diff --git a/postfix/HISTORY b/postfix/HISTORY index f3ac16eaa..d5e025621 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -27210,7 +27210,7 @@ Apologies for any names omitted. 20230523 - Cleanup: use TLS_CLIENT_PARAMS to pass the OpensSSL 'init' + Cleanup: use TLS_CLIENT_PARAMS to pass the OpenSSL 'init' configuration settings. These are global, i.e. apply to all client TLS contexts, and they do not belong in tls_client_init() or tls_client_start() calls. The tlsproxy(8) server uses @@ -27229,3 +27229,20 @@ Apologies for any names omitted. and tls_config_name configuration parameters. Files: smtp/smtp.c, smtpd/smtpd.c, tls/tls_client.c, tls/tls.h, tls/tls_server.c, tlsproxy/tlsproxy.c, + +20230526 + + Documentation: clarified address class descriptions; added + the availability of back-ported OpenSSL INI file support + in stable releases. Files: proto/ADDRESS_CLASS_README.html, + proto/postconf.proto smtp/smtp.c, smtpd/smtpd.c, + tlsproxy/tlsproxy.c. + + Security: in the Postfix SMTP daemon, improved pipelining + detection and reporting; and detect illegal command pipelining + before the server greeting. File: smtpd/smtpd.c. + +20230529 + + Cleanup: error handling for OpenSSL INI file support. Viktor + Dukhovni. Files: proto/postconf.proto, tls/tls_misc.c. diff --git a/postfix/README_FILES/ADDRESS_CLASS_README b/postfix/README_FILES/ADDRESS_CLASS_README index 7605aa281..774976e73 100644 --- a/postfix/README_FILES/ADDRESS_CLASS_README +++ b/postfix/README_FILES/ADDRESS_CLASS_README @@ -25,18 +25,23 @@ important for the operation of Postfix. An address class is defined by three items. - * The list of domains that are a member of that address class: for example, - all local domains, or all relay domains. + * The list of domains that are a member of that address class. - * The default delivery transport for that address class. For example, the - local, virtual or relay delivery transport (delivery transports are defined - in master.cf). This helps to keep Postfix configurations simple, by - avoiding the need for explicit routing information in transport maps. + Examples: all local domains, or all relay domains. - * The list of valid recipient addresses for that address class. The Postfix - SMTP server rejects invalid recipients with "User unknown in table". This helps to keep the Postfix queue free of - undeliverable MAILER-DAEMON messages. + * The default delivery transport for domains in that address class. + + Examples: local_transport or relay_transport (these point to services + defined in master.cf). + + Benefit: this avoids the need for explicit routing information in transport + maps. + + * The list of valid recipient addresses for that address class. + + Benefit: the Postfix SMTP server rejects an invalid recipient with "User + unknown in table", and avoids sending a MAILER- + DAEMON message with backscatter spam. WWhhaatt aaddddrreessss ccllaasssseess ddooeess PPoossttffiixx iimmpplleemmeenntt?? @@ -56,11 +61,11 @@ The local domain class. also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces or proxy_interfaces parameters. - * Valid recipient addresses are listed with the local_recipient_maps - parameter, as described in LOCAL_RECIPIENT_README. The Postfix SMTP server - rejects invalid recipients with "User unknown in local recipient table". If - the local_recipient_maps parameter value is empty, then the Postfix SMTP - server accepts any address in the local domain class. + * Valid recipient addresses for those domains are listed with the + local_recipient_maps parameter, as described in LOCAL_RECIPIENT_README. The + Postfix SMTP server rejects invalid recipients with "User unknown in local + recipient table". If the local_recipient_maps parameter value is empty, + then the Postfix SMTP server accepts any address in the local domain class. * The mail delivery transport is specified with the local_transport parameter. The default value is llooccaall::$$mmyyhhoossttnnaammee for delivery with the @@ -69,20 +74,23 @@ The local domain class. The virtual alias domain class. * Purpose: hosted domains where each recipient address is aliased to an - address in a different domain, for example, a local UNIX system account or - a remote address. A virtual alias example is given in the VIRTUAL_README - file. + address in a different domain class, for example, a local UNIX system + account or a remote address. A virtual alias example is given in the + VIRTUAL_README file. * Domain names are listed in virtual_alias_domains. The default value is $virtual_alias_maps for Postfix 1.1 compatibility. - * Valid recipient addresses are listed with the virtual_alias_maps parameter. - The Postfix SMTP server rejects invalid recipients with "User unknown in - virtual alias table". The default value is $virtual_maps for Postfix 1.1 - compatibility. + * Valid recipient addresses for those domains are listed with the + virtual_alias_maps parameter. The Postfix SMTP server rejects invalid + recipients with "User unknown in virtual alias table". The default value is + $virtual_maps for Postfix 1.1 compatibility. - * There is no mail delivery transport parameter. Every address must be - aliased to an address in some other domain. + Note: for historical reasons, virtual_alias_maps apply to recipients in + all domain classes, not only the virtual alias domain class. + + * There is no configurable mail delivery transport. Every address must be + aliased to an address in some other domain class. The virtual mailbox domain class. @@ -93,11 +101,11 @@ The virtual mailbox domain class. * Domain names are listed with the virtual_mailbox_domains parameter. The default value is $virtual_mailbox_maps for Postfix 1.1 compatibility. - * Valid recipient addresses are listed with the virtual_mailbox_maps - parameter. The Postfix SMTP server rejects invalid recipients with "User - unknown in virtual mailbox table". If this parameter value is empty, the - Postfix SMTP server accepts all recipients for domains listed in - $virtual_mailbox_domains. + * Valid recipient addresses for those domains are listed with the + virtual_mailbox_maps parameter. The Postfix SMTP server rejects invalid + recipients with "User unknown in virtual mailbox table". If this parameter + value is empty, the Postfix SMTP server accepts all recipients for domains + listed in $virtual_mailbox_domains. * The mail delivery transport is specified with the virtual_transport parameter. The default value is vviirrttuuaall for delivery with the virtual(8) @@ -113,11 +121,11 @@ The relay domain class. * Domain names are listed with the relay_domains parameter. - * Valid recipient addresses are listed with the relay_recipient_maps - parameter. The Postfix SMTP server rejects invalid recipients with "User - unknown in relay recipient table". If this parameter value is empty, the - Postfix SMTP server accepts all recipients for domains listed with the - relay_domains parameter. + * Valid recipient addresses for those domains are listed with the + relay_recipient_maps parameter. The Postfix SMTP server rejects invalid + recipients with "User unknown in relay recipient table". If this parameter + value is empty, the Postfix SMTP server accepts all recipients for domains + listed with the relay_domains parameter. * The mail delivery transport is specified with the relay_transport parameter. The default value is rreellaayy which is a clone of the smtp(8) diff --git a/postfix/html/ADDRESS_CLASS_README.html b/postfix/html/ADDRESS_CLASS_README.html index ec46627cf..179d13dd8 100644 --- a/postfix/html/ADDRESS_CLASS_README.html +++ b/postfix/html/ADDRESS_CLASS_README.html @@ -52,20 +52,25 @@ address classes are very important for the operation of Postfix.

@@ -92,12 +97,12 @@ This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces or proxy_interfaces parameters.

-

  • Valid recipient addresses are listed with the local_recipient_maps -parameter, as described in LOCAL_RECIPIENT_README. The Postfix SMTP -server rejects invalid recipients with "User unknown in local -recipient table". If the local_recipient_maps parameter value is -empty, then the Postfix SMTP server accepts any address in the -local domain class.

    +

  • Valid recipient addresses for those domains are +listed with the local_recipient_maps parameter, as described in +LOCAL_RECIPIENT_README. The Postfix SMTP server rejects invalid recipients +with "User unknown in local recipient table". If the local_recipient_maps +parameter value is empty, then the Postfix SMTP server accepts any +address in the local domain class.

  • The mail delivery transport is specified with the local_transport parameter. The default value is local:$myhostname @@ -111,21 +116,25 @@ class.

    • Purpose: hosted domains where each recipient address is -aliased to an address in a different domain, for example, a local -UNIX system account or a remote address. A +aliased to an address in a different domain class, for example, a +local UNIX system account or a remote address. A virtual alias example is given in the VIRTUAL_README file.

    • Domain names are listed in virtual_alias_domains. The default value is $virtual_alias_maps for Postfix 1.1 compatibility.

      -

    • Valid recipient addresses are listed with the virtual_alias_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in virtual alias table". The default value is -$virtual_maps for Postfix 1.1 compatibility.

      +

    • Valid recipient addresses for those domains are listed with the +virtual_alias_maps parameter. The Postfix SMTP server rejects invalid +recipients with "User unknown in virtual alias table". The default +value is $virtual_maps for Postfix 1.1 compatibility.

      -

    • There is no mail delivery transport parameter. Every -address must be aliased to an address in some other domain.

      +

      Note: for historical reasons, virtual_alias_maps +apply to recipients in all domain classes, not only the virtual +alias domain class.

      + +

    • There is no configurable mail delivery transport. Every +address must be aliased to an address in some other domain class.

    @@ -136,18 +145,19 @@ class.

  • Purpose: final delivery for hosted domains where each recipient address can have its own mailbox, and where users do not -need to have a UNIX system account. A virtual mailbox example is +need to have a UNIX system account. A virtual mailbox example is given in the VIRTUAL_README file.

  • Domain names are listed with the virtual_mailbox_domains parameter. The default value is $virtual_mailbox_maps for Postfix 1.1 compatibility.

    -

  • Valid recipient addresses are listed with the virtual_mailbox_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in virtual mailbox table". If this parameter value -is empty, the Postfix SMTP server accepts all recipients for domains -listed in $virtual_mailbox_domains.

    +

  • Valid recipient addresses for those domains are listed +with the virtual_mailbox_maps parameter. The Postfix SMTP server +rejects invalid recipients with "User unknown in virtual mailbox +table". If this parameter value is empty, the Postfix SMTP server +accepts all recipients for domains listed in $virtual_mailbox_domains. +

  • The mail delivery transport is specified with the virtual_transport parameter. The default value is virtual @@ -169,11 +179,12 @@ file.

  • Domain names are listed with the relay_domains parameter.

    -

  • Valid recipient addresses are listed with the relay_recipient_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in relay recipient table". If this parameter value -is empty, the Postfix SMTP server accepts all recipients for domains -listed with the relay_domains parameter.

    +

  • Valid recipient addresses for those domains are listed +with the relay_recipient_maps parameter. The Postfix SMTP server +rejects invalid recipients with "User unknown in relay recipient +table". If this parameter value is empty, the Postfix SMTP server +accepts all recipients for domains listed with the relay_domains +parameter.

  • The mail delivery transport is specified with the relay_transport parameter. The default value is relay which diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index c6e5cc0af..c3f707484 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -715,7 +715,7 @@ SMTP(8) SMTP(8) (FFDHE) key exchange groups supported by the Postfix SMTP client and server. - Available in Postfix version 3.9 and later: + Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: tls_config_file (default) Optional configuration file with baseline OpenSSL settings. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index f4e8be08b..f97971d31 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -19297,11 +19297,10 @@ the default "openssl_conf" name. -

    Failures in processing of the built-in default configuration -file, are silently ignored with OpenSSL prior to 1.1.1b. With later -OpenSSL releases, any errors in loading either the default or custom -configuration file are detected by Postfix, and cause TLS support to -be disabled.

    +

    Failures in processing of the built-in default configuration file, +are silently ignored. Any errors in loading a non-default configuration +file are detected by Postfix, and cause TLS support to be disabled. +

    The OpenSSL configuration file format is not documented here, beyond giving two examples.

    @@ -19349,7 +19348,8 @@ MinProtocol = TLSv1 -

    This feature is available in Postfix ≥ 3.9.

    +

    This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, +3.6.10, and 3.5.20.

    diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index c6e5cc0af..c3f707484 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -715,7 +715,7 @@ SMTP(8) SMTP(8) (FFDHE) key exchange groups supported by the Postfix SMTP client and server. - Available in Postfix version 3.9 and later: + Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: tls_config_file (default) Optional configuration file with baseline OpenSSL settings. diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 02df5a2b1..c8255eba6 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -639,7 +639,7 @@ SMTPD(8) SMTPD(8) (FFDHE) key exchange groups supported by the Postfix SMTP client and server. - Available in Postfix version 3.9 and later: + Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: tls_config_file (default) Optional configuration file with baseline OpenSSL settings. diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index d8a949d7c..c5e4a7b5e 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -160,7 +160,7 @@ TLSPROXY(8) TLSPROXY(8) (FFDHE) key exchange groups supported by the Postfix SMTP client and server. - Available in Postfix version 3.9 and later: + Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: tls_config_file (default) Optional configuration file with baseline OpenSSL settings. diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 9ecb0a2f0..4dd9d5fca 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -13668,11 +13668,9 @@ the default "openssl_conf" name. .br .br .PP -Failures in processing of the built\-in default configuration -file, are silently ignored with OpenSSL prior to 1.1.1b. With later -OpenSSL releases, any errors in loading either the default or custom -configuration file are detected by Postfix, and cause TLS support to -be disabled. +Failures in processing of the built\-in default configuration file, +are silently ignored. Any errors in loading a non\-default configuration +file are detected by Postfix, and cause TLS support to be disabled. .PP The OpenSSL configuration file format is not documented here, beyond giving two examples. @@ -13728,7 +13726,8 @@ MinProtocol = TLSv1 .ft R .in -4 .PP -This feature is available in Postfix >= 3.9. +This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6, +3.6.10, and 3.5.20. .SH tls_config_name (default: empty) The application name passed by Postfix to OpenSSL library initialization functions. This name is used to select the desired diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 9294dd30f..a4509d8e3 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -641,7 +641,7 @@ The prioritized list of finite\-field Diffie\-Hellman ephemeral (FFDHE) key exchange groups supported by the Postfix SMTP client and server. .PP -Available in Postfix version 3.9 and later: +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: .IP "\fBtls_config_file (default)\fR" Optional configuration file with baseline OpenSSL settings. .IP "\fBtls_config_name (empty)\fR" diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 0e92c98ce..db472281d 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -565,7 +565,7 @@ The prioritized list of finite\-field Diffie\-Hellman ephemeral (FFDHE) key exchange groups supported by the Postfix SMTP client and server. .PP -Available in Postfix version 3.9 and later: +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: .IP "\fBtls_config_file (default)\fR" Optional configuration file with baseline OpenSSL settings. .IP "\fBtls_config_name (empty)\fR" diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8 index ce0117d48..6913b7bbf 100644 --- a/postfix/man/man8/tlsproxy.8 +++ b/postfix/man/man8/tlsproxy.8 @@ -159,7 +159,7 @@ The prioritized list of finite\-field Diffie\-Hellman ephemeral (FFDHE) key exchange groups supported by the Postfix SMTP client and server. .PP -Available in Postfix version 3.9 and later: +Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: .IP "\fBtls_config_file (default)\fR" Optional configuration file with baseline OpenSSL settings. .IP "\fBtls_config_name (empty)\fR" diff --git a/postfix/proto/ADDRESS_CLASS_README.html b/postfix/proto/ADDRESS_CLASS_README.html index 7a30535d3..5deac1127 100644 --- a/postfix/proto/ADDRESS_CLASS_README.html +++ b/postfix/proto/ADDRESS_CLASS_README.html @@ -52,20 +52,25 @@ address classes are very important for the operation of Postfix.

    • The list of domains that are a member of that address -class: for example, all local domains, or all relay domains.

      +class.

      -

    • The default delivery transport for that address class. For -example, the local, -virtual or relay delivery transport (delivery transports are defined -in master.cf). This helps to keep Postfix configurations simple, -by avoiding the need for explicit routing information in transport -maps.

      +

      Examples: all local domains, or all relay domains.

      + +

    • The default delivery transport for domains in that address +class.

      + +

      Examples: local_transport or relay_transport (these point +to services defined in master.cf).

      + +

      Benefit: this avoids the need for explicit routing information +in transport maps.

    • The list of valid recipient addresses for that address -class. The Postfix SMTP server rejects invalid recipients with -"User unknown in <name of address class here> table". This -helps to keep the Postfix queue free of undeliverable MAILER-DAEMON -messages.

      +class.

      + +

      Benefit: the Postfix SMTP server rejects an invalid recipient +with "User unknown in <name of address class> table", and +avoids sending a MAILER-DAEMON message with backscatter spam.

    @@ -92,12 +97,12 @@ This domain class also includes mail for user@[ipaddress] when the IP address is listed with the inet_interfaces or proxy_interfaces parameters.

    -

  • Valid recipient addresses are listed with the local_recipient_maps -parameter, as described in LOCAL_RECIPIENT_README. The Postfix SMTP -server rejects invalid recipients with "User unknown in local -recipient table". If the local_recipient_maps parameter value is -empty, then the Postfix SMTP server accepts any address in the -local domain class.

    +

  • Valid recipient addresses for those domains are +listed with the local_recipient_maps parameter, as described in +LOCAL_RECIPIENT_README. The Postfix SMTP server rejects invalid recipients +with "User unknown in local recipient table". If the local_recipient_maps +parameter value is empty, then the Postfix SMTP server accepts any +address in the local domain class.

  • The mail delivery transport is specified with the local_transport parameter. The default value is local:$myhostname @@ -111,21 +116,25 @@ class.

    • Purpose: hosted domains where each recipient address is -aliased to an address in a different domain, for example, a local -UNIX system account or a remote address. A +aliased to an address in a different domain class, for example, a +local UNIX system account or a remote address. A virtual alias example is given in the VIRTUAL_README file.

    • Domain names are listed in virtual_alias_domains. The default value is $virtual_alias_maps for Postfix 1.1 compatibility.

      -

    • Valid recipient addresses are listed with the virtual_alias_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in virtual alias table". The default value is -$virtual_maps for Postfix 1.1 compatibility.

      +

    • Valid recipient addresses for those domains are listed with the +virtual_alias_maps parameter. The Postfix SMTP server rejects invalid +recipients with "User unknown in virtual alias table". The default +value is $virtual_maps for Postfix 1.1 compatibility.

      -

    • There is no mail delivery transport parameter. Every -address must be aliased to an address in some other domain.

      +

      Note: for historical reasons, virtual_alias_maps +apply to recipients in all domain classes, not only the virtual +alias domain class.

      + +

    • There is no configurable mail delivery transport. Every +address must be aliased to an address in some other domain class.

    @@ -136,18 +145,19 @@ class.

  • Purpose: final delivery for hosted domains where each recipient address can have its own mailbox, and where users do not -need to have a UNIX system account. A virtual mailbox example is +need to have a UNIX system account. A virtual mailbox example is given in the VIRTUAL_README file.

  • Domain names are listed with the virtual_mailbox_domains parameter. The default value is $virtual_mailbox_maps for Postfix 1.1 compatibility.

    -

  • Valid recipient addresses are listed with the virtual_mailbox_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in virtual mailbox table". If this parameter value -is empty, the Postfix SMTP server accepts all recipients for domains -listed in $virtual_mailbox_domains.

    +

  • Valid recipient addresses for those domains are listed +with the virtual_mailbox_maps parameter. The Postfix SMTP server +rejects invalid recipients with "User unknown in virtual mailbox +table". If this parameter value is empty, the Postfix SMTP server +accepts all recipients for domains listed in $virtual_mailbox_domains. +

  • The mail delivery transport is specified with the virtual_transport parameter. The default value is virtual @@ -169,11 +179,12 @@ file.

  • Domain names are listed with the relay_domains parameter.

    -

  • Valid recipient addresses are listed with the relay_recipient_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in relay recipient table". If this parameter value -is empty, the Postfix SMTP server accepts all recipients for domains -listed with the relay_domains parameter.

    +

  • Valid recipient addresses for those domains are listed +with the relay_recipient_maps parameter. The Postfix SMTP server +rejects invalid recipients with "User unknown in relay recipient +table". If this parameter value is empty, the Postfix SMTP server +accepts all recipients for domains listed with the relay_domains +parameter.

  • The mail delivery transport is specified with the relay_transport parameter. The default value is relay which diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index f89164999..8f5524075 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -18793,11 +18793,10 @@ the default "openssl_conf" name. -

    Failures in processing of the built-in default configuration -file, are silently ignored with OpenSSL prior to 1.1.1b. With later -OpenSSL releases, any errors in loading either the default or custom -configuration file are detected by Postfix, and cause TLS support to -be disabled.

    +

    Failures in processing of the built-in default configuration file, +are silently ignored. Any errors in loading a non-default configuration +file are detected by Postfix, and cause TLS support to be disabled. +

    The OpenSSL configuration file format is not documented here, beyond giving two examples.

    @@ -18845,4 +18844,5 @@ MinProtocol = TLSv1 -

    This feature is available in Postfix ≥ 3.9.

    +

    This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, +3.6.10, and 3.5.20.

    diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 1826107aa..ad2827ab0 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -12,7 +12,6 @@ Fix by Viktor Dukhovni Files tls tls h tls tls_dane c Discovered by Benny Pedersen File postscreen postscreen c proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c - proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c src global mail_params h src smtp smtp c attacks Fix by Viktor Dukhovni Files tls tls h tls_client c @@ -25,16 +24,13 @@ arguments Files src dns dns h src dns dns_rr_eq_sa c only a subset of all arguments Files src dns dns h global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c - global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c tls tls_proxy_client_scan c tls tls_proxy h tlsproxy tlsproxy c smtp smtp c smtpd smtpd c tls tls_misc c - smtp smtp c smtpd smtpd c tls tls_misc c proto proto SASL_README html proto SQLITE_README html proto postconf proto global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c tls tls_proxy_client_misc c tls tls_proxy h tlsproxy tlsproxy c postfix postfix c postlog postlog c - postfix postfix c postlog postlog c util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c File smtp smtp h @@ -43,8 +39,6 @@ proto proto SASL_README html proto SQLITE_README html proto proto ADDRESS_REWRITING_README html proto postconf proto proto ADDRESS_REWRITING_README html cleanup cleanup c local local c smtpd smtpd c - cleanup cleanup c local local c smtpd smtpd c - cleanup cleanup c local local c smtpd smtpd c postfix postfix c aliasing Files proto aliases proto virtual postfix postfix c proto proto aliases proto virtual proto ADDRESS_REWRITING_README html @@ -53,3 +47,13 @@ proto proto aliases proto virtual proto ADDRESS_REWRITING_README html posttls finger posttls finger c smtp smtp c smtp smtp_proto c tls tls_client c tls tls h tls tls_misc c tls tls_proxy h tls tls_server c tlsproxy tlsproxy c + Cleanup removed some the the instances Files + clients Files posttls finger posttls finger c smtp smtp c + smtp smtp c smtp smtp_proto c tls tls_client c tls tls h + smtp smtp c smtpd smtpd c tls tls_client c tls tls h + smtp smtp_proto c tls tls h tls tls_proxy_client_misc c + tls tls_server c tlsproxy tlsproxy c + tlsproxy tlsproxy c + proto postconf proto smtp smtp c smtpd smtpd c + pipelining before the server greeting File smtpd smtpd c + before the server greeting File smtpd smtpd c diff --git a/postfix/proto/stop.double-proto-html b/postfix/proto/stop.double-proto-html index 5f50df096..3d69cd0a6 100644 --- a/postfix/proto/stop.double-proto-html +++ b/postfix/proto/stop.double-proto-html @@ -250,3 +250,5 @@ initial_ssl_settings initial_ssl_settings postfix_settings postfix_settings postfix_ssl_settings postfix_ssl_settings baseline_postfix_settings baseline_postfix_settings + The and match and literally Without the the + The matches literally Without the the would diff --git a/postfix/proto/stop.spell-history b/postfix/proto/stop.spell-history index ccaef1f1f..09192073f 100644 --- a/postfix/proto/stop.spell-history +++ b/postfix/proto/stop.spell-history @@ -58,3 +58,4 @@ Piekert refactored Fumiyasu SATOH +INI diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index aa76baa2d..e47b9da01 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20230524" +#define MAIL_RELEASE_DATE "20230529" #define MAIL_VERSION_NUMBER "3.9" #ifdef SNAPSHOT diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 1581771dc..ba014919e 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -607,7 +607,7 @@ /* (FFDHE) key exchange groups supported by the Postfix SMTP client and /* server. /* .PP -/* Available in Postfix version 3.9 and later: +/* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: /* .IP "\fBtls_config_file (default)\fR" /* Optional configuration file with baseline OpenSSL settings. /* .IP "\fBtls_config_name (empty)\fR" diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index dbf3ce986..f6f91c6d0 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -531,7 +531,7 @@ /* (FFDHE) key exchange groups supported by the Postfix SMTP client and /* server. /* .PP -/* Available in Postfix version 3.9 and later: +/* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: /* .IP "\fBtls_config_file (default)\fR" /* Optional configuration file with baseline OpenSSL settings. /* .IP "\fBtls_config_name (empty)\fR" @@ -5448,6 +5448,32 @@ static SMTPD_CMD smtpd_cmd_table[] = { static STRING_LIST *smtpd_noop_cmds; static STRING_LIST *smtpd_forbid_cmds; +/* smtpd_flag_ill_pipelining - flag pipelining protocol violation */ + +static int smtpd_flag_ill_pipelining(SMTPD_STATE *state) +{ + + /* + * This code will not return after I/O error, timeout, or EOF. VSTREAM + * exceptions must be enabled in advance with smtp_stream_setup(). + */ + if (vstream_peek(state->client) == 0 + && peekfd(vstream_fileno(state->client)) > 0) + (void) vstream_ungetc(state->client, smtp_fgetc(state->client)); + if (vstream_peek(state->client) > 0) { + if (state->expand_buf == 0) + state->expand_buf = vstring_alloc(100); + escape(state->expand_buf, vstream_peek_data(state->client), + vstream_peek(state->client) < 100 ? + vstream_peek(state->client) : 100); + msg_info("improper command pipelining after %s from %s: %s", + state->where, state->namaddr, STR(state->expand_buf)); + state->flags |= SMTPD_FLAG_ILL_PIPELINING; + return (1); + } + return (0); +} + /* smtpd_proto - talk the SMTP protocol */ static void smtpd_proto(SMTPD_STATE *state) @@ -5589,6 +5615,16 @@ static void smtpd_proto(SMTPD_STATE *state) } #endif + /* + * If the client spoke before the server sends the initial greeting, + * raise a flag and log the content of the protocol violation. This + * check MUST NOT apply to TLS wrappermode connections. + */ + if (SMTPD_STAND_ALONE(state) == 0 + && vstream_context(state->client) == 0 /* not postscreen */ + && (state->flags & SMTPD_FLAG_ILL_PIPELINING) == 0) + (void) smtpd_flag_ill_pipelining(state); + /* * XXX The client connection count/rate control must be consistent in * its use of client address information in connect and disconnect @@ -5824,18 +5860,8 @@ static void smtpd_proto(SMTPD_STATE *state) if (SMTPD_STAND_ALONE(state) == 0 && (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0 || (cmdp->flags & SMTPD_CMD_FLAG_LAST)) - && (state->flags & SMTPD_FLAG_ILL_PIPELINING) == 0 - && (vstream_peek(state->client) > 0 - || peekfd(vstream_fileno(state->client)) > 0)) { - if (state->expand_buf == 0) - state->expand_buf = vstring_alloc(100); - escape(state->expand_buf, vstream_peek_data(state->client), - vstream_peek(state->client) < 100 ? - vstream_peek(state->client) : 100); - msg_info("improper command pipelining after %s from %s: %s", - cmdp->name, state->namaddr, STR(state->expand_buf)); - state->flags |= SMTPD_FLAG_ILL_PIPELINING; - } + && (state->flags & SMTPD_FLAG_ILL_PIPELINING) == 0) + (void) smtpd_flag_ill_pipelining(state); if (cmdp->action(state, argc, argv) != 0) state->error_count++; else diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index d91e43f23..8c087d5a5 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -702,7 +702,7 @@ void tls_param_init(void) int tls_library_init(void) { - OPENSSL_INIT_SETTINGS *init_settings = 0; + OPENSSL_INIT_SETTINGS *init_settings; char *conf_name = *var_tls_cnf_name ? var_tls_cnf_name : 0; char *conf_file = 0; unsigned long init_opts = 0; @@ -712,6 +712,10 @@ int tls_library_init(void) "disabling TLS support"); return (0); } + +#define TLS_LIB_INIT_RETURN(x) \ + do { OPENSSL_INIT_free(init_settings); return (x); } while(0) + #if OPENSSL_VERSION_NUMBER < 0x1010102fL /* @@ -722,41 +726,49 @@ int tls_library_init(void) if (strcmp(var_tls_cnf_file, "default") != 0) { msg_warn("non-default %s = %s requires OpenSSL 1.1.1b or later, " "disabling TLS support", VAR_TLS_CNF_FILE, var_tls_cnf_file); - return (0); + TLS_LIB_INIT_RETURN(0); } #else { - unsigned long init_flags = 0; + unsigned long file_flags = 0; /*- * OpenSSL 1.1.1b or later: - * We can now choose a non-default or configuration file, or + * We can now use a non-default configuration file, or * use none at all. We can also request strict error * reporting. */ - if (strcmp(var_tls_cnf_file, "default") == 0) { - conf_file = 0; - /* The default global config file is optional */ - init_flags |= CONF_MFLAGS_IGNORE_MISSING_FILE; - } else if (strcmp(var_tls_cnf_file, "none") == 0) { + if (strcmp(var_tls_cnf_file, "none") == 0) { init_opts |= OPENSSL_INIT_NO_LOAD_CONFIG; + } else if (strcmp(var_tls_cnf_file, "default") == 0) { + + /* + * The default global config file is optional. With "default" + * initialization we don't insist on a match for the requested + * application name, allowing fallback to the default application + * name, even when a non-default application name is specified. + * Errors in loading the default configuration are ignored. + */ + conf_file = 0; + file_flags |= CONF_MFLAGS_IGNORE_MISSING_FILE; + file_flags |= CONF_MFLAGS_DEFAULT_SECTION; + file_flags |= CONF_MFLAGS_IGNORE_RETURN_CODES | CONF_MFLAGS_SILENT; } else if (*var_tls_cnf_file == '/') { + + /* + * A custom config file must be present, error reporting is + * strict and the configuration section for the requested + * application name does not fall back to "openssl_conf" when + * missing. + */ conf_file = var_tls_cnf_file; } else { msg_warn("non-default %s = %s is not an absolute pathname, " "disabling TLS support", VAR_TLS_CNF_FILE, var_tls_cnf_file); - return (0); + TLS_LIB_INIT_RETURN(0); } - /* - * By not including CONF_MFLAGS_IGNORE_RETURN_CODES, we get strict - * error reporting. We don't insist on a match for the requested - * application name, allowing fallback to the default application - * name, even when a non-default application name is specified by - * always setting the CONF_MFLAGS_DEFAULT_SECTION bit. - */ - init_flags |= CONF_MFLAGS_DEFAULT_SECTION; - OPENSSL_INIT_set_config_file_flags(init_settings, init_flags); + OPENSSL_INIT_set_config_file_flags(init_settings, file_flags); } #endif @@ -775,9 +787,9 @@ int tls_library_init(void) msg_warn("error initializing the OpenSSL library, " "disabling TLS support"); tls_print_errors(); - return (0); + TLS_LIB_INIT_RETURN(0); } - return (1); + TLS_LIB_INIT_RETURN(1); } /* tls_pre_jail_init - Load TLS related pre-jail tables */ diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 8ce666db5..7c0d8147b 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -143,7 +143,7 @@ /* (FFDHE) key exchange groups supported by the Postfix SMTP client and /* server. /* .PP -/* Available in Postfix version 3.9 and later: +/* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: /* .IP "\fBtls_config_file (default)\fR" /* Optional configuration file with baseline OpenSSL settings. /* .IP "\fBtls_config_name (empty)\fR"