/dict.h smtp.o: ../../include/dict.h
smtp.o: ../../include/dns.h smtp.o: ../../include/dns.h
smtp.o: ../../include/domain_list.h
smtp.o: ../../include/dsn.h smtp.o: ../../include/dsn.h
smtp.o: ../../include/dsn_buf.h smtp.o: ../../include/dsn_buf.h
smtp.o: ../../include/ext_prop.h smtp.o: ../../include/ext_prop.h
@ -134,6 +135,7 @@ smtp_addr.o: ../../include/check_arg.h
smtp_addr.o: ../../include/deliver_request.h smtp_addr.o: ../../include/deliver_request.h
smtp_addr.o: ../../include/dict.h smtp_addr.o: ../../include/dict.h
smtp_addr.o: ../../include/dns.h smtp_addr.o: ../../include/dns.h
smtp_addr.o: ../../include/domain_list.h
smtp_addr.o: ../../include/dsn.h smtp_addr.o: ../../include/dsn.h
smtp_addr.o: ../../include/dsn_buf.h smtp_addr.o: ../../include/dsn_buf.h
smtp_addr.o: ../../include/header_body_checks.h smtp_addr.o: ../../include/header_body_checks.h
@ -178,6 +180,7 @@ smtp_chat.o: ../../include/cleanup_user.h
smtp_chat.o: ../../include/deliver_request.h smtp_chat.o: ../../include/deliver_request.h
smtp_chat.o: ../../include/dict.h smtp_chat.o: ../../include/dict.h
smtp_chat.o: ../../include/dns.h smtp_chat.o: ../../include/dns.h
smtp_chat.o: ../../include/domain_list.h
smtp_chat.o: ../../include/dsn.h smtp_chat.o: ../../include/dsn.h
smtp_chat.o: ../../include/dsn_buf.h smtp_chat.o: ../../include/dsn_buf.h
smtp_chat.o: ../../include/dsn_util.h smtp_chat.o: ../../include/dsn_util.h
@ -229,6 +232,7 @@ smtp_connect.o: ../../include/deliver_pass.h
smtp_connect.o: ../../include/deliver_request.h smtp_connect.o: ../../include/deliver_request.h
smtp_connect.o: ../../include/dict.h smtp_connect.o: ../../include/dict.h
smtp_connect.o: ../../include/dns.h smtp_connect.o: ../../include/dns.h
smtp_connect.o: ../../include/domain_list.h
smtp_connect.o: ../../include/dsn.h smtp_connect.o: ../../include/dsn.h
smtp_connect.o: ../../include/dsn_buf.h smtp_connect.o: ../../include/dsn_buf.h
smtp_connect.o: ../../include/header_body_checks.h smtp_connect.o: ../../include/header_body_checks.h
@ -284,6 +288,7 @@ smtp_key.o: ../../include/check_arg.h
smtp_key.o: ../../include/deliver_request.h smtp_key.o: ../../include/deliver_request.h
smtp_key.o: ../../include/dict.h smtp_key.o: ../../include/dict.h
smtp_key.o: ../../include/dns.h smtp_key.o: ../../include/dns.h
smtp_key.o: ../../include/domain_list.h
smtp_key.o: ../../include/dsn.h smtp_key.o: ../../include/dsn.h
smtp_key.o: ../../include/dsn_buf.h smtp_key.o: ../../include/dsn_buf.h
smtp_key.o: ../../include/header_body_checks.h smtp_key.o: ../../include/header_body_checks.h
@ -321,6 +326,7 @@ smtp_map11.o: ../../include/check_arg.h
smtp_map11.o: ../../include/deliver_request.h smtp_map11.o: ../../include/deliver_request.h
smtp_map11.o: ../../include/dict.h smtp_map11.o: ../../include/dict.h
smtp_map11.o: ../../include/dns.h smtp_map11.o: ../../include/dns.h
smtp_map11.o: ../../include/domain_list.h
smtp_map11.o: ../../include/dsn.h smtp_map11.o: ../../include/dsn.h
smtp_map11.o: ../../include/dsn_buf.h smtp_map11.o: ../../include/dsn_buf.h
smtp_map11.o: ../../include/header_body_checks.h smtp_map11.o: ../../include/header_body_checks.h
@ -361,6 +367,7 @@ smtp_misc.o: ../../include/check_arg.h
smtp_misc.o: ../../include/deliver_request.h smtp_misc.o: ../../include/deliver_request.h
smtp_misc.o: ../../include/dict.h smtp_misc.o: ../../include/dict.h
smtp_misc.o: ../../include/dns.h smtp_misc.o: ../../include/dns.h
smtp_misc.o: ../../include/domain_list.h
smtp_misc.o: ../../include/dsn.h smtp_misc.o: ../../include/dsn.h
smtp_misc.o: ../../include/dsn_buf.h smtp_misc.o: ../../include/dsn_buf.h
smtp_misc.o: ../../include/ext_prop.h smtp_misc.o: ../../include/ext_prop.h
@ -404,6 +411,7 @@ smtp_proto.o: ../../include/defer.h
smtp_proto.o: ../../include/deliver_request.h smtp_proto.o: ../../include/deliver_request.h
smtp_proto.o: ../../include/dict.h smtp_proto.o: ../../include/dict.h
smtp_proto.o: ../../include/dns.h smtp_proto.o: ../../include/dns.h
smtp_proto.o: ../../include/domain_list.h
smtp_proto.o: ../../include/dsn.h smtp_proto.o: ../../include/dsn.h
smtp_proto.o: ../../include/dsn_buf.h smtp_proto.o: ../../include/dsn_buf.h
smtp_proto.o: ../../include/dsn_mask.h smtp_proto.o: ../../include/dsn_mask.h
@ -470,6 +478,7 @@ smtp_rcpt.o: ../../include/deliver_completed.h
smtp_rcpt.o: ../../include/deliver_request.h smtp_rcpt.o: ../../include/deliver_request.h
smtp_rcpt.o: ../../include/dict.h smtp_rcpt.o: ../../include/dict.h
smtp_rcpt.o: ../../include/dns.h smtp_rcpt.o: ../../include/dns.h
smtp_rcpt.o: ../../include/domain_list.h
smtp_rcpt.o: ../../include/dsn.h smtp_rcpt.o: ../../include/dsn.h
smtp_rcpt.o: ../../include/dsn_buf.h smtp_rcpt.o: ../../include/dsn_buf.h
smtp_rcpt.o: ../../include/dsn_mask.h smtp_rcpt.o: ../../include/dsn_mask.h
@ -510,6 +519,7 @@ smtp_reuse.o: ../../include/check_arg.h
smtp_reuse.o: ../../include/deliver_request.h smtp_reuse.o: ../../include/deliver_request.h
smtp_reuse.o: ../../include/dict.h smtp_reuse.o: ../../include/dict.h
smtp_reuse.o: ../../include/dns.h smtp_reuse.o: ../../include/dns.h
smtp_reuse.o: ../../include/domain_list.h
smtp_reuse.o: ../../include/dsn.h smtp_reuse.o: ../../include/dsn.h
smtp_reuse.o: ../../include/dsn_buf.h smtp_reuse.o: ../../include/dsn_buf.h
smtp_reuse.o: ../../include/header_body_checks.h smtp_reuse.o: ../../include/header_body_checks.h
@ -551,6 +561,7 @@ smtp_sasl_auth_cache.o: ../../include/deliver_request.h
smtp_sasl_auth_cache.o: ../../include/dict.h smtp_sasl_auth_cache.o: ../../include/dict.h
smtp_sasl_auth_cache.o: ../../include/dict_proxy.h smtp_sasl_auth_cache.o: ../../include/dict_proxy.h
smtp_sasl_auth_cache.o: ../../include/dns.h smtp_sasl_auth_cache.o: ../../include/dns.h
smtp_sasl_auth_cache.o: ../../include/domain_list.h
smtp_sasl_auth_cache.o: ../../include/dsn.h smtp_sasl_auth_cache.o: ../../include/dsn.h
smtp_sasl_auth_cache.o: ../../include/dsn_buf.h smtp_sasl_auth_cache.o: ../../include/dsn_buf.h
smtp_sasl_auth_cache.o: ../../include/dsn_util.h smtp_sasl_auth_cache.o: ../../include/dsn_util.h
@ -591,6 +602,7 @@ smtp_sasl_glue.o: ../../include/check_arg.h
smtp_sasl_glue.o: ../../include/deliver_request.h smtp_sasl_glue.o: ../../include/deliver_request.h
smtp_sasl_glue.o: ../../include/dict.h smtp_sasl_glue.o: ../../include/dict.h
smtp_sasl_glue.o: ../../include/dns.h smtp_sasl_glue.o: ../../include/dns.h
smtp_sasl_glue.o: ../../include/domain_list.h
smtp_sasl_glue.o: ../../include/dsn.h smtp_sasl_glue.o: ../../include/dsn.h
smtp_sasl_glue.o: ../../include/dsn_buf.h smtp_sasl_glue.o: ../../include/dsn_buf.h
smtp_sasl_glue.o: ../../include/header_body_checks.h smtp_sasl_glue.o: ../../include/header_body_checks.h
@ -636,6 +648,7 @@ smtp_sasl_proto.o: ../../include/check_arg.h
smtp_sasl_proto.o: ../../include/deliver_request.h smtp_sasl_proto.o: ../../include/deliver_request.h
smtp_sasl_proto.o: ../../include/dict.h smtp_sasl_proto.o: ../../include/dict.h
smtp_sasl_proto.o: ../../include/dns.h smtp_sasl_proto.o: ../../include/dns.h
smtp_sasl_proto.o: ../../include/domain_list.h
smtp_sasl_proto.o: ../../include/dsn.h smtp_sasl_proto.o: ../../include/dsn.h
smtp_sasl_proto.o: ../../include/dsn_buf.h smtp_sasl_proto.o: ../../include/dsn_buf.h
smtp_sasl_proto.o: ../../include/header_body_checks.h smtp_sasl_proto.o: ../../include/header_body_checks.h
@ -677,6 +690,7 @@ smtp_session.o: ../../include/debug_peer.h
smtp_session.o: ../../include/deliver_request.h smtp_session.o: ../../include/deliver_request.h
smtp_session.o: ../../include/dict.h smtp_session.o: ../../include/dict.h
smtp_session.o: ../../include/dns.h smtp_session.o: ../../include/dns.h
smtp_session.o: ../../include/domain_list.h
smtp_session.o: ../../include/dsn.h smtp_session.o: ../../include/dsn.h
smtp_session.o: ../../include/dsn_buf.h smtp_session.o: ../../include/dsn_buf.h
smtp_session.o: ../../include/header_body_checks.h smtp_session.o: ../../include/header_body_checks.h
@ -717,6 +731,7 @@ smtp_state.o: ../../include/debug_peer.h
smtp_state.o: ../../include/deliver_request.h smtp_state.o: ../../include/deliver_request.h
smtp_state.o: ../../include/dict.h smtp_state.o: ../../include/dict.h
smtp_state.o: ../../include/dns.h smtp_state.o: ../../include/dns.h
smtp_state.o: ../../include/domain_list.h
smtp_state.o: ../../include/dsn.h smtp_state.o: ../../include/dsn.h
smtp_state.o: ../../include/dsn_buf.h smtp_state.o: ../../include/dsn_buf.h
smtp_state.o: ../../include/header_body_checks.h smtp_state.o: ../../include/header_body_checks.h
@ -757,6 +772,7 @@ smtp_tls_policy.o: ../../include/ctable.h
smtp_tls_policy.o: ../../include/deliver_request.h smtp_tls_policy.o: ../../include/deliver_request.h
smtp_tls_policy.o: ../../include/dict.h smtp_tls_policy.o: ../../include/dict.h
smtp_tls_policy.o: ../../include/dns.h smtp_tls_policy.o: ../../include/dns.h
smtp_tls_policy.o: ../../include/domain_list.h
smtp_tls_policy.o: ../../include/dsn.h smtp_tls_policy.o: ../../include/dsn.h
smtp_tls_policy.o: ../../include/dsn_buf.h smtp_tls_policy.o: ../../include/dsn_buf.h
smtp_tls_policy.o: ../../include/header_body_checks.h smtp_tls_policy.o: ../../include/header_body_checks.h
@ -799,6 +815,7 @@ smtp_tlsrpt.o: ../../include/check_arg.h
smtp_tlsrpt.o: ../../include/deliver_request.h smtp_tlsrpt.o: ../../include/deliver_request.h
smtp_tlsrpt.o: ../../include/dict.h smtp_tlsrpt.o: ../../include/dict.h
smtp_tlsrpt.o: ../../include/dns.h smtp_tlsrpt.o: ../../include/dns.h
smtp_tlsrpt.o: ../../include/domain_list.h
smtp_tlsrpt.o: ../../include/dsn.h smtp_tlsrpt.o: ../../include/dsn.h
smtp_tlsrpt.o: ../../include/dsn_buf.h smtp_tlsrpt.o: ../../include/dsn_buf.h
smtp_tlsrpt.o: ../../include/header_body_checks.h smtp_tlsrpt.o: ../../include/header_body_checks.h
@ -843,6 +860,7 @@ smtp_trouble.o: ../../include/deliver_completed.h
smtp_trouble.o: ../../include/deliver_request.h smtp_trouble.o: ../../include/deliver_request.h
smtp_trouble.o: ../../include/dict.h smtp_trouble.o: ../../include/dict.h
smtp_trouble.o: ../../include/dns.h smtp_trouble.o: ../../include/dns.h
smtp_trouble.o: ../../include/domain_list.h
smtp_trouble.o: ../../include/dsn.h smtp_trouble.o: ../../include/dsn.h
smtp_trouble.o: ../../include/dsn_buf.h smtp_trouble.o: ../../include/dsn_buf.h
smtp_trouble.o: ../../include/header_body_checks.h smtp_trouble.o: ../../include/header_body_checks.h
@ -884,6 +902,7 @@ smtp_unalias.o: ../../include/check_arg.h
smtp_unalias.o: ../../include/deliver_request.h smtp_unalias.o: ../../include/deliver_request.h
smtp_unalias.o: ../../include/dict.h smtp_unalias.o: ../../include/dict.h
smtp_unalias.o: ../../include/dns.h smtp_unalias.o: ../../include/dns.h
smtp_unalias.o: ../../include/domain_list.h
smtp_unalias.o: ../../include/dsn.h smtp_unalias.o: ../../include/dsn.h
smtp_unalias.o: ../../include/dsn_buf.h smtp_unalias.o: ../../include/dsn_buf.h
smtp_unalias.o: ../../include/header_body_checks.h smtp_unalias.o: ../../include/header_body_checks.h

1
postfix/src/smtp/lmtp_params.c
View File

@ -68,6 +68,7 @@
VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0, VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0,
VAR_USE_SRV_LOOKUP, DEF_USE_SRV_LOOKUP, &var_use_srv_lookup, 0, 0, VAR_USE_SRV_LOOKUP, DEF_USE_SRV_LOOKUP, &var_use_srv_lookup, 0, 0,
VAR_LMTP_TLSRPT_SOCKNAME, DEF_LMTP_TLSRPT_SOCKNAME, &var_smtp_tlsrpt_sockname, 0, 0, VAR_LMTP_TLSRPT_SOCKNAME, DEF_LMTP_TLSRPT_SOCKNAME, &var_smtp_tlsrpt_sockname, 0, 0,
VAR_LMTP_ENFORCE_REQUIRETLS, DEF_LMTP_ENFORCE_REQUIRETLS, &var_smtp_enforce_requiretls, 0, 0,
0, 0,
}; };
static const CONFIG_TIME_TABLE lmtp_time_table[] = { static const CONFIG_TIME_TABLE lmtp_time_table[] = {

36
postfix/src/smtp/smtp.c
View File

@ -172,7 +172,7 @@
/* RFC 6531 (Internationalized SMTP) /* RFC 6531 (Internationalized SMTP)
/* RFC 6533 (Internationalized Delivery Status Notifications) /* RFC 6533 (Internationalized Delivery Status Notifications)
/* RFC 7672 (SMTP security via opportunistic DANE TLS) /* RFC 7672 (SMTP security via opportunistic DANE TLS)
/* RFC 8689 (TLS-Required message header) /* RFC 8689 (SMTP REQUIRETLS extension)
/* DIAGNOSTICS /* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8) /* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8). /* or \fBpostlogd\fR(8).
@ -453,7 +453,7 @@
/* .IP "\fBsmtp_sasl_password_result_delimiter (:)\fR" /* .IP "\fBsmtp_sasl_password_result_delimiter (:)\fR"
/* The delimiter between username and password in sasl_passwd_maps lookup /* The delimiter between username and password in sasl_passwd_maps lookup
/* results. /* results.
/* STARTTLS SUPPORT CONTROLS /* TLS SUPPORT CONTROLS
/* .ad /* .ad
/* .fi /* .fi
/* Detailed information about STARTTLS configuration may be found /* Detailed information about STARTTLS configuration may be found
@ -653,7 +653,16 @@
/* .IP "\fBtls_required_enable (yes)\fR" /* .IP "\fBtls_required_enable (yes)\fR"
/* Enable support for the "TLS-Required: no" message header, defined /* Enable support for the "TLS-Required: no" message header, defined
/* in RFC 8689. /* in RFC 8689.
/* OBSOLETE STARTTLS CONTROLS /* .IP "\fBrequiretls_enable (yes)\fR"
/* Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
/* 8689.
/* .IP "\fBsmtp_enforce_requiretls (empty)\fR"
/* An optional list of next-hop destinations that the Postfix
/* SMTP/LMTP client will enforce REQUIRETLS for, when a message was
/* received with the REQUIRETLS option: the next-hop server must offer
/* a matching TLS server certificate, and the server must announce
/* REQUIRETLS support).
/* OBSOLETE TLS CONTROLS
/* .ad /* .ad
/* .fi /* .fi
/* The following configuration parameters exist for compatibility /* The following configuration parameters exist for compatibility
@ -1020,6 +1029,8 @@
#include <maps.h> #include <maps.h>
#include <ext_prop.h> #include <ext_prop.h>
#include <hfrom_format.h> #include <hfrom_format.h>
#include <domain_list.h>
#include <match_parent_style.h>
/* DNS library. */ /* DNS library. */
@ -1164,6 +1175,7 @@ bool var_allow_srv_fallback;
bool var_smtp_tlsrpt_enable; bool var_smtp_tlsrpt_enable;
char *var_smtp_tlsrpt_sockname; char *var_smtp_tlsrpt_sockname;
bool var_smtp_tlsrpt_skip_reused_hs; bool var_smtp_tlsrpt_skip_reused_hs;
char *var_smtp_enforce_requiretls;
/* Special handling of 535 AUTH errors. */ /* Special handling of 535 AUTH errors. */
char *var_smtp_sasl_auth_cache_name; char *var_smtp_sasl_auth_cache_name;
@ -1191,6 +1203,7 @@ HBC_CHECKS *smtp_body_checks; /* limited body checks */
SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */ SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */
int smtp_hfrom_format; /* postmaster notifications */ int smtp_hfrom_format; /* postmaster notifications */
STRING_LIST *smtp_use_srv_lookup; STRING_LIST *smtp_use_srv_lookup;
DOMAIN_LIST *smtp_enforce_requiretls;
#ifdef USE_TLS #ifdef USE_TLS
@ -1698,6 +1711,23 @@ static void pre_init(char *unused_name, char **unused_argv)
if (*var_smtp_dns_re_filter) if (*var_smtp_dns_re_filter)
dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER), dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER),
var_smtp_dns_re_filter); var_smtp_dns_re_filter);
/*
* REQUIRETLS enforcement uses a match list. No MATCH_FLAG_RETURN after
* table lookup error, because fail-open is not a good option. We would
* have to defer all delivery requests anyway. Disable /file/name magic
* for LMTP, because that would break the handling of UNIX-domain socket
* pathnames.
*/
if (var_requiretls_enable && *var_smtp_enforce_requiretls) {
int flags = smtp_mode ? 0 : MATCH_FLAG_NOFILE;
const char *param_name = VAR_LMTP_SMTP(ENFORCE_REQUIRETLS);
smtp_enforce_requiretls =
domain_list_init(param_name,
match_parent_style(param_name) | flags,
var_smtp_enforce_requiretls);
}
} }
/* pre_accept - see if tables have changed */ /* pre_accept - see if tables have changed */

13
postfix/src/smtp/smtp.h
View File

@ -32,6 +32,7 @@
#include <tok822.h> #include <tok822.h>
#include <dsn_buf.h> #include <dsn_buf.h>
#include <header_body_checks.h> #include <header_body_checks.h>
#include <domain_list.h>
/* /*
* Postfix TLS library. * Postfix TLS library.
@ -210,6 +211,7 @@ typedef struct SMTP_STATE {
#ifdef USE_TLSRPT #ifdef USE_TLSRPT
struct TLSRPT_WRAPPER *tlsrpt; struct TLSRPT_WRAPPER *tlsrpt;
#endif #endif
int enforce_requiretls; /* from smtp_enforce_requiretls */
#endif #endif
/* /*
@ -296,6 +298,7 @@ typedef struct SMTP_STATE {
#define SMTP_FEATURE_XFORWARD_IDENT (1<<20) #define SMTP_FEATURE_XFORWARD_IDENT (1<<20)
#define SMTP_FEATURE_SMTPUTF8 (1<<21) /* RFC 6531 */ #define SMTP_FEATURE_SMTPUTF8 (1<<21) /* RFC 6531 */
#define SMTP_FEATURE_FROM_PROXY (1<<22) /* proxied connection */ #define SMTP_FEATURE_FROM_PROXY (1<<22) /* proxied connection */
#define SMTP_FEATURE_REQUIRETLS (1<<23) /* RFC 8689 */
/* /*
* Features that passivate under the endpoint. * Features that passivate under the endpoint.
@ -368,6 +371,7 @@ extern STRING_LIST *smtp_use_srv_lookup;/* services with SRV record lookup */
extern TLS_APPL_STATE *smtp_tls_ctx; /* client-side TLS engine */ extern TLS_APPL_STATE *smtp_tls_ctx; /* client-side TLS engine */
extern int smtp_tls_insecure_mx_policy; /* DANE post insecure MX? */ extern int smtp_tls_insecure_mx_policy; /* DANE post insecure MX? */
extern DOMAIN_LIST *smtp_enforce_requiretls; /* parsed list */
#endif #endif
@ -647,8 +651,9 @@ extern void smtp_rcpt_done(SMTP_STATE *, SMTP_RESP *, RECIPIENT *);
/* /*
* smtp_trouble.c * smtp_trouble.c
*/ */
#define SMTP_THROTTLE 1 #define SMTP_MISC_FAIL_NONE 0
#define SMTP_NOTHROTTLE 0 #define SMTP_MISC_FAIL_THROTTLE (1<<0)
#define SMTP_MISC_FAIL_SOFT_NON_FINAL (1<<1)
extern int smtp_sess_fail(SMTP_STATE *); extern int smtp_sess_fail(SMTP_STATE *);
extern int PRINTFLIKE(5, 6) smtp_misc_fail(SMTP_STATE *, int, const char *, extern int PRINTFLIKE(5, 6) smtp_misc_fail(SMTP_STATE *, int, const char *,
SMTP_RESP *, const char *,...); SMTP_RESP *, const char *,...);
@ -658,9 +663,9 @@ extern void PRINTFLIKE(5, 6) smtp_rcpt_fail(SMTP_STATE *, RECIPIENT *,
extern int smtp_stream_except(SMTP_STATE *, int, const char *); extern int smtp_stream_except(SMTP_STATE *, int, const char *);
#define smtp_site_fail(state, mta, resp, ...) \ #define smtp_site_fail(state, mta, resp, ...) \
smtp_misc_fail((state), SMTP_THROTTLE, (mta), (resp), __VA_ARGS__) smtp_misc_fail((state), SMTP_MISC_FAIL_THROTTLE, (mta), (resp), __VA_ARGS__)
#define smtp_mesg_fail(state, mta, resp, ...) \ #define smtp_mesg_fail(state, mta, resp, ...) \
smtp_misc_fail((state), SMTP_NOTHROTTLE, (mta), (resp), __VA_ARGS__) smtp_misc_fail((state), SMTP_MISC_FAIL_NONE, (mta), (resp), __VA_ARGS__)
/* /*
* smtp_unalias.c * smtp_unalias.c

54
postfix/src/smtp/smtp_connect.c
View File

@ -106,6 +106,7 @@
#include <mail_addr.h> #include <mail_addr.h>
#include <valid_hostname.h> #include <valid_hostname.h>
#include <sendopts.h> #include <sendopts.h>
#include <domain_list.h>
/* DNS library. */ /* DNS library. */
@ -533,19 +534,32 @@ static int smtp_get_effective_tls_level(DSN_BUF *why, SMTP_STATE *state)
} }
/* /*
* If the sender requires verified TLS, the TLS level must enforce a * If the sender requires TLS with server certificate verification, the
* server certificate match. * TLS level must enforce a server certificate match.
*/ */
#if 0 else if (var_requiretls_enable
else if ((state->request->sendopts & SOPT_REQUIRETLS_ESMTP)) { && (state->request->sendopts & SOPT_REQUIRETLS_ESMTP)) {
if (TLS_MUST_MATCH(tls->level) == 0) { if (TLS_MUST_MATCH(tls->level) == 0) {
dsb_simple(why, "5.7.10", "Sender requires verified TLS, " if (state->enforce_requiretls) {
" but my configured TLS security level is '%s %s'", dsb_simple(why, "5.7.10", "REQUIRETLS Failure: Sender "
var_mail_name, str_tls_level(tls->level)); "requires a TLS server certificate match, "
"but the configured %s TLS security level '%s' "
"does not support that. The last attempted "
"server was %s",
var_mail_name, str_tls_level(tls->level),
STR(iter->host));
return (0);
} else {
msg_info("REQUIRETLS Debug: Sender requires a TLS server "
"certificate match, but the configured %s TLS "
"security level '%s' does not support that. "
"The last attempted server was %s",
var_mail_name, str_tls_level(tls->level),
STR(iter->host));
return (0); return (0);
} }
} }
#endif }
/* /*
* Success. * Success.
@ -582,6 +596,18 @@ static void smtp_connect_local(SMTP_STATE *state, const char *path)
if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK) if (state->misc_flags & SMTP_MISC_FLAG_CONN_CACHE_MASK)
SET_SCACHE_REQUEST_NEXTHOP(state, path); SET_SCACHE_REQUEST_NEXTHOP(state, path);
/*
* REQUIRETLS enforcement is based on the UNIX-domain pathname, without
* the "unix:" prefix.
*/
#ifdef USE_TLS
state->enforce_requiretls =
(var_requiretls_enable
&& smtp_enforce_requiretls
&& (state->request->sendopts & SOPT_REQUIRETLS_ESMTP) != 0
&& domain_list_match(smtp_enforce_requiretls, path));
#endif
/* /*
* Here we ensure that the iter->addr member refers to a copy of the * Here we ensure that the iter->addr member refers to a copy of the
* UNIX-domain pathname, so that smtp_save_session() will cache the * UNIX-domain pathname, so that smtp_save_session() will cache the
@ -986,6 +1012,18 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
state->tlsrpt = 0; state->tlsrpt = 0;
#endif /* USE_TLSRPT */ #endif /* USE_TLSRPT */
/*
* REQUIRETLS enforcement is based on the next-hop domain name
* without the service or port.
*/
#ifdef USE_TLS
state->enforce_requiretls =
(var_requiretls_enable
&& smtp_enforce_requiretls
&& (state->request->sendopts & SOPT_REQUIRETLS_ESMTP) != 0
&& domain_list_match(smtp_enforce_requiretls, domain));
#endif
/* /*
* Resolve an SMTP or LMTP server. Skip MX or SRV lookups when a * Resolve an SMTP or LMTP server. Skip MX or SRV lookups when a
* quoted domain is specified or when DNS lookups are disabled. * quoted domain is specified or when DNS lookups are disabled.

1
postfix/src/smtp/smtp_params.c
View File

@ -69,6 +69,7 @@
VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0, VAR_HFROM_FORMAT, DEF_HFROM_FORMAT, &var_hfrom_format, 1, 0,
VAR_USE_SRV_LOOKUP, DEF_USE_SRV_LOOKUP, &var_use_srv_lookup, 0, 0, VAR_USE_SRV_LOOKUP, DEF_USE_SRV_LOOKUP, &var_use_srv_lookup, 0, 0,
VAR_SMTP_TLSRPT_SOCKNAME, DEF_SMTP_TLSRPT_SOCKNAME, &var_smtp_tlsrpt_sockname, 0, 0, VAR_SMTP_TLSRPT_SOCKNAME, DEF_SMTP_TLSRPT_SOCKNAME, &var_smtp_tlsrpt_sockname, 0, 0,
VAR_SMTP_ENFORCE_REQUIRETLS, DEF_SMTP_ENFORCE_REQUIRETLS, &var_smtp_enforce_requiretls, 0, 0,
0, 0,
}; };
static const CONFIG_TIME_TABLE smtp_time_table[] = { static const CONFIG_TIME_TABLE smtp_time_table[] = {

80
postfix/src/smtp/smtp_proto.c
View File

@ -604,6 +604,10 @@ int smtp_helo(SMTP_STATE *state)
/* Ignored later if we already sent STARTTLS. */ /* Ignored later if we already sent STARTTLS. */
if ((discard_mask & EHLO_MASK_STARTTLS) == 0) if ((discard_mask & EHLO_MASK_STARTTLS) == 0)
session->features |= SMTP_FEATURE_STARTTLS; session->features |= SMTP_FEATURE_STARTTLS;
} else if (strcasecmp(word, "REQUIRETLS") == 0) {
if ((discard_mask & EHLO_MASK_REQUIRETLS) == 0
&& (state->misc_flags & SMTP_MISC_FLAG_IN_STARTTLS))
session->features |= SMTP_FEATURE_REQUIRETLS;
#endif #endif
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
} else if (var_smtp_sasl_enable } else if (var_smtp_sasl_enable
@ -661,7 +665,8 @@ int smtp_helo(SMTP_STATE *state)
*/ */
if ((session->features & SMTP_FEATURE_SMTPUTF8) == 0 if ((session->features & SMTP_FEATURE_SMTPUTF8) == 0
&& DELIVERY_REQUIRES_SMTPUTF8) && DELIVERY_REQUIRES_SMTPUTF8)
return (smtp_mesg_fail(state, DSN_BY_LOCAL_MTA, return (smtp_misc_fail(state, SMTP_MISC_FAIL_SOFT_NON_FINAL,
DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "5.6.7"), SMTP_RESP_FAKE(&fake, "5.6.7"),
"SMTPUTF8 is required, " "SMTPUTF8 is required, "
"but was not offered by host %s", "but was not offered by host %s",
@ -679,6 +684,35 @@ int smtp_helo(SMTP_STATE *state)
session->features |= SMTP_FEATURE_8BITMIME; session->features |= SMTP_FEATURE_8BITMIME;
} }
/*
* Require that the server announces REQUIRETLS when the sender requested
* REQUIRETLS. Return the message as undeliverable only when there are no
* more alternative MX hosts.
*/
#ifdef USE_TLS
if (var_requiretls_enable
&& (request->sendopts & SOPT_REQUIRETLS_ESMTP) != 0
&& (state->misc_flags & SMTP_MISC_FLAG_IN_STARTTLS) != 0
&& (session->features & SMTP_FEATURE_REQUIRETLS) == 0) {
if (state->enforce_requiretls) {
return (smtp_misc_fail(state, SMTP_MISC_FAIL_SOFT_NON_FINAL,
DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "5.7.30"),
"REQUIRETLS Failure: Sender requested "
"delivery wth REQUIRETLS, but no mail "
"server was found with REQUIRETLS "
"support. The last attempted server "
"was %s", session->namaddr));
} else {
msg_info("REQUIRETLS Debug: Sender requested delivery wth "
"REQUIRETLS, but no mail server was found with "
"REQUIRETLS support. The last attempted server was "
"%s", session->namaddr);
}
}
#endif
/* /*
* We use SMTP command pipelining if the server said it supported it. * We use SMTP command pipelining if the server said it supported it.
* Since we use blocking I/O, RFC 2197 says that we should inspect the * Since we use blocking I/O, RFC 2197 says that we should inspect the
@ -1146,7 +1180,7 @@ static int smtp_start_tls(SMTP_STATE *state)
if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE) if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
RETRY_AS_PLAINTEXT; RETRY_AS_PLAINTEXT;
return (smtp_misc_fail(state, state->tls->level == TLS_LEV_MAY ? return (smtp_misc_fail(state, state->tls->level == TLS_LEV_MAY ?
SMTP_NOTHROTTLE : SMTP_THROTTLE, SMTP_MISC_FAIL_NONE : SMTP_MISC_FAIL_THROTTLE,
DSN_BY_LOCAL_MTA, DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "4.7.5"), SMTP_RESP_FAKE(&fake, "4.7.5"),
"Cannot start TLS: handshake failure")); "Cannot start TLS: handshake failure"));
@ -1191,6 +1225,31 @@ static int smtp_start_tls(SMTP_STATE *state)
} }
} }
#endif #endif
/*
* Require a server certificate match when the sender requested
* REQUIRETLS. Return the message as undeliverable only when
* there are no more alternative MX hosts.
*/
if (var_requiretls_enable
&& (state->request->sendopts & SOPT_REQUIRETLS_ESMTP)) {
if (state->enforce_requiretls) {
return (smtp_misc_fail(state, SMTP_MISC_FAIL_SOFT_NON_FINAL,
DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "5.7.10"),
"REQUIRETLS Failure: Sender "
"requested a TLS server "
"certificate match, but no "
"match was found. The last "
"attempted server was %s",
session->namaddr));
} else {
msg_info("REQUIRETLS Debug: Sender requested a TLS "
"server certificate match, but no match was "
"found. The last attempted server was %s",
session->namaddr);
}
}
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA, return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "4.7.5"), SMTP_RESP_FAKE(&fake, "4.7.5"),
"Server certificate not verified")); "Server certificate not verified"));
@ -1781,7 +1840,22 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
if ((session->features & SMTP_FEATURE_SMTPUTF8) != 0 if ((session->features & SMTP_FEATURE_SMTPUTF8) != 0
&& (request->sendopts & SMTPUTF8_FLAG_REQUESTED) != 0) && (request->sendopts & SMTPUTF8_FLAG_REQUESTED) != 0)
vstring_strcat(next_command, " SMTPUTF8"); vstring_strcat(next_command, " SMTPUTF8");
/* TODO(wietse) REQUIRETLS. */
/*
* Request REQUIRETLS when the remote SMTP server supports
* REQUIRETLS and the sender requested REQUIRETLS.
*/
#ifdef USE_TLS
if (var_requiretls_enable
&& (request->sendopts & SOPT_REQUIRETLS_ESMTP) != 0) {
if ((session->features & SMTP_FEATURE_REQUIRETLS) != 0)
vstring_strcat(next_command, " REQUIRETLS");
else if (state->enforce_requiretls)
msg_panic("Can't happen: must enforce REQUIRETLS, but "
"host %s did not announce REQUIRETLS support",
session->namaddr);
}
#endif
/* /*
* We authenticate the local MTA only, but not the sender. * We authenticate the local MTA only, but not the sender.

3
postfix/src/smtp/smtp_state.c
View File

@ -82,6 +82,9 @@ SMTP_STATE *smtp_state_alloc(void)
state->iterator->saved_dest = vstring_alloc(100); state->iterator->saved_dest = vstring_alloc(100);
#ifdef USE_TLSRPT #ifdef USE_TLSRPT
state->tlsrpt = 0; state->tlsrpt = 0;
#endif
#ifdef USE_TLS
state->enforce_requiretls = 0;
#endif #endif
if (var_smtp_cache_conn) { if (var_smtp_cache_conn) {
state->dest_label = vstring_alloc(10); state->dest_label = vstring_alloc(10);

34
postfix/src/smtp/smtp_trouble.c
View File

@ -33,9 +33,9 @@
/* int exception; /* int exception;
/* const char *description; /* const char *description;
/* AUXILIARY FUNCTIONS /* AUXILIARY FUNCTIONS
/* int smtp_misc_fail(state, throttle, mta_name, resp, format, ...) /* int smtp_misc_fail(state, flags, mta_name, resp, format, ...)
/* SMTP_STATE *state; /* SMTP_STATE *state;
/* int throttle; /* int flags;
/* const char *mta_name; /* const char *mta_name;
/* SMTP_RESP *resp; /* SMTP_RESP *resp;
/* const char *format; /* const char *format;
@ -91,8 +91,11 @@
/* /*
/* smtp_misc_fail() provides a more detailed interface than /* smtp_misc_fail() provides a more detailed interface than
/* smtp_site_fail() and smtp_mesg_fail(), which are convenience /* smtp_site_fail() and smtp_mesg_fail(), which are convenience
/* wrappers around smtp_misc_fail(). The throttle argument /* wrappers around smtp_misc_fail(). The flags argument is either
/* is either SMTP_THROTTLE or SMTP_NOTHROTTLE; it is used only /* SMTP_MISC_FAIL_NONE or the bitwise OR of SMTP_MISC_FAIL_THROTTLE
/* (throttle the destination) and/or SMTP_MISC_FAIL_SOFT_NON_FINAL
/* (if the server was not the last one to try, treat a hard error
/* as a soft error); SMTP_MISC_FAIL_THROTTLE is used only
/* in the "soft error, final server" policy, and determines /* in the "soft error, final server" policy, and determines
/* whether a destination will be marked as problematic. /* whether a destination will be marked as problematic.
/* /*
@ -210,7 +213,7 @@ static void smtp_check_code(SMTP_SESSION *session, int code)
/* smtp_bulk_fail - skip, defer or bounce recipients, maybe throttle queue */ /* smtp_bulk_fail - skip, defer or bounce recipients, maybe throttle queue */
static int smtp_bulk_fail(SMTP_STATE *state, int throttle_queue) static int smtp_bulk_fail(SMTP_STATE *state, int flags)
{ {
DELIVER_REQUEST *request = state->request; DELIVER_REQUEST *request = state->request;
SMTP_SESSION *session = state->session; SMTP_SESSION *session = state->session;
@ -220,8 +223,21 @@ static int smtp_bulk_fail(SMTP_STATE *state, int throttle_queue)
int aggregate_status; int aggregate_status;
int soft_error = (STR(why->status)[0] == '4'); int soft_error = (STR(why->status)[0] == '4');
int soft_bounce_error = (STR(why->status)[0] == '5' && var_soft_bounce); int soft_bounce_error = (STR(why->status)[0] == '5' && var_soft_bounce);
int throttle_queue = (flags & SMTP_MISC_FAIL_THROTTLE);
int nrcpt; int nrcpt;
/*
* Sanity check.
*/
if ((flags & SMTP_MISC_FAIL_SOFT_NON_FINAL) != 0) {
if (soft_error) {
msg_warn("smtp_bulk_fail: ignoring SMTP_MISC_FAIL_SOFT_NON_FINAL "
"for a soft error");
} else {
soft_error = (state->misc_flags & SMTP_MISC_FLAG_FINAL_SERVER) == 0;
}
}
/* /*
* Don't defer the recipients just yet when this error qualifies them for * Don't defer the recipients just yet when this error qualifies them for
* delivery to a backup server. Just log something informative to show * delivery to a backup server. Just log something informative to show
@ -302,7 +318,7 @@ int smtp_sess_fail(SMTP_STATE *state)
* because this error information is collected by a routine that * because this error information is collected by a routine that
* terminates BEFORE the error is reported. * terminates BEFORE the error is reported.
*/ */
return (smtp_bulk_fail(state, SMTP_THROTTLE)); return (smtp_bulk_fail(state, SMTP_MISC_FAIL_THROTTLE));
} }
/* vsmtp_fill_dsn - fill in temporary DSN structure */ /* vsmtp_fill_dsn - fill in temporary DSN structure */
@ -342,7 +358,7 @@ static void vsmtp_fill_dsn(SMTP_STATE *state, const char *mta_name,
/* smtp_misc_fail - maybe throttle queue; skip/defer/bounce all recipients */ /* smtp_misc_fail - maybe throttle queue; skip/defer/bounce all recipients */
int smtp_misc_fail(SMTP_STATE *state, int throttle, const char *mta_name, int smtp_misc_fail(SMTP_STATE *state, int flags, const char *mta_name,
SMTP_RESP *resp, const char *format,...) SMTP_RESP *resp, const char *format,...)
{ {
va_list ap; va_list ap;
@ -360,7 +376,7 @@ int smtp_misc_fail(SMTP_STATE *state, int throttle, const char *mta_name,
/* /*
* Skip, defer or bounce recipients, and throttle this queue. * Skip, defer or bounce recipients, and throttle this queue.
*/ */
return (smtp_bulk_fail(state, throttle)); return (smtp_bulk_fail(state, flags));
} }
/* smtp_rcpt_fail - skip, defer, or bounce recipient */ /* smtp_rcpt_fail - skip, defer, or bounce recipient */
@ -472,5 +488,5 @@ int smtp_stream_except(SMTP_STATE *state, int code, const char *description)
* falling back to plaintext, because RETRY_AS_PLAINTEXT clears the * falling back to plaintext, because RETRY_AS_PLAINTEXT clears the
* FINAL_SERVER flag. * FINAL_SERVER flag.
*/ */
return (smtp_bulk_fail(state, SMTP_THROTTLE)); return (smtp_bulk_fail(state, SMTP_MISC_FAIL_THROTTLE));
} }

25
postfix/src/smtpd/smtpd.c
View File

@ -57,6 +57,7 @@
/* RFC 6531 (Internationalized SMTP) /* RFC 6531 (Internationalized SMTP)
/* RFC 6533 (Internationalized Delivery Status Notifications) /* RFC 6533 (Internationalized Delivery Status Notifications)
/* RFC 7505 ("Null MX" No Service Resource Record) /* RFC 7505 ("Null MX" No Service Resource Record)
/* RFC 8689 (SMTP REQUIRETLS extension)
/* DIAGNOSTICS /* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8) /* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8). /* or \fBpostlogd\fR(8).
@ -370,7 +371,7 @@
/* .IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR" /* .IP "\fBsmtpd_sasl_mechanism_filter (!external, static:rest)\fR"
/* If non-empty, a filter for the SASL mechanism names that the /* If non-empty, a filter for the SASL mechanism names that the
/* Postfix SMTP server will announce in the EHLO response. /* Postfix SMTP server will announce in the EHLO response.
/* STARTTLS SUPPORT CONTROLS /* TLS SUPPORT CONTROLS
/* .ad /* .ad
/* .fi /* .fi
/* Detailed information about STARTTLS configuration may be /* Detailed information about STARTTLS configuration may be
@ -544,7 +545,12 @@
/* Request that remote SMTP clients send an RFC7250 raw public key /* Request that remote SMTP clients send an RFC7250 raw public key
/* instead of an X.509 certificate, when asking for or requiring client /* instead of an X.509 certificate, when asking for or requiring client
/* authentication. /* authentication.
/* OBSOLETE STARTTLS CONTROLS /* .PP
/* Available in Postfix version 3.10 and later:
/* .IP "\fBrequiretls_enable (yes)\fR"
/* Enable support for the ESMTP verb "REQUIRETLS", defined in RFC
/* 8689.
/* OBSOLETE TLS CONTROLS
/* .ad /* .ad
/* .fi /* .fi
/* The following configuration parameters exist for compatibility /* The following configuration parameters exist for compatibility
@ -2105,6 +2111,11 @@ static int ehlo_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
EHLO_APPEND(state, "SMTPUTF8"); EHLO_APPEND(state, "SMTPUTF8");
if ((discard_mask & EHLO_MASK_CHUNKING) == 0) if ((discard_mask & EHLO_MASK_CHUNKING) == 0)
EHLO_APPEND(state, "CHUNKING"); EHLO_APPEND(state, "CHUNKING");
#ifdef USE_TLS
if (var_requiretls_enable && (discard_mask & EHLO_MASK_REQUIRETLS) == 0
&& state->tls_context != 0)
EHLO_APPEND(state, "REQUIRETLS");
#endif
/* /*
* Send the reply. * Send the reply.
@ -2219,7 +2230,8 @@ static int mail_open_stream(SMTPD_STATE *state)
cleanup_flags |= CLEANUP_FLAG_SMTPUTF8; cleanup_flags |= CLEANUP_FLAG_SMTPUTF8;
else else
cleanup_flags |= smtputf8_autodetect(MAIL_SRC_MASK_SMTPD); cleanup_flags |= smtputf8_autodetect(MAIL_SRC_MASK_SMTPD);
/* TODO(wietse) REQUIRETLS. */ if (state->flags & SMTPD_FLAG_REQUIRETLS)
cleanup_flags |= CLEANUP_FLAG_REQUIRETLS;
state->dest = mail_stream_service(MAIL_CLASS_PUBLIC, state->dest = mail_stream_service(MAIL_CLASS_PUBLIC,
var_cleanup_service); var_cleanup_service);
if (state->dest == 0 if (state->dest == 0
@ -2679,6 +2691,13 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
&& (state->ehlo_discard_mask & EHLO_MASK_SMTPUTF8) == 0 && (state->ehlo_discard_mask & EHLO_MASK_SMTPUTF8) == 0
&& strcasecmp(arg, "SMTPUTF8") == 0) { /* RFC 6531 */ && strcasecmp(arg, "SMTPUTF8") == 0) { /* RFC 6531 */
/* Already processed early. */ ; /* Already processed early. */ ;
#ifdef USE_TLS
} else if (var_requiretls_enable
&& state->tls_context != 0
&& (state->ehlo_discard_mask & EHLO_MASK_REQUIRETLS) == 0
&& strcasecmp(arg, "REQUIRETLS") == 0) { /* RFC 8689 */
state->flags |= SMTPD_FLAG_REQUIRETLS;
#endif
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
} else if (strncasecmp(arg, "AUTH=", 5) == 0) { } else if (strncasecmp(arg, "AUTH=", 5) == 0) {
if ((err = smtpd_sasl_mail_opt(state, arg + 5)) != 0) { if ((err = smtpd_sasl_mail_opt(state, arg + 5)) != 0) {

1
postfix/src/smtpd/smtpd.h
View File

@ -209,6 +209,7 @@ typedef struct {
#define SMTPD_FLAG_AUTH_USED (1<<2) /* don't reuse SASL state */ #define SMTPD_FLAG_AUTH_USED (1<<2) /* don't reuse SASL state */
#define SMTPD_FLAG_SMTPUTF8 (1<<3) /* RFC 6531/2 transaction */ #define SMTPD_FLAG_SMTPUTF8 (1<<3) /* RFC 6531/2 transaction */
#define SMTPD_FLAG_NEED_MILTER_ABORT (1<<4) /* undo milter_mail_event() */ #define SMTPD_FLAG_NEED_MILTER_ABORT (1<<4) /* undo milter_mail_event() */
#define SMTPD_FLAG_REQUIRETLS (1<<5) /* RFC 8689 */
#define SMTPD_NOTE_BARE_LF (1<<0) /* saw at least one bare LF */ #define SMTPD_NOTE_BARE_LF (1<<0) /* saw at least one bare LF */

0
postfix/src/util/dict_debug_test.sh Executable file → Normal file
View File

13
postfix/src/util/match_list.c
View File

@ -60,6 +60,10 @@
/* Request that match_list_match() logs a warning and returns /* Request that match_list_match() logs a warning and returns
/* zero (with list->error set to a non-zero dictionary error /* zero (with list->error set to a non-zero dictionary error
/* code) instead of raising a fatal run-time error. /* code) instead of raising a fatal run-time error.
/* .IP MATCH_FLAG_NOFILE
/* Disable special handling for /file/name.
/* .IP MATCH_FLAG_NODICT
/* Disable special handling for type:name.
/* .RE /* .RE
/* Specify MATCH_FLAG_NONE to request none of the above. /* Specify MATCH_FLAG_NONE to request none of the above.
/* .IP pattern_list /* .IP pattern_list
@ -84,6 +88,9 @@
/* IBM T.J. Watson Research /* IBM T.J. Watson Research
/* P.O. Box 704 /* P.O. Box 704
/* Yorktown Heights, NY 10598, USA /* Yorktown Heights, NY 10598, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/ /*--*/
/* System library. */ /* System library. */
@ -151,7 +158,8 @@ static ARGV *match_list_parse(MATCH_LIST *match_list, ARGV *pat_list,
if (*item == 0) if (*item == 0)
/* No graceful degradation for this... */ /* No graceful degradation for this... */
msg_fatal("%s: no pattern after '!'", match_list->pname); msg_fatal("%s: no pattern after '!'", match_list->pname);
if (*item == '/') { /* /file/name */ if (*item == '/' /* /file/name */
&& (match_list->flags & MATCH_FLAG_NOFILE) == 0) {
if ((fp = vstream_fopen(item, O_RDONLY, 0)) == 0) { if ((fp = vstream_fopen(item, O_RDONLY, 0)) == 0) {
/* Replace unusable pattern with pseudo table. */ /* Replace unusable pattern with pseudo table. */
vstring_sprintf(buf, "%s:%s", DICT_TYPE_NOFILE, item); vstring_sprintf(buf, "%s:%s", DICT_TYPE_NOFILE, item);
@ -168,7 +176,8 @@ static ARGV *match_list_parse(MATCH_LIST *match_list, ARGV *pat_list,
if (vstream_fclose(fp)) if (vstream_fclose(fp))
msg_fatal("%s: read file %s: %m", myname, item); msg_fatal("%s: read file %s: %m", myname, item);
} }
} else if (MATCH_DICTIONARY(item)) { /* type:table */ } else if (MATCH_DICTIONARY(item) /* type:table */
&&(match_list->flags & MATCH_FLAG_NODICT) == 0) {
vstring_sprintf(buf, "%s%s", match ? "" : "!", vstring_sprintf(buf, "%s%s", match ? "" : "!",
dict_open(item, OPEN_FLAGS, DICT_FLAGS)->reg_name); dict_open(item, OPEN_FLAGS, DICT_FLAGS)->reg_name);
argv_add(pat_list, STR(buf), (char *) 0); argv_add(pat_list, STR(buf), (char *) 0);

6
postfix/src/util/match_list.h
View File

@ -38,8 +38,10 @@ struct MATCH_LIST {
#define MATCH_FLAG_NONE 0 #define MATCH_FLAG_NONE 0
#define MATCH_FLAG_PARENT (1<<0) #define MATCH_FLAG_PARENT (1<<0)
#define MATCH_FLAG_RETURN (1<<1) #define MATCH_FLAG_RETURN (1<<1)
#define MATCH_FLAG_ALL (MATCH_FLAG_PARENT | MATCH_FLAG_RETURN) #define MATCH_FLAG_NOFILE (1<<2)
#define MATCH_FLAG_NODICT (1<<3)
#define MATCH_FLAG_ALL (MATCH_FLAG_PARENT | MATCH_FLAG_RETURN | \
MATCH_FLAG_NOFILE | MATCH_FLAG_NODICT)
extern MATCH_LIST *match_list_init(const char *, int, const char *, int,...); extern MATCH_LIST *match_list_init(const char *, int, const char *, int,...);
extern int match_list_match(MATCH_LIST *,...); extern int match_list_match(MATCH_LIST *,...);
extern void match_list_free(MATCH_LIST *); extern void match_list_free(MATCH_LIST *);