mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.3.0

Browse Source
This commit is contained in:
Wietse Venema 2006-07-11 00:00:00 -05:00 committed by Viktor Dukhovni
parent bea0e7b32c
commit 8236a6ce4c
78 changed files with 1567 additions and 1268 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

306
postfix/HISTORY
View File

@ -12222,27 +12222,29 @@ Apologies for any names omitted.
tls/tls_misc.c, tls/tls_server.c.
Added smtpd_tls_protocols parameter to complement
smtp_tls_protocols.
smtp_tls_protocols. Victor Duchovni.
20060517
The smtp_tls_policy_maps table now implements parent domain
matching for destinations that are bare domains (without
enclosin [] or optional :port suffix). This allows one to
set TLS policy for a domain and all sub-domains.
set TLS policy for a domain and all sub-domains. Victor
Duchovni.
20060519
The same parameter can bind to different variables in
different daemons, ignore the variable name when eliminating
duplicates in extract.awk.
duplicates in extract.awk. Victor Duchovni.
20060523
Improved handling of smtp_tls_protocols and smtpd_tls_protocols,
names now processed via name_mask(3) and canonicalized prior
to use in the SMTP/LMTP client TLS session lookup key. Also
simplifies the corresponding code in the TLS driver.
simplifies the corresponding code in the TLS driver. Victor
Duchovni.
20060524
@ -12259,7 +12261,7 @@ Apologies for any names omitted.
20060601
Fixed default value of LMTP TLS client certificate parameters,
using the SMTP values as a default was wrong.
using the SMTP values as a default was wrong. Victor Duchovni.
20060603
@ -12267,7 +12269,7 @@ Apologies for any names omitted.
settings. We need to add the transport name to the TLS
session lookup key so that sessions verified with one set
of trusted roots are not inadvertantly considered verified
for another.
for another. Victor Duchovni.
20060604
@ -12301,7 +12303,7 @@ Apologies for any names omitted.
20060606
Portability: Some systems no longer support the traditional
"sort +0 -2 +3".
"sort +0 -2 +3". Victor Duchovni.
20060607
@ -12341,17 +12343,17 @@ Apologies for any names omitted.
20060612
Changed smtp security level parsing and level->name conversion
to use name_code(3).
to use name_code(3). Victor Duchovni.
Implemented new smtp_tls_security_level parameter, to replace
the unnecessarily complex smtp_use_tls, smtp_enforce_tls
and smtp_tls_enforce_peername parameters. The main.cf
security level settings are now consistent with the new
policy table.
policy table. Victor Duchovni.
The smtp_sasl_tls_verified_security_options feature is not
yet complete, added #ifdef SNAPSHOT and changed documentation
to delay introduction until Postfix 2.4.
to delay introduction until Postfix 2.4. Victor Duchovni.
20060614
@ -12360,10 +12362,10 @@ Apologies for any names omitted.
personality of the unified SMTP/LMTP client.
Allow mandatory TLS encryption with LMTP over UNIX-domain
sockets.
sockets. Victor Duchovni.
Safety: improved code to avoid I/O on connections after the
TLS handshake fails.
TLS handshake fails. Victor Duchovni.
20060615
@ -12375,7 +12377,7 @@ Apologies for any names omitted.
The qshape.pl script was updated for the pointer records
that were introduced to support message content modification
by Milter applications.
by Milter applications. Victor Duchovni.
20060620
@ -12387,7 +12389,8 @@ Apologies for any names omitted.
The levels are "high", "medium" (or better), "low" (or
better), "export" (or better) and "null". The underlying
definitions of these levels are configurable, but users are
strongly encouraged to not change those definitions.
strongly encouraged to not change those definitions. Victor
Duchovni.
20060626
@ -12473,11 +12476,13 @@ Apologies for any names omitted.
smtpd/smtpd_check.c.
Safety: the SMTP/LMTP client now defers delivery when a
SASL password exists but the server does not offer SASL
authentication. Mail could be rejected otherwise. This
may become an issue now that Postfix retries delivery in
plaintext after an opportunistic TLS handshake fails. Specify
"smtp_sasl_auth_enforce = no" to deliver mail anyway.
SASL password exists, but the server does not offer SASL
authentication. Mail could be rejected otherwise. This may
become an issue now that Postfix retries delivery in plaintext
after an opportunistic TLS handshake fails. Specify
"smtp_sasl_auth_enforce = no" to deliver mail anyway. File:
smtp/smtp_proto.c. See workaround 20060711 for sender-dependent
SASL passwords.
20060709
@ -12489,247 +12494,42 @@ Apologies for any names omitted.
as "encrypt", after logging a warning. Files: smtpd/smtpd.c,
tls/tls_level.c, smtp/smtp_session.c.
Compatibility: don't send the first body line to Milter
applications. This also broke domain key etc. signatures
Compatibility: don't send the first (blank) body line to
Milter applications. This broke domain key etc. signatures
when verified by non-Postfix MTAs. File: milter/milter8.c.
Wish list:
20060710
The usage of TLScontext->cache_type is unclear. It specifies
a TLS session cache type (smtpd, smtp, or lmtp), but it is
sometimes used as an indicator that TLS session caching is
unavailable. In reality, that decision is made by not
registering call-back functions for cache maintenance.
Cleanup: more consistency between smtpd(8) and smtp(8) TLS
configuration interfaces: smtpd_tls_mandatory_exclude_ciphers,
smtpd_tls_mandatory_ciphers, smtpd_tls_mandatory_protocols.
By Victor. Files:smtpd/smtpd.c.
Postfix TLS library code should copy any strings that it
receives from the application, instead of passing them
around as pointers. TLScontext->cache_type is a case in
point.
Cleanup: to support domainkey signing of bounces and
Postmaster notices, enable content inspection of Postfix-
generated mail with the new internal_mail_filter_classes
feature. This is disabled by default, because it is not
yet safe enough. Files: global/int_filt.[hc] and everything
that calls post_mail_fopen*().
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
20060711
Introduce structured API for tls_server_mumble() just like
with smtp(8): this eliminates ever-growing lists of arguments.
Cleanup: smtpd_tls_mumble -> smtpd_tls_mandatory_mumble,
and finer control over the Postfix SMTP server TLS ciphers,
all this for consistency with the same functionality in the
Postfix SMTP client. Victor Duchovni.
Don't lose bits when converting st_dev into maildir file
name. It's 64 bits on Linux. Found with the BEAM source
code analyzer. Is this really a problem, or are they just
using 64 bits for upwards compatibility with LP64 systems?
Compatibility: Sendmail's milter client handles whitespace
after the header label and ":" in an interesting manner.
It eats one space (not tab). File: milter/milter8.c.
Do or don't introduce unknown_reverse_client_reject_code.
Workaround: if sender-depedendent SASL passwords are enabled,
don't defer delivery when a SASL password exists but the
server doesn't announce SASL support. File: smtp/smtp_proto.c.
In Milter events, mail_addr/rcpt_addr should be externalized
as they are in Sendmail. Likewise, addresses in add/delete
requests should be internalized before updating the queue
file.
Cleanup: format of cleanup milter reject messages. File:
cleanup_milter.c.
Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
UNIX).
Tempfail when a Milter application wants content access,
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
The sendmail command should not return non-std exit status
after fatal error in some internal library routine.
Log DSN original recipient when rejecting mail.
Keep whitespace between label and ":"?
Make the map case folding/locking options configurable, if
not at run-time then at least at compile time so we get
consistent behavior across applications.
Investigate what it would take to eliminate oqmgr, and to
make the old behavior configurable in a unified queue
manager. This would shave another 2.7 KLOC from the source
footprint.
Document the case folding strategy for match_list like
features.
Eliminate the (incoming,deferred)->active rename operation.
Softbounce fallback-to-ISP for SOHO users. This requires
playing with the soft_error test in the smtp_trouble.c
module, and avoiding delivery to backup MX hosts.
select -> kqueue, epoll, /dev/poll, poll() ...
In the SMTP server, set a "pipelining detected" flag at the
start of a session and at protocol synchronization points,
so that reject_unauth_pipelining can be specified in any
access rule.
Centralize main.cf parameter input so that defaults work
consistently. What about parameter names that are prefixed
with mail delivery transport names?
Fix default time unit handling so that we can have a default
bounce lifetime of $maximal_queue_lifetime, without causing
panics when a non-default maximal_queue_lifetime setting
includes no time unit.
After the 20051222 ISASCII paranoia, lowercase() lowercases
ASCII text only.
Privacy: remove local command/pathname details from remote
delivery status reports, and log them via local msg_warn().
Remove defer(8) and trace(8) references and man pages. These
are services not program names.
Is it safe to cache a connection after it has been used for
more than some number of address verification probes?
Try to recognize that Resent- headers appear in blocks,
newest block first. But don't break on incorrect header
block organization.
Hard limits on cache sizes (anvil, specifically).
Laptop friendliness: make the qmgr remember when the next
deferred queue scan needs to be done, and have the pickup
server stat() the maildrop directory before searching it.
Low: replace_sender/replace_recipient actions in access
maps?
Low: configurable order of local(8) delivery methods.
Med: local and remote source port and IP address for smtpd
policy hook.
Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
to limit the total time spent trying to connect.
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when comparing against local IP addresses?
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when eliminating MX mailer loops?
Med: Postfix requires [] around IPv6 address information
in match lists such as mynetworks, debug_peer_list etc.,
but the [] must not be specified in access(5) maps. Other
places don't care. For now, this gotcha is documented in
IPV6_README and in postconf(5) with each feature that may
use IPv6 address information. The general recommendation
is not to use [] unless absolutely necessary.
Med: the partial address matching of IPv6 addresses in
access(5) maps is a bit lame: it repeatedly truncates the
last ":octetpair" from the printable address representation
until a match is found or until truncation is no longer
possible. Since one or more ":" are usually omitted from
the printable IPv6 address representation, this does not
really try all the possibilities that one might expect to
be tried. For now, this gotcha is documented in access(5).
Med: the TLS certificate verification depth parameters never
worked.
Low: reject HELO with any domain name or IP address that
this MTA is the final destination for.
Low: should the Delivered-To: test in local(8) be configurable?
Low: make mail_addr_find() lookup configurable.
Low: update events.c so that 1-second timer requests do not
suffer from rounding errors. This is needed for 1-second
SMTP session caching time limits. A 1-second interval would
become arbitrarily short when an event is scheduled just
before the current second rolls over.
Low: configurable internal/system locking method.
Low: add INSTALL section for pre-existing Postfix systems.
Low: add INSTALL section for pre-existing RPM Postfixes.
Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
Low: noise filter: allow smtp(8) to retry immediately if
all MXes return a quick ECONNRESET or 4xx reply during the
initial handshake. Retry once? How many times?
Low: make post-install a "postfix-only script" so it can
take data from the environment instead of main.cf.
Low: randomize deferred mail backoff.
Med: separate ulimit for delivery to command?
Med: option to open queue file early, after MAIL FROM. This
would allow correlation of rejected RCPT TO requests with
accepted requests for the same mail transaction.
Med: silly queue file bit so that the queue manager doesn't
skip files when fast flush is requested while a queue scan
is in progress. The bit is set by the flush server and is
reset when the mail is deferred, so that it survives queue
manager restart. It's not clear, however, how one would
unthrottle disabled transports or queues.
Med: postsuper -r should do something with recipients in
bounce logfiles, to make sure the sender will be notified.
To be perfectly safe, no process other than the queue manager
should move a queue file away from the active queue.
This could involve tagging a queue file, and use up another
permission bit.
Low: postsuper re-run after renaming files, but only a
limited number of times.
Low: smtp-source may block when sending large test messages.
Med: make qmgr recipient bounce/defer activity asynchronous
or add a multi-recipient operation that reduces overhead.
One possibility is to pass delivery requests to a retry(8)
delivery agent which is error(8) in disguise, and which
calls defer_append() instead of bounce_append().
Med: find a way to log the sender address when MAIL FROM
is rejected due to lack of disk space.
Low: revise other local delivery agent duplicate filters.
Low: all table lookups should consistently use internalized
(unquoted) or externalized (quoted) forms as lookup keys.
smtpd, qmgr, local, etc. use unquoted address forms as keys.
cleanup uses quoted forms.
Low: have a configurable list of errno values for mailbox
or maildir delivery that result in deferral rather than
bouncing mail.
Low: after reorganizing configuration parameters, add flags
to all parameters whose value can be read from file.
Medium: need in-process caching for map lookups. LDAP servers
seem to need this in particular. Need a way to expire cached
results that are too old.
Low: generic showq protocol, to allow for more intelligent
processing than just mailq. Maybe marry this with postsuper.
Low: default domain for appending to unqualified recipients,
so that unqualified names can be delivered locally.
Low: The $process_id_directory setting is not used anywhere
in Postfix. Problem reported by Michael Smith, texas.net.
This should be documented, or better, the code should warn
about attempts to set read-only parameters.
Low: postconf -e edits parameters that postconf won't list.
Low: while converting 8bit text to quoted-printable, perhaps
use =46rom to avoid having to produce >From when delivering
to mailbox.
virtual_mailbox_path expression like forward_path, so that
people can specify prefix and suffix.
Bugfix: file/memory leak if a transfer of multiple milters
from smtpd to cleanup broke in the middle. Found by Coverity.
File: milter/milter.c.

4
postfix/README_FILES/ADDRESS_VERIFICATION_README
View File

@ -124,6 +124,10 @@ surprises. If a recipient probe fails, then Postfix rejects mail for the
recipient address. If a recipient probe succeeds, then Postfix accepts mail for
the recipient address.
By default, address verification results are not saved. To avoid probing the
same address repeatedly, you can store the result in a persistent database as
described later.
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks

8
postfix/README_FILES/FILTER_README
View File

@ -330,6 +330,7 @@ the Postfix master.cf file:
# =============================================================
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
* This runs up to 10 content filters in parallel. Instead of a limit of 10
concurrent processes, use whatever process limit is feasible for your
@ -343,6 +344,13 @@ the Postfix master.cf file:
real client name IP address. See smtp(8) and XFORWARD_README for more
information.
* With "-o disable_mime_output_conversion=yes", the scan delivery agent will
not convert 8BITMIME mail to quoted-printable form while delivering to the
content filter, as that would invalidate domainkeys and other digital
signatures. This workaround is needed because some SMTP-based content
filters don't announce 8BITMIME support, even though they can handle it
just fine.
AAddvvaanncceedd ccoonntteenntt ffiilltteerr:: rruunnnniinngg tthhee ccoonntteenntt ffiilltteerr
The content filter can be set up with the Postfix spawn service, which is the

50
postfix/README_FILES/MILTER_README
View File

@ -12,12 +12,12 @@ FROM, etc.) as well as mail content. All this happens before mail is queued.
The reason for adding Milter support to Postfix is that there exists a large
collection of applications, not only to block unwanted mail, but also to verify
authenticity (examples: SenderID+SPF and Domain keys) or to digitally sign mail
(example: Domain keys). Having yet another MTA-specific version of all that
(example: Domain keys). Having yet another Postfix-specific version of all that
software is a poor use of human and system resources.
Postfix 2.3 implements all the requests of Sendmail version 8 Milter protocols
up to version 4, except one: message body replacement. See, however, the
limitations section at the end of this document.
workarounds and limitations sections at the end of this document.
This document provides information on the following topics:
@ -185,7 +185,7 @@ The general syntax for listening sockets is as follows:
Connect to the specified TCP port on the specified local or remote
host. The host and port can be specified in numeric or symbolic form.
Note: Postfix syntax differs from Milter syntax which has the form
NOTE: Postfix syntax differs from Milter syntax which has the form
iinneett::port@@host.
NNoonn--SSMMTTPP MMiilltteerr aapppplliiccaattiioonnss
@ -381,10 +381,19 @@ message).
WWoorrkkaarroouunnddss
Content filters may break domain key etc. signatures. If you use an SMTP-based
filter as described in FILTER_README, then you should add a line to master.cf
with "disable_mime_output_conversion = yes", as described in the advanced
content filter example.
Sendmail Milter applications were originally developed for the Sendmail version
8 MTA, which has a different architecture than Postfix. The result is that some
Milter applications make assumptions that aren't true in a Postfix environment.
* Some Milter applications use the "{if_addr}" macro to recognize local mail;
this macro does not exist in Postfix. Workaround: use the "{client_addr}"
macro instead.
* Some Milter applications log a warning that looks like this:
sid-filter[36540]: WARNING: sendmail symbol 'i' not available
@ -394,12 +403,13 @@ Milter applications make assumptions that aren't true in a Postfix environment.
X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-
msgid>
This happens because the Milter application expects that the queue ID is
This happens because some Milter applications expect that the queue ID is
known before the MTA accepts the MAIL FROM (sender) command. Postfix, on
the other hand, does not create a queue file until after Postfix accepts
the first valid RCPT TO (recipient) command. This queue file name must be
globally unique across multiple queue directories, so it cannot be chosen
until the file is actually created.
the other hand, does not choose a queue file name until after it accepts
the first valid RCPT TO (recipient) command. Postfix queue file names must
be unique across multiple directories, so the name can't be chosen before
the file is created. If multiple messages were to use the same queue ID
simultaneously, mail would be lost.
To work around the ugly message header from Milter applications, we add a
little code to the Milter source to look up the queue ID after Postfix
@ -411,19 +421,27 @@ Milter applications make assumptions that aren't true in a Postfix environment.
o Look up the mlfi_eom() function and add code near the top shown as bboolldd
text below:
sic = (Context) smfi_getpriv(ctx);
assert(sic != NULL);
dfc = cc->cctx_msg;
assert(dfc != NULL);
//**
**** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg..
**//
iiff ((ssiicc-->>ccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ssiicc-->>ccttxx__jjoobbiidd,, MMSSGGIIDDUUNNKKNNOOWWNN)) ==== 00)) {{
//** DDeetteerrmmiinnee tthhee jjoobb IIDD ffoorr llooggggiinngg.. **//
iiff ((ddffcc-->>mmccttxx__jjoobbiidd ==== 00 |||| ssttrrccmmpp((ddffcc-->>mmccttxx__jjoobbiidd,, JJOOBBIIDDUUNNKKNNOOWWNN)) ==== 00))
{{
cchhaarr **jjoobbiidd == ssmmffii__ggeettssyymmvvaall((ccttxx,, ""ii""));;
iiff ((jjoobbiidd !!== 00))
ssiicc-->>ccttxx__jjoobbiidd == jjoobbiidd;;
ddffcc-->>mmccttxx__jjoobbiidd == jjoobbiidd;;
}}
This does not remove the WARNING message, however.
/* get hostname; used in the X header and in new MIME boundaries */
NOTES:
o Different mail filters use slightly different names for variables. If
the above code does not compile, look for the code at the start of the
mlfi_eoh() routine.
o This fixes only the ugly message header, but not the WARNING message.
Fortunately, dk-filter logs that message only once.
With some Milter applications we can fix both the WARNING and the "unknown-
msgid" by postponing the call of mlfi_eoh() (or whatever routine logs the

47
postfix/README_FILES/TLS_README
View File

@ -282,8 +282,8 @@ EEnnaabblliinngg TTLLSS iinn tthhee PPoossttffiixx SSMM
By default, TLS is disabled in the Postfix SMTP server, so no difference to
plain Postfix is visible. Explicitly switch it on with
"smtpd_tls_security_level = may" (Postfix 2.3 and later) or
"smtpd_use_tls = yes" (obsolete but still supported).
"smtpd_tls_security_level = may" (Postfix 2.3 and later) or "smtpd_use_tls =
yes" (obsolete but still supported).
Example:
@ -484,31 +484,38 @@ SSeerrvveerr--ssiiddee cciipphheerr ccoonnttrroollss
The description below is for Postfix 2.3; for Postfix < 2.3 the
smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an explicit
OpenSSL cipherlist.
OpenSSL cipherlist. The obsolete setting applies even when TLS encryption is
not enforced. Use of this control on public MX hosts is strongly discouraged.
With mandatory TLS encryption, the Postfix SMTP server will by default only use
SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. This is
controlled by the smtpd_tls_mandatory_protocols configuration parameter.
The Postfix SMTP server supports 5 distinct cipher security levels as specified
by the smtpd_tls_ciphers configuration parameter. The default value is "export"
which is the only one appropriate for public MX hosts. On private MX hosts or
MSAs one can further restrict the OpenSSL cipherlist selection.
by the smtpd_tls_mandatory_ciphers configuration parameter, which determines
the cipher grade with mandatory TLS encryption. The default value is "medium"
which is essentially 128-bit encryption or better. With opportunistic TLS
encryption, the minimum accepted cipher grade is always "export".
By default anonymous ciphers are allowed, and automatically disabled when
client certificates are requested. If clients are expected to always verify the
server certificate you may want to exclude anonymous ciphers by setting
"smtpd_tls_exclude_ciphers = aNULL". One can't force a client to check the
server certificate, so excluding anonymous ciphers is generally unnecessary.
"smtpd_tls_mandatory_exclude_ciphers = aNULL". One can't force a client to
check the server certificate, so excluding anonymous ciphers is generally
unnecessary.
For a server that is not a public Internet MX host, Postfix 2.3 supports
configurations with no server certificates that use oonnllyy the anonymous ciphers.
This is enabled by explicitly setting "smtpd_tls_cert_file = none" and not
specifying an smtpd_tls_dcert_file.
Example: (MSA that requires TLS with reasonably secure ciphers)
Example: (MSA that requires TLS with high grade ciphers)
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
@ -870,7 +877,7 @@ grade or better ciphers are used.
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_use_tls = yes" and "smtp_enforce_tls = no". For LMTP use the
corresponding "lmtp" parameters.
corresponding "lmtp_" parameters.
With opportunistic TLS, mail delivery continues even if the server certificate
is untrusted or bears the wrong name. Starting with Postfix 2.3, when the TLS
@ -927,7 +934,7 @@ interoperability and security guidelines.
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = no". For
LMTP use the corresponding lmtp_ parameters.
LMTP use the corresponding "lmtp_" parameters.
Despite the potential for eliminating passive eavesdropping attacks, mandatory
TLS encryption is not viable as a default security level for mail delivery to
@ -1022,7 +1029,7 @@ secure-channel destinations.
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes".
For LMTP use the corresponding lmtp_ parameters.
For LMTP use the corresponding "lmtp_" parameters.
If the server certificate chain is trusted (see smtp_tls_CAfile and
smtp_tls_CApath), any DNS names in the SubjectAlternativeName certificate
@ -1088,7 +1095,7 @@ With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes"
with additional settings to harden peer certificate verification against forged
DNS data. For LMTP, use the corresponding lmtp_ parameters.
DNS data. For LMTP, use the corresponding "lmtp_" parameters.
If the server certificate chain is trusted (see smtp_tls_CAfile and
smtp_tls_CApath), any DNS names in the SubjectAlternativeName certificate
@ -1366,8 +1373,8 @@ are allowed. On the right hand side specify one of the following keywords:
MAY
Opportunistic TLS. This has less precedence than a more specific result
(including "NONE") from the alternate host or next-hop lookup key, and
has less precedence than the more specific global
"smtp_enforce_tls = yes" or "smtp_tls_enforce_peername = yes".
has less precedence than the more specific global "smtp_enforce_tls =
yes" or "smtp_tls_enforce_peername = yes".
MUST_NOPEERMATCH
Mandatory TLS encryption. This overrides a less secure "NONE" or a less
specific "MAY" lookup result from the alternate host or next-hop lookup
@ -1498,9 +1505,9 @@ today's crypt-analytic methods. See smtp_tls_policy_maps for information on how
to configure ciphers on a per-destination basis.
By default anonymous ciphers are allowed, and automatically disabled when
server certificates are verified. If you want to disable even at the "encrypt"
security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL", to disable
anonymous ciphers even with opportunistic TLS, set
server certificates are verified. If you want to disable anonymous ciphers even
at the "encrypt" security level, set "smtp_tls_mandatory_exclude_ciphers =
aNULL"; and to disable anonymous ciphers even with opportunistic TLS, set
"smtp_tls_exclude_ciphers = aNULL". There is generally no need to take these
measures. Anonymous ciphers save bandwidth and TLS session cache space, if
certificates are ignored, there is little point in requesting them.

10
postfix/RELEASE_NOTES
View File

@ -1,4 +1,4 @@
The stable Postfix release is called postfix-2.2.x where 2=major
The stable Postfix release is called postfix-2.3.x where 2=major
release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
@ -317,9 +317,9 @@ parameters.
[Feature 20060709] TLS security levels ("none", "may", "encrypt")
in the Postfix SMTP server. You specify the security level with the
smtpd_tls_security_level parameter. This overrides the multiple
smtpd_use_tls and smtpd_enforce_tls parameters. When a value of
"verify" or "secure" is specified, the Postfix SMTP server logs a
warning and uses "encrypt" instead.
smtpd_use_tls and smtpd_enforce_tls parameters. When one of the
unimplemented "verify" or "secure" levels is specified, the Postfix
SMTP server logs a warning and uses "encrypt" instead.
[Feature 20060123] A new per-site TLS policy mechanism for the
Postfix SMTP client that supports the new TLS security levels,
@ -493,7 +493,7 @@ enhanced status codes. For example, status code 5.1.1 means
"recipient unknown". Postfix recognizes enhanced status codes in
remote server replies, generates enhanced status codes while handling
email, and reports enhanced status codes in non-delivery notifications.
This improves the user interaction with mail clients that translate
This improves the user experience with mail clients that translate
enhanced status codes into text in the user's own language.
You can, but don't have to, specify RFC 3463 enhanced status codes

2
postfix/conf/access
View File

@ -355,7 +355,7 @@
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
# Postfix version 2.3.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire

2
postfix/conf/canonical
View File

@ -156,7 +156,7 @@
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their

2
postfix/conf/generic
View File

@ -136,7 +136,7 @@
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their

4
postfix/conf/relocated
View File

@ -85,7 +85,7 @@
# regexp_table(5) or pcre_table(5). For a description of the
# TCP client/server table lookup protocol, see tcp_table(5).
# This feature is not available up to and including Postfix
# version 2.2.
# version 2.3.
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
@ -106,7 +106,7 @@
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their

2
postfix/conf/transport
View File

@ -237,7 +237,7 @@
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
# Postfix version 2.3.
#
# Each lookup operation uses the entire recipient address
# once. Thus, some.domain.hierarchy is not looked up via

2
postfix/conf/virtual
View File

@ -203,7 +203,7 @@
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their

4
postfix/html/ADDRESS_VERIFICATION_README.html
View File

@ -230,6 +230,10 @@ and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
succeeds, then Postfix accepts mail for the recipient address. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
<a href="#caching">persistent database</a> as described later. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:

8
postfix/html/FILTER_README.html
View File

@ -615,6 +615,7 @@ how one would set up the service in the Postfix <a href="master.5.html">master.c
# =============================================================
scan unix - - n - 10 smtp
-o <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a>=yes
-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes
</pre>
</blockquote>
@ -633,6 +634,13 @@ after-filter smtpd process, so that filtered mail is logged with
the real client name IP address. See <a href="smtp.8.html">smtp(8)</a> and <a href="XFORWARD_README.html">XFORWARD_README</a>
for more information. </p>
<li> <p> With "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes", the scan
delivery agent will not convert 8BITMIME mail to quoted-printable
form while delivering to the content filter, as that would invalidate
domainkeys and other digital signatures. This workaround is needed
because some SMTP-based content filters don't announce 8BITMIME
support, even though they can handle it just fine. </p>
</ul>
<h3>Advanced content filter: running the content filter</h3>

62
postfix/html/MILTER_README.html
View File

@ -32,13 +32,14 @@ href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
or to digitally sign mail (example: <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another MTA-specific version of all that software is a
poor use of human and system resources. </p>
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
<p> Postfix 2.3 implements all the requests of Sendmail version 8
Milter protocols up to version 4, except one: message body replacement.
See, however, the <a href="#limitations">limitations</a> section
at the end of this document. </p>
See, however, the <a href="#workarounds">workarounds</a> and <a
href="#limitations">limitations</a> sections at the end of this
document. </p>
<p> This document provides information on the following topics: </p>
@ -337,7 +338,7 @@ Connect to the specified TCP port on the specified local or remote
host. The host and port can be specified in numeric or symbolic
form.</p>
<p> Note: Postfix syntax differs from Milter syntax which has the
<p> NOTE: Postfix syntax differs from Milter syntax which has the
form <b>inet:</b><i>port</i><b>@</b><i>host</i>. </p> </dd>
</dl>
@ -611,6 +612,13 @@ TO </td> </tr>
<h2><a name="workarounds">Workarounds</a></h2>
<p> Content filters may break domain key etc. signatures. If you
use an SMTP-based filter as described in <a href="FILTER_README.html">FILTER_README</a>, then you
should add a line to <a href="master.5.html">master.cf</a> with "<a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>
= yes", as described in the <a
href="FILTER_README.html#advanced_filter">advanced content filter</a>
example. </p>
<p> Sendmail Milter applications were originally developed for the
Sendmail version 8 MTA, which has a different architecture than
Postfix. The result is that some Milter applications make assumptions
@ -618,6 +626,10 @@ that aren't true in a Postfix environment. </p>
<ul>
<li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
to recognize local mail; this macro does not exist in Postfix.
Workaround: use the "<tt>{client_addr}</tt>" macro instead. </p>
<li> <p> Some Milter applications log a warning that looks like
this: </p>
@ -635,13 +647,14 @@ X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com &lt;unknown-msgid&
</pre>
</blockquote>
<p> This happens because the Milter application expects that the
<p> This happens because some Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not create a
queue file until <i>after</i> Postfix accepts the first valid RCPT
TO (recipient) command. This queue file name must be globally unique
across multiple queue directories, so it cannot be chosen until the
file is actually created. </p>
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
TO (recipient) command. Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
file is created. If multiple messages were to use the same queue
ID <i>simultaneously</i>, mail would be lost. </p>
<p> To work around the ugly message header from Milter applications,
we add a little code to the Milter source to look up the queue ID
@ -659,21 +672,32 @@ the top shown as <b>bold</b> text below: </p>
<blockquote>
<pre>
sic = (Context) smfi_getpriv(ctx);
assert(sic != NULL);
dfc = cc->cctx_msg;
assert(dfc != NULL);
<b>
/*
** Determine the job ID for logging.
*/
if (sic->ctx_jobid == 0 || strcmp(sic->ctx_jobid, MSGIDUNKNOWN) == 0) {
/* Determine the job ID for logging. */
if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
char *jobid = smfi_getsymval(ctx, "i");
if (jobid != 0)
sic->ctx_jobid = jobid;
dfc->mctx_jobid = jobid;
}</b>
/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
<p> This does not remove the WARNING message, however. </p>
<p> NOTES: </p>
<ul>
<li> <p> Different mail filters use slightly different names for
variables. If the above code does not compile, look for the code
at the start of the <tt>mlfi_eoh()</tt> routine. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, dk-filter logs that message only once. </p>
</ul>
<p> With some Milter applications we can fix both the WARNING and
the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>

132
postfix/html/TLS_README.html
View File

@ -247,7 +247,7 @@ back to plain text after a TLS handshake failure, the server will
be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly sets
"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>&nbsp;=&nbsp;none". This ensures that new Postfix
"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
@ -436,8 +436,8 @@ since the headers may be changed by intermediate servers. </p>
<p> By default, TLS is disabled in the Postfix SMTP server, so no
difference to plain Postfix is visible. Explicitly switch it on
with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;may" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes" (obsolete but still
with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes" (obsolete but still
supported). </p>
<p> Example: </p>
@ -463,8 +463,8 @@ private key. This is intended behavior. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;encrypt" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes" (obsolete but still
"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" (obsolete but still
supported). According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
@ -490,7 +490,7 @@ and OE (5.01 Mac on all ports). </p>
<p> It is strictly discouraged to use this mode from <a href="postconf.5.html">main.cf</a>. If
you want to support this service, enable a special port in <a href="master.5.html">master.cf</a>
and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>&nbsp;=&nbsp;yes" as an <a href="smtpd.8.html">smtpd(8)</a> command
and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes" as an <a href="smtpd.8.html">smtpd(8)</a> command
line option. Port 465 (smtps) was once chosen for this feature.
</p>
@ -536,9 +536,9 @@ when the server is configured to ask for client certificates. </p>
<p> When TLS is <a href="#server_enforce">enforced</a> you may also decide
to REQUIRE a remote SMTP client certificate for all TLS connections,
by setting "<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>&nbsp;=&nbsp;yes". This feature implies
"<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>&nbsp;=&nbsp;yes". When TLS is not enforced,
"<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>&nbsp;=&nbsp;yes" is ignored and a warning is
by setting "<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes". This feature implies
"<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". When TLS is not enforced,
"<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes" is ignored and a warning is
logged. </p>
<p> Example: </p>
@ -573,16 +573,16 @@ CA issues special CA which then issues the actual certificate...)
<p> Sending AUTH data over an unencrypted channel poses a security
risk. When TLS layer encryption is required
("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;encrypt" or the obsolete
"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes"), the Postfix SMTP server will
("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" or the obsolete
"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes"), the Postfix SMTP server will
announce and accept AUTH only after the TLS layer has been activated
with STARTTLS. When TLS layer encryption is optional
("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;may" or the obsolete
"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;no"), it may however still be useful
("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may" or the obsolete
"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = no"), it may however still be useful
to only offer AUTH when TLS is active. To maintain compatibility
with non-TLS clients, the default is to accept AUTH without encryption.
In order to change this behavior, set
"<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a>&nbsp;=&nbsp;yes". </p>
"<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
<p> Example: </p>
@ -706,37 +706,45 @@ the user or host.</p>
<h3><a name="server_cipher">Server-side cipher controls</a> </h3>
<p> The description below is for Postfix 2.3; for Postfix &lt; 2.3 the
smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an
explicit OpenSSL cipherlist. </p>
<a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> parameter specifies the acceptable ciphers as an
explicit OpenSSL cipherlist. The obsolete setting applies even when TLS
encryption is not enforced. Use of this control on public MX hosts is
strongly discouraged. </p>
<p> With mandatory TLS encryption, the Postfix SMTP server will by
default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
is optional. This is controlled by the <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
configuration parameter. </p>
<p> The Postfix SMTP server supports 5 distinct cipher security levels
as specified by the <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> configuration parameter. The
default value is "export" which is the only one appropriate for public
MX hosts. On private MX hosts or MSAs one can further restrict the
OpenSSL cipherlist selection. </p>
as specified by the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter,
which determines the cipher grade with mandatory TLS encryption. The
default value is "medium" which is essentially 128-bit encryption or better.
With opportunistic TLS encryption, the minimum accepted cipher grade is
always "export". </p>
<p> By default anonymous ciphers are allowed, and automatically disabled
when client certificates are requested. If clients are expected to always
verify the server certificate you may want to exclude anonymous ciphers
by setting "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>&nbsp;=&nbsp;aNULL". One can't
force a client to check the server certificate, so excluding anonymous
ciphers is generally unnecessary. </p>
by setting "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL".
One can't force a client to check the server certificate, so excluding
anonymous ciphers is generally unnecessary. </p>
<p> For a server that is not a public Internet MX host, Postfix 2.3
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>&nbsp;=&nbsp;none"
enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none"
and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
<p> Example: (MSA that requires TLS with reasonably secure ciphers) </p>
<p> Example: (MSA that requires TLS with high grade ciphers) </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/key.pem
<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = medium
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL, MD5
<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Obsolete, but still supported
@ -1186,11 +1194,11 @@ in the sections that follow.</p>
<p> At the "none" TLS security level, TLS encryption is
disabled. This is the default security level. With Postfix 2.3 and later,
it can be configured explicitly by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;none". </p>
it can be configured explicitly by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none". </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> is set to
its default (backwards compatible) empty value, the appropriate configuration
settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>&nbsp;=&nbsp;no" and "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;no".
settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = no" and "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = no".
With either approach, TLS is not used even if supported by the server.
For LMTP, use the corresponding "lmtp_" parameters. </p>
@ -1211,7 +1219,7 @@ table, specify the "NONE" keyword. </p>
The SMTP transaction is encrypted if the STARTTLS ESMTP feature
is supported by the server. Otherwise, messages are sent in the clear.
With Postfix 2.3 and later, opportunistic TLS can be configured by
setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;may".
setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may".
<p> Since sending in the clear is acceptable, demanding stronger
than default TLS security merely reduces inter-operability. For
@ -1222,9 +1230,9 @@ better ciphers are used. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> is
set to its default (backwards compatible) empty value, the appropriate
configuration settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>&nbsp;=&nbsp;yes" and
"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;no".
For LMTP use the corresponding "lmtp" parameters. </p>
configuration settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes" and
"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = no".
For LMTP use the corresponding "lmtp_" parameters. </p>
<p> With opportunistic TLS, mail delivery continues even if the
server certificate is untrusted or bears the wrong name. Starting
@ -1280,7 +1288,7 @@ over TLS encrypted sessions. The SMTP transaction is aborted unless
the STARTTLS ESMTP feature is supported by the server. If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;encrypt". Even though TLS
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
certificate is untrusted or bears the wrong name. </p>
@ -1294,9 +1302,9 @@ parameters includes useful interoperability and security guidelines.
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
is set to its default (backwards compatible) empty value, the
appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes"
and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;no". For LMTP use the corresponding
<i>lmtp_</i> parameters. </p>
appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes"
and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no". For LMTP use the corresponding
"lmtp_" parameters. </p>
<p> Despite the potential for eliminating passive eavesdropping attacks,
mandatory TLS encryption is not viable as a default security level for
@ -1407,7 +1415,7 @@ TLS encrypted sessions if the server certificate is valid (not
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
server certificate verification can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;verify". The
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify". The
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter can override the default
"hostname" certificate name matching strategy. Fine-tuning the
matching strategy is generally only appropriate for <a
@ -1415,9 +1423,9 @@ href="#client_tls_secure">secure-channel</a> destinations. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
is set to its default (backwards compatible) empty value, the
appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes" and
"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;yes". For LMTP use the corresponding
<i>lmtp_</i> parameters. </p>
appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes". For LMTP use the corresponding
"lmtp_" parameters. </p>
<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>
and <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>), any DNS names in the SubjectAlternativeName
@ -1491,16 +1499,16 @@ to <i>example.com</i> recipients uses "high" grade ciphers. </p>
<i>secure-channel</i> TLS sessions where DNS forgery resistant server
certificate verification succeeds. If no suitable servers are found, the
message will be deferred. With Postfix 2.3 and later, secure-channels
can be configured by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;secure".
can be configured by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure".
The <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter can override the default
"nexthop, dot-nexthop" certificate match strategy. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
is set to its default (backwards compatible) empty value, the
appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes"
and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;yes" with additional settings to
appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes"
and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" with additional settings to
<a href="#client_tls_harden">harden</a> peer certificate verification
against forged DNS data. For LMTP, use the corresponding <i>lmtp_</i>
against forged DNS data. For LMTP, use the corresponding "lmtp_"
parameters. </p>
<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and
@ -1799,7 +1807,7 @@ encryption regardless of which table is used. The
for the obsolete "MUST" keyword in the same way as for the "verify"
level in the new policy. </p>
<p> With Postfix &lt; 2.3, the obsolete smtp_tls_cipherlist parameter
<p> With Postfix &lt; 2.3, the obsolete <a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> parameter
is also applied for opportunistic TLS sessions, and should be used with
care, or not at all. Setting cipherlist restrictions that are incompatible
with a remote SMTP server render that server unreachable, TLS handshakes
@ -1854,7 +1862,7 @@ settings. </dd>
<dt> MAY </dt> <dd> Opportunistic TLS. This has less precedence than
a more specific result (including "NONE") from the alternate host or
next-hop lookup key, and has less precedence than the more specific global
"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;yes". </dd>
"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes". </dd>
<dt> MUST_NOPEERMATCH </dt> <dd> Mandatory TLS encryption. This
overrides a less secure "NONE" or a less specific "MAY" lookup result
@ -1880,8 +1888,8 @@ policies can be summarized as follows: </p>
<li> <p> When neither the remote SMTP server hostname nor the
next-hop destination are found in the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, the
policy is based on <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. Note: "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes" and
"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;yes" imply "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>&nbsp;=&nbsp;yes". </p>
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. Note: "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" imply "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes". </p>
<li> <p> When both hostname and next-hop destination lookups produce
a result, the more specific per-site policy (NONE, MUST, etc)
@ -1891,7 +1899,7 @@ policy (MUST, etc) overrides the less secure one (NONE). </p>
<li> <p> After the per-site policy lookups are combined, the result
generally overrides the global policy. The exception is the less
specific "MAY" per-site policy, which is overruled by the more
specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes" with server certificate
specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" with server certificate
verification as specified with the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
parameter. </p>
@ -1929,7 +1937,7 @@ server hostname that is used for TLS policy lookup and server certificate
verification. </p>
<li> <p> Disallow CNAME hostname overrides. In <a href="postconf.5.html">main.cf</a>, specify
"<a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a>&nbsp;=&nbsp;no". This prevents false hostname
"<a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> = no". This prevents false hostname
information in DNS CNAME records from changing the server hostname
that Postfix uses for TLS policy lookup and server certificate
verification. This feature requires Postfix 2.2.9 or later. The
@ -2025,14 +2033,14 @@ methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps
ciphers on a per-destination basis. </p>
<p> By default anonymous ciphers are allowed, and automatically
disabled when server certificates are verified. If you
want to disable even at the "encrypt" security level, set
"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>&nbsp;=&nbsp;aNULL",
to disable anonymous ciphers even with opportunistic TLS, set
"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>&nbsp;=&nbsp;aNULL". There is generally no
need to take these measures. Anonymous ciphers save bandwidth and TLS
session cache space, if certificates are ignored, there is little point
in requesting them. </p>
disabled when server certificates are verified. If you want to
disable anonymous ciphers even at the "encrypt" security level, set
"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL"; and to
disable anonymous ciphers even with opportunistic TLS, set
"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". There is generally
no need to take these measures. Anonymous ciphers save bandwidth
and TLS session cache space, if certificates are ignored, there is
little point in requesting them. </p>
<p> Example: </p>
@ -2336,14 +2344,14 @@ generation (PRNG) pool, and in order to access the TLS session
cache databases. Such a protocol cannot be run across fifos. </p>
<li> <p> <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>: the MUST_NOPEERMATCH per-site policy
cannot override the global "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;yes" setting.
cannot override the global "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" setting.
</p>
<li> <p> <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>: a combined (NONE + MAY) lookup result
for (hostname and next-hop destination) produces counter-intuitive
results for different <a href="postconf.5.html">main.cf</a> settings. TLS is enabled with
"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;no", but it is disabled when both
"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>&nbsp;=&nbsp;yes" and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>&nbsp;=&nbsp;yes".
"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no", but it is disabled when both
"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes".
</p>
</ul>

2
postfix/html/access.5.html
View File

@ -361,7 +361,7 @@ ACCESS(5) ACCESS(5)
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Postfix version 2.3.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire

5
postfix/html/bounce.8.html
View File

@ -108,6 +108,11 @@ BOUNCE(8) BOUNCE(8)
The time limit for sending or receiving information
over an internal communication channel.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
The mail system name that is displayed in Received:
headers, in the SMTP greeting banner, and in

2
postfix/html/canonical.5.html
View File

@ -162,7 +162,7 @@ CANONICAL(5) CANONICAL(5)
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their

2
postfix/html/generic.5.html
View File

@ -142,7 +142,7 @@ GENERIC(5) GENERIC(5)
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their

321
postfix/html/postconf.5.html
View File

@ -1002,7 +1002,8 @@ the Postfix SMTP client returns such mail as undeliverable.
<p>
Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail
from the SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You can specify
from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You
can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page
for the syntax and meaning of "transport" or "transport:nexthop".
@ -2858,7 +2859,8 @@ for IPv6. </p>
<p>
A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
at the default value and instead use explicit IP addresses in
the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the SMTP client's
the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix
SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a
single IPv4 and/or IPV6 address is primarily useful with virtual
@ -2949,6 +2951,32 @@ block all mail to a site.
</p>
</DD>
<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a>
(default: empty)</b></DT><DD>
<p> What categories of Postfix-generated mail are subject to
before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a>
and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated
by whitespace or comma. </p>
<dl>
<dt> <b> bounce </b> </dt> <dd> Inspect the content of delivery
status notifications. </dd>
<dt> <b> notify </b> </dt> <dd> Inspect the content of postmaster
notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd>
</dl>
<p> NOTE: It's generally not safe to enable content inspection of
Postfix-generated email messages. The user is warned. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a>
@ -4155,8 +4183,8 @@ lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup. </p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP server
will reject mail for unknown local users.
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users.
</p>
<p>
@ -6813,8 +6841,8 @@ the word "ESMTP" appears in the server greeting banner (example:
(default: empty)</b></DT><DD>
<p>
An optional numerical network address that the SMTP client should
bind to when making an IPv4 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
</p>
<p>
@ -6844,8 +6872,8 @@ but this form is not recommended here. </p>
(default: empty)</b></DT><DD>
<p>
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
@ -6898,7 +6926,8 @@ zero (use the operating system built-in time limit).
</p>
<p>
When no connection can be made within the deadline, the SMTP client
When no connection can be made within the deadline, the Postfix
SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
@ -7089,7 +7118,7 @@ The default time unit is s (seconds).
<p>
The SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>
seconds the SMTP client terminates the transfer.
seconds the Postfix SMTP client terminates the transfer.
</p>
<p>
@ -7156,7 +7185,7 @@ into concurrency per recipient. </p>
<p> Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the SMTP client will ignore in the EHLO response from a
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The
table is not indexed by hostname for consistency with
<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p>
@ -7170,8 +7199,8 @@ table is not indexed by hostname for consistency with
(default: empty)</b></DT><DD>
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the SMTP client will ignore in the EHLO response
from a remote SMTP server. </p>
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
@ -7311,7 +7340,7 @@ The default time unit is s (seconds).
(default: dns)</b></DT><DD>
<p>
What mechanisms when the SMTP client uses to look up a host's IP
What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
</p>
@ -7566,9 +7595,10 @@ Example:
<DT><b><a name="smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a>
(default: yes)</b></DT><DD>
<p> Defer mail delivery when an SMTP server does not support SASL
authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> contains SASL
login/password information for that server. </p>
<p> If sender-dependent SASL passwords are turned off, defer mail
delivery when an SMTP server does not support SASL authentication,
while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> contains SASL login/password information
for that server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -7728,8 +7758,8 @@ for authentication. The available types are listed with the
(default: no)</b></DT><DD>
<p>
Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
response announces XFORWARD support.
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
</p>
<p>
@ -7751,7 +7781,7 @@ This feature is available in Postfix 2.1 and later.
(default: no)</b></DT><DD>
<p>
Enable sender-dependent authentication in the SMTP client; this is
Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials. </p>
@ -7920,7 +7950,7 @@ hence pass the "openssl verify -purpose sslclient ..." test. </p>
(default: empty)</b></DT><DD>
<p> Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
cipher list. As this feature applies to all security levels, it is easy
cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
@ -7974,7 +8004,7 @@ specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file<
<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
(default: yes)</b></DT><DD>
<p> When TLS encryption is enforced, require that the remote SMTP
<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> the requirements for hostname checking
for MTA clients are not specified. </p>
@ -7997,8 +8027,9 @@ Postfix 2.3 and later use <a href="postconf.5.html#smtp_tls_security_level">smtp
<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the SMTP client cipher
list at all security levels. This is not an OpenSSL cipherlist, it is
<p> List of ciphers or cipher types to exclude from the Postfix
SMTP client cipher
list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
@ -8080,12 +8111,13 @@ loglevel 4 is strongly discouraged. </p>
<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
(default: medium)</b></DT><DD>
<p> The minimum SMTP client TLS cipher grade that is strong enough to
be used with the "encrypt" security level and higher. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
ciphers on a per-destination basis. </p>
<p> The minimum TLS cipher grade that the Postfix SMTP client will
use with
mandatory TLS encryption. The default value "medium" is suitable
for most destinations with which you may want to enforce TLS, and
is beyond the reach of today's crypt-analytic methods. See
<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers
on a per-destination basis. </p>
<p> The following cipher grades are supported: </p>
@ -8155,11 +8187,10 @@ encryption or authentication). </dd>
<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the SMTP client
cipher list at the mandatory TLS security levels: "encrypt", "verify"
and "secure". See <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> for syntax details. When
both "exclude" parameters are defined, the combined list of ciphers is
excluded (provided the TLS security level is "encrypt" or higher). </p>
<p> Additional list of ciphers or cipher types to exclude from the
SMTP client cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
(see there for syntax details). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -8169,8 +8200,8 @@ excluded (provided the TLS security level is "encrypt" or higher). </p>
<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
(default: SSLv3, TLSv1)</b></DT><DD>
<p> List of TLS protocol versions that are secure enough to be used
with the "encrypt" security level and higher. In <a href="postconf.5.html">main.cf</a> the values
<p> List of TLS protocols that the Postfix SMTP client will use
with mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values
are separated by whitespace, commas or colons. In the policy table
(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names,
@ -9788,7 +9819,7 @@ null sender address.
<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a>
(default: yes)</b></DT><DD>
<p> Attempt to look up the SMTP client hostname, and verify that
<p> Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
@ -10868,81 +10899,7 @@ clients. </p>
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
<p>This feature is available with Postfix version 2.2. It is not used with
Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> instead. </p>
</DD>
<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a>
(default: export)</b></DT><DD>
<p> The minimum acceptable SMTP server TLS cipher grade. It is easy to
create inter-operability problems by choosing a non-default cipher grade.
Do not use a stronger than default minimum cipher grade for MX hosts on
the public Internet. Clients that begin the TLS handshake, but are unable
to agree on a common cipher, may not be able to send any email to the
SMTP server. Using a restricted cipher list may be more appropriate for a
dedicated MSA or an internal mailhub, where one can exert some control over
the TLS software and settings of the connecting clients. Configurations
with no certificates are also not likely to inter-operate with most
clients, see the notes for "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>". </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
This is the most appropriate setting for public MX hosts. The underlying
cipherlist is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration
parameter, which you are strongly encouraged to not change. The default
value of <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
<dt><b>low</b></dt>
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration
parameter, which you are strongly encouraged to not change. The default
value of <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
<dt><b>medium</b></dt>
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration
parameter, which you are strongly encouraged to not change. The default
value of <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
<dt><b>high</b></dt>
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration
parameter, which you are strongly encouraged to not change. The default
value of <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers, set
"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption. This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly
encouraged to not change. The default value of <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a>
excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
data integrity without encryption or authentication). </dd>
</dl>
<p> This feature is available in Postfix 2.3 and later. </p>
Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p>
</DD>
@ -10983,7 +10940,7 @@ openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024
<p> Your actual source for entropy may differ. Some systems have
/dev/random; on other system you may consider using the "Entropy
Gathering Daemon EGD", available at <a href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech/crypto/</a>.
Gathering Daemon EGD", available at <a href="http://egd.sourceforge.net/">http://egd.sourceforge.net/</a>
</p>
<p> Example: </p>
@ -11036,10 +10993,12 @@ must be accessible without password. </p>
(default: empty)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the SMTP server
cipher list. This is not an OpenSSL cipherlist; it is a simple list
separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
cipher list at all TLS security levels. Excluding valid ciphers
can create interoperability problems. DO NOT exclude ciphers unless it
is essential to do so. This is not an OpenSSL cipherlist; it is a simple
list separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which case
only ciphers matching <b>all</b> the properties are excluded. </p>
<p> Examples (some of these will cause problems): </p>
@ -11107,23 +11066,115 @@ loglevel 4 is strongly discouraged. </p>
</DD>
<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
(default: medium)</b></DT><DD>
<p> The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory
TLS encryption. Cipher types listed in <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition
of the selected cipher grade. With opportunistic TLS encryption,
the "export" grade is used unconditionally with exclusions specified
only via <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>. </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
This is the most appropriate setting for public MX hosts, and is always
used with opportunistic TLS encryption. The underlying cipherlist
is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter,
which you are strongly encouraged to not change. The default value
of <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> includes anonymous ciphers, but these are
automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers
only when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> =
aNULL". </dd>
<dt><b>low</b></dt>
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
underlying cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a>
configuration parameter, which you are strongly encouraged to
not change. The default value of <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </dd>
<dt><b>medium</b></dt>
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
are essentially the 128-bit or stronger ciphers. This is the default
minimum strength for mandatory TLS encryption. MSAs that enforce
TLS and have clients that do not support any "MEDIUM" or "HIGH"
grade ciphers, may need to configure a weaker ("low" or "export")
minimum cipher grade. The underlying cipherlist is specified via the
<a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which you are strongly
encouraged to not change. The default value of <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a>
includes anonymous ciphers, but these are automatically filtered out if
the server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </dd>
<dt><b>high</b></dt>
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a>
configuration parameter, which you are strongly encouraged to
not change. The default value of <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption. This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly
encouraged to not change. The default value of <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a>
excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
data integrity without encryption or authentication). </dd>
</dl>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
<p> The list of TLS protocols supported by the Postfix SMTP server.
If the list is empty, the server supports all available TLS protocol
versions. A non-empty value is a list of protocol names separated
by whitespace, commas or colons. The supported protocol names are
"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
<p> Additional list of ciphers or cipher types to exclude from the
SMTP server cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>
(see there for syntax details). </p>
<p> DO NOT set this to a non-default value on an Internet MX host,
as this may cause inter-operability problems. If you restrict the
protocol list on an Internet MX host, you may lose mail. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
(default: SSLv3, TLSv1)</b></DT><DD>
<p> The TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. With opportunistic TLS encryption, all
protocols are always accepted. If the list is empty, the server
supports all available TLS protocol versions. A non-empty value
is a list of protocol names separated by whitespace, commas or
colons. The supported protocol names are "SSLv2", "SSLv3" and
"TLSv1", and are not case sensitive. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = SSLv3, TLSv1
<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = SSLv3, TLSv1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -11149,7 +11200,7 @@ that was recorded by the final destination can be trusted. </p>
<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>
(default: no)</b></DT><DD>
<p> When TLS encryption is enforced, require a remote SMTP client
<p> With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p>
@ -11200,6 +11251,8 @@ encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_o
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
@ -11528,7 +11581,7 @@ bytes (equivalent to 256 bits) is sufficient to generate a 128bit
(default: ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
@ -11543,7 +11596,7 @@ strongly encouraged to not change this setting. </p>
(default: !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
strongly encouraged to not change this setting. </p>
@ -11556,7 +11609,7 @@ strongly encouraged to not change this setting. </p>
(default: !EXPORT:ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
strongly encouraged to not change this setting. </p>
@ -11569,7 +11622,7 @@ strongly encouraged to not change this setting. </p>
(default: !EXPORT:!LOW:ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
@ -11586,7 +11639,7 @@ setting. </p>
<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
setting in smtpd_mandatory_tls_ciphers, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged to not
change this setting. </p>

4
postfix/html/relocated.5.html
View File

@ -91,7 +91,7 @@ RELOCATED(5) RELOCATED(5)
<a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description of the
TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not available up to and including Postfix
version 2.2.
version 2.3.
Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
@ -112,7 +112,7 @@ RELOCATED(5) RELOCATED(5)
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their

225
postfix/html/smtp.8.html
View File

@ -206,14 +206,14 @@ SMTP(8) SMTP(8)
Lookup tables, indexed by the remote SMTP server
address, with case insensitive lists of EHLO key-
words (pipelining, starttls, auth, etc.) that the
SMTP client will ignore in the EHLO response from a
remote SMTP server.
Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
A case insensitive list of EHLO keywords (pipelin-
ing, starttls, auth, etc.) that the SMTP client
will ignore in the EHLO response from a remote SMTP
server.
ing, starttls, auth, etc.) that the Postfix SMTP
client will ignore in the EHLO response from a
remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
Optional lookup tables that perform address rewrit-
@ -294,109 +294,99 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a> (yes)</b>
Defer mail delivery when an SMTP server does not
support SASL authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_pass</a>-
<a href="postconf.5.html#smtp_sasl_password_maps">word_maps</a> contains SASL login/password information
If sender-dependent SASL passwords are turned off,
defer mail delivery when an SMTP server does not
support SASL authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_pass</a>-
<a href="postconf.5.html#smtp_sasl_password_maps">word_maps</a> contains SASL login/password information
for that server.
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the SMTP
client; this is available only with SASL authenti-
cation, and disables SMTP connection caching to
ensure that mail from different senders will use
the appropriate credentials.
Enable sender-dependent authentication in the Post-
fix SMTP client; this is available only with SASL
authentication, and disables SMTP connection
caching to ensure that mail from different senders
will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client
The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum SMTP client TLS cipher grade that is
strong enough to be used with the "encrypt" secu-
rity level and higher.
The minimum TLS cipher grade that the Postfix SMTP
client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
SMTP client cipher list at all security levels.
Postfix SMTP client cipher list at all TLS security
levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
SMTP client cipher list at the mandatory TLS secu-
rity levels: "encrypt", "verify" and "secure".
Additional list of ciphers or cipher types to
exclude from the SMTP client cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocol versions that are secure
enough to be used with the "encrypt" security level
and higher.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
tificates.
@ -467,7 +457,7 @@ SMTP(8) SMTP(8)
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
When TLS encryption is enforced, require that the
With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
@ -476,30 +466,34 @@ SMTP(8) SMTP(8)
TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP
client TLS cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP
The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO
The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
@ -508,30 +502,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT
The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
@ -542,12 +536,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET
The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
@ -559,11 +553,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the
Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a
Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
@ -573,57 +567,62 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept
of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or
Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail
Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP
Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -631,7 +630,7 @@ SMTP(8) SMTP(8)
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -639,74 +638,74 @@ SMTP(8) SMTP(8)
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client
The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv4 connec-
tion.
An optional numerical network address that the
Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv6 connec-
tion.
An optional numerical network address that the
Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com-
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the SMTP client uses to look
up a host's IP address.
What mechanisms when the Postfix SMTP client uses
to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host
Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
@ -724,7 +723,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

118
postfix/html/smtpd.8.html
View File

@ -328,88 +328,89 @@ SMTPD(8) SMTPD(8)
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
Opportunistic TLS: announce STARTTLS support to
SMTP clients, but do not require that clients use
TLS encryption.
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
Mandatory TLS: announce STARTTLS support to SMTP
clients, and require that clients use TLS encryp-
tion.
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
The SMTP TLS security level for the Postfix SMTP
server; when a non-empty value is specified, this
overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP server uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP server uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (300s)</b>
The time limit for Postfix SMTP server write and
read operations during TLS startup and shutdown
The time limit for Postfix SMTP server write and
read operations during TLS startup and shutdown
handshake procedures.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP server
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP server
certificate.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP server
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP server
certificate.
<b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
Ask a remote SMTP client for a client certificate.
Ask a remote SMTP client for a client certificate.
<b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
When TLS encryption is optional in the Postfix SMTP
server, do not announce or accept SASL authentica-
server, do not announce or accept SASL authentica-
tion over unencrypted connections.
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (5)</b>
The verification depth for remote SMTP client cer-
The verification depth for remote SMTP client cer-
tificates.
<b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP server RSA certificate
File with the Postfix SMTP server RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
The minimum acceptable SMTP server TLS cipher
grade.
<b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
SMTP server cipher list.
SMTP server cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP server DSA certificate
File with the Postfix SMTP server DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
File with DH parameters that the Postfix SMTP
server should use with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
File with DH parameters that the Postfix SMTP
server should use with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
File with DH parameters that the Postfix SMTP
server should use with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
File with the Postfix SMTP server DSA private key
File with the Postfix SMTP server DSA private key
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
File with the Postfix SMTP server RSA private key
File with the Postfix SMTP server RSA private key
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP server logging of
Enable additional Postfix SMTP server logging of
TLS activity.
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
The list of TLS protocols supported by the Postfix
SMTP server.
<b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
The minimum TLS cipher grade that the Postfix SMTP
server will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
Additional list of ciphers or cipher types to
exclude from the SMTP server cipher list at manda-
tory TLS security levels.
<b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
The TLS protocols accepted by the Postfix SMTP
server with mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
Request that the Postfix SMTP server produces
@ -419,7 +420,7 @@ SMTPD(8) SMTPD(8)
CommonName.
<b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
When TLS encryption is enforced, require a remote
With mandatory TLS encryption, require a remote
SMTP client certificate in order to allow TLS con-
nections to proceed.
@ -442,14 +443,6 @@ SMTPD(8) SMTPD(8)
server in order to seed its internal pseudo random
number generator (PRNG).
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
The SMTP TLS security level for the Postfix SMTP
server; when a non-empty value is specified, this
overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
<b>(!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "HIGH" grade ciphers.
@ -459,7 +452,7 @@ SMTPD(8) SMTPD(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -467,9 +460,28 @@ SMTPD(8) SMTPD(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
Opportunistic TLS: announce STARTTLS support to
SMTP clients, but do not require that clients use
TLS encryption.
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
Mandatory TLS: announce STARTTLS support to SMTP
clients, and require that clients use TLS encryp-
tion.
<b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
Obsolete Postfix &lt; 2.3 control for the Postfix SMTP
server TLS cipher list.
<b>VERP SUPPORT CONTROLS</b>
With VERP style delivery, each recipient of a message
receives a customized copy of the message with his/her own
@ -522,6 +534,11 @@ SMTPD(8) SMTPD(8)
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
postmaster.
@ -677,8 +694,9 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
Attempt to look up the SMTP client hostname, and
verify that the name matches the client IP address.
Attempt to look up the Postfix SMTP client host-
name, and verify that the name matches the client
IP address.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-

2
postfix/html/transport.5.html
View File

@ -243,7 +243,7 @@ TRANSPORT(5) TRANSPORT(5)
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Postfix version 2.3.
Each lookup operation uses the entire recipient address
once. Thus, <i>some.domain.hierarchy</i> is not looked up via

2
postfix/html/virtual.5.html
View File

@ -209,7 +209,7 @@ VIRTUAL(5) VIRTUAL(5)
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their

2
postfix/man/man5/access.5
View File

@ -340,7 +340,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire client

2
postfix/man/man5/canonical.5
View File

@ -166,7 +166,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their

2
postfix/man/man5/generic.5
View File

@ -150,7 +150,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their

277
postfix/man/man5/postconf.5
View File

@ -559,7 +559,8 @@ $virtual_alias_domains, or $virtual_mailbox_domains. By default,
the Postfix SMTP client returns such mail as undeliverable.
.PP
Specify, for example, "best_mx_transport = local" to pass the mail
from the SMTP client to the \fBlocal\fR(8) delivery agent. You can specify
from the Postfix SMTP client to the \fBlocal\fR(8) delivery agent. You
can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the master.cf file. See the \fBtransport\fR(5) manual page
for the syntax and meaning of "transport" or "transport:nexthop".
@ -1525,7 +1526,8 @@ for IPv6.
.PP
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value and instead use explicit IP addresses in
the master.cf SMTP server definitions. This preserves the SMTP client's
the master.cf SMTP server definitions. This preserves the Postfix
SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IPv4 and/or IPV6 address is primarily useful with virtual
@ -1600,6 +1602,22 @@ and via the \fBpipe\fR(8) and \fBvirtual\fR(8) delivery agents.
.PP
Warning: with concurrency of 1, one bad message can be enough to
block all mail to a site.
.SH internal_mail_filter_classes (default: empty)
What categories of Postfix-generated mail are subject to
before-queue content inspection by non_smtpd_milters, header_checks
and body_checks. Specify zero or more of the following, separated
by whitespace or comma.
.IP "\fB bounce \fR"
Inspect the content of delivery
status notifications.
.IP "\fB notify \fR"
Inspect the content of postmaster
notifications by the \fBsmtp\fR(8) and \fBsmtpd\fR(8) processes.
.PP
NOTE: It's generally not safe to enable content inspection of
Postfix-generated email messages. The user is warned.
.PP
This feature is available in Postfix 2.3 and later.
.SH invalid_hostname_reject_code (default: 501)
The numerical Postfix SMTP server response code when the client
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
@ -2232,8 +2250,8 @@ Technically, tables listed with $local_recipient_maps are used as
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup.
.PP
If this parameter is non-empty (the default), then the Postfix SMTP server
will reject mail for unknown local users.
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users.
.PP
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
@ -3764,8 +3782,8 @@ With "smtp_always_send_ehlo = no", Postfix sends EHLO only when
the word "ESMTP" appears in the server greeting banner (example:
220 spike.porcupine.org ESMTP Postfix).
.SH smtp_bind_address (default: empty)
An optional numerical network address that the SMTP client should
bind to when making an IPv4 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
.PP
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
@ -3789,8 +3807,8 @@ inet_interfaces documentation for more detail.
Note 2: address information may be enclosed inside [],
but this form is not recommended here.
.SH smtp_bind_address6 (default: empty)
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
.PP
This feature is available in Postfix 2.2 and later.
.PP
@ -3829,7 +3847,8 @@ This feature is available in Postfix 2.2.9 and later.
The SMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).
.PP
When no connection can be made within the deadline, the SMTP client
When no connection can be made within the deadline, the Postfix
SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
@ -3951,7 +3970,7 @@ The default time unit is s (seconds).
.SH smtp_data_xfer_timeout (default: 180s)
The SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $smtp_data_xfer_timeout
seconds the SMTP client terminates the transfer.
seconds the Postfix SMTP client terminates the transfer.
.PP
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
@ -3983,7 +4002,7 @@ into concurrency per recipient.
.SH smtp_discard_ehlo_keyword_address_maps (default: empty)
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the SMTP client will ignore in the EHLO response from a
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See smtp_discard_ehlo_keywords for details. The
table is not indexed by hostname for consistency with
smtpd_discard_ehlo_keyword_address_maps.
@ -3991,8 +4010,8 @@ smtpd_discard_ehlo_keyword_address_maps.
This feature is available in Postfix 2.2 and later.
.SH smtp_discard_ehlo_keywords (default: empty)
A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the SMTP client will ignore in the EHLO response
from a remote SMTP server.
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
.PP
This feature is available in Postfix 2.2 and later.
.PP
@ -4080,7 +4099,7 @@ and for receiving the initial server response.
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH smtp_host_lookup (default: dns)
What mechanisms when the SMTP client uses to look up a host's IP
What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
.PP
Specify one of the following:
@ -4200,9 +4219,10 @@ smtp_sasl_auth_enable = yes
.ad
.ft R
.SH smtp_sasl_auth_enforce (default: yes)
Defer mail delivery when an SMTP server does not support SASL
authentication, while smtp_sasl_password_maps contains SASL
login/password information for that server.
If sender-dependent SASL passwords are turned off, defer mail
delivery when an SMTP server does not support SASL authentication,
while smtp_sasl_password_maps contains SASL login/password information
for that server.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_sasl_mechanism_filter (default: empty)
@ -4295,8 +4315,8 @@ for authentication. The available types are listed with the
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_send_xforward_command (default: no)
Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
response announces XFORWARD support.
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
.PP
This allows an "smtp" delivery agent, used for injecting mail into
a content filter, to forward the name, address, protocol and HELO
@ -4306,7 +4326,7 @@ localhost[127.0.0.1] etc.
.PP
This feature is available in Postfix 2.1 and later.
.SH smtp_sender_dependent_authentication (default: no)
Enable sender-dependent authentication in the SMTP client; this is
Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials.
@ -4435,7 +4455,7 @@ smtp_tls_cert_file = /etc/postfix/client.pem
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_cipherlist (default: empty)
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list. As this feature applies to all security levels, it is easy
cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
@ -4474,7 +4494,7 @@ specified with $smtp_tls_cert_file.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_enforce_peername (default: yes)
When TLS encryption is enforced, require that the remote SMTP
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of RFC 2487 the requirements for hostname checking
for MTA clients are not specified.
@ -4491,8 +4511,9 @@ CommonName of this attacker will be logged).
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtp_tls_security_level instead.
.SH smtp_tls_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP client cipher
list at all security levels. This is not an OpenSSL cipherlist, it is
List of ciphers or cipher types to exclude from the Postfix
SMTP client cipher
list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching \fBall\fR the properties are excluded.
@ -4560,12 +4581,13 @@ loglevel 4 is strongly discouraged.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_mandatory_ciphers (default: medium)
The minimum SMTP client TLS cipher grade that is strong enough to
be used with the "encrypt" security level and higher. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
methods. See smtp_tls_policy_maps for information on how to configure
ciphers on a per-destination basis.
The minimum TLS cipher grade that the Postfix SMTP client will
use with
mandatory TLS encryption. The default value "medium" is suitable
for most destinations with which you may want to enforce TLS, and
is beyond the reach of today's crypt-analytic methods. See
smtp_tls_policy_maps for information on how to configure ciphers
on a per-destination basis.
.PP
The following cipher grades are supported:
.IP "\fBexport\fR"
@ -4621,16 +4643,15 @@ encryption or authentication).
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_mandatory_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP client
cipher list at the mandatory TLS security levels: "encrypt", "verify"
and "secure". See smtp_tls_exclude_ciphers for syntax details. When
both "exclude" parameters are defined, the combined list of ciphers is
excluded (provided the TLS security level is "encrypt" or higher).
Additional list of ciphers or cipher types to exclude from the
SMTP client cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with smtp_tls_exclude_ciphers
(see there for syntax details).
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_mandatory_protocols (default: SSLv3, TLSv1)
List of TLS protocol versions that are secure enough to be used
with the "encrypt" security level and higher. In main.cf the values
List of TLS protocols that the Postfix SMTP client will use
with mandatory TLS encryption. In main.cf the values
are separated by whitespace, commas or colons. In the policy table
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names,
@ -5810,7 +5831,7 @@ This list overrides any commands built into the Postfix SMTP server.
The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the
null sender address.
.SH smtpd_peername_lookup (default: yes)
Attempt to look up the SMTP client hostname, and verify that
Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
@ -6530,67 +6551,7 @@ clients.
\fBNote:\fR do not use "" quotes around the parameter value.
.PP
This feature is available with Postfix version 2.2. It is not used with
Postfix 2.3 and later; use smtpd_tls_ciphers instead.
.SH smtpd_tls_ciphers (default: export)
The minimum acceptable SMTP server TLS cipher grade. It is easy to
create inter-operability problems by choosing a non-default cipher grade.
Do not use a stronger than default minimum cipher grade for MX hosts on
the public Internet. Clients that begin the TLS handshake, but are unable
to agree on a common cipher, may not be able to send any email to the
SMTP server. Using a restricted cipher list may be more appropriate for a
dedicated MSA or an internal mailhub, where one can exert some control over
the TLS software and settings of the connecting clients. Configurations
with no certificates are also not likely to inter-operate with most
clients, see the notes for "smtpd_tls_cert_file".
.PP
The following cipher grades are supported:
.IP "\fBexport\fR"
Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
This is the most appropriate setting for public MX hosts. The underlying
cipherlist is specified via the tls_export_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_export_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL".
.IP "\fBlow\fR"
Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_low_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_low_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL".
.IP "\fBmedium\fR"
Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_medium_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_medium_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL".
.IP "\fBhigh\fR"
Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_high_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_high_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers, set
"smtpd_tls_exclude_ciphers = aNULL".
.IP "\fBnull\fR"
Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption. This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
tls_null_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_null_cipherlist
excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
data integrity without encryption or authentication).
.PP
This feature is available in Postfix 2.3 and later.
Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead.
.SH smtpd_tls_dcert_file (default: empty)
File with the Postfix SMTP server DSA certificate in PEM format.
This file may also contain the server private key.
@ -6626,7 +6587,7 @@ openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024
.PP
Your actual source for entropy may differ. Some systems have
/dev/random; on other system you may consider using the "Entropy
Gathering Daemon EGD", available at http://www.lothar.com/tech/crypto/.
Gathering Daemon EGD", available at http://egd.sourceforge.net/
.PP
Example:
.PP
@ -6668,10 +6629,12 @@ must be accessible without password.
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP server
cipher list. This is not an OpenSSL cipherlist; it is a simple list
separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching \fBall\fR the properties are excluded.
cipher list at all TLS security levels. Excluding valid ciphers
can create interoperability problems. DO NOT exclude ciphers unless it
is essential to do so. This is not an OpenSSL cipherlist; it is a simple
list separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which case
only ciphers matching \fBall\fR the properties are excluded.
.PP
Examples (some of these will cause problems):
.PP
@ -6723,23 +6686,95 @@ Use "smtpd_tls_loglevel = 3" only in case of problems. Use of
loglevel 4 is strongly discouraged.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_protocols (default: empty)
The list of TLS protocols supported by the Postfix SMTP server.
If the list is empty, the server supports all available TLS protocol
versions. A non-empty value is a list of protocol names separated
by whitespace, commas or colons. The supported protocol names are
"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive.
.SH smtpd_tls_mandatory_ciphers (default: medium)
The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory
TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
or smtpd_tls_exclude_ciphers are excluded from the base definition
of the selected cipher grade. With opportunistic TLS encryption,
the "export" grade is used unconditionally with exclusions specified
only via smtpd_tls_exclude_ciphers.
.PP
DO NOT set this to a non-default value on an Internet MX host,
as this may cause inter-operability problems. If you restrict the
protocol list on an Internet MX host, you may lose mail.
The following cipher grades are supported:
.IP "\fBexport\fR"
Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
This is the most appropriate setting for public MX hosts, and is always
used with opportunistic TLS encryption. The underlying cipherlist
is specified via the tls_export_cipherlist configuration parameter,
which you are strongly encouraged to not change. The default value
of tls_export_cipherlist includes anonymous ciphers, but these are
automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers
only when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers =
aNULL".
.IP "\fBlow\fR"
Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
underlying cipherlist is specified via the tls_low_cipherlist
configuration parameter, which you are strongly encouraged to
not change. The default value of tls_low_cipherlist includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL".
.IP "\fBmedium\fR"
Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
are essentially the 128-bit or stronger ciphers. This is the default
minimum strength for mandatory TLS encryption. MSAs that enforce
TLS and have clients that do not support any "MEDIUM" or "HIGH"
grade ciphers, may need to configure a weaker ("low" or "export")
minimum cipher grade. The underlying cipherlist is specified via the
tls_medium_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_medium_cipherlist
includes anonymous ciphers, but these are automatically filtered out if
the server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL".
.IP "\fBhigh\fR"
Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
underlying cipherlist is specified via the tls_high_cipherlist
configuration parameter, which you are strongly encouraged to
not change. The default value of tls_high_cipherlist includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL".
.IP "\fBnull\fR"
Enable only the "NULL" OpenSSL ciphers, these provide authentication
without encryption. This setting is only appropriate in the rare
case that all clients are prepared to use NULL ciphers (not normally
enabled in TLS clients). The underlying cipherlist is specified via the
tls_null_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_null_cipherlist
excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
data integrity without encryption or authentication).
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_mandatory_exclude_ciphers (default: empty)
Additional list of ciphers or cipher types to exclude from the
SMTP server cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
(see there for syntax details).
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_mandatory_protocols (default: SSLv3, TLSv1)
The TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. With opportunistic TLS encryption, all
protocols are always accepted. If the list is empty, the server
supports all available TLS protocol versions. A non-empty value
is a list of protocol names separated by whitespace, commas or
colons. The supported protocol names are "SSLv2", "SSLv3" and
"TLSv1", and are not case sensitive.
.PP
Example:
.PP
.nf
.na
.ft C
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
.fi
.ad
.ft R
@ -6755,7 +6790,7 @@ that was recorded by the final destination can be trusted.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_req_ccert (default: no)
When TLS encryption is enforced, require a remote SMTP client
With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "smtpd_tls_ask_ccert = yes".
.PP
@ -6794,6 +6829,8 @@ encrypt" implies "smtpd_tls_auth_only = yes".
Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_session_cache_database (default: empty)
Name of the file containing the optional Postfix SMTP server
TLS session cache. Specify a database type that supports enumeration,
@ -6977,7 +7014,7 @@ bytes (equivalent to 256 bits) is sufficient to generate a 128bit
This feature is available in Postfix 2.2 and later.
.SH tls_export_cipherlist (default: ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
defines the meaning of the "export" setting in smtpd_tls_ciphers,
defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
@ -6986,21 +7023,21 @@ strongly encouraged to not change this setting.
This feature is available in Postfix 2.3 and later.
.SH tls_high_cipherlist (default: !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_low_cipherlist (default: !EXPORT:ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_ciphers,
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_medium_cipherlist (default: !EXPORT:!LOW:ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
defines the meaning of the "medium" setting in smtpd_tls_ciphers,
defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
@ -7011,7 +7048,7 @@ This feature is available in Postfix 2.3 and later.
.SH tls_null_cipherlist (default: !aNULL:eNULL+kRSA)
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
setting in smtpd_tls_ciphers, smtp_tls_mandatory_ciphers and
setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and
lmtp_tls_mandatory_ciphers. You are strongly encouraged to not
change this setting.
.PP

4
postfix/man/man5/relocated.5
View File

@ -98,7 +98,7 @@ directed to a TCP-based server. For a description of regular
expression lookup table syntax, see \fBregexp_table\fR(5) or
\fBpcre_table\fR(5). For a description of the TCP client/server
table lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each pattern is a regular expression that is applied to the entire
address being looked up. Thus, \fIuser@domain\fR mail addresses are not
@ -119,7 +119,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their

2
postfix/man/man5/transport.5
View File

@ -249,7 +249,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire recipient address once. Thus,
\fIsome.domain.hierarchy\fR is not looked up via its parent domains,

2
postfix/man/man5/virtual.5
View File

@ -221,7 +221,7 @@ pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
This feature is not available up to and including Postfix version 2.2.
This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their

4
postfix/man/man8/bounce.8
View File

@ -95,6 +95,10 @@ file or \fBbounce\fR(8) logfile.
.IP "\fBipc_timeout (3600s)\fR"
The time limit for sending or receiving information over an internal
communication channel.
.IP "\fBinternal_mail_filter_classes (empty)\fR"
What categories of Postfix-generated mail are subject to
before-queue content inspection by non_smtpd_milters, header_checks
and body_checks.
.IP "\fBmail_name (Postfix)\fR"
The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.

60
postfix/man/man8/smtp.8
View File

@ -192,12 +192,12 @@ Available in Postfix version 2.2 and later:
.IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the SMTP client will ignore in the EHLO response from a
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server.
.IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the SMTP client will ignore in the EHLO response
from a remote SMTP server.
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server.
.IP "\fBsmtp_generic_maps (empty)\fR"
Optional lookup tables that perform address rewriting in the
SMTP client, typically to transform a locally valid address into
@ -238,8 +238,8 @@ The maximal recursion level that the MIME processor will handle.
.fi
Available in Postfix version 2.1 and later:
.IP "\fBsmtp_send_xforward_command (no)\fR"
Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
response announces XFORWARD support.
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
.SH "SASL AUTHENTICATION CONTROLS"
.na
.nf
@ -263,11 +263,12 @@ server's list of offered SASL mechanisms.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
Defer mail delivery when an SMTP server does not support SASL
authentication, while smtp_sasl_password_maps contains SASL
login/password information for that server.
If sender-dependent SASL passwords are turned off, defer mail
delivery when an SMTP server does not support SASL authentication,
while smtp_sasl_password_maps contains SASL login/password information
for that server.
.IP "\fBsmtp_sender_dependent_authentication (no)\fR"
Enable sender-dependent authentication in the SMTP client; this is
Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials.
@ -305,15 +306,16 @@ certificate.
.IP "\fBsmtp_tls_cert_file (empty)\fR"
File with the Postfix SMTP client RSA certificate in PEM format.
.IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
The minimum SMTP client TLS cipher grade that is strong enough to
be used with the "encrypt" security level and higher.
The minimum TLS cipher grade that the Postfix SMTP client will
use with
mandatory TLS encryption.
.IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
List of ciphers or cipher types to exclude from the SMTP client cipher
list at all security levels.
List of ciphers or cipher types to exclude from the Postfix
SMTP client cipher
list at all TLS security levels.
.IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
List of ciphers or cipher types to exclude from the SMTP client
cipher list at the mandatory TLS security levels: "encrypt", "verify"
and "secure".
Additional list of ciphers or cipher types to exclude from the
SMTP client cipher list at mandatory TLS security levels.
.IP "\fBsmtp_tls_dcert_file (empty)\fR"
File with the Postfix SMTP client DSA certificate in PEM format.
.IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
@ -325,13 +327,6 @@ Enable additional Postfix SMTP client logging of TLS activity.
.IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
.IP "\fBsmtp_tls_policy_maps (empty)\fR"
Optional lookup tables with the Postfix SMTP client TLS security
policy by next-hop destination; when a non-empty value is specified,
this overrides the obsolete smtp_tls_per_site parameter.
.IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
List of TLS protocol versions that are secure enough to be used
with the "encrypt" security level and higher.
.IP "\fBsmtp_tls_scert_verifydepth (5)\fR"
The verification depth for remote SMTP server certificates.
.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
@ -382,12 +377,15 @@ STARTTLS support, otherwise send the mail in the clear.
Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
.IP "\fBsmtp_tls_enforce_peername (yes)\fR"
When TLS encryption is enforced, require that the remote SMTP
With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate.
.IP "\fBsmtp_tls_per_site (empty)\fR"
Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server hostname.
.IP "\fBsmtp_tls_cipherlist (empty)\fR"
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
.SH "RESOURCE AND RATE CONTROLS"
.na
.nf
@ -480,6 +478,10 @@ by the amount specified in $debug_peer_level.
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
errors.
.IP "\fBinternal_mail_filter_classes (empty)\fR"
What categories of Postfix-generated mail are subject to
before-queue content inspection by non_smtpd_milters, header_checks
and body_checks.
.IP "\fBnotify_classes (resource, software)\fR"
The list of error classes that are reported to the postmaster.
.SH "MISCELLANEOUS CONTROLS"
@ -526,17 +528,17 @@ The process name of a Postfix command or daemon process.
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.IP "\fBsmtp_bind_address (empty)\fR"
An optional numerical network address that the SMTP client should
bind to when making an IPv4 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
.IP "\fBsmtp_bind_address6 (empty)\fR"
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
.IP "\fBsmtp_helo_name ($myhostname)\fR"
The hostname to send in the SMTP EHLO or HELO command.
.IP "\fBlmtp_lhlo_name ($myhostname)\fR"
The hostname to send in the LMTP LHLO command.
.IP "\fBsmtp_host_lookup (dns)\fR"
What mechanisms when the SMTP client uses to look up a host's IP
What mechanisms when the Postfix SMTP client uses to look up a host's IP
address.
.IP "\fBsmtp_randomize_addresses (yes)\fR"
Randomize the order of equal-preference MX host addresses.

57
postfix/man/man8/smtpd.8
View File

@ -294,12 +294,10 @@ for authentication.
.fi
Detailed information about STARTTLS configuration may be
found in the TLS_README document.
.IP "\fBsmtpd_use_tls (no)\fR"
Opportunistic TLS: announce STARTTLS support to SMTP clients,
but do not require that clients use TLS encryption.
.IP "\fBsmtpd_enforce_tls (no)\fR"
Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption.
.IP "\fBsmtpd_tls_security_level (empty)\fR"
The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls.
.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
The SASL authentication security options that the Postfix SMTP
server uses for TLS encrypted SMTP sessions.
@ -322,11 +320,9 @@ connections.
The verification depth for remote SMTP client certificates.
.IP "\fBsmtpd_tls_cert_file (empty)\fR"
File with the Postfix SMTP server RSA certificate in PEM format.
.IP "\fBsmtpd_tls_ciphers (export)\fR"
The minimum acceptable SMTP server TLS cipher grade.
.IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR"
List of ciphers or cipher types to exclude from the SMTP server
cipher list.
cipher list at all TLS security levels.
.IP "\fBsmtpd_tls_dcert_file (empty)\fR"
File with the Postfix SMTP server DSA certificate in PEM format.
.IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
@ -341,15 +337,23 @@ File with the Postfix SMTP server DSA private key in PEM format.
File with the Postfix SMTP server RSA private key in PEM format.
.IP "\fBsmtpd_tls_loglevel (0)\fR"
Enable additional Postfix SMTP server logging of TLS activity.
.IP "\fBsmtpd_tls_protocols (empty)\fR"
The list of TLS protocols supported by the Postfix SMTP server.
.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory
TLS encryption.
.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
Additional list of ciphers or cipher types to exclude from the
SMTP server cipher list at mandatory TLS security levels.
.IP "\fBsmtpd_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
The TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption.
.IP "\fBsmtpd_tls_received_header (no)\fR"
Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
as well as the client CommonName and client certificate issuer
CommonName.
.IP "\fBsmtpd_tls_req_ccert (no)\fR"
When TLS encryption is enforced, require a remote SMTP client
With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed.
.IP "\fBsmtpd_tls_session_cache_database (empty)\fR"
Name of the file containing the optional Postfix SMTP server
@ -364,12 +368,6 @@ instead of using the STARTTLS command.
The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
process requests from the \fBtlsmgr\fR(8) server in order to seed its
internal pseudo random number generator (PRNG).
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_tls_security_level (empty)\fR"
The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls.
.IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
The OpenSSL cipherlist for "HIGH" grade ciphers.
.IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
@ -381,6 +379,23 @@ The OpenSSL cipherlist for "EXPORT" or higher grade ciphers.
.IP "\fBtls_null_cipherlist (!aNULL:eNULL+kRSA)\fR"
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
.ad
.fi
The following configuration parameters exist for compatibility
with Postfix versions before 2.3. Support for these will
be removed in a future release.
.IP "\fBsmtpd_use_tls (no)\fR"
Opportunistic TLS: announce STARTTLS support to SMTP clients,
but do not require that clients use TLS encryption.
.IP "\fBsmtpd_enforce_tls (no)\fR"
Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption.
.IP "\fBsmtpd_tls_cipherlist (empty)\fR"
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
cipher list.
.SH "VERP SUPPORT CONTROLS"
.na
.nf
@ -427,6 +442,10 @@ by the amount specified in $debug_peer_level.
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
errors.
.IP "\fBinternal_mail_filter_classes (empty)\fR"
What categories of Postfix-generated mail are subject to
before-queue content inspection by non_smtpd_milters, header_checks
and body_checks.
.IP "\fBnotify_classes (resource, software)\fR"
The list of error classes that are reported to the postmaster.
.IP "\fBsoft_bounce (no)\fR"
@ -543,7 +562,7 @@ before it is flushed upon receipt of EHLO, RSET, or end of DATA.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_peername_lookup (yes)\fR"
Attempt to look up the SMTP client hostname, and verify that
Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address.
.PP
The per SMTP client connection count and request rate limits are

8
postfix/mantools/postlink
View File

@ -182,6 +182,7 @@ while (<>) {
s;\bhopcount_limit\b;<a href="postconf.5.html#hopcount_limit">$&</a>;g;
s;\bhtml_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#html_directory">$&</a>;g;
s;\bignore_mx_lookup_error\b;<a href="postconf.5.html#ignore_mx_lookup_error">$&</a>;g;
s;\binternal_mail_filter_classes\b;<a href="postconf.5.html#internal_mail_filter_classes">$&</a>;g;
s;\bimport_environment\b;<a href="postconf.5.html#import_environment">$&</a>;g;
s;\bin_flow_delay\b;<a href="postconf.5.html#in_flow_delay">$&</a>;g;
s;\binet_inter[-</bB>]*\n*[ <bB>]*faces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
@ -531,6 +532,7 @@ while (<>) {
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;
s;\bsmtp_tls_cert_file\b;<a href="postconf.5.html#smtp_tls_cert_file">$&</a>;g;
s;\bsmtp_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtp_tls_mandatory_ciphers">$&</a>;g;
s;\bsmtp_tls_cipherlist\b;<a href="postconf.5.html#smtp_tls_cipherlist">$&</a>;g;
s;\bsmtp_tls_exclude_ciphers\b;<a href="postconf.5.html#smtp_tls_exclude_ciphers">$&</a>;g;
s;\bsmtp_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">$&</a>;g;
s;\bsmtp_tls_dcert_file\b;<a href="postconf.5.html#smtp_tls_dcert_file">$&</a>;g;
@ -559,8 +561,10 @@ while (<>) {
s;\bsmtpd_tls_auth_only\b;<a href="postconf.5.html#smtpd_tls_auth_only">$&</a>;g;
s;\bsmtpd_tls_ccert_verifydepth\b;<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">$&</a>;g;
s;\bsmtpd_tls_cert_file\b;<a href="postconf.5.html#smtpd_tls_cert_file">$&</a>;g;
s;\bsmtpd_tls_ciphers\b;<a href="postconf.5.html#smtpd_tls_ciphers">$&</a>;g;
s;\bsmtpd_tls_cipherlist\b;<a href="postconf.5.html#smtpd_tls_cipherlist">$&</a>;g;
s;\bsmtpd_tls_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">$&</a>;g;
s;\bsmtpd_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_dcert_file\b;<a href="postconf.5.html#smtpd_tls_dcert_file">$&</a>;g;
s;\bsmtpd_tls_dh1024_param_file\b;<a href="postconf.5.html#smtpd_tls_dh1024_param_file">$&</a>;g;
s;\bsmtpd_tls_dh512_param_file\b;<a href="postconf.5.html#smtpd_tls_dh512_param_file">$&</a>;g;
@ -568,7 +572,7 @@ while (<>) {
s;\bsmtpd_tls_key_file\b;<a href="postconf.5.html#smtpd_tls_key_file">$&</a>;g;
s;\bsmtpd_tls_security_level\b;<a href="postconf.5.html#smtpd_tls_security_level">$&</a>;g;
s;\bsmtpd_tls_loglevel\b;<a href="postconf.5.html#smtpd_tls_loglevel">$&</a>;g;
s;\bsmtpd_tls_protocols\b;<a href="postconf.5.html#smtpd_tls_protocols">$&</a>;g;
s;\bsmtpd_tls_mandatory_protocols\b;<a href="postconf.5.html#smtpd_tls_mandatory_protocols">$&</a>;g;
s;\bsmtpd_tls_received_header\b;<a href="postconf.5.html#smtpd_tls_received_header">$&</a>;g;
s;\bsmtpd_tls_req_ccert\b;<a href="postconf.5.html#smtpd_tls_req_ccert">$&</a>;g;
s;\bsmtpd_tls_session_cache_database\b;<a href="postconf.5.html#smtpd_tls_session_cache_database">$&</a>;g;

4
postfix/proto/ADDRESS_VERIFICATION_README.html
View File

@ -230,6 +230,10 @@ and there are no surprises. If a recipient probe fails, then Postfix
rejects mail for the recipient address. If a recipient probe
succeeds, then Postfix accepts mail for the recipient address. </p>
<p> By default, address verification results are not saved. To avoid
probing the same address repeatedly, you can store the result in a
<a href="#caching">persistent database</a> as described later. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:

8
postfix/proto/FILTER_README.html
View File

@ -615,6 +615,7 @@ how one would set up the service in the Postfix master.cf file:
# =============================================================
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
</pre>
</blockquote>
@ -633,6 +634,13 @@ after-filter smtpd process, so that filtered mail is logged with
the real client name IP address. See smtp(8) and XFORWARD_README
for more information. </p>
<li> <p> With "-o disable_mime_output_conversion=yes", the scan
delivery agent will not convert 8BITMIME mail to quoted-printable
form while delivering to the content filter, as that would invalidate
domainkeys and other digital signatures. This workaround is needed
because some SMTP-based content filters don't announce 8BITMIME
support, even though they can handle it just fine. </p>
</ul>
<h3>Advanced content filter: running the content filter</h3>

62
postfix/proto/MILTER_README.html
View File

@ -32,13 +32,14 @@ href="http://sourceforge.net/projects/sid-milter/">SenderID+SPF</a> and
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
or to digitally sign mail (example: <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
Having yet another MTA-specific version of all that software is a
poor use of human and system resources. </p>
Having yet another Postfix-specific version of all that software
is a poor use of human and system resources. </p>
<p> Postfix 2.3 implements all the requests of Sendmail version 8
Milter protocols up to version 4, except one: message body replacement.
See, however, the <a href="#limitations">limitations</a> section
at the end of this document. </p>
See, however, the <a href="#workarounds">workarounds</a> and <a
href="#limitations">limitations</a> sections at the end of this
document. </p>
<p> This document provides information on the following topics: </p>
@ -337,7 +338,7 @@ Connect to the specified TCP port on the specified local or remote
host. The host and port can be specified in numeric or symbolic
form.</p>
<p> Note: Postfix syntax differs from Milter syntax which has the
<p> NOTE: Postfix syntax differs from Milter syntax which has the
form <b>inet:</b><i>port</i><b>@</b><i>host</i>. </p> </dd>
</dl>
@ -611,6 +612,13 @@ TO </td> </tr>
<h2><a name="workarounds">Workarounds</a></h2>
<p> Content filters may break domain key etc. signatures. If you
use an SMTP-based filter as described in FILTER_README, then you
should add a line to master.cf with "disable_mime_output_conversion
= yes", as described in the <a
href="FILTER_README.html#advanced_filter">advanced content filter</a>
example. </p>
<p> Sendmail Milter applications were originally developed for the
Sendmail version 8 MTA, which has a different architecture than
Postfix. The result is that some Milter applications make assumptions
@ -618,6 +626,10 @@ that aren't true in a Postfix environment. </p>
<ul>
<li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
to recognize local mail; this macro does not exist in Postfix.
Workaround: use the "<tt>{client_addr}</tt>" macro instead. </p>
<li> <p> Some Milter applications log a warning that looks like
this: </p>
@ -635,13 +647,14 @@ X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com &lt;unknown-msgid&
</pre>
</blockquote>
<p> This happens because the Milter application expects that the
<p> This happens because some Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
(sender) command. Postfix, on the other hand, does not create a
queue file until <i>after</i> Postfix accepts the first valid RCPT
TO (recipient) command. This queue file name must be globally unique
across multiple queue directories, so it cannot be chosen until the
file is actually created. </p>
(sender) command. Postfix, on the other hand, does not choose a
queue file name until <i>after</i> it accepts the first valid RCPT
TO (recipient) command. Postfix queue file names must be unique
across multiple directories, so the name can't be chosen before the
file is created. If multiple messages were to use the same queue
ID <i>simultaneously</i>, mail would be lost. </p>
<p> To work around the ugly message header from Milter applications,
we add a little code to the Milter source to look up the queue ID
@ -659,21 +672,32 @@ the top shown as <b>bold</b> text below: </p>
<blockquote>
<pre>
sic = (Context) smfi_getpriv(ctx);
assert(sic != NULL);
dfc = cc->cctx_msg;
assert(dfc != NULL);
<b>
/*
** Determine the job ID for logging.
*/
if (sic->ctx_jobid == 0 || strcmp(sic->ctx_jobid, MSGIDUNKNOWN) == 0) {
/* Determine the job ID for logging. */
if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
char *jobid = smfi_getsymval(ctx, "i");
if (jobid != 0)
sic->ctx_jobid = jobid;
dfc->mctx_jobid = jobid;
}</b>
/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
<p> This does not remove the WARNING message, however. </p>
<p> NOTES: </p>
<ul>
<li> <p> Different mail filters use slightly different names for
variables. If the above code does not compile, look for the code
at the start of the <tt>mlfi_eoh()</tt> routine. </p>
<li> <p> This fixes only the ugly message header, but not the WARNING
message. Fortunately, dk-filter logs that message only once. </p>
</ul>
<p> With some Milter applications we can fix both the WARNING and
the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>

128
postfix/proto/TLS_README.html
View File

@ -247,7 +247,7 @@ back to plain text after a TLS handshake failure, the server will
be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly sets
"smtpd_tls_cert_file&nbsp;=&nbsp;none". This ensures that new Postfix
"smtpd_tls_cert_file = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
@ -436,8 +436,8 @@ since the headers may be changed by intermediate servers. </p>
<p> By default, TLS is disabled in the Postfix SMTP server, so no
difference to plain Postfix is visible. Explicitly switch it on
with "smtpd_tls_security_level&nbsp;=&nbsp;may" (Postfix 2.3 and
later) or "smtpd_use_tls&nbsp;=&nbsp;yes" (obsolete but still
with "smtpd_tls_security_level = may" (Postfix 2.3 and
later) or "smtpd_use_tls = yes" (obsolete but still
supported). </p>
<p> Example: </p>
@ -463,8 +463,8 @@ private key. This is intended behavior. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
"smtpd_tls_security_level&nbsp;=&nbsp;encrypt" (Postfix 2.3 and
later) or "smtpd_enforce_tls&nbsp;=&nbsp;yes" (obsolete but still
"smtpd_tls_security_level = encrypt" (Postfix 2.3 and
later) or "smtpd_enforce_tls = yes" (obsolete but still
supported). According to RFC 2487 this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
@ -490,7 +490,7 @@ and OE (5.01 Mac on all ports). </p>
<p> It is strictly discouraged to use this mode from main.cf. If
you want to support this service, enable a special port in master.cf
and specify "-o smtpd_tls_wrappermode&nbsp;=&nbsp;yes" as an smtpd(8) command
and specify "-o smtpd_tls_wrappermode = yes" as an smtpd(8) command
line option. Port 465 (smtps) was once chosen for this feature.
</p>
@ -536,9 +536,9 @@ when the server is configured to ask for client certificates. </p>
<p> When TLS is <a href="#server_enforce">enforced</a> you may also decide
to REQUIRE a remote SMTP client certificate for all TLS connections,
by setting "smtpd_tls_req_ccert&nbsp;=&nbsp;yes". This feature implies
"smtpd_tls_ask_ccert&nbsp;=&nbsp;yes". When TLS is not enforced,
"smtpd_tls_req_ccert&nbsp;=&nbsp;yes" is ignored and a warning is
by setting "smtpd_tls_req_ccert = yes". This feature implies
"smtpd_tls_ask_ccert = yes". When TLS is not enforced,
"smtpd_tls_req_ccert = yes" is ignored and a warning is
logged. </p>
<p> Example: </p>
@ -573,16 +573,16 @@ CA issues special CA which then issues the actual certificate...)
<p> Sending AUTH data over an unencrypted channel poses a security
risk. When TLS layer encryption is required
("smtpd_tls_security_level&nbsp;=&nbsp;encrypt" or the obsolete
"smtpd_enforce_tls&nbsp;=&nbsp;yes"), the Postfix SMTP server will
("smtpd_tls_security_level = encrypt" or the obsolete
"smtpd_enforce_tls = yes"), the Postfix SMTP server will
announce and accept AUTH only after the TLS layer has been activated
with STARTTLS. When TLS layer encryption is optional
("smtpd_tls_security_level&nbsp;=&nbsp;may" or the obsolete
"smtpd_enforce_tls&nbsp;=&nbsp;no"), it may however still be useful
("smtpd_tls_security_level = may" or the obsolete
"smtpd_enforce_tls = no"), it may however still be useful
to only offer AUTH when TLS is active. To maintain compatibility
with non-TLS clients, the default is to accept AUTH without encryption.
In order to change this behavior, set
"smtpd_tls_auth_only&nbsp;=&nbsp;yes". </p>
"smtpd_tls_auth_only = yes". </p>
<p> Example: </p>
@ -707,36 +707,44 @@ the user or host.</p>
<p> The description below is for Postfix 2.3; for Postfix &lt; 2.3 the
smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an
explicit OpenSSL cipherlist. </p>
explicit OpenSSL cipherlist. The obsolete setting applies even when TLS
encryption is not enforced. Use of this control on public MX hosts is
strongly discouraged. </p>
<p> With mandatory TLS encryption, the Postfix SMTP server will by
default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
is optional. This is controlled by the smtpd_tls_mandatory_protocols
configuration parameter. </p>
<p> The Postfix SMTP server supports 5 distinct cipher security levels
as specified by the smtpd_tls_ciphers configuration parameter. The
default value is "export" which is the only one appropriate for public
MX hosts. On private MX hosts or MSAs one can further restrict the
OpenSSL cipherlist selection. </p>
as specified by the smtpd_tls_mandatory_ciphers configuration parameter,
which determines the cipher grade with mandatory TLS encryption. The
default value is "medium" which is essentially 128-bit encryption or better.
With opportunistic TLS encryption, the minimum accepted cipher grade is
always "export". </p>
<p> By default anonymous ciphers are allowed, and automatically disabled
when client certificates are requested. If clients are expected to always
verify the server certificate you may want to exclude anonymous ciphers
by setting "smtpd_tls_exclude_ciphers&nbsp;=&nbsp;aNULL". One can't
force a client to check the server certificate, so excluding anonymous
ciphers is generally unnecessary. </p>
by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL".
One can't force a client to check the server certificate, so excluding
anonymous ciphers is generally unnecessary. </p>
<p> For a server that is not a public Internet MX host, Postfix 2.3
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
enabled by explicitly setting "smtpd_tls_cert_file&nbsp;=&nbsp;none"
enabled by explicitly setting "smtpd_tls_cert_file = none"
and not specifying an smtpd_tls_dcert_file. </p>
<p> Example: (MSA that requires TLS with reasonably secure ciphers) </p>
<p> Example: (MSA that requires TLS with high grade ciphers) </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL, MD5
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
@ -1186,11 +1194,11 @@ in the sections that follow.</p>
<p> At the "none" TLS security level, TLS encryption is
disabled. This is the default security level. With Postfix 2.3 and later,
it can be configured explicitly by setting "smtp_tls_security_level&nbsp;=&nbsp;none". </p>
it can be configured explicitly by setting "smtp_tls_security_level = none". </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to
its default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_use_tls&nbsp;=&nbsp;no" and "smtp_enforce_tls&nbsp;=&nbsp;no".
settings are "smtp_use_tls = no" and "smtp_enforce_tls = no".
With either approach, TLS is not used even if supported by the server.
For LMTP, use the corresponding "lmtp_" parameters. </p>
@ -1211,7 +1219,7 @@ table, specify the "NONE" keyword. </p>
The SMTP transaction is encrypted if the STARTTLS ESMTP feature
is supported by the server. Otherwise, messages are sent in the clear.
With Postfix 2.3 and later, opportunistic TLS can be configured by
setting "smtp_tls_security_level&nbsp;=&nbsp;may".
setting "smtp_tls_security_level = may".
<p> Since sending in the clear is acceptable, demanding stronger
than default TLS security merely reduces inter-operability. For
@ -1222,9 +1230,9 @@ better ciphers are used. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level is
set to its default (backwards compatible) empty value, the appropriate
configuration settings are "smtp_use_tls&nbsp;=&nbsp;yes" and
"smtp_enforce_tls&nbsp;=&nbsp;no".
For LMTP use the corresponding "lmtp" parameters. </p>
configuration settings are "smtp_use_tls = yes" and
"smtp_enforce_tls = no".
For LMTP use the corresponding "lmtp_" parameters. </p>
<p> With opportunistic TLS, mail delivery continues even if the
server certificate is untrusted or bears the wrong name. Starting
@ -1280,7 +1288,7 @@ over TLS encrypted sessions. The SMTP transaction is aborted unless
the STARTTLS ESMTP feature is supported by the server. If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
"smtp_tls_security_level&nbsp;=&nbsp;encrypt". Even though TLS
"smtp_tls_security_level = encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
certificate is untrusted or bears the wrong name. </p>
@ -1294,9 +1302,9 @@ parameters includes useful interoperability and security guidelines.
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
is set to its default (backwards compatible) empty value, the
appropriate configuration settings are "smtp_enforce_tls&nbsp;=&nbsp;yes"
and "smtp_tls_enforce_peername&nbsp;=&nbsp;no". For LMTP use the corresponding
<i>lmtp_</i> parameters. </p>
appropriate configuration settings are "smtp_enforce_tls = yes"
and "smtp_tls_enforce_peername = no". For LMTP use the corresponding
"lmtp_" parameters. </p>
<p> Despite the potential for eliminating passive eavesdropping attacks,
mandatory TLS encryption is not viable as a default security level for
@ -1407,7 +1415,7 @@ TLS encrypted sessions if the server certificate is valid (not
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
server certificate verification can be configured by setting
"smtp_tls_security_level&nbsp;=&nbsp;verify". The
"smtp_tls_security_level = verify". The
smtp_tls_verify_cert_match parameter can override the default
"hostname" certificate name matching strategy. Fine-tuning the
matching strategy is generally only appropriate for <a
@ -1415,9 +1423,9 @@ href="#client_tls_secure">secure-channel</a> destinations. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
is set to its default (backwards compatible) empty value, the
appropriate configuration settings are "smtp_enforce_tls&nbsp;=&nbsp;yes" and
"smtp_tls_enforce_peername&nbsp;=&nbsp;yes". For LMTP use the corresponding
<i>lmtp_</i> parameters. </p>
appropriate configuration settings are "smtp_enforce_tls = yes" and
"smtp_tls_enforce_peername = yes". For LMTP use the corresponding
"lmtp_" parameters. </p>
<p> If the server certificate chain is trusted (see smtp_tls_CAfile
and smtp_tls_CApath), any DNS names in the SubjectAlternativeName
@ -1491,16 +1499,16 @@ to <i>example.com</i> recipients uses "high" grade ciphers. </p>
<i>secure-channel</i> TLS sessions where DNS forgery resistant server
certificate verification succeeds. If no suitable servers are found, the
message will be deferred. With Postfix 2.3 and later, secure-channels
can be configured by setting "smtp_tls_security_level&nbsp;=&nbsp;secure".
can be configured by setting "smtp_tls_security_level = secure".
The smtp_tls_secure_cert_match parameter can override the default
"nexthop, dot-nexthop" certificate match strategy. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
is set to its default (backwards compatible) empty value, the
appropriate configuration settings are "smtp_enforce_tls&nbsp;=&nbsp;yes"
and "smtp_tls_enforce_peername&nbsp;=&nbsp;yes" with additional settings to
appropriate configuration settings are "smtp_enforce_tls = yes"
and "smtp_tls_enforce_peername = yes" with additional settings to
<a href="#client_tls_harden">harden</a> peer certificate verification
against forged DNS data. For LMTP, use the corresponding <i>lmtp_</i>
against forged DNS data. For LMTP, use the corresponding "lmtp_"
parameters. </p>
<p> If the server certificate chain is trusted (see smtp_tls_CAfile and
@ -1854,7 +1862,7 @@ settings. </dd>
<dt> MAY </dt> <dd> Opportunistic TLS. This has less precedence than
a more specific result (including "NONE") from the alternate host or
next-hop lookup key, and has less precedence than the more specific global
"smtp_enforce_tls&nbsp;=&nbsp;yes" or "smtp_tls_enforce_peername&nbsp;=&nbsp;yes". </dd>
"smtp_enforce_tls = yes" or "smtp_tls_enforce_peername = yes". </dd>
<dt> MUST_NOPEERMATCH </dt> <dd> Mandatory TLS encryption. This
overrides a less secure "NONE" or a less specific "MAY" lookup result
@ -1880,8 +1888,8 @@ policies can be summarized as follows: </p>
<li> <p> When neither the remote SMTP server hostname nor the
next-hop destination are found in the smtp_tls_per_site table, the
policy is based on smtp_use_tls, smtp_enforce_tls and
smtp_tls_enforce_peername. Note: "smtp_enforce_tls&nbsp;=&nbsp;yes" and
"smtp_tls_enforce_peername&nbsp;=&nbsp;yes" imply "smtp_use_tls&nbsp;=&nbsp;yes". </p>
smtp_tls_enforce_peername. Note: "smtp_enforce_tls = yes" and
"smtp_tls_enforce_peername = yes" imply "smtp_use_tls = yes". </p>
<li> <p> When both hostname and next-hop destination lookups produce
a result, the more specific per-site policy (NONE, MUST, etc)
@ -1891,7 +1899,7 @@ policy (MUST, etc) overrides the less secure one (NONE). </p>
<li> <p> After the per-site policy lookups are combined, the result
generally overrides the global policy. The exception is the less
specific "MAY" per-site policy, which is overruled by the more
specific global "smtp_enforce_tls&nbsp;=&nbsp;yes" with server certificate
specific global "smtp_enforce_tls = yes" with server certificate
verification as specified with the smtp_tls_enforce_peername
parameter. </p>
@ -1929,7 +1937,7 @@ server hostname that is used for TLS policy lookup and server certificate
verification. </p>
<li> <p> Disallow CNAME hostname overrides. In main.cf, specify
"smtp_cname_overrides_servername&nbsp;=&nbsp;no". This prevents false hostname
"smtp_cname_overrides_servername = no". This prevents false hostname
information in DNS CNAME records from changing the server hostname
that Postfix uses for TLS policy lookup and server certificate
verification. This feature requires Postfix 2.2.9 or later. The
@ -2025,14 +2033,14 @@ methods. See smtp_tls_policy_maps for information on how to configure
ciphers on a per-destination basis. </p>
<p> By default anonymous ciphers are allowed, and automatically
disabled when server certificates are verified. If you
want to disable even at the "encrypt" security level, set
"smtp_tls_mandatory_exclude_ciphers&nbsp;=&nbsp;aNULL",
to disable anonymous ciphers even with opportunistic TLS, set
"smtp_tls_exclude_ciphers&nbsp;=&nbsp;aNULL". There is generally no
need to take these measures. Anonymous ciphers save bandwidth and TLS
session cache space, if certificates are ignored, there is little point
in requesting them. </p>
disabled when server certificates are verified. If you want to
disable anonymous ciphers even at the "encrypt" security level, set
"smtp_tls_mandatory_exclude_ciphers = aNULL"; and to
disable anonymous ciphers even with opportunistic TLS, set
"smtp_tls_exclude_ciphers = aNULL". There is generally
no need to take these measures. Anonymous ciphers save bandwidth
and TLS session cache space, if certificates are ignored, there is
little point in requesting them. </p>
<p> Example: </p>
@ -2336,14 +2344,14 @@ generation (PRNG) pool, and in order to access the TLS session
cache databases. Such a protocol cannot be run across fifos. </p>
<li> <p> smtp_tls_per_site: the MUST_NOPEERMATCH per-site policy
cannot override the global "smtp_tls_enforce_peername&nbsp;=&nbsp;yes" setting.
cannot override the global "smtp_tls_enforce_peername = yes" setting.
</p>
<li> <p> smtp_tls_per_site: a combined (NONE + MAY) lookup result
for (hostname and next-hop destination) produces counter-intuitive
results for different main.cf settings. TLS is enabled with
"smtp_tls_enforce_peername&nbsp;=&nbsp;no", but it is disabled when both
"smtp_enforce_tls&nbsp;=&nbsp;yes" and "smtp_tls_enforce_peername&nbsp;=&nbsp;yes".
"smtp_tls_enforce_peername = no", but it is disabled when both
"smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes".
</p>
</ul>

2
postfix/proto/access
View File

@ -339,7 +339,7 @@
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire client

2
postfix/proto/canonical
View File

@ -146,7 +146,7 @@
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their

2
postfix/proto/generic
View File

@ -130,7 +130,7 @@
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their

249
postfix/proto/postconf.proto
View File

@ -608,7 +608,8 @@ the Postfix SMTP client returns such mail as undeliverable.
<p>
Specify, for example, "best_mx_transport = local" to pass the mail
from the SMTP client to the local(8) delivery agent. You can specify
from the Postfix SMTP client to the local(8) delivery agent. You
can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the master.cf file. See the transport(5) manual page
for the syntax and meaning of "transport" or "transport:nexthop".
@ -1703,7 +1704,8 @@ for IPv6. </p>
<p>
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value and instead use explicit IP addresses in
the master.cf SMTP server definitions. This preserves the SMTP client's
the master.cf SMTP server definitions. This preserves the Postfix
SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IPv4 and/or IPV6 address is primarily useful with virtual
@ -2070,8 +2072,8 @@ lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup. </p>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP server
will reject mail for unknown local users.
If this parameter is non-empty (the default), then the Postfix SMTP
server will reject mail for unknown local users.
</p>
<p>
@ -3498,8 +3500,8 @@ the word "ESMTP" appears in the server greeting banner (example:
%PARAM smtp_bind_address
<p>
An optional numerical network address that the SMTP client should
bind to when making an IPv4 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
</p>
<p>
@ -3525,8 +3527,8 @@ but this form is not recommended here. </p>
%PARAM smtp_bind_address6
<p>
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv6 connection.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
@ -3673,7 +3675,8 @@ zero (use the operating system built-in time limit).
</p>
<p>
When no connection can be made within the deadline, the SMTP client
When no connection can be made within the deadline, the Postfix
SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
@ -3718,7 +3721,7 @@ The default time unit is s (seconds).
<p>
The SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $smtp_data_xfer_timeout
seconds the SMTP client terminates the transfer.
seconds the Postfix SMTP client terminates the transfer.
</p>
<p>
@ -3864,7 +3867,7 @@ The default time unit is s (seconds).
%PARAM smtp_host_lookup dns
<p>
What mechanisms when the SMTP client uses to look up a host's IP
What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
</p>
@ -4123,8 +4126,8 @@ smtp_sasl_mechanism_filter = !gssapi, !login, static:rest
%PARAM smtp_send_xforward_command no
<p>
Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
response announces XFORWARD support.
Send the non-standard XFORWARD command when the Postfix SMTP server
EHLO response announces XFORWARD support.
</p>
<p>
@ -7861,8 +7864,8 @@ and virtual_alias_maps. </p>
%PARAM smtp_discard_ehlo_keywords
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
auth, etc.) that the SMTP client will ignore in the EHLO response
from a remote SMTP server. </p>
auth, etc.) that the Postfix SMTP client will ignore in the EHLO
response from a remote SMTP server. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
@ -7902,7 +7905,7 @@ to discard EHLO keywords selectively. </p>
<p> Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
etc.) that the SMTP client will ignore in the EHLO response from a
etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See smtp_discard_ehlo_keywords for details. The
table is not indexed by hostname for consistency with
smtpd_discard_ehlo_keyword_address_maps. </p>
@ -8279,7 +8282,7 @@ may be annoying, so this option is "off" by default. </p>
%PARAM smtpd_tls_req_ccert no
<p> When TLS encryption is enforced, require a remote SMTP client
<p> With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "smtpd_tls_ask_ccert = yes". </p>
@ -8384,7 +8387,7 @@ clients. </p>
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
<p>This feature is available with Postfix version 2.2. It is not used with
Postfix 2.3 and later; use smtpd_tls_ciphers instead. </p>
Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p>
%PARAM smtpd_tls_dh1024_param_file
@ -8401,7 +8404,7 @@ openssl gendh -out /etc/postfix/dh_1024.pem -2 -rand /var/run/egd-pool 1024
<p> Your actual source for entropy may differ. Some systems have
/dev/random; on other system you may consider using the "Entropy
Gathering Daemon EGD", available at http://www.lothar.com/tech/crypto/.
Gathering Daemon EGD", available at http://egd.sourceforge.net/
</p>
<p> Example: </p>
@ -8636,7 +8639,7 @@ Postfix 2.3 and later use smtp_tls_security_level instead. </p>
%PARAM smtp_tls_enforce_peername yes
<p> When TLS encryption is enforced, require that the remote SMTP
<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of RFC 2487 the requirements for hostname checking
for MTA clients are not specified. </p>
@ -8753,7 +8756,7 @@ postfix/smtp[pid]: Host offered STARTTLS: [name.of.host]
%PARAM smtp_tls_cipherlist
<p> Obsolete Postfix &lt; 2.3 control for the Postfix SMTP client TLS
cipher list. As this feature applies to all security levels, it is easy
cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
@ -8938,7 +8941,7 @@ process instance while mail is being forwarded. </p>
%PARAM smtpd_peername_lookup yes
<p> Attempt to look up the SMTP client hostname, and verify that
<p> Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
@ -9015,7 +9018,7 @@ This feature is available in Postfix 2.3 and later.
%PARAM smtp_sender_dependent_authentication no
<p>
Enable sender-dependent authentication in the SMTP client; this is
Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials. </p>
@ -9614,8 +9617,8 @@ configurations in environments where DNS security is not assured. </p>
%PARAM smtp_tls_mandatory_protocols SSLv3, TLSv1
<p> List of TLS protocol versions that are secure enough to be used
with the "encrypt" security level and higher. In main.cf the values
<p> List of TLS protocols that the Postfix SMTP client will use
with mandatory TLS encryption. In main.cf the values
are separated by whitespace, commas or colons. In the policy table
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names,
@ -9772,22 +9775,20 @@ configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_tls_protocols
%PARAM smtpd_tls_mandatory_protocols SSLv3, TLSv1
<p> The list of TLS protocols supported by the Postfix SMTP server.
If the list is empty, the server supports all available TLS protocol
versions. A non-empty value is a list of protocol names separated
by whitespace, commas or colons. The supported protocol names are
"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
<p> DO NOT set this to a non-default value on an Internet MX host,
as this may cause inter-operability problems. If you restrict the
protocol list on an Internet MX host, you may lose mail. </p>
<p> The TLS protocols accepted by the Postfix SMTP server with
mandatory TLS encryption. With opportunistic TLS encryption, all
protocols are always accepted. If the list is empty, the server
supports all available TLS protocol versions. A non-empty value
is a list of protocol names separated by whitespace, commas or
colons. The supported protocol names are "SSLv2", "SSLv3" and
"TLSv1", and are not case sensitive. </p>
<p> Example: </p>
<pre>
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -10070,61 +10071,68 @@ meanings. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_tls_ciphers export
%PARAM smtpd_tls_mandatory_ciphers medium
<p> The minimum acceptable SMTP server TLS cipher grade. It is easy to
create inter-operability problems by choosing a non-default cipher grade.
Do not use a stronger than default minimum cipher grade for MX hosts on
the public Internet. Clients that begin the TLS handshake, but are unable
to agree on a common cipher, may not be able to send any email to the
SMTP server. Using a restricted cipher list may be more appropriate for a
dedicated MSA or an internal mailhub, where one can exert some control over
the TLS software and settings of the connecting clients. Configurations
with no certificates are also not likely to inter-operate with most
clients, see the notes for "smtpd_tls_cert_file". </p>
<p> The minimum TLS cipher grade that the Postfix SMTP server will
use with mandatory
TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
or smtpd_tls_exclude_ciphers are excluded from the base definition
of the selected cipher grade. With opportunistic TLS encryption,
the "export" grade is used unconditionally with exclusions specified
only via smtpd_tls_exclude_ciphers. </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
This is the most appropriate setting for public MX hosts. The underlying
cipherlist is specified via the tls_export_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_export_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
This is the most appropriate setting for public MX hosts, and is always
used with opportunistic TLS encryption. The underlying cipherlist
is specified via the tls_export_cipherlist configuration parameter,
which you are strongly encouraged to not change. The default value
of tls_export_cipherlist includes anonymous ciphers, but these are
automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL". </dd>
set "smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers
only when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers =
aNULL". </dd>
<dt><b>low</b></dt>
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_low_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_low_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL". </dd>
<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
underlying cipherlist is specified via the tls_low_cipherlist
configuration parameter, which you are strongly encouraged to
not change. The default value of tls_low_cipherlist includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dt><b>medium</b></dt>
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_medium_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_medium_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
set "smtpd_tls_exclude_ciphers = aNULL". </dd>
<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
are essentially the 128-bit or stronger ciphers. This is the default
minimum strength for mandatory TLS encryption. MSAs that enforce
TLS and have clients that do not support any "MEDIUM" or "HIGH"
grade ciphers, may need to configure a weaker ("low" or "export")
minimum cipher grade. The underlying cipherlist is specified via the
tls_medium_cipherlist configuration parameter, which you are strongly
encouraged to not change. The default value of tls_medium_cipherlist
includes anonymous ciphers, but these are automatically filtered out if
the server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dt><b>high</b></dt>
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
setting is only appropriate for internal mail servers. The underlying
cipherlist is specified via the tls_high_cipherlist configuration
parameter, which you are strongly encouraged to not change. The default
value of tls_high_cipherlist includes anonymous ciphers, but these
are automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers, set
"smtpd_tls_exclude_ciphers = aNULL". </dd>
<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
underlying cipherlist is specified via the tls_high_cipherlist
configuration parameter, which you are strongly encouraged to
not change. The default value of tls_high_cipherlist includes
anonymous ciphers, but these are automatically filtered out if the
server is configured to ask for client certificates. If you must
always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
aNULL". To exclude anonymous ciphers only when TLS is enforced, set
"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
@ -10143,10 +10151,12 @@ data integrity without encryption or authentication). </dd>
%PARAM smtpd_tls_exclude_ciphers
<p> List of ciphers or cipher types to exclude from the SMTP server
cipher list. This is not an OpenSSL cipherlist; it is a simple list
separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
cipher list at all TLS security levels. Excluding valid ciphers
can create interoperability problems. DO NOT exclude ciphers unless it
is essential to do so. This is not an OpenSSL cipherlist; it is a simple
list separated by whitespace and/or commas. The elements are a single
cipher, or one or more "+" separated cipher properties, in which case
only ciphers matching <b>all</b> the properties are excluded. </p>
<p> Examples (some of these will cause problems): </p>
@ -10167,14 +10177,24 @@ key exchange with RSA authentication. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_tls_mandatory_exclude_ciphers
<p> Additional list of ciphers or cipher types to exclude from the
SMTP server cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
(see there for syntax details). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtp_tls_mandatory_ciphers medium
<p> The minimum SMTP client TLS cipher grade that is strong enough to
be used with the "encrypt" security level and higher. The default
value "medium" is suitable for most destinations with which you may
want to enforce TLS, and is beyond the reach of today's crypt-analytic
methods. See smtp_tls_policy_maps for information on how to configure
ciphers on a per-destination basis. </p>
<p> The minimum TLS cipher grade that the Postfix SMTP client will
use with
mandatory TLS encryption. The default value "medium" is suitable
for most destinations with which you may want to enforce TLS, and
is beyond the reach of today's crypt-analytic methods. See
smtp_tls_policy_maps for information on how to configure ciphers
on a per-destination basis. </p>
<p> The following cipher grades are supported: </p>
@ -10240,8 +10260,9 @@ encryption or authentication). </dd>
%PARAM smtp_tls_exclude_ciphers
<p> List of ciphers or cipher types to exclude from the SMTP client cipher
list at all security levels. This is not an OpenSSL cipherlist, it is
<p> List of ciphers or cipher types to exclude from the Postfix
SMTP client cipher
list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
@ -10267,18 +10288,17 @@ key exchange with RSA authentication. </p>
%PARAM smtp_tls_mandatory_exclude_ciphers
<p> List of ciphers or cipher types to exclude from the SMTP client
cipher list at the mandatory TLS security levels: "encrypt", "verify"
and "secure". See smtp_tls_exclude_ciphers for syntax details. When
both "exclude" parameters are defined, the combined list of ciphers is
excluded (provided the TLS security level is "encrypt" or higher). </p>
<p> Additional list of ciphers or cipher types to exclude from the
SMTP client cipher list at mandatory TLS security levels. This list
works in addition to the exclusions listed with smtp_tls_exclude_ciphers
(see there for syntax details). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM tls_high_cipherlist !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,
the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting. </p>
@ -10287,7 +10307,7 @@ strongly encouraged to not change this setting. </p>
%PARAM tls_medium_cipherlist !EXPORT:!LOW:ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
defines the meaning of the "medium" setting in smtpd_tls_ciphers,
defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
@ -10299,7 +10319,7 @@ setting. </p>
%PARAM tls_low_cipherlist !EXPORT:ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
the meaning of the "low" setting in smtpd_tls_ciphers,
the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting. </p>
@ -10308,7 +10328,7 @@ strongly encouraged to not change this setting. </p>
%PARAM tls_export_cipherlist ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
defines the meaning of the "export" setting in smtpd_tls_ciphers,
defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
@ -10320,7 +10340,7 @@ strongly encouraged to not change this setting. </p>
<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
setting in smtpd_tls_ciphers, smtp_tls_mandatory_ciphers and
setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and
lmtp_tls_mandatory_ciphers. You are strongly encouraged to not
change this setting. </p>
@ -10349,9 +10369,10 @@ configuration parameter. See there for details. </p>
%PARAM smtp_sasl_auth_enforce yes
<p> Defer mail delivery when an SMTP server does not support SASL
authentication, while smtp_sasl_password_maps contains SASL
login/password information for that server. </p>
<p> If sender-dependent SASL passwords are turned off, defer mail
delivery when an SMTP server does not support SASL authentication,
while smtp_sasl_password_maps contains SASL login/password information
for that server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
@ -10399,3 +10420,27 @@ encrypt" implies "smtpd_tls_auth_only = yes".</p>
<p> Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM internal_mail_filter_classes
<p> What categories of Postfix-generated mail are subject to
before-queue content inspection by non_smtpd_milters, header_checks
and body_checks. Specify zero or more of the following, separated
by whitespace or comma. </p>
<dl>
<dt> <b> bounce </b> </dt> <dd> Inspect the content of delivery
status notifications. </dd>
<dt> <b> notify </b> </dt> <dd> Inspect the content of postmaster
notifications by the smtp(8) and smtpd(8) processes. </dd>
</dl>
<p> NOTE: It's generally not safe to enable content inspection of
Postfix-generated email messages. The user is warned. </p>
<p> This feature is available in Postfix 2.3 and later. </p>

4
postfix/proto/relocated
View File

@ -82,7 +82,7 @@
# expression lookup table syntax, see \fBregexp_table\fR(5) or
# \fBpcre_table\fR(5). For a description of the TCP client/server
# table lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each pattern is a regular expression that is applied to the entire
# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
@ -101,7 +101,7 @@
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their

2
postfix/proto/transport
View File

@ -229,7 +229,7 @@
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire recipient address once. Thus,
# \fIsome.domain.hierarchy\fR is not looked up via its parent domains,

2
postfix/proto/virtual
View File

@ -199,7 +199,7 @@
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
# This feature is not available up to and including Postfix version 2.2.
# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their

4
postfix/src/bounce/bounce.c
View File

@ -83,6 +83,10 @@
/* .IP "\fBipc_timeout (3600s)\fR"
/* The time limit for sending or receiving information over an internal
/* communication channel.
/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
/* What categories of Postfix-generated mail are subject to
/* before-queue content inspection by non_smtpd_milters, header_checks
/* and body_checks.
/* .IP "\fBmail_name (Postfix)\fR"
/* The mail system name that is displayed in Received: headers, in
/* the SMTP greeting banner, and in bounced mail.

6
postfix/src/bounce/bounce_notify_service.c
View File

@ -174,7 +174,7 @@ int bounce_notify_service(int flags, char *service, char *queue_name,
postmaster = var_2bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -213,7 +213,7 @@ int bounce_notify_service(int flags, char *service, char *queue_name,
*/
else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -267,7 +267,7 @@ int bounce_notify_service(int flags, char *service, char *queue_name,
postmaster = var_bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
count = -1;

4
postfix/src/bounce/bounce_notify_verp.c
View File

@ -158,7 +158,7 @@ int bounce_notify_verp(int flags, char *service, char *queue_name,
} else {
verp_sender(verp_buf, verp_delims, recipient, rcpt->address);
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, STR(verp_buf),
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -217,7 +217,7 @@ int bounce_notify_verp(int flags, char *service, char *queue_name,
postmaster = var_bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
if (bounce_header(bounce, bounce_info, postmaster,

6
postfix/src/bounce/bounce_one_service.c
View File

@ -147,7 +147,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
} else {
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_2bounce_rcpt,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -183,7 +183,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
bounce_status = 0;
} else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -228,7 +228,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
*/
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_bounce_rcpt,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
if (bounce_header(bounce, bounce_info, var_bounce_rcpt,

2
postfix/src/bounce/bounce_trace_service.c
View File

@ -140,7 +140,7 @@ int bounce_trace_service(int flags, char *service, char *queue_name,
* a new queue file.
*/
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
count = -1;

6
postfix/src/bounce/bounce_warn_service.c
View File

@ -164,7 +164,7 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name,
postmaster = var_delay_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -202,7 +202,7 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name,
*/
else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
@ -252,7 +252,7 @@ int bounce_warn_service(int unused_flags, char *service, char *queue_name,
postmaster = var_delay_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
count = -1;

2
postfix/src/cleanup/cleanup.h
View File

@ -90,6 +90,8 @@ typedef struct CLEANUP_STATE {
int defer_delay; /* deferred delivery */
#endif
MILTERS *milters; /* mail filters */
const char *client_name; /* real or ersatz client */
const char *client_addr; /* real or ersatz client */
} CLEANUP_STATE;
/*

37
postfix/src/cleanup/cleanup_milter.c
View File

@ -1265,7 +1265,8 @@ void cleanup_milter_receive(CLEANUP_STATE *state, int count)
/* cleanup_milter_apply - apply Milter reponse, non-zero if rejecting */
static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *resp)
static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *event,
const char *resp)
{
const char *myname = "cleanup_milter_apply";
const char *action;
@ -1337,7 +1338,9 @@ static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *resp)
default:
msg_panic("%s: unexpected mail filter reply: %s", myname, resp);
}
vstring_sprintf(state->temp1, "%s: %s;", state->queue_id, action);
vstring_sprintf(state->temp1, "%s: %s: %s from %s[%s]: %s;",
state->queue_id, action, event, state->client_name,
state->client_addr, text);
if (state->sender)
vstring_sprintf_append(state->temp1, " from=<%s>", state->sender);
if (state->recip)
@ -1346,7 +1349,6 @@ static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *resp)
vstring_sprintf_append(state->temp1, " proto=%s", attr);
if ((attr = nvtable_find(state->attr, MAIL_ATTR_LOG_HELO_NAME)) != 0)
vstring_sprintf_append(state->temp1, " helo=<%s>", attr);
vstring_sprintf_append(state->temp1, ": %s", text);
msg_info("%s", vstring_str(state->temp1));
return (ret);
@ -1368,7 +1370,7 @@ void cleanup_milter_inspect(CLEANUP_STATE *state, MILTERS *milters)
*/
if ((resp = milter_message(milters, state->handle->stream,
state->data_offset)) != 0)
cleanup_milter_apply(state, resp);
cleanup_milter_apply(state, "END-OF-MESSAGE", resp);
if (msg_verbose)
msg_info("leave %s", myname);
}
@ -1380,8 +1382,6 @@ void cleanup_milter_emul_mail(CLEANUP_STATE *state,
const char *addr)
{
const char *resp;
const char *client_name;
const char *client_addr;
const char *proto_attr;
const char *client_port;
int client_af;
@ -1404,14 +1404,15 @@ void cleanup_milter_emul_mail(CLEANUP_STATE *state,
*/
#define NO_CLIENT_PORT "0"
client_name = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_NAME);
client_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_ADDR);
state->client_name = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_NAME);
state->client_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_ADDR);
client_port = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_PORT);
proto_attr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_AF);
if (client_name == 0 || client_addr == 0 || proto_attr == 0
if (state->client_name == 0 || state->client_addr == 0 || proto_attr == 0
|| !alldig(proto_attr)) {
client_name = "localhost";
client_addr = "127.0.0.1";
state->client_name = "localhost";
state->client_addr = "127.0.0.1";
client_af = AF_INET;
} else
client_af = atoi(proto_attr);
@ -1421,18 +1422,18 @@ void cleanup_milter_emul_mail(CLEANUP_STATE *state,
/*
* Emulate SMTP events.
*/
if ((resp = milter_conn_event(milters, client_name, client_addr,
if ((resp = milter_conn_event(milters, state->client_name, state->client_addr,
client_port, client_af)) != 0) {
cleanup_milter_apply(state, resp);
cleanup_milter_apply(state, "CONNECT", resp);
return;
}
#define PRETEND_ESMTP 1
if (CLEANUP_MILTER_OK(state)) {
if ((helo = nvtable_find(state->attr, MAIL_ATTR_ACT_HELO_NAME)) == 0)
helo = client_name;
helo = state->client_name;
if ((resp = milter_helo_event(milters, helo, PRETEND_ESMTP)) != 0) {
cleanup_milter_apply(state, resp);
cleanup_milter_apply(state, "EHLO", resp);
return;
}
}
@ -1440,7 +1441,7 @@ void cleanup_milter_emul_mail(CLEANUP_STATE *state,
argv[0] = addr;
argv[1] = 0;
if ((resp = milter_mail_event(milters, argv)) != 0) {
cleanup_milter_apply(state, resp);
cleanup_milter_apply(state, "MAIL", resp);
return;
}
}
@ -1463,7 +1464,7 @@ void cleanup_milter_emul_rcpt(CLEANUP_STATE *state,
argv[0] = addr;
argv[1] = 0;
if ((resp = milter_rcpt_event(milters, argv)) != 0
&& cleanup_milter_apply(state, resp) != 0) {
&& cleanup_milter_apply(state, "RCPT", resp) != 0) {
msg_warn("%s: milter configuration error: can't reject recipient "
"in non-smtpd(8) submission", state->queue_id);
msg_warn("%s: deferring delivery of this message", state->queue_id);
@ -1481,7 +1482,7 @@ void cleanup_milter_emul_data(CLEANUP_STATE *state, MILTERS *milters)
const char *resp;
if ((resp = milter_data_event(milters)) != 0)
cleanup_milter_apply(state, resp);
cleanup_milter_apply(state, "DATA", resp);
}
#ifdef TEST

2
postfix/src/cleanup/cleanup_state.c
View File

@ -108,6 +108,8 @@ CLEANUP_STATE *cleanup_state_alloc(VSTREAM *src)
state->dsn_orcpt = 0;
state->verp_delims = 0;
state->milters = 0;
state->client_name = 0;
state->client_addr = 0;
return (state);
}

150
postfix/src/global/Makefile.in
View File

@ -1,88 +1,85 @@
SHELL = /bin/sh
SRCS = abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
canon_addr.c cfg_parser.c cleanup_strerror.c cleanup_strflags.c \
clnt_stream.c debug_peer.c debug_process.c defer.c db_common.c \
deliver_completed.c deliver_flock.c deliver_pass.c deliver_request.c \
dict_ldap.c dict_mysql.c dict_pgsql.c dict_proxy.c domain_list.c \
dot_lockfile.c dot_lockfile_as.c ext_prop.c file_id.c flush_clnt.c \
header_opts.c header_token.c input_transp.c \
is_header.c log_adhoc.c mail_addr.c mail_addr_crunch.c \
mail_addr_find.c mail_addr_map.c mail_command_client.c \
mail_command_server.c mail_conf.c mail_conf_bool.c mail_conf_int.c \
mail_conf_raw.c mail_conf_str.c mail_conf_time.c mail_connect.c \
mail_copy.c mail_date.c mail_dict.c mail_error.c mail_flush.c \
mail_open_ok.c mail_params.c mail_pathname.c mail_queue.c \
mail_run.c mail_scan_dir.c mail_stream.c mail_task.c mail_trigger.c \
maps.c mark_corrupt.c match_parent_style.c mbox_conf.c \
mbox_open.c mime_state.c mkmap_db.c mkmap_dbm.c mkmap_open.c \
mynetworks.c mypwd.c namadr_list.c off_cvt.c opened.c \
own_inet_addr.c pipe_command.c post_mail.c quote_821_local.c \
quote_822_local.c rec_streamlf.c rec_type.c recipient_list.c \
record.c remove.c resolve_clnt.c resolve_local.c rewrite_clnt.c \
clnt_stream.c conv_time.c db_common.c debug_peer.c debug_process.c \
defer.c deliver_completed.c deliver_flock.c deliver_pass.c \
deliver_request.c dict_ldap.c dict_mysql.c dict_pgsql.c \
dict_proxy.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
dsb_scan.c dsn.c dsn_buf.c dsn_mask.c dsn_print.c dsn_util.c \
ehlo_mask.c ext_prop.c file_id.c flush_clnt.c header_opts.c \
header_token.c input_transp.c int_filt.c is_header.c log_adhoc.c \
mail_addr.c mail_addr_crunch.c mail_addr_find.c mail_addr_map.c \
mail_command_client.c mail_command_server.c mail_conf.c \
mail_conf_bool.c mail_conf_int.c mail_conf_long.c mail_conf_raw.c \
mail_conf_str.c mail_conf_time.c mail_connect.c mail_copy.c \
mail_date.c mail_dict.c mail_error.c mail_flush.c mail_open_ok.c \
mail_params.c mail_pathname.c mail_queue.c mail_run.c \
mail_scan_dir.c mail_stream.c mail_task.c mail_trigger.c maps.c \
mark_corrupt.c match_parent_style.c mbox_conf.c mbox_open.c \
mime_state.c mkmap_cdb.c mkmap_db.c mkmap_dbm.c mkmap_open.c \
mkmap_sdbm.c msg_stats_print.c msg_stats_scan.c mynetworks.c \
mypwd.c namadr_list.c off_cvt.c opened.c own_inet_addr.c \
pipe_command.c post_mail.c quote_821_local.c quote_822_local.c \
rcpt_buf.c rcpt_print.c rec_attr_map.c rec_streamlf.c rec_type.c \
recipient_list.c record.c remove.c resolve_clnt.c resolve_local.c \
rewrite_clnt.c scache_clnt.c scache_multi.c scache_single.c \
sent.c smtp_stream.c split_addr.c string_list.c strip_addr.c \
sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c verify.c \
verify_clnt.c verp_sender.c xtext.c scache_single.c \
scache_clnt.c scache_multi.c user_acl.c mkmap_cdb.c mkmap_sdbm.c \
ehlo_mask.c \
wildcard_inet_addr.c valid_mailhost_addr.c dsn_util.c dsn_mask.c \
rec_attr_map.c dsn.c dsn_buf.c rcpt_buf.c rcpt_print.c dsn_print.c \
dsb_scan.c mail_conf_long.c msg_stats_print.c msg_stats_scan.c \
conv_time.c
tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
verp_sender.c wildcard_inet_addr.c xtext.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o debug_peer.o debug_process.o defer.o db_common.o \
deliver_completed.o deliver_flock.o deliver_pass.o deliver_request.o \
dict_ldap.o dict_mysql.o dict_pgsql.o dict_proxy.o domain_list.o \
dot_lockfile.o dot_lockfile_as.o ext_prop.o file_id.o flush_clnt.o \
header_opts.o header_token.o input_transp.o \
is_header.o log_adhoc.o mail_addr.o mail_addr_crunch.o \
mail_addr_find.o mail_addr_map.o mail_command_client.o \
mail_command_server.o mail_conf.o mail_conf_bool.o mail_conf_int.o \
mail_conf_raw.o mail_conf_str.o mail_conf_time.o mail_connect.o \
mail_copy.o mail_date.o mail_dict.o mail_error.o mail_flush.o \
mail_open_ok.o mail_params.o mail_pathname.o mail_queue.o \
mail_run.o mail_scan_dir.o mail_stream.o mail_task.o mail_trigger.o \
maps.o mark_corrupt.o match_parent_style.o mbox_conf.o \
mbox_open.o mime_state.o mkmap_db.o mkmap_dbm.o mkmap_open.o \
mynetworks.o mypwd.o namadr_list.o off_cvt.o opened.o \
own_inet_addr.o pipe_command.o post_mail.o quote_821_local.o \
quote_822_local.o rec_streamlf.o rec_type.o recipient_list.o \
record.o remove.o resolve_clnt.o resolve_local.o rewrite_clnt.o \
clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
defer.o deliver_completed.o deliver_flock.o deliver_pass.o \
deliver_request.o dict_ldap.o dict_mysql.o dict_pgsql.o \
dict_proxy.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
dsb_scan.o dsn.o dsn_buf.o dsn_mask.o dsn_print.o dsn_util.o \
ehlo_mask.o ext_prop.o file_id.o flush_clnt.o header_opts.o \
header_token.o input_transp.o int_filt.o is_header.o log_adhoc.o \
mail_addr.o mail_addr_crunch.o mail_addr_find.o mail_addr_map.o \
mail_command_client.o mail_command_server.o mail_conf.o \
mail_conf_bool.o mail_conf_int.o mail_conf_long.o mail_conf_raw.o \
mail_conf_str.o mail_conf_time.o mail_connect.o mail_copy.o \
mail_date.o mail_dict.o mail_error.o mail_flush.o mail_open_ok.o \
mail_params.o mail_pathname.o mail_queue.o mail_run.o \
mail_scan_dir.o mail_stream.o mail_task.o mail_trigger.o maps.o \
mark_corrupt.o match_parent_style.o mbox_conf.o mbox_open.o \
mime_state.o mkmap_cdb.o mkmap_db.o mkmap_dbm.o mkmap_open.o \
mkmap_sdbm.o msg_stats_print.o msg_stats_scan.o mynetworks.o \
mypwd.o namadr_list.o off_cvt.o opened.o own_inet_addr.o \
pipe_command.o post_mail.o quote_821_local.o quote_822_local.o \
rcpt_buf.o rcpt_print.o rec_attr_map.o rec_streamlf.o rec_type.o \
recipient_list.o record.o remove.o resolve_clnt.o resolve_local.o \
rewrite_clnt.o scache_clnt.o scache_multi.o scache_single.o \
sent.o smtp_stream.o split_addr.o string_list.o strip_addr.o \
sys_exits.o timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o verify.o \
verify_clnt.o verp_sender.o xtext.o scache_single.o \
scache_clnt.o scache_multi.o user_acl.o mkmap_cdb.o mkmap_sdbm.o \
ehlo_mask.o \
wildcard_inet_addr.o valid_mailhost_addr.o dsn_util.o dsn_mask.o \
rec_attr_map.o dsn.o dsn_buf.o rcpt_buf.o rcpt_print.o dsn_print.o \
dsb_scan.o mail_conf_long.o msg_stats_print.o msg_stats_scan.o \
conv_time.o
tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
verp_sender.o wildcard_inet_addr.o xtext.o
HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
debug_peer.h debug_process.h defer.h deliver_completed.h \
deliver_flock.h deliver_pass.h deliver_request.h dict_ldap.h \
dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h dot_lockfile.h \
dot_lockfile_as.h ext_prop.h file_id.h flush_clnt.h header_opts.h \
header_token.h input_transp.h is_header.h \
lex_822.h log_adhoc.h mail_addr.h mail_addr_crunch.h \
mail_addr_find.h mail_addr_map.h mail_conf.h mail_copy.h \
mail_date.h mail_dict.h mail_error.h mail_flush.h mail_open_ok.h \
mail_params.h mail_proto.h mail_queue.h mail_run.h mail_scan_dir.h \
mail_stream.h mail_task.h mail_version.h maps.h mark_corrupt.h \
match_parent_style.h mbox_conf.h mbox_open.h mime_state.h \
mkmap.h mynetworks.h mypwd.h namadr_list.h off_cvt.h opened.h \
own_inet_addr.h pipe_command.h post_mail.h qmgr_user.h \
qmqp_proto.h quote_821_local.h quote_822_local.h quote_flags.h \
rec_streamlf.h rec_type.h recipient_list.h record.h resolve_clnt.h \
resolve_local.h rewrite_clnt.h sent.h smtp_stream.h split_addr.h \
conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \
dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h \
dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \
dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \
file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \
int_filt.h is_header.h lex_822.h log_adhoc.h mail_addr.h \
mail_addr_crunch.h mail_addr_find.h mail_addr_map.h mail_conf.h \
mail_copy.h mail_date.h mail_dict.h mail_error.h mail_flush.h \
mail_open_ok.h mail_params.h mail_proto.h mail_queue.h mail_run.h \
mail_scan_dir.h mail_stream.h mail_task.h mail_version.h maps.h \
mark_corrupt.h match_parent_style.h mbox_conf.h mbox_open.h \
mime_state.h mkmap.h msg_stats.h mynetworks.h mypwd.h namadr_list.h \
off_cvt.h opened.h own_inet_addr.h pipe_command.h post_mail.h \
qmgr_user.h qmqp_proto.h quote_821_local.h quote_822_local.h \
quote_flags.h rcpt_buf.h rcpt_print.h rec_attr_map.h rec_streamlf.h \
rec_type.h recipient_list.h record.h resolve_clnt.h resolve_local.h \
rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \
string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
trace.h verify.h verify_clnt.h verp_sender.h \
xtext.h scache.h user_acl.h ehlo_mask.h db_common.h \
wildcard_inet_addr.h valid_mailhost_addr.h dsn_util.h dsn_mask.h \
rec_attr_map.h dsn.h dsn_buf.h rcpt_buf.h rcpt_print.h dsn_print.h \
dsb_scan.h msg_stats.h conv_time.h
trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
verp_sender.h wildcard_inet_addr.h xtext.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
@ -871,6 +868,13 @@ input_transp.o: cleanup_user.h
input_transp.o: input_transp.c
input_transp.o: input_transp.h
input_transp.o: mail_params.h
int_filt.o: ../../include/name_mask.h
int_filt.o: ../../include/sys_defs.h
int_filt.o: ../../include/vbuf.h
int_filt.o: ../../include/vstring.h
int_filt.o: int_filt.c
int_filt.o: int_filt.h
int_filt.o: mail_params.h
is_header.o: ../../include/sys_defs.h
is_header.o: is_header.c
is_header.o: is_header.h

6
postfix/src/global/ext_prop.c
View File

@ -1,16 +1,16 @@
/*++
/* NAME
/* exp_prop 3
/* ext_prop 3
/* SUMMARY
/* address extension propagation control
/* SYNOPSIS
/* #include <exp_prop.h>
/* #include <ext_prop.h>
/*
/* int ext_prop_mask(param_name, pattern)
/* const char *param_name;
/* const char *pattern;
/* DESCRIPTION
/* This module controld address extension propagation.
/* This module controls address extension propagation.
/*
/* ext_prop_mask() takes a comma-separated list of names and
/* computes the corresponding mask. The following names are

10
postfix/src/global/input_transp.h
View File

@ -1,13 +1,13 @@
#ifndef _EXT_PROP_INCLUDED_
#define _EXT_PROP_INCLUDED_
#ifndef _INPUT_TRANSP_INCLUDED_
#define _INPUT_TRANSP_INCLUDED_
/*++
/* NAME
/* ext_prop 3h
/* input_transp 3h
/* SUMMARY
/* address extension propagation control
/* receive transparency control
/* SYNOPSIS
/* #include <ext_prop.h>
/* #include <input_transp.h>
/* DESCRIPTION
/* .nf

73
postfix/src/global/int_filt.c Normal file
View File

@ -0,0 +1,73 @@
/*++
/* NAME
/* int_filt 3
/* SUMMARY
/* internal mail filter control
/* SYNOPSIS
/* #include <int_filt.h>
/*
/* int int_filt_flags(class)
/* int class;
/* DESCRIPTION
/* int_filt_flags() determines the appropriate mail filtering
/* flags for the cleanup server, depending on the setting of
/* the internal_mail_filter_classes configuration parameter.
/*
/* Specify one of the following:
/* .IP INT_FILT_NONE
/* Mail that must be excluded from inspection (address probes, etc.).
/* .IP INT_FILT_NOTIFY
/* Postmaster notifications from the smtpd(8) and smtp(8)
/* protocol adapters.
/* .IP INT_FILT_BOUNCE
/* Delivery status notifications from the bounce(8) server.
/* DIAGNOSTICS
/* Fatal: invalid mail category name.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
/* Utility library. */
#include <name_mask.h>
#include <msg.h>
/* Global library. */
#include <mail_params.h>
#include <cleanup_user.h>
#include <int_filt.h>
/* int_filt_flags - map mail class to submission flags */
int int_filt_flags(int class)
{
static NAME_MASK table[] = {
"notify", INT_FILT_NOTIFY,
"bounce", INT_FILT_BOUNCE,
0,
};
int filtered_classes = 0;
if (class && *var_int_filt_classes) {
filtered_classes =
name_mask(VAR_INT_FILT_CLASSES, table, var_int_filt_classes);
if (filtered_classes == 0)
msg_warn("%s: bad input: %s", VAR_INT_FILT_CLASSES,
var_int_filt_classes);
if (filtered_classes & class)
return (CLEANUP_FLAG_FILTER | CLEANUP_FLAG_MILTER);
}
return (0);
}

34
postfix/src/global/int_filt.h Normal file
View File

@ -0,0 +1,34 @@
#ifndef _INT_FILT_INCLUDED_
#define _INT_FILT_INCLUDED_
/*++
/* NAME
/* int_filt 3h
/* SUMMARY
/* internal mail classification
/* SYNOPSIS
/* #include <int_filt.h>
/* DESCRIPTION
/* .nf
/*
* External interface.
*/
#define INT_FILT_NONE (0)
#define INT_FILT_NOTIFY (1<<1)
#define INT_FILT_BOUNCE (1<<2)
extern int int_filt_flags(int);
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
#endif

3
postfix/src/global/mail_params.c
View File

@ -105,6 +105,7 @@
/* int var_verify_neg_cache;
/* int var_oldlog_compat;
/* int var_delay_max_res;
/* char *var_int_filt_classes;
/*
/* void mail_params_init()
/*
@ -273,6 +274,7 @@ int var_strict_encoding;
int var_verify_neg_cache;
int var_oldlog_compat;
int var_delay_max_res;
char *var_int_filt_classes;
const char null_format_string[1] = "";
@ -488,6 +490,7 @@ void mail_params_init()
VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
VAR_VERIFY_SERVICE, DEF_VERIFY_SERVICE, &var_verify_service, 1, 0,
VAR_TRACE_SERVICE, DEF_TRACE_SERVICE, &var_trace_service, 1, 0,
VAR_INT_FILT_CLASSES, DEF_INT_FILT_CLASSES, &var_int_filt_classes, 0, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {

34
postfix/src/global/mail_params.h
View File

@ -1143,18 +1143,22 @@ extern char *var_smtpd_tls_CAfile;
#define DEF_SMTPD_TLS_CA_PATH ""
extern char *var_smtpd_tls_CApath;
#define VAR_SMTPD_TLS_PROTO "smtpd_tls_protocols"
#define DEF_SMTPD_TLS_PROTO ""
extern char *var_smtpd_tls_protocols;
#define VAR_SMTPD_TLS_MAND_PROTO "smtpd_tls_mandatory_protocols"
#define DEF_SMTPD_TLS_MAND_PROTO "SSLv3, TLSv1"
extern char *var_smtpd_tls_mand_proto;
#define VAR_SMTPD_TLS_CIPHERS "smtpd_tls_ciphers"
#define DEF_SMTPD_TLS_CIPHERS "export"
extern char *var_smtpd_tls_ciphers;
#define VAR_SMTPD_TLS_MAND_CIPH "smtpd_tls_mandatory_ciphers"
#define DEF_SMTPD_TLS_MAND_CIPH "medium"
extern char *var_smtpd_tls_mand_ciph;
#define VAR_SMTPD_TLS_EXCL_CIPH "smtpd_tls_exclude_ciphers"
#define DEF_SMTPD_TLS_EXCL_CIPH ""
extern char *var_smtpd_tls_excl_ciph;
#define VAR_SMTPD_TLS_MAND_EXCL "smtpd_tls_mandatory_exclude_ciphers"
#define DEF_SMTPD_TLS_MAND_EXCL ""
extern char *var_smtpd_tls_mand_excl;
#define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file"
#define DEF_SMTPD_TLS_512_FILE ""
extern char *var_smtpd_tls_dh512_param_file;
@ -1255,11 +1259,11 @@ extern char *var_smtp_tls_CAfile;
#define DEF_LMTP_TLS_CA_PATH ""
extern char *var_smtp_tls_CApath;
#define VAR_SMTP_TLS_CIPHERS "smtp_tls_mandatory_ciphers"
#define DEF_SMTP_TLS_CIPHERS "medium"
#define VAR_LMTP_TLS_CIPHERS "lmtp_tls_mandatory_ciphers"
#define DEF_LMTP_TLS_CIPHERS "medium"
extern char *var_smtp_tls_ciphers;
#define VAR_SMTP_TLS_MAND_CIPH "smtp_tls_mandatory_ciphers"
#define DEF_SMTP_TLS_MAND_CIPH "medium"
#define VAR_LMTP_TLS_MAND_CIPH "lmtp_tls_mandatory_ciphers"
#define DEF_LMTP_TLS_MAND_CIPH "medium"
extern char *var_smtp_tls_mand_ciph;
#define VAR_SMTP_TLS_EXCL_CIPH "smtp_tls_exclude_ciphers"
#define DEF_SMTP_TLS_EXCL_CIPH ""
@ -2739,6 +2743,14 @@ extern char *var_milt_daemon_name;
#define DEF_MILT_V "$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION
extern char *var_milt_v;
/*
* What internal mail do we inspect/stamp/etc.? This is not yet safe enough
* to enable world-wide.
*/
#define VAR_INT_FILT_CLASSES "internal_mail_filter_classes"
#define DEF_INT_FILT_CLASSES ""
extern char *var_int_filt_classes;
/* LICENSE
/* .ad
/* .fi

18
postfix/src/global/mail_version.h
View File

@ -20,11 +20,23 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20060709"
#define MAIL_VERSION_NUMBER "2.3-RC9"
#define MAIL_RELEASE_DATE "20060711"
#define MAIL_VERSION_NUMBER "2.3.0"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
#else
# define MAIL_VERSION_DATE ""
#endif
#ifdef NONPROD
# define MAIL_VERSION_PROD "-nonprod"
#else
# define MAIL_VERSION_PROD ""
#endif
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER MAIL_VERSION_DATE MAIL_VERSION_PROD
extern char *var_mail_version;

40
postfix/src/global/post_mail.c
View File

@ -6,28 +6,28 @@
/* SYNOPSIS
/* #include <post_mail.h>
/*
/* VSTREAM *post_mail_fopen(sender, recipient, cleanup_flags, trace_flags,
/* VSTREAM *post_mail_fopen(sender, recipient, filter_class, trace_flags,
/* queue_id)
/* const char *sender;
/* const char *recipient;
/* int cleanup_flags;
/* int filter_class;
/* int trace_flags;
/* VSTRING *queue_id;
/*
/* VSTREAM *post_mail_fopen_nowait(sender, recipient,
/* cleanup_flags, trace_flags, queue_id)
/* filter_class, trace_flags, queue_id)
/* const char *sender;
/* const char *recipient;
/* int cleanup_flags;
/* int filter_class;
/* int trace_flags;
/* VSTRING *queue_id;
/*
/* void post_mail_fopen_async(sender, recipient,
/* cleanup_flags, trace_flags,
/* filter_class, trace_flags,
/* queue_id, notify, context)
/* const char *sender;
/* const char *recipient;
/* int cleanup_flags;
/* int filter_class;
/* int trace_flags;
/* VSTRING *queue_id;
/* void (*notify)(VSTREAM *stream, char *context);
@ -95,9 +95,11 @@
/* .IP recipient
/* The recipient envelope address. It is up to the application
/* to produce To: headers.
/* .IP cleanup_flags
/* The binary OR of zero or more of the options defined in
/* \fB<cleanup_user.h>\fR.
/* .IP filter_class
/* The internal mail filtering class, as defined in
/* \fB<int_filt.h>\fR. Depending on the setting of the
/* internal_mail_filter_classes parameter the message will or
/* won't be subject to content inspection.
/* .IP trace_flags
/* Message tracing flags as specified in \fB<deliver_request.h>\fR.
/* .IP queue_id
@ -169,7 +171,7 @@
typedef struct {
char *sender;
char *recipient;
int cleanup_flags;
int filter_class;
int trace_flags;
POST_MAIL_NOTIFY notify;
void *context;
@ -181,12 +183,14 @@ typedef struct {
static void post_mail_init(VSTREAM *stream, const char *sender,
const char *recipient,
int cleanup_flags, int trace_flags,
int filter_class, int trace_flags,
VSTRING *queue_id)
{
VSTRING *id = queue_id ? queue_id : vstring_alloc(100);
struct timeval now;
const char *date;
int cleanup_flags =
int_filt_flags(filter_class) | CLEANUP_FLAG_MASK_INTERNAL;
GETTIMEOFDAY(&now);
date = mail_date(now.tv_sec);
@ -231,13 +235,13 @@ static void post_mail_init(VSTREAM *stream, const char *sender,
/* post_mail_fopen - prepare for posting a message */
VSTREAM *post_mail_fopen(const char *sender, const char *recipient,
int cleanup_flags, int trace_flags,
int filter_class, int trace_flags,
VSTRING *queue_id)
{
VSTREAM *stream;
stream = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
post_mail_init(stream, sender, recipient, cleanup_flags, trace_flags,
post_mail_init(stream, sender, recipient, filter_class, trace_flags,
queue_id);
return (stream);
}
@ -245,14 +249,14 @@ VSTREAM *post_mail_fopen(const char *sender, const char *recipient,
/* post_mail_fopen_nowait - prepare for posting a message */
VSTREAM *post_mail_fopen_nowait(const char *sender, const char *recipient,
int cleanup_flags, int trace_flags,
int filter_class, int trace_flags,
VSTRING *queue_id)
{
VSTREAM *stream;
if ((stream = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service,
BLOCKING)) != 0)
post_mail_init(stream, sender, recipient, cleanup_flags, trace_flags,
post_mail_init(stream, sender, recipient, filter_class, trace_flags,
queue_id);
return (stream);
}
@ -292,7 +296,7 @@ static void post_mail_open_event(int event, char *context)
event_cancel_timer(post_mail_open_event, context);
event_disable_readwrite(vstream_fileno(state->stream));
post_mail_init(state->stream, state->sender,
state->recipient, state->cleanup_flags,
state->recipient, state->filter_class,
state->trace_flags, state->queue_id);
myfree(state->sender);
myfree(state->recipient);
@ -343,7 +347,7 @@ static void post_mail_open_event(int event, char *context)
/* post_mail_fopen_async - prepare for posting a message */
void post_mail_fopen_async(const char *sender, const char *recipient,
int cleanup_flags, int trace_flags,
int filter_class, int trace_flags,
VSTRING *queue_id,
void (*notify) (VSTREAM *, void *),
void *context)
@ -355,7 +359,7 @@ void post_mail_fopen_async(const char *sender, const char *recipient,
state = (POST_MAIL_STATE *) mymalloc(sizeof(*state));
state->sender = mystrdup(sender);
state->recipient = mystrdup(recipient);
state->cleanup_flags = cleanup_flags;
state->filter_class = filter_class;
state->trace_flags = trace_flags;
state->notify = notify;
state->context = context;

1
postfix/src/global/post_mail.h
View File

@ -21,6 +21,7 @@
* Global library.
*/
#include <cleanup_user.h>
#include <int_filt.h>
/*
* External interface.

4
postfix/src/milter/milter.c
View File

@ -709,13 +709,13 @@ MILTERS *milter_receive(VSTREAM *stream, int count)
return (0);
}
if (head == 0) {
head = milter;
/* Coverity: milter_free() depends on milters->milter_list. */
milters->milter_list = head = milter;
} else {
tail->next = milter;
}
tail = milter;
}
milters->milter_list = head;
(void) attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, 0,

7
postfix/src/milter/milter8.c
View File

@ -1916,6 +1916,9 @@ static void milter8_header(void *ptr, int unused_header_class,
* expose the first header to mail filter applications, otherwise the
* dk-filter signature will be inserted at the wrong position. It should
* precede the headers that it signs.
*
* XXX Sendmail compatibility. It eats the first space (not tab) after the
* header label and ":".
*/
if (msg_ctx->first_header) {
msg_ctx->first_header = 0;
@ -1939,8 +1942,8 @@ static void milter8_header(void *ptr, int unused_header_class,
if (*cp != ':')
msg_panic("%s: header label not followed by ':'", myname);
*cp++ = 0;
/* XXX Following matches mime_state.c */
while (*cp == ' ' || *cp == '\t')
/* XXX Sendmail 8.13.6 eats one space (not tab) after colon. */
if (*cp == ' ')
cp++;
#ifdef SMFIP_NOHREPL
skip_reply = ((milter->ev_mask & SMFIP_NOHREPL) != 0);

2
postfix/src/smtp/lmtp_params.c
View File

@ -16,7 +16,7 @@
VAR_LMTP_TLS_DKEY_FILE, DEF_LMTP_TLS_DKEY_FILE, &var_smtp_tls_dkey_file, 0, 0,
VAR_LMTP_TLS_CA_FILE, DEF_LMTP_TLS_CA_FILE, &var_smtp_tls_CAfile, 0, 0,
VAR_LMTP_TLS_CA_PATH, DEF_LMTP_TLS_CA_PATH, &var_smtp_tls_CApath, 0, 0,
VAR_LMTP_TLS_CIPHERS, DEF_LMTP_TLS_CIPHERS, &var_smtp_tls_ciphers, 1, 0,
VAR_LMTP_TLS_MAND_CIPH, DEF_LMTP_TLS_MAND_CIPH, &var_smtp_tls_mand_ciph, 1, 0,
VAR_LMTP_TLS_EXCL_CIPH, DEF_LMTP_TLS_EXCL_CIPH, &var_smtp_tls_excl_ciph, 0, 0,
VAR_LMTP_TLS_MAND_EXCL, DEF_LMTP_TLS_MAND_EXCL, &var_smtp_tls_mand_excl, 0, 0,
VAR_TLS_HIGH_CLIST, DEF_TLS_HIGH_CLIST, &var_tls_high_clist, 1, 0,

72
postfix/src/smtp/smtp.c
View File

@ -170,12 +170,12 @@
/* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
/* Lookup tables, indexed by the remote SMTP server address, with
/* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
/* etc.) that the SMTP client will ignore in the EHLO response from a
/* etc.) that the Postfix SMTP client will ignore in the EHLO response from a
/* remote SMTP server.
/* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
/* A case insensitive list of EHLO keywords (pipelining, starttls,
/* auth, etc.) that the SMTP client will ignore in the EHLO response
/* from a remote SMTP server.
/* auth, etc.) that the Postfix SMTP client will ignore in the EHLO
/* response from a remote SMTP server.
/* .IP "\fBsmtp_generic_maps (empty)\fR"
/* Optional lookup tables that perform address rewriting in the
/* SMTP client, typically to transform a locally valid address into
@ -212,8 +212,8 @@
/* .fi
/* Available in Postfix version 2.1 and later:
/* .IP "\fBsmtp_send_xforward_command (no)\fR"
/* Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
/* response announces XFORWARD support.
/* Send the non-standard XFORWARD command when the Postfix SMTP server
/* EHLO response announces XFORWARD support.
/* SASL AUTHENTICATION CONTROLS
/* .ad
/* .fi
@ -235,11 +235,12 @@
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
/* Defer mail delivery when an SMTP server does not support SASL
/* authentication, while smtp_sasl_password_maps contains SASL
/* login/password information for that server.
/* If sender-dependent SASL passwords are turned off, defer mail
/* delivery when an SMTP server does not support SASL authentication,
/* while smtp_sasl_password_maps contains SASL login/password information
/* for that server.
/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
/* Enable sender-dependent authentication in the SMTP client; this is
/* Enable sender-dependent authentication in the Postfix SMTP client; this is
/* available only with SASL authentication, and disables SMTP connection
/* caching to ensure that mail from different senders will use the
/* appropriate credentials.
@ -275,15 +276,16 @@
/* .IP "\fBsmtp_tls_cert_file (empty)\fR"
/* File with the Postfix SMTP client RSA certificate in PEM format.
/* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
/* The minimum SMTP client TLS cipher grade that is strong enough to
/* be used with the "encrypt" security level and higher.
/* The minimum TLS cipher grade that the Postfix SMTP client will
/* use with
/* mandatory TLS encryption.
/* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
/* List of ciphers or cipher types to exclude from the SMTP client cipher
/* list at all security levels.
/* List of ciphers or cipher types to exclude from the Postfix
/* SMTP client cipher
/* list at all TLS security levels.
/* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
/* List of ciphers or cipher types to exclude from the SMTP client
/* cipher list at the mandatory TLS security levels: "encrypt", "verify"
/* and "secure".
/* Additional list of ciphers or cipher types to exclude from the
/* SMTP client cipher list at mandatory TLS security levels.
/* .IP "\fBsmtp_tls_dcert_file (empty)\fR"
/* File with the Postfix SMTP client DSA certificate in PEM format.
/* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
@ -295,13 +297,6 @@
/* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
/* Log the hostname of a remote SMTP server that offers STARTTLS,
/* when TLS is not already enabled for that server.
/* .IP "\fBsmtp_tls_policy_maps (empty)\fR"
/* Optional lookup tables with the Postfix SMTP client TLS security
/* policy by next-hop destination; when a non-empty value is specified,
/* this overrides the obsolete smtp_tls_per_site parameter.
/* .IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
/* List of TLS protocol versions that are secure enough to be used
/* with the "encrypt" security level and higher.
/* .IP "\fBsmtp_tls_scert_verifydepth (5)\fR"
/* The verification depth for remote SMTP server certificates.
/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
@ -350,12 +345,15 @@
/* Enforcement mode: require that remote SMTP servers use TLS
/* encryption, and never send mail in the clear.
/* .IP "\fBsmtp_tls_enforce_peername (yes)\fR"
/* When TLS encryption is enforced, require that the remote SMTP
/* With mandatory TLS encryption, require that the remote SMTP
/* server hostname matches the information in the remote SMTP server
/* certificate.
/* .IP "\fBsmtp_tls_per_site (empty)\fR"
/* Optional lookup tables with the Postfix SMTP client TLS usage
/* policy by next-hop destination and by remote SMTP server hostname.
/* .IP "\fBsmtp_tls_cipherlist (empty)\fR"
/* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
/* cipher list.
/* RESOURCE AND RATE CONTROLS
/* .ad
/* .fi
@ -444,6 +442,10 @@
/* The recipient of postmaster notifications about mail delivery
/* problems that are caused by policy, resource, software or protocol
/* errors.
/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
/* What categories of Postfix-generated mail are subject to
/* before-queue content inspection by non_smtpd_milters, header_checks
/* and body_checks.
/* .IP "\fBnotify_classes (resource, software)\fR"
/* The list of error classes that are reported to the postmaster.
/* MISCELLANEOUS CONTROLS
@ -488,17 +490,17 @@
/* The network interface addresses that this mail system receives mail
/* on by way of a proxy or network address translation unit.
/* .IP "\fBsmtp_bind_address (empty)\fR"
/* An optional numerical network address that the SMTP client should
/* bind to when making an IPv4 connection.
/* An optional numerical network address that the Postfix SMTP client
/* should bind to when making an IPv4 connection.
/* .IP "\fBsmtp_bind_address6 (empty)\fR"
/* An optional numerical network address that the SMTP client should
/* bind to when making an IPv6 connection.
/* An optional numerical network address that the Postfix SMTP client
/* should bind to when making an IPv6 connection.
/* .IP "\fBsmtp_helo_name ($myhostname)\fR"
/* The hostname to send in the SMTP EHLO or HELO command.
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
/* The hostname to send in the LMTP LHLO command.
/* .IP "\fBsmtp_host_lookup (dns)\fR"
/* What mechanisms when the SMTP client uses to look up a host's IP
/* What mechanisms when the Postfix SMTP client uses to look up a host's IP
/* address.
/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
/* Randomize the order of equal-preference MX host addresses.
@ -672,7 +674,7 @@ int var_smtp_starttls_tmout;
char *var_smtp_tls_CAfile;
char *var_smtp_tls_CApath;
char *var_smtp_tls_cert_file;
char *var_smtp_tls_ciphers;
char *var_smtp_tls_mand_ciph;
char *var_smtp_tls_excl_ciph;
char *var_smtp_tls_mand_excl;
char *var_smtp_tls_dcert_file;
@ -831,6 +833,7 @@ static void post_init(char *unused_name, char **unused_argv)
static void pre_init(char *unused_name, char **unused_argv)
{
int use_tls;
/*
* Turn on per-peer debugging.
@ -848,12 +851,15 @@ static void pre_init(char *unused_name, char **unused_argv)
VAR_SMTP_SASL_ENABLE);
#endif
if (*var_smtp_tls_level)
use_tls = tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE;
else
use_tls = var_smtp_enforce_tls || var_smtp_use_tls;
/*
* Initialize the TLS data before entering the chroot jail
*/
if (tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE ||
var_smtp_use_tls || var_smtp_enforce_tls ||
var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
#ifdef USE_TLS
tls_client_init_props props;

2
postfix/src/smtp/smtp_chat.c
View File

@ -406,7 +406,7 @@ void smtp_chat_notify(SMTP_SESSION *session)
notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_NOTIFY,
NULL_TRACE_FLAGS, NO_QUEUE_ID);
if (notice == 0) {
msg_warn("postmaster notify: %m");

2
postfix/src/smtp/smtp_params.c
View File

@ -17,7 +17,7 @@
VAR_SMTP_TLS_DKEY_FILE, DEF_SMTP_TLS_DKEY_FILE, &var_smtp_tls_dkey_file, 0, 0,
VAR_SMTP_TLS_CA_FILE, DEF_SMTP_TLS_CA_FILE, &var_smtp_tls_CAfile, 0, 0,
VAR_SMTP_TLS_CA_PATH, DEF_SMTP_TLS_CA_PATH, &var_smtp_tls_CApath, 0, 0,
VAR_SMTP_TLS_CIPHERS, DEF_SMTP_TLS_CIPHERS, &var_smtp_tls_ciphers, 1, 0,
VAR_SMTP_TLS_MAND_CIPH, DEF_SMTP_TLS_MAND_CIPH, &var_smtp_tls_mand_ciph, 1, 0,
VAR_SMTP_TLS_EXCL_CIPH, DEF_SMTP_TLS_EXCL_CIPH, &var_smtp_tls_excl_ciph, 0, 0,
VAR_SMTP_TLS_MAND_EXCL, DEF_SMTP_TLS_MAND_EXCL, &var_smtp_tls_mand_excl, 0, 0,
VAR_TLS_HIGH_CLIST, DEF_TLS_HIGH_CLIST, &var_tls_high_clist, 1, 0,

1
postfix/src/smtp/smtp_proto.c
View File

@ -602,6 +602,7 @@ int smtp_helo(SMTP_STATE *state)
return (smtp_sasl_helo_login(state));
else if (var_smtp_sasl_enable
&& *var_smtp_sasl_passwd
&& !var_smtp_sender_auth
&& var_smtp_sasl_enforce
&& smtp_sasl_passwd_lookup(session) != 0)
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,

8
postfix/src/smtp/smtp_session.c
View File

@ -355,7 +355,7 @@ static void set_cipherlist(SMTP_SESSION *session, int cipher_level, int lmtp)
case TLS_LEV_ENCRYPT:
also_exclude = "eNULL";
if (cipher_level == TLS_CIPHER_NONE)
cipher_level = tls_cipher_level(var_smtp_tls_ciphers);
cipher_level = tls_cipher_level(var_smtp_tls_mand_ciph);
mand_exclude = var_smtp_tls_mand_excl;
break;
@ -363,7 +363,7 @@ static void set_cipherlist(SMTP_SESSION *session, int cipher_level, int lmtp)
case TLS_LEV_SECURE:
also_exclude = "aNULL";
if (cipher_level == TLS_CIPHER_NONE)
cipher_level = tls_cipher_level(var_smtp_tls_ciphers);
cipher_level = tls_cipher_level(var_smtp_tls_mand_ciph);
mand_exclude = var_smtp_tls_mand_excl;
break;
}
@ -372,8 +372,8 @@ static void set_cipherlist(SMTP_SESSION *session, int cipher_level, int lmtp)
also_exclude, TLS_END_EXCLUDE);
if (cipherlist == 0) {
msg_warn("unknown '%s' value '%s' ignored, using 'medium'",
lmtp ? VAR_LMTP_TLS_CIPHERS : VAR_SMTP_TLS_CIPHERS,
var_smtp_tls_ciphers);
lmtp ? VAR_LMTP_TLS_MAND_CIPH : VAR_SMTP_TLS_MAND_CIPH,
var_smtp_tls_mand_ciph);
cipherlist = tls_cipher_list(TLS_CIPHER_MEDIUM, exclude, mand_exclude,
also_exclude, TLS_END_EXCLUDE);
if (cipherlist == 0)

82
postfix/src/smtpd/smtpd.c
View File

@ -262,12 +262,10 @@
/* .fi
/* Detailed information about STARTTLS configuration may be
/* found in the TLS_README document.
/* .IP "\fBsmtpd_use_tls (no)\fR"
/* Opportunistic TLS: announce STARTTLS support to SMTP clients,
/* but do not require that clients use TLS encryption.
/* .IP "\fBsmtpd_enforce_tls (no)\fR"
/* Mandatory TLS: announce STARTTLS support to SMTP clients,
/* and require that clients use TLS encryption.
/* .IP "\fBsmtpd_tls_security_level (empty)\fR"
/* The SMTP TLS security level for the Postfix SMTP server; when
/* a non-empty value is specified, this overrides the obsolete parameters
/* smtpd_use_tls and smtpd_enforce_tls.
/* .IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
/* The SASL authentication security options that the Postfix SMTP
/* server uses for TLS encrypted SMTP sessions.
@ -290,11 +288,9 @@
/* The verification depth for remote SMTP client certificates.
/* .IP "\fBsmtpd_tls_cert_file (empty)\fR"
/* File with the Postfix SMTP server RSA certificate in PEM format.
/* .IP "\fBsmtpd_tls_ciphers (export)\fR"
/* The minimum acceptable SMTP server TLS cipher grade.
/* .IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR"
/* List of ciphers or cipher types to exclude from the SMTP server
/* cipher list.
/* cipher list at all TLS security levels.
/* .IP "\fBsmtpd_tls_dcert_file (empty)\fR"
/* File with the Postfix SMTP server DSA certificate in PEM format.
/* .IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
@ -309,15 +305,23 @@
/* File with the Postfix SMTP server RSA private key in PEM format.
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
/* Enable additional Postfix SMTP server logging of TLS activity.
/* .IP "\fBsmtpd_tls_protocols (empty)\fR"
/* The list of TLS protocols supported by the Postfix SMTP server.
/* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
/* The minimum TLS cipher grade that the Postfix SMTP server will
/* use with mandatory
/* TLS encryption.
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
/* Additional list of ciphers or cipher types to exclude from the
/* SMTP server cipher list at mandatory TLS security levels.
/* .IP "\fBsmtpd_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
/* The TLS protocols accepted by the Postfix SMTP server with
/* mandatory TLS encryption.
/* .IP "\fBsmtpd_tls_received_header (no)\fR"
/* Request that the Postfix SMTP server produces Received: message
/* headers that include information about the protocol and cipher used,
/* as well as the client CommonName and client certificate issuer
/* CommonName.
/* .IP "\fBsmtpd_tls_req_ccert (no)\fR"
/* When TLS encryption is enforced, require a remote SMTP client
/* With mandatory TLS encryption, require a remote SMTP client
/* certificate in order to allow TLS connections to proceed.
/* .IP "\fBsmtpd_tls_session_cache_database (empty)\fR"
/* Name of the file containing the optional Postfix SMTP server
@ -332,12 +336,6 @@
/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
/* process requests from the \fBtlsmgr\fR(8) server in order to seed its
/* internal pseudo random number generator (PRNG).
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_tls_security_level (empty)\fR"
/* The SMTP TLS security level for the Postfix SMTP server; when
/* a non-empty value is specified, this overrides the obsolete parameters
/* smtpd_use_tls and smtpd_enforce_tls.
/* .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
/* The OpenSSL cipherlist for "HIGH" grade ciphers.
/* .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
@ -349,6 +347,21 @@
/* .IP "\fBtls_null_cipherlist (!aNULL:eNULL+kRSA)\fR"
/* The OpenSSL cipherlist for "NULL" grade ciphers that provide
/* authentication without encryption.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
/* The following configuration parameters exist for compatibility
/* with Postfix versions before 2.3. Support for these will
/* be removed in a future release.
/* .IP "\fBsmtpd_use_tls (no)\fR"
/* Opportunistic TLS: announce STARTTLS support to SMTP clients,
/* but do not require that clients use TLS encryption.
/* .IP "\fBsmtpd_enforce_tls (no)\fR"
/* Mandatory TLS: announce STARTTLS support to SMTP clients,
/* and require that clients use TLS encryption.
/* .IP "\fBsmtpd_tls_cipherlist (empty)\fR"
/* Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
/* cipher list.
/* VERP SUPPORT CONTROLS
/* .ad
/* .fi
@ -391,6 +404,10 @@
/* The recipient of postmaster notifications about mail delivery
/* problems that are caused by policy, resource, software or protocol
/* errors.
/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
/* What categories of Postfix-generated mail are subject to
/* before-queue content inspection by non_smtpd_milters, header_checks
/* and body_checks.
/* .IP "\fBnotify_classes (resource, software)\fR"
/* The list of error classes that are reported to the postmaster.
/* .IP "\fBsoft_bounce (no)\fR"
@ -503,7 +520,7 @@
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_peername_lookup (yes)\fR"
/* Attempt to look up the SMTP client hostname, and verify that
/* Attempt to look up the Postfix SMTP client hostname, and verify that
/* the name matches the client IP address.
/* .PP
/* The per SMTP client connection count and request rate limits are
@ -1040,15 +1057,16 @@ bool var_smtpd_tls_ask_ccert;
bool var_smtpd_tls_auth_only;
int var_smtpd_tls_ccert_vd;
char *var_smtpd_tls_cert_file;
char *var_smtpd_tls_ciphers;
char *var_smtpd_tls_mand_ciph;
char *var_smtpd_tls_excl_ciph;
char *var_smtpd_tls_mand_excl;
char *var_smtpd_tls_dcert_file;
char *var_smtpd_tls_dh1024_param_file;
char *var_smtpd_tls_dh512_param_file;
char *var_smtpd_tls_dkey_file;
char *var_smtpd_tls_key_file;
int var_smtpd_tls_loglevel;
char *var_smtpd_tls_protocols;
char *var_smtpd_tls_mand_proto;
bool var_smtpd_tls_received_header;
bool var_smtpd_tls_req_ccert;
int var_smtpd_tls_scache_timeout;
@ -4208,9 +4226,9 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
props.CApath = var_smtpd_tls_CApath;
props.dh1024_param_file = var_smtpd_tls_dh1024_param_file;
props.dh512_param_file = var_smtpd_tls_dh512_param_file;
props.protocols = *var_smtpd_tls_protocols ?
tls_protocol_mask(VAR_SMTPD_TLS_PROTO,
var_smtpd_tls_protocols) : 0;
props.protocols = enforce_tls && *var_smtpd_tls_mand_proto ?
tls_protocol_mask(VAR_SMTPD_TLS_MAND_PROTO,
var_smtpd_tls_mand_proto) : 0;
props.ask_ccert = var_smtpd_tls_ask_ccert;
/*
@ -4232,19 +4250,26 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
msg_warn("Can't require client certs unless TLS is required");
props.cipherlist =
tls_cipher_list(tls_cipher_level(var_smtpd_tls_ciphers),
tls_cipher_list(enforce_tls ?
tls_cipher_level(var_smtpd_tls_mand_ciph) :
TLS_CIPHER_EXPORT,
var_smtpd_tls_excl_ciph,
havecert ? "" : "aRSA aDSS",
wantcert ? "aNULL" : "",
enforce_tls ? var_smtpd_tls_mand_excl :
TLS_END_EXCLUDE,
TLS_END_EXCLUDE);
if (props.cipherlist == 0) {
msg_warn("unknown '%s' value '%s' ignored, using 'export'",
VAR_SMTPD_TLS_CIPHERS, var_smtpd_tls_ciphers);
VAR_SMTPD_TLS_MAND_CIPH, var_smtpd_tls_mand_ciph);
props.cipherlist =
tls_cipher_list(TLS_CIPHER_EXPORT,
var_smtpd_tls_excl_ciph,
havecert ? "" : "aRSA aDSS",
wantcert ? "aNULL" : "",
enforce_tls ? var_smtpd_tls_mand_excl :
TLS_END_EXCLUDE,
TLS_END_EXCLUDE);
}
if (havecert || oknocert)
@ -4470,14 +4495,15 @@ int main(int argc, char **argv)
VAR_SMTPD_TLS_DKEY_FILE, DEF_SMTPD_TLS_DKEY_FILE, &var_smtpd_tls_dkey_file, 0, 0,
VAR_SMTPD_TLS_CA_FILE, DEF_SMTPD_TLS_CA_FILE, &var_smtpd_tls_CAfile, 0, 0,
VAR_SMTPD_TLS_CA_PATH, DEF_SMTPD_TLS_CA_PATH, &var_smtpd_tls_CApath, 0, 0,
VAR_SMTPD_TLS_CIPHERS, DEF_SMTPD_TLS_CIPHERS, &var_smtpd_tls_ciphers, 1, 0,
VAR_SMTPD_TLS_MAND_CIPH, DEF_SMTPD_TLS_MAND_CIPH, &var_smtpd_tls_mand_ciph, 1, 0,
VAR_SMTPD_TLS_EXCL_CIPH, DEF_SMTPD_TLS_EXCL_CIPH, &var_smtpd_tls_excl_ciph, 0, 0,
VAR_SMTPD_TLS_MAND_EXCL, DEF_SMTPD_TLS_MAND_EXCL, &var_smtpd_tls_mand_excl, 0, 0,
VAR_TLS_HIGH_CLIST, DEF_TLS_HIGH_CLIST, &var_tls_high_clist, 1, 0,
VAR_TLS_MEDIUM_CLIST, DEF_TLS_MEDIUM_CLIST, &var_tls_medium_clist, 1, 0,
VAR_TLS_LOW_CLIST, DEF_TLS_LOW_CLIST, &var_tls_low_clist, 1, 0,
VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_clist, 1, 0,
VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0,
VAR_SMTPD_TLS_PROTO, DEF_SMTPD_TLS_PROTO, &var_smtpd_tls_protocols, 0, 0,
VAR_SMTPD_TLS_MAND_PROTO, DEF_SMTPD_TLS_MAND_PROTO, &var_smtpd_tls_mand_proto, 0, 0,
VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0,
VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0,
#endif

2
postfix/src/smtpd/smtpd_chat.c
View File

@ -227,7 +227,7 @@ void smtpd_chat_notify(SMTPD_STATE *state)
notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt,
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_NOTIFY,
NULL_TRACE_FLAGS, NO_QUEUE_ID);
if (notice == 0) {
msg_warn("postmaster notify: %m");

2
postfix/src/verify/verify.c
View File

@ -459,7 +459,7 @@ static void verify_query_service(VSTREAM *client_stream)
STR(addr), addr_status, now, updated);
post_mail_fopen_async(strcmp(var_verify_sender, "<>") == 0 ?
"" : var_verify_sender, STR(addr),
CLEANUP_FLAG_MASK_INTERNAL,
INT_FILT_NONE,
DEL_REQ_FLAG_MTA_VRFY,
(VSTRING *) 0,
verify_post_mail_action,