mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-RC9

Browse Source
This commit is contained in:
Wietse Venema 2006-07-09 00:00:00 -05:00 committed by Viktor Dukhovni
parent cc94e64f58
commit bea0e7b32c
27 changed files with 1115 additions and 743 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
postfix/HISTORY
View File

@ -12479,6 +12479,20 @@ Apologies for any names omitted.
plaintext after an opportunistic TLS handshake fails. Specify
"smtp_sasl_auth_enforce = no" to deliver mail anyway.
20060709
Cleanup: the new single smtpd_tls_security_level parameter
obsoletes the multiple smtpd_use_tls and smtpd_enforce_tls
parameters. This is done for consistency with the Postfix
SMTP client. In the Postfix SMTP server, the levels "verify"
and "secure" are currently not applicable, and are treated
as "encrypt", after logging a warning. Files: smtpd/smtpd.c,
tls/tls_level.c, smtp/smtp_session.c.
Compatibility: don't send the first body line to Milter
applications. This also broke domain key etc. signatures
when verified by non-Postfix MTAs. File: milter/milter8.c.
Wish list:
The usage of TLScontext->cache_type is unclear. It specifies

2
postfix/README_FILES/INSTALL
View File

@ -95,7 +95,7 @@ At some point in time, a version of Postfix was supported on:
OSF1.V3 - OSF1.V5 (Digital UNIX)
Reliant UNIX 5.x
Rhapsody 5.x
SunOS 4.1.4 (December 2005)
SunOS 4.1.4 (July 2006)
SunOS 5.4 - 5.9 (Solaris 2.4..9)
Ultrix 4.x (well, that was long ago)

144
postfix/README_FILES/TLS_README
View File

@ -146,9 +146,8 @@ clients will not, as a rule, fall back to plain text after a TLS handshake
failure, the server will be unable to receive email from most TLS enabled
clients. To avoid accidental configurations with no certificates, Postfix 2.3
enables certificate-less operation only when the administrator explicitly sets
"smtpd_tls_cert_file = none". This ensures that new Postfix configurations with
just "smtpd_use_tls = yes" added, will not accidentally run with no
certificates.
"smtpd_tls_cert_file = none". This ensures that new Postfix configurations will
not accidentally run with no certificates.
Both RSA and DSA certificates are supported. Typically you will only have RSA
certificates issued by a commercial CA. In addition, the tools supplied with
@ -282,11 +281,16 @@ Example:
EEnnaabblliinngg TTLLSS iinn tthhee PPoossttffiixx SSMMTTPP sseerrvveerr
By default, TLS is disabled in the Postfix SMTP server, so no difference to
plain Postfix is visible. Explicitly switch it on using "smtpd_use_tls = yes".
plain Postfix is visible. Explicitly switch it on with
"smtpd_tls_security_level = may" (Postfix 2.3 and later) or
"smtpd_use_tls = yes" (obsolete but still supported).
Example:
/etc/postfix/main.cf:
# Postfix 2.3 and later
smtpd_tls_security_level = may
# Obsolete, but still supported
smtpd_use_tls = yes
With this, Postfix SMTP server announces STARTTLS support to SMTP clients, but
@ -298,13 +302,17 @@ is intended behavior.
You can ENFORCE the use of TLS, so that the Postfix SMTP server announces
STARTTLS and accepts no mail without TLS encryption, by setting
"smtpd_enforce_tls = yes". According to RFC 2487 this MUST NOT be applied in
case of a publicly-referenced Postfix SMTP server. This option is off by
default and should only seldom be used.
"smtpd_tls_security_level = encrypt" (Postfix 2.3 and later) or
"smtpd_enforce_tls = yes" (obsolete but still supported). According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced Postfix SMTP server.
This option is off by default and should only seldom be used.
Example:
/etc/postfix/main.cf:
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
smtpd_enforce_tls = yes
TLS is sometimes used in the non-standard "wrapper" mode where a server always
@ -343,8 +351,11 @@ server is configured to ask for client certificates.
Example:
/etc/postfix/main.cf:
smtpd_use_tls = yes
smtpd_tls_ask_ccert = yes
# Postfix 2.3 and later
smtpd_tls_security_level = may
# Obsolete, but still supported
smtpd_use_tls = yes
When TLS is enforced you may also decide to REQUIRE a remote SMTP client
certificate for all TLS connections, by setting "smtpd_tls_req_ccert = yes".
@ -354,8 +365,11 @@ This feature implies "smtpd_tls_ask_ccert = yes". When TLS is not enforced,
Example:
/etc/postfix/main.cf:
smtpd_enforce_tls = yes
smtpd_tls_req_ccert = yes
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
smtpd_enforce_tls = yes
A client certificate verification depth of 1 is sufficient if the certificate
is directly issued by a CA listed in the CA file. The default value (5) should
@ -370,12 +384,14 @@ Example:
SSuuppppoorrttiinngg AAUUTTHH oovveerr TTLLSS oonnllyy
Sending AUTH data over an unencrypted channel poses a security risk. When TLS
layer encryption is required (smtpd_enforce_tls = yes), the Postfix SMTP server
will announce and accept AUTH only after the TLS layer has been activated with
STARTTLS. When TLS layer encryption is optional (smtpd_enforce_tls = no), it
may however still be useful to only offer AUTH when TLS is active. To maintain
compatibility with non-TLS clients, the default is to accept AUTH without
encryption. In order to change this behavior, set "smtpd_tls_auth_only = yes".
layer encryption is required ("smtpd_tls_security_level = encrypt" or the
obsolete "smtpd_enforce_tls = yes"), the Postfix SMTP server will announce and
accept AUTH only after the TLS layer has been activated with STARTTLS. When TLS
layer encryption is optional ("smtpd_tls_security_level = may" or the obsolete
"smtpd_enforce_tls = no"), it may however still be useful to only offer AUTH
when TLS is active. To maintain compatibility with non-TLS clients, the default
is to accept AUTH without encryption. In order to change this behavior, set
"smtpd_tls_auth_only = yes".
Example:
@ -489,12 +505,14 @@ specifying an smtpd_tls_dcert_file.
Example: (MSA that requires TLS with reasonably secure ciphers)
/etc/postfix/main.cf:
smtpd_use_tls = yes
smtpd_enforce_tls = yes
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL, MD5
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
smtpd_enforce_tls = yes
If you want to take advantage of ciphers with EDH, DH parameters are needed.
Instead of using the built-in DH parameters for both 1024bit and 512bit, it is
@ -993,13 +1011,13 @@ the new policy table instead.
MMaannddaattoorryy sseerrvveerr cceerrttiiffiiccaattee vveerriiffiiccaattiioonn
At the "verify" TLS security level, messages are sent only over TLS encrypted
sessions for which server certificate verification succeeds. If no suitable
servers are found, the message will be deferred. With Postfix 2.3 and later,
mandatory server certificate verification can be configured by setting
"smtp_tls_security_level = verify", the smtp_tls_verify_cert_match parameter
can override the default "hostname" certificate match strategy. Fine-tuning the
matching strategy is generally only appropriate for secure-channel
destinations.
sessions if the server certificate is valid (not expired or revoked, and signed
by a trusted certificate authority) and if the server certificate name matches
a known pattern. Mandatory server certificate verification can be configured by
setting "smtp_tls_security_level = verify". The smtp_tls_verify_cert_match
parameter can override the default "hostname" certificate name matching
strategy. Fine-tuning the matching strategy is generally only appropriate for
secure-channel destinations.
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
@ -1229,27 +1247,39 @@ nnoonnee
mmaayy
Opportunistic TLS. No additional attributes are supported at this level.
eennccrryypptt
Mandatory TLS encryption. At this level and higher the optional "ciphers"
attribute overrides the main.cf smtp_tls_mandatory_ciphers parameter and
the optional "protocols" keyword overrides the main.cf
smtp_tls_mandatory_protocols parameter. In the policy table, multiple
protocols must be separated by colons, as attribute values may not contain
whitespace or commas.
Mandatory TLS encryption. Mail is delivered only if remote SMTP server
offers STARTTLS and the TLS handshake succeeds. At this level and higher
the optional "ciphers" attribute overrides the main.cf
smtp_tls_mandatory_ciphers parameter and the optional "protocols" keyword
overrides the main.cf smtp_tls_mandatory_protocols parameter.
vveerriiffyy
Mandatory server certificate verification. The optional "match" attribute
overrides the main.cf smtp_tls_verify_cert_match parameter. In the policy
table, multiple match patterns and strategies must be separated by colons.
Mandatory server certificate verification. Mail is delivered only if the
TLS handshake succeeds, if the server certificate can be validated (not
expired or revoked, and signed by a trusted certificate authority), and if
the server certificate name matches the optional "match" attribute (or the
main.cf smtp_tls_verify_cert_match parameter value when no optional "match"
attribute is specified).
sseeccuurree
Secure-channel TLS. The optional "match" attribute overrides the main.cf
smtp_tls_secure_cert_match parameter. In the policy table, multiple match
patterns and strategies must be separated by colons. The match attribute is
useful when additional domains are supported by common server, the policy
entries for the additional domains specify matching rules for the primary
domain certificate. While transport table overrides routing secondary
domains to the primary nexthop also allow secure verification, they risk
delivery to the wrong destination when domains change hands or are re-
assigned to new gateways. With the "match" attribute approach, routing is
not perturbed, and mail is deferred if verification of a new MX host fails.
Secure-channel TLS. Mail is delivered only if the TLS handshake succeeds,
if the server certificate can be validated (not expired or revoked, and
signed by a trusted certificate authority), and if the server certificate
name matches the optional "match" attribute (or the main.cf
smtp_tls_secure_cert_match parameter value when no optional "match"
attribute is specified).
Notes:
* The "match" attribute is especially useful to verify TLS certificates for
domains that are hosted on a shared server. In that case, specify "match"
rules for the shared server's name. While secure verification can also be
achieved with manual routing overrides in Postfix transport(5) tables, that
approach can deliver mail to the wrong host when domains are assigned to
new gateway hosts. The "match" attribute approach avoids the problems of
manual routing overrides; mail is deferred if verification of a new MX host
fails.
* When a policy table entry specifies multiple match patterns, multiple match
strategies, or multiple protocols, these must be separated by colons.
Example:
/etc/postfix/main.cf:
@ -1662,18 +1692,22 @@ indicates a super-user shell.
certificate and key incorrectly, you will be unable to send mail to sites
that request client certificate, but don't require them from all clients.
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database =
btree:/var/spool/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
/etc/postfix/main.cf:
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database =
btree:/var/spool/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
# Postfix 2.3 and later
smtpd_tls_security_level = may
# Obsolete, but still supported
smtpd_use_tls = yes
RReeppoorrttiinngg pprroobblleemmss

237
postfix/RELEASE_NOTES
View File

@ -18,12 +18,13 @@ See RELEASE_NOTES_2.2 if you upgrade from Postfix 2.1 or earlier.
Some Postfix internal protocols have changed. You need to "postfix
reload" or restart Postfix, otherwise many servers will log warning
messages with "unexpected attribute" or "problem talking to service
rewrite: Unknown error: 0", and mail will not be delivered.
messages like "unexpected attribute xxx" or "problem talking to
service yyy", and mail will not be delivered.
The Sendmail-compatible Milter support introduces three new queue
file record types. As long as you leave this feature turned off,
you can still go back to Postfix version 2.2 without losing mail.
you can still go back to Postfix version 2.2 without losing mail
that was received by Postfix 2.3.
Major changes - DNS lookups
---------------------------
@ -38,26 +39,27 @@ Major changes - DSN
[Feature 20050615] DSN support as described in RFC 3461 .. RFC 3464.
This gives senders control over successful and failed delivery
notifications. DSN involves extra parameters to the SMTP MAIL FROM
and RCPT TO commands, as well as extra Postfix sendmail command
line options for mail submission.
notifications. DSN involves extra parameters to the SMTP "MAIL
FROM" and "RCPT TO" commands, as well as extra Postfix sendmail
command line options for mail submission.
See DSN_README for details. Some implementation notes are in
implementation-notes/DSN.
See DSN_README for details. Some implementation notes can be found
in implementation-notes/DSN.
[Incompat 20050615] The new DSN support conflicts with VERP support.
For Sendmail compatibility, Postfix now uses the sendmail -V command
line option for DSN. In order to request VERP style delivery, you
must now specify -XV instead of -V. The Postfix sendmail command
will recognize if you try to use -V for VERP-style delivery. It
will do the right thing and will remind you of the new syntax.
line option for DSN. To request VERP style delivery, you must now
specify -XV instead of -V. The Postfix sendmail command will
recognize if you try to use -V for VERP-style delivery. It will
usually do the right thing, and remind you of the new syntax.
[Incompat 20050828] When the cleanup server rejects the content or
size of mail that was submitted with the Postfix sendmail command,
that was forwarded with the local(8) delivery agent, or that was
re-queued with "postsuper -r", Postfix no longer sends DSN SUCCESS
notification after virtual alias expansions. Since all the recipients
are reported as failed, the SUCCESS notification seems redundant.
[Incompat 20050828] Postfix no longer sends DSN SUCCESS notification
after virtual alias expansions when the cleanup server rejects the
content or size of mail that was submitted with the Postfix sendmail
command, mail that was forwarded with the local(8) delivery agent,
or mail that was re-queued with "postsuper -r". Since all the
recipients are reported as failed, the SUCCESS notification seems
redundant.
Major changes - LMTP client
---------------------------
@ -68,7 +70,8 @@ to SASL authentication and TLS support, respectively.
[Feature 20051208] The SMTP client now implements the LMTP protocol.
Most but not all smtp_xxx parameters now have an lmtp_xxx equivalent.
This means there are lot of new LMTP features, including support
for TLS and for the shared connection cache.
for TLS and for the shared connection cache. See the "SMTP client"
section for details.
[Incompat 20051208] The LMTP client now reports the server as
"myhostname[/path/name]". With the real server hostname in delivery
@ -88,9 +91,10 @@ queue ID.
See the MILTER_README document for a discussion of how to use Milter
support with Postfix, and limitations of the current implementation.
[Incompat 20060515] Milter support introduces three new queue file
record types. As long as you leave this feature turned off, you can
still go back to Postfix version 2.2 without losing mail.
The Sendmail-compatible Milter support introduces three new queue
file record types. As long as you leave this feature turned off,
you can still go back to Postfix version 2.2 without losing mail
that was received by Postfix 2.3.
[Incompat 20060515] Milter support introduces new logfile event
types: milter-reject, milter-discard and milter-hold, that identify
@ -100,13 +104,6 @@ software.
Major changes - SASL authentication
-----------------------------------
[Incompat 20060707] The SMTP/LMTP client now defers delivery when
a SASL password exists but the server does not offer SASL authentication.
Otherwise, the server could reject the mail. This may become an
issue now that Postfix retries delivery in plaintext after an
opportunistic TLS handshake fails. Specify "smtp_sasl_auth_enforce
= no" to deliver mail anyway.
[Feature 20051220] Plug-in support for SASL authentication in the
SMTP server and in the SMTP/LMTP client. With this, Postfix can
support multiple SASL implementations without source code patches.
@ -164,6 +161,14 @@ ISP accounts.
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
[Incompat 20060707] The SMTP/LMTP client now defers delivery when
a SASL password exists but the server does not announce support for
SASL authentication. This can happen with servers that announce
SASL support only when TLS is turned on. When an opportunistic TLS
handshake fails, Postfix >= 2.3 retries delivery in plaintext, and
the remote server rejects mail from the unauthenticated client.
Specify "smtp_sasl_auth_enforce = no" to deliver mail anyway.
Major changes - SMTP client
---------------------------
@ -192,30 +197,6 @@ smtp_fallback_relay, to make clear that the combined SMTP/LMTP
client uses this setting only for SMTP deliveries. The old name
still works.
[Feature 20051125] This snapshot adds support for sender-dependent
ISP accounts.
- Sender-dependent smarthost lookup tables. The maps are searched
with the sender address and with the sender @domain. The result
overrides the global relayhost setting, but otherwise has identical
behavior. See the postconf(5) manual page for more details.
Example:
/etc/postfix/main.cf:
sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay
- Sender-dependent SASL authentication support. This disables SMTP
connection caching to ensure that mail from different senders
will use the correct authentication credentials. The SMTP SASL
password file is first searched by sender address, and then by
the remote domain and hostname as usual.
Example:
/etc/postfix/main.cf:
smtp_sasl_auth_enable = yes
smtp_sender_dependent_authentication = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_pass
[Incompat 20051106] The relay=... logging has changed and now
includes the remote SMTP server port number as hostname[hostaddr]:port.
@ -282,9 +263,9 @@ Major changes - SMTP server
See the "SASL authentication" and "TLS" sections for changes related
to SASL authentication and TLS support, respectively.
[Feature 20051222] You can now use "resolve_numeric_domain = yes"
to stop Postfix from rejecting user@ipaddress as an invalid
destination. It will deliver the mail to user@[ipaddress] instead.
[Feature 20051222] To accept the non-compliant user@ipaddress form,
specify "resolve_numeric_domain = yes". Postfix will deliver the
mail to user@[ipaddress] instead.
[Incompat 20051202] The Postfix SMTP server now refuses to receive
mail from the network if it isn't running with postfix mail_owner
@ -294,16 +275,9 @@ privileges. This prevents surprises when, for example, "sendmail
[Incompat 20051121] Although the permit_mx_backup feature still
accepts mail for authorized destinations (see permit_mx_backup for
definition), with all other destinations it now requires that the
local MTA is listed as non-primary MX. This prevents mail loop
problems when someone points the primary MX record at a Postfix
system.
[Feature 20051011] Optional protection against SMTP clients that
hammer the server with too many new (i.e. uncached) SMTP-over-TLS
sessions. Cached sessions are much less expensive in terms of CPU
cycles. Use the smtpd_client_new_tls_session_rate_limit parameter
to specify a limit that is at least the inbound client concurrency
limit, or else you may deny legitimate service requests.
local MTA is listed as non-primary MX server. This prevents mail
loop problems when someone points their primary MX record at a
Postfix system.
[Feature 20051011] Optional suppression of remote SMTP client
hostname lookup and hostname verification. Specify "smtpd_peername_lookup
@ -327,73 +301,75 @@ The old names are still recognized and documented.
Major changes - TLS
-------------------
[Feature 20060123] Postfix 2.3 provides a new per-site TLS policy
mechanism that is more flexible and that eliminates DNS spoofing
attacks more effectively. The legacy smtp_tls_per_site feature will
be kept intact for a few releases so that sites can upgrade Postfix
without being forced to use a different TLS policy mechanism.
Major revisions were made to Postfix TLS support; see TLS_README
for the details. For backwards compatibility, the old TLS policy
user interface will be kept intact for a few releases so that sites
can upgrade Postfix without being forced to use a different TLS
policy mechanism.
[Feature 20060614] New smtp_tls_security_level parameter obsoletes
the smtp_use_tls, smtp_enforce_tls and smtp_tls_enforce_peername
parameters. The old parameters are still supported but will be
removed in a future Postfix release.
[Feature 20060614] New concept: TLS security levels ("none", "may",
"encrypt", "verify" or "secure") in the Postfix SMTP client. You
can specify the TLS security level via the smtp_tls_security_level
parameter. This is more convenient than controlling TLS with the
multiple smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername,
parameters.
[Feature 20060614] New smtpd_tls_protocols parameter complements
the smtp_tls_mandatory_protocols parameter. This recommended for
MSA configurations, not for MX for hosts that face the Internet.
[Feature 20060709] TLS security levels ("none", "may", "encrypt")
in the Postfix SMTP server. You specify the security level with the
smtpd_tls_security_level parameter. This overrides the multiple
smtpd_use_tls and smtpd_enforce_tls parameters. When a value of
"verify" or "secure" is specified, the Postfix SMTP server logs a
warning and uses "encrypt" instead.
[Feature 20060626] Both the SMTP client and server can be configured
without a client or server certificate. An SMTP server without
certificate can use only anonymous ciphers, and will not inter-operate
with most clients.
[Feature 20060123] A new per-site TLS policy mechanism for the
Postfix SMTP client that supports the new TLS security levels,
and that eliminates DNS spoofing attacks more effectively.
The SMTP server supports anonymous ciphers when client certificates
are not requested or required, and the administrator has not excluded
the "aNULL" OpenSSL cipher type with smtpd_tls_exclude_ciphers.
[Feature 20060626] Both the Postfix SMTP client and server can be
configured without a client or server certificate. An SMTP server
without certificate can use only anonymous ciphers, and will not
inter-operate with most clients.
The SMTP client supports anonymous ciphers when no server certificate
is required (notably Postfix 2.3 in "opportunistic" mode) and the
administrator has not excluded the "aNULL" OpenSSL cipher type with
smtp_tls_exclude_ciphers.
The Postfix SMTP server supports anonymous ciphers when 1) no client
certificates are requested or required, and 2) the administrator
has not excluded the "aNULL" OpenSSL cipher type with the
smtpd_tls_exclude_ciphers parameter.
[Feature 20060626] You can specify cipher grades (instead of cipher
names) with the smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers
and smtpd_tls_ciphers parameters. Specify one of "high", "medium",
"low", "export" or "null". See TLS_README for details.
The Postfix SMTP client supports anonymous ciphers when 1) no server
certificate is required and 2) the administrator has not excluded
the "aNULL" OpenSSL cipher type with the smtp_tls_exclude_ciphers
parameter.
[Incompat 20060707] The SMTPD policy client now encodes the
ccert_subject and ccert_issuer attributes as xtext. Some characters
are represented by +XX, where XX is the two-digit hexadecimal
representation of the character value.
[Incompat 20060614] The smtp_sasl_tls_verified_security_options
feature is not yet complete, and will therefore not appear in the
stable Postfix 2.3 release.
[Incompat 20060614] New smtp_tls_mandatory_protocols feature used
for mandatory TLS destinations. The default value is "SSLv3, TLSv1".
SSLv2 is by default no longer used with mandatory TLS.
[Feature 20060614] The smtpd_tls_protocols parameter restricts the
list of TLS protocols supported by the SMTP server. This is
recommended for use with MSA configurations only. It should not
be used with MX hosts that receive mail from the Internet, as it
reduces inter-operability.
[Incompat 20060614] The smtp_tls_cipherlist parameter only applies
when TLS is mandatory. It is ignored with opportunistic TLS sessions.
[Incompat 20060614] At (lmtp|smtp|smtpd)_tls_loglevel >= 2, Postfix
now also logs TLS session cache activity. Use level 2 and higher
for debugging only, use levels 0 or 1 as production settings.
for debugging only; use levels 0 or 1 as production settings.
[Incompat 20060207] The Postfix SMTP server no longer complains
when TLS support is not compiled in while permit_tls_clientcerts,
permit_tls_all_clientcerts, or check_ccert_access are specified in
main.cf. These features now are effectively ignored. However, the
reject_plaintext_session feature is not ignored and will reject
mail.
plain-text mail.
[Feature 20060123] Some obscure behavior was eliminated from the
smtp_tls_per_site feature, without changes to the user interface.
Some Postfix internals had to be re-structured in preparation for
a more general TLS policy mechanism; this required that smtp_tls_per_site
be re-implemented from scratch. The obscure behavior was found
during compatibility testing.
Some Postfix internals had to be re-structured for the new TLS
policy mechanism; for this, smtp_tls_per_site had to be re-implemented.
The obscure behavior was found during compatibility testing.
[Feature 20051011] Optional protection against SMTP clients that
hammer the server with too many new (i.e. uncached) SMTP-over-TLS
@ -420,14 +396,14 @@ changed. The SMTP server now resets state to the initial server
greeting stage, immediately before the EHLO/HELO greeting. This
was needed to correctly simulate the effect of connection-level
access restrictions. Without this change, XCLIENT would not work
with Milter applications.
at all with Milter applications.
[Incompat 20060611] The SMTP server XCLIENT and XFORWARD commands
now expect that attributes are xtext encoded (RFC 1891). For backwards
compatibility they will also accept unencoded attribute values. The
XFORWARD client code in the SMTP client and in the SMTPD_PROXY
client will always encode attribute values. This change will have
effect only for malformed hostname and helo parameter values.
client now always encode attribute values. This change will have a
visible effect only for malformed hostname and helo parameter values.
For more details, see the XCLIENT_README and XFORWARD_README
documents.
@ -461,9 +437,8 @@ Major changes - bounce message templates
that was developed by Nicolas Riendeau. The file with templates is
specified with the bounce_template_file parameter. Details are in
the bounce(5) manual page, and examples of the built-in templates
can be found in a file bounce.cf.default in the Postfix configuration
directory. The template for the default bounce message looks like
this:
can be found in $config_directory/bounce.cf.default. The template
for the default bounce message looks like this:
failure_template = <<EOF
Charset: us-ascii
@ -493,11 +468,12 @@ message_strip_characters parameters understand the usual C-like
escape sequences: \a \b \f \n \r \t \v \ddd (up to three octal
digits) and \\.
[Incompat 20050828] When a header/body_checks or message_reject_characters
rule rejects mail that was submitted with the Postfix sendmail
command (or re-queued with "postsuper -r"), the returned message
is now limited to just the message headers, to avoid the risk of
exposure to harmful content in the message body or attachments.
[Incompat 20050828] When a header/body_checks rule or when
message_reject_characters rejects mail that was submitted with the
Postfix sendmail command (or re-queued with "postsuper -r"), the
returned message is now limited to just the message headers, to
avoid the risk of exposure to harmful content in the message body
or attachments.
Major changes - database support
--------------------------------
@ -640,9 +616,18 @@ maillog has changed so that they are easier to sort:
agents now log the RFC 3463 enhanced status code as "dsn=x.y.z"
where y and z can be up to three digits each.
[Incompat 20051208] The LMTP client now reports the server as
"myhostname[/path/name]". With the real server hostname in delivery
status reports, the information will be more useful.
Major changes - performance
---------------------------
[Incompat 20051105] All delay logging now has sub-second resolution,
including the over-all "delay=nnn" logging. A patch is available
for pflogsumm (pflogsumm-conn-delays-dsn-patch). The qshape script
has been updated (auxiliary/qshape/qshape.pl).
[Incompat 20050622] The Postfix SMTP client by default limits the
number of MX server addresses to smtp_mx_address_limit=5. Previously
this limit was disabled by default. The new limit prevents Postfix
@ -726,10 +711,9 @@ when the patch passes the wrong integer argument type in contexts
that disable automatic argument type conversions. Examples of such
contexts are formatting with printf-like arguments, and invoking
functions that write Postfix request or reply attributes across
inter-process communication channels. Unfortunately, gcc does not
report "(unsigned) int" versus "(s)size_t" format string argument
mis-matches on 32-bit systems; it reports them only on 64-bit
systems.
inter-process communication channels. Unfortunately, gcc reports
"(unsigned) int" versus "(s)size_t" format string argument mis-matches
only on LP64 systems.
Major changes - safety
----------------------
@ -754,11 +738,12 @@ multiple times in a hierarchy of nested aliases. For this to work,
only the top-level alias should have an owner- alias, and none of
the subordinate aliases.
[Incompat 20050828] When a header/body_checks or message_reject_characters
rule rejects mail that was submitted with the Postfix sendmail
command (or re-queued with "postsuper -r"), the returned message
is now limited to just the message headers, to avoid the risk of
exposure to harmful content in the message body or attachments.
[Incompat 20050828] When a header/body_checks rule or when
message_reject_characters rejects mail that was submitted with the
Postfix sendmail command (or re-queued with "postsuper -r"), the
returned message is now limited to just the message headers, to
avoid the risk of exposure to harmful content in the message body
or attachments.
[Incompat 20051202] The Postfix SMTP server now refuses to receive
mail from the network if it isn't running with postfix mail_owner

46
postfix/html/INSTALL.html
View File

@ -156,7 +156,7 @@ OPENSTEP 4.x <br>
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
Rhapsody 5.x <br>
SunOS 4.1.4 (December 2005) <br>
SunOS 4.1.4 (July 2006) <br>
SunOS 5.4 - 5.9 (Solaris 2.4..9) <br>
Ultrix 4.x (well, that was long ago) <br>
</p>
@ -478,13 +478,13 @@ one of the following commands as the super-user:</p>
<ul>
<li> <p> The non-interactive version ("make upgrade") needs the
/etc/postfix/main.cf file from a previous installation. If the file
/etc/postfix/<a href="postconf.5.html">main.cf</a> file from a previous installation. If the file
does not exist, use interactive installation ("make install")
instead. </p>
<li> <p> The interactive version offers suggestions for pathnames
that you can override interactively, and stores your preferences
in /etc/postfix/main.cf for convenient future upgrades. </p>
in /etc/postfix/<a href="postconf.5.html">main.cf</a> for convenient future upgrades. </p>
</ul>
@ -520,13 +520,13 @@ configuration file edits</a>" in section 10, and review the "<a
href="#hamlet">To chroot or not to chroot</a>" text in section
11. </p>
<p> You MUST comment out the "smtp inet" entry in /etc/postfix/master.cf,
<p> You MUST comment out the "smtp inet" entry in /etc/postfix/<a href="master.5.html">master.cf</a>,
in order to avoid conflicts with the real sendmail. Put a "#"
character in front of the line that defines the smtpd service: </p>
<blockquote>
<pre>
/etc/postfix/master.cf:
/etc/postfix/<a href="master.5.html">master.cf</a>:
#smtp inet n - n - - smtpd
</pre>
</blockquote>
@ -585,11 +585,11 @@ receive mail while leaving your Sendmail setup intact, by running
Postfix on a virtual interface address. Simply configure your mail
user agent to directly invoke the Postfix sendmail program. </p>
<p> In the /etc/postfix/main.cf file, I would specify </p>
<p> In the /etc/postfix/<a href="postconf.5.html">main.cf</a> file, I would specify </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#myhostname">myhostname</a> = virtual.host.tld
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
@ -722,12 +722,12 @@ presented below is targeted at experienced system administrators.
<h3>10.1 - Postfix configuration files</h3>
<p> By default, Postfix configuration files are in /etc/postfix.
The two most important files are main.cf and master.cf; these files
The two most important files are <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a>; these files
must be owned by root. Giving someone else write permission to
main.cf or master.cf (or to their parent directories) means giving
<a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> (or to their parent directories) means giving
root privileges to that person. </p>
<p> In /etc/postfix/main.cf, you will have to set up a minimal number
<p> In /etc/postfix/<a href="postconf.5.html">main.cf</a>, you will have to set up a minimal number
of configuration parameters. Postfix configuration parameters
resemble shell variables, with two important differences: the first
one is that Postfix does not know about quotes like the UNIX shell
@ -737,7 +737,7 @@ does.</p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
parameter = value
</pre>
</blockquote>
@ -746,7 +746,7 @@ does.</p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
other_parameter = $parameter
</pre>
</blockquote>
@ -756,7 +756,7 @@ second main difference with UNIX shell variables). The Postfix
configuration language uses lazy evaluation, and does not look at
a parameter value until it is needed at runtime. </p>
<p> Whenever you make a change to the main.cf or master.cf file,
<p> Whenever you make a change to the <a href="postconf.5.html">main.cf</a> or <a href="master.5.html">master.cf</a> file,
execute the following command in order to refresh a running mail
system: </p>
@ -777,7 +777,7 @@ probably OK only for very small sites. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#myhostname">myhostname</a> (send mail as "user@$<a href="postconf.5.html#myhostname">myhostname</a>")
<a href="postconf.5.html#myorigin">myorigin</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (send mail as "user@$<a href="postconf.5.html#mydomain">mydomain</a>")
</pre>
@ -792,7 +792,7 @@ locally. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost, $<a href="postconf.5.html#mydomain">mydomain</a>
<a href="postconf.5.html#mydestination">mydestination</a> = $<a href="postconf.5.html#myhostname">myhostname</a>
@ -819,7 +819,7 @@ mail delivery loops will happen when the primary MX host is down.
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> = 1.2.3.4 (the proxy/NAT external network address)
</pre>
</blockquote>
@ -834,7 +834,7 @@ permission to too many clients. My own settings are: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#mynetworks">mynetworks</a> = 168.100.189.0/28, 127.0.0.0/8
</pre>
</blockquote>
@ -849,7 +849,7 @@ too many destinations. Recommended settings (use only one): </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relay_domains">relay_domains</a> = (do not forward mail from strangers)
<a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a> (my domain and subdomains)
<a href="postconf.5.html#relay_domains">relay_domains</a> = $<a href="postconf.5.html#mydomain">mydomain</a>, other.domain.tld, ...
@ -868,7 +868,7 @@ a hard-coded hostname. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#relayhost">relayhost</a> = $<a href="postconf.5.html#mydomain">mydomain</a>
<a href="postconf.5.html#relayhost">relayhost</a> = [mail.$<a href="postconf.5.html#mydomain">mydomain</a>]
</pre>
@ -882,7 +882,7 @@ turn off SMTP client DNS lookups like this: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> = yes
</pre>
</blockquote>
@ -928,7 +928,7 @@ following commands: </p>
<h2><a name="hamlet">11 - To chroot or not to chroot</a></h2>
<p> Postfix daemon processes can be configured (via master.cf) to
<p> Postfix daemon processes can be configured (via <a href="master.5.html">master.cf</a>) to
run in a chroot jail. The processes run at a fixed low privilege
and with access only to the Postfix queue directories (/var/spool/postfix).
This provides a significant barrier against intrusion. The barrier
@ -944,9 +944,9 @@ processes, and perhaps also the <a href="lmtp.8.html">lmtp(8)</a> client. The au
porcupine.org mail server runs all daemons chrooted that can be
chrooted. </p>
<p> The default /etc/postfix/master.cf file specifies that no
<p> The default /etc/postfix/<a href="master.5.html">master.cf</a> file specifies that no
Postfix daemon runs chrooted. In order to enable chroot operation,
edit the file /etc/postfix/master.cf. Instructions are in the file.
edit the file /etc/postfix/<a href="master.5.html">master.cf</a>. Instructions are in the file.
</p>
<p> Note that a chrooted daemon resolves all filenames relative to

182
postfix/html/TLS_README.html
View File

@ -248,8 +248,7 @@ be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly sets
"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>&nbsp;=&nbsp;none". This ensures that new Postfix
configurations with just "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes" added, will
not accidentally run with no certificates. </p>
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
only have RSA certificates issued by a commercial CA. In addition,
@ -437,13 +436,18 @@ since the headers may be changed by intermediate servers. </p>
<p> By default, TLS is disabled in the Postfix SMTP server, so no
difference to plain Postfix is visible. Explicitly switch it on
using "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes". </p>
with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;may" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a>&nbsp;=&nbsp;yes" (obsolete but still
supported). </p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
</pre>
</blockquote>
@ -456,18 +460,23 @@ SMTP clients, but does not require that clients use TLS encryption.
is never offered due to insufficient privileges to access the server
private key. This is intended behavior. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>, so that
the Postfix SMTP server announces STARTTLS and accepts no mail without
TLS encryption, by setting "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes". According
to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case of a publicly-referenced
Postfix SMTP server. This option is off by default and should only
seldom be used. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;encrypt" (Postfix 2.3 and
later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes" (obsolete but still
supported). According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
</pre>
</blockquote>
@ -517,8 +526,11 @@ when the server is configured to ask for client certificates. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
</pre>
</blockquote>
@ -534,8 +546,11 @@ logged. </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
</pre>
</blockquote>
@ -556,15 +571,18 @@ CA issues special CA which then issues the actual certificate...)
<h3><a name="server_tls_auth">Supporting AUTH over TLS only</a></h3>
<p> Sending AUTH data over an unencrypted channel poses a security risk.
When TLS layer encryption is required (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes),
the Postfix SMTP server will announce and accept AUTH only
after the TLS layer has been activated with STARTTLS. When TLS
layer encryption is optional (<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;no), it may
however still be useful to only offer AUTH when TLS is active. To
maintain compatibility with non-TLS clients, the default is to
accept AUTH without encryption. In order to change this behavior,
set "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a>&nbsp;=&nbsp;yes". </p>
<p> Sending AUTH data over an unencrypted channel poses a security
risk. When TLS layer encryption is required
("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;encrypt" or the obsolete
"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;yes"), the Postfix SMTP server will
announce and accept AUTH only after the TLS layer has been activated
with STARTTLS. When TLS layer encryption is optional
("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>&nbsp;=&nbsp;may" or the obsolete
"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>&nbsp;=&nbsp;no"), it may however still be useful
to only offer AUTH when TLS is active. To maintain compatibility
with non-TLS clients, the default is to accept AUTH without encryption.
In order to change this behavior, set
"<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a>&nbsp;=&nbsp;yes". </p>
<p> Example: </p>
@ -715,12 +733,14 @@ and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_d
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/key.pem
<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = medium
<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL, MD5
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes
</pre>
</blockquote>
@ -1257,12 +1277,12 @@ on TLS <a href="#client_tls_limits">limitations</a> above. </p>
<p> At the "encrypt" TLS security level, messages are sent only
over TLS encrypted sessions. The SMTP transaction is aborted unless
the STARTTLS ESMTP feature is supported by the server. If no
suitable servers are found, the message will be deferred. With Postfix
2.3 and later, mandatory TLS encryption can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;encrypt". Even though TLS encryption
is always used, mail delivery continues if the server certificate is
untrusted or bears the wrong name. </p>
the STARTTLS ESMTP feature is supported by the server. If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
certificate is untrusted or bears the wrong name. </p>
<p> At this security level and higher, the <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
and <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameters determine
@ -1382,15 +1402,15 @@ use the new <a href="#client_tls_policy">policy table</a> instead. </p>
<h3><a name="client_tls_verify"> Mandatory server certificate verification </a>
</h3>
<p> At the "verify" TLS security level, messages are sent only
over TLS encrypted sessions for which server certificate verification
succeeds. If no suitable servers are found, the message will be
deferred. With Postfix 2.3 and later, mandatory server certificate
verification can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;verify", the
<p> At the "verify" TLS security level, messages are sent only over
TLS encrypted sessions if the server certificate is valid (not
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
server certificate verification can be configured by setting
"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>&nbsp;=&nbsp;verify". The
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter can override the default
"hostname" certificate match strategy. Fine-tuning the matching
strategy is generally only appropriate for <a
"hostname" certificate name matching strategy. Fine-tuning the
matching strategy is generally only appropriate for <a
href="#client_tls_secure">secure-channel</a> destinations. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
@ -1676,33 +1696,51 @@ describe the corresponding table syntax: </p>
<dd>Opportunistic TLS. No additional attributes are supported at this
level. </dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level and
higher the optional "ciphers" attribute overrides the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter and the optional "protocols"
keyword overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter.
In the policy table, multiple protocols must be separated by colons,
as attribute values may not contain whitespace or commas.</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Mail is
delivered only if remote SMTP server offers STARTTLS and the TLS
handshake succeeds. At this level and higher the optional "ciphers"
attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter
and the optional "protocols" keyword overrides the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter. </dd>
<dt><b>verify</b></dt>
<dd>Mandatory server certificate verification. The optional "match"
attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter.
In the policy table, multiple match patterns and strategies must
be separated by colons. </dd>
<dt><b>verify</b></dt> <dd>Mandatory server certificate verification.
Mail is delivered only if the TLS handshake succeeds, if the server
certificate can be validated (not expired or revoked, and signed
by a trusted certificate authority), and if the server certificate
name matches the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a>
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter value when no optional "match"
attribute is specified). </dd>
<dt><b>secure</b></dt> <dd>Secure-channel TLS. The optional "match"
attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter. In
the policy table, multiple match patterns and strategies must be separated
by colons. The match attribute is useful when additional domains are
supported by common server, the policy entries for the additional domains
specify matching rules for the primary domain certificate. While transport
table overrides routing secondary domains to the primary nexthop also
allow secure verification, they risk delivery to the wrong destination
when domains change hands or are re-assigned to new gateways. With the
"match" attribute approach, routing is not perturbed, and mail is deferred
if verification of a new MX host fails. </dd>
<dt><b>secure</b></dt> <dd>Secure-channel TLS. Mail is delivered
only if the TLS handshake succeeds, if the server certificate can
be validated (not expired or revoked, and signed by a trusted
certificate authority), and if the server certificate name matches
the optional "match" attribute (or the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a>
parameter value when no optional "match" attribute is specified).
</dd>
</dl>
<p> Notes: </p>
<ul>
<li> <p> The "match" attribute is especially useful to verify TLS
certificates for domains that are hosted on a shared server. In
that case, specify "match" rules for the shared server's name.
While secure verification can also be achieved with manual routing
overrides in Postfix <a href="transport.5.html">transport(5)</a> tables, that approach can deliver
mail to the wrong host when domains are assigned to new gateway
hosts. The "match" attribute approach avoids the problems of manual
routing overrides; mail is deferred if verification of a new MX
host fails. </p>
<li> <p> When a policy table entry specifies multiple match patterns,
multiple match strategies, or multiple protocols, these must be
separated by colons. </p>
</ul>
<p>
Example:
</p>
@ -2238,18 +2276,22 @@ but don't require them from all clients. </p>
<blockquote>
<pre>
<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
btree:/var/spool/postfix/smtp_tls_session_cache
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/FOO-key.pem
<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
btree:/var/spool/postfix/smtpd_tls_session_cache
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> =
btree:/var/spool/postfix/smtp_tls_session_cache
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes
<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> = /etc/postfix/cacert.pem
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/FOO-cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/FOO-key.pem
<a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> = yes
<a href="postconf.5.html#smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a> =
btree:/var/spool/postfix/smtpd_tls_session_cache
<a href="postconf.5.html#tls_random_source">tls_random_source</a> = dev:/dev/urandom
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may
# Obsolete, but still supported
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes
</pre>
</blockquote>

97
postfix/html/postconf.5.html
View File

@ -8457,9 +8457,10 @@ example.net secure match=example.com:.example.com
<DT><b><a name="smtp_tls_security_level">smtp_tls_security_level</a>
(default: empty)</b></DT><DD>
<p> The default SMTP TLS security level for all destinations; when
a non-empty value is specified, this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. </p>
<p> The default SMTP TLS security level for the Postfix SMTP client;
when a non-empty value is specified, this overrides the obsolete
parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
</p>
<p> Specify one of the following security levels: </p>
@ -9457,19 +9458,20 @@ applies in the context of the SMTP END-OF-DATA command. </p>
<DT><b><a name="smtpd_enforce_tls">smtpd_enforce_tls</a>
(default: no)</b></DT><DD>
<p> Enforcement mode: announce STARTTLS support to SMTP clients,
<p> Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption. According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a>
this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is off by default and should be used only on
dedicated servers. </p>
<p> Note 1: this mode implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
<p> Note 1: "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
</DD>
@ -10805,15 +10807,15 @@ able to authenticate the server, but unless it is running Postfix 2.3 or
similar software, it will still insist on a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
2.3 supports configurations with no certificates. This entails the use
of just the anonymous TLS ciphers, which are not supported by typical
SMTP clients. Since such clients will not, as a rule, fall back to plain
text after a TLS handshake failure, the server will be unable to receive
email from TLS enabled clients. To avoid accidental configurations with
no certificates, Postfix 2.3 enables certificate-less operation only
when the administrator explicitly sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This
ensures that new Postfix configurations with just "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes"
added, will not accidentally run with no certificates. </p>
2.3 supports configurations with no certificates. This entails the
use of just the anonymous TLS ciphers, which are not supported by
typical SMTP clients. Since such clients will not, as a rule, fall
back to plain text after a TLS handshake failure, the server will
be unable to receive email from TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly
sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
@ -11108,17 +11110,15 @@ loglevel 4 is strongly discouraged. </p>
<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
(default: empty)</b></DT><DD>
<p> The list of TLS protocols supported by the server. If empty the
default list of protocols is used (i.e. all TLS protocol versions are
supported). Any non-empty value is interpreted as a list of protocol
names separated by whitespace, commas or colons. The supported protocol
names are "SSLv2", "SSLv3" and "TLSv1", and are not
case-sensitive. </p>
<p> The list of TLS protocols supported by the Postfix SMTP server.
If the list is empty, the server supports all available TLS protocol
versions. A non-empty value is a list of protocol names separated
by whitespace, commas or colons. The supported protocol names are
"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
<p> DO NOT set this to a non-default value on an MX-host,
as some clients may not support any of the narrower set of protocols,
and may be unable to fallback to plaintext sessions. If you restrict
the protocol list on an MX host, you may lose mail. </p>
<p> DO NOT set this to a non-default value on an Internet MX host,
as this may cause inter-operability problems. If you restrict the
protocol list on an Internet MX host, you may lose mail. </p>
<p> Example: </p>
@ -11159,6 +11159,48 @@ a warning written to the mail log. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtpd_tls_security_level">smtpd_tls_security_level</a>
(default: empty)</b></DT><DD>
<p> The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>. This parameter is ignored with
"<a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a> = yes". </p>
<p> Specify one of the following security levels: </p>
<dl>
<dt><b>none</b></dt> <dd> TLS will not be used. </dd>
<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
to SMTP clients, but do not require that clients use TLS encryption.
</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to SMTP clients, and require that clients use TLS
encryption. According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers. </dd>
</dl>
<p> Note 1: the "verify" and "secure" levels are not supported.
The Postfix SMTP server logs a warning and uses "encrypt" instead.
To verify SMTP client certificates, see <a href="TLS_README.html">TLS_README</a> for a discussion
of the <a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>, <a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>, and <a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a>
features. </p>
<p> Note 2: The parameter setting "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> =
encrypt" implies "<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes".</p>
<p> Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>
</DD>
<DT><b><a name="smtpd_tls_session_cache_database">smtpd_tls_session_cache_database</a>
@ -11225,14 +11267,15 @@ purpose. </p>
<DT><b><a name="smtpd_use_tls">smtpd_use_tls</a>
(default: no)</b></DT><DD>
<p> Opportunistic mode: announce STARTTLS support to SMTP clients,
<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
but do not require that clients use TLS encryption. </p>
<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use <a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> instead. </p>
</DD>

191
postfix/html/smtp.8.html
View File

@ -320,39 +320,40 @@ SMTP(8) SMTP(8)
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for all desti-
nations; when a non-empty value is specified, this
overrides the obsolete parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
The default SMTP TLS security level for the Postfix
SMTP client; when a non-empty value is specified,
this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum SMTP client TLS cipher grade that is
strong enough to be used with the "encrypt" secu-
The minimum SMTP client TLS cipher grade that is
strong enough to be used with the "encrypt" secu-
rity level and higher.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -361,43 +362,43 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
SMTP client cipher list at the mandatory TLS secu-
SMTP client cipher list at the mandatory TLS secu-
rity levels: "encrypt", "verify" and "secure".
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocol versions that are secure
List of TLS protocol versions that are secure
enough to be used with the "encrypt" security level
and higher.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -405,7 +406,7 @@ SMTP(8) SMTP(8)
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -417,9 +418,9 @@ SMTP(8) SMTP(8)
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -431,7 +432,7 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -439,66 +440,66 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
When TLS encryption is enforced, require that the
When TLS encryption is enforced, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS usage policy by next-hop destination and by
TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP
The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO
The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
@ -507,30 +508,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT
The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
@ -541,12 +542,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET
The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
@ -558,11 +559,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the
Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a
Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
@ -572,57 +573,57 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept
of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or
Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail
Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP
Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -630,7 +631,7 @@ SMTP(8) SMTP(8)
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -638,74 +639,74 @@ SMTP(8) SMTP(8)
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client
The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv4 connec-
client should bind to when making an IPv4 connec-
tion.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv6 connec-
client should bind to when making an IPv6 connec-
tion.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com-
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the SMTP client uses to look
What mechanisms when the SMTP client uses to look
up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host
Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
@ -723,7 +724,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

367
postfix/html/smtpd.8.html
View File

@ -329,12 +329,12 @@ SMTPD(8) SMTPD(8)
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
Opportunistic mode: announce STARTTLS support to
Opportunistic TLS: announce STARTTLS support to
SMTP clients, but do not require that clients use
TLS encryption.
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
Enforcement mode: announce STARTTLS support to SMTP
Mandatory TLS: announce STARTTLS support to SMTP
clients, and require that clients use TLS encryp-
tion.
@ -408,7 +408,8 @@ SMTPD(8) SMTPD(8)
TLS activity.
<b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
The list of TLS protocols supported by the server.
The list of TLS protocols supported by the Postfix
SMTP server.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
Request that the Postfix SMTP server produces
@ -441,6 +442,14 @@ SMTPD(8) SMTPD(8)
server in order to seed its internal pseudo random
number generator (PRNG).
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
The SMTP TLS security level for the Postfix SMTP
server; when a non-empty value is specified, this
overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
<b>(!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "HIGH" grade ciphers.
@ -450,7 +459,7 @@ SMTPD(8) SMTPD(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -458,63 +467,63 @@ SMTPD(8) SMTPD(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
<b>VERP SUPPORT CONTROLS</b>
With VERP style delivery, each recipient of a message
With VERP style delivery, each recipient of a message
receives a customized copy of the message with his/her own
recipient address encoded in the envelope sender address.
recipient address encoded in the envelope sender address.
The <a href="VERP_README.html">VERP_README</a> file describes configuration and operation
details of Postfix support for variable envelope return
details of Postfix support for variable envelope return
path addresses. VERP style delivery is requested with the
SMTP XVERP command or with the "sendmail -V" command-line
option and is available in Postfix version 1.1 and later.
SMTP XVERP command or with the "sendmail -V" command-line
option and is available in Postfix version 1.1 and later.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
The characters Postfix accepts as VERP delimiter
characters on the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line
and in SMTP commands.
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
What SMTP clients are allowed to specify the XVERP
What SMTP clients are allowed to specify the XVERP
command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
What SMTP clients are allowed to specify the XVERP
What SMTP clients are allowed to specify the XVERP
command.
<b>TROUBLE SHOOTING CONTROLS</b>
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
the Postfix mail system. The methods vary from making the
software log a lot of detail, to running some daemon pro-
The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of
the Postfix mail system. The methods vary from making the
software log a lot of detail, to running some daemon pro-
cesses under control of a call tracer or debugger.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
@ -524,22 +533,22 @@ SMTPD(8) SMTPD(8)
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> (empty)</b>
What SMTP clients are allowed to use the XCLIENT
What SMTP clients are allowed to use the XCLIENT
feature.
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
As of Postfix version 2.0, the SMTP server rejects mail
for unknown recipients. This prevents the mail queue from
clogging up with undeliverable MAILER-DAEMON messages.
Additional information on this topic is in the
As of Postfix version 2.0, the SMTP server rejects mail
for unknown recipients. This prevents the mail queue from
clogging up with undeliverable MAILER-DAEMON messages.
Additional information on this topic is in the
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
Display the name of the recipient table in the
Display the name of the recipient table in the
"User unknown" responses.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
Optional address mapping lookup tables for message
Optional address mapping lookup tables for message
headers and envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
@ -550,7 +559,7 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, local-</b>
<b>host)</b>
The list of domains that are delivered via the
The list of domains that are delivered via the
$<a href="postconf.5.html#local_transport">local_transport</a> mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -559,145 +568,145 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
Lookup tables with all names or addresses of local
recipients: a recipient address is local when its
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
Lookup tables with all names or addresses of local
recipients: a recipient address is local when its
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
when a recipient address is local, and
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
The numerical Postfix SMTP server response code
when a recipient address is local, and
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient.
Parameters concerning known/unknown recipients of relay
Parameters concerning known/unknown recipients of relay
destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
What destination domains (and subdomains thereof)
What destination domains (and subdomains thereof)
this system will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in
Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server reply code when a
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual
Parameters concerning known/unknown recipients in virtual
alias domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
Postfix is final destination for the specified list
of virtual alias domains, that is, domains for
which all addresses are aliased to addresses in
of virtual alias domains, that is, domains for
which all addresses are aliased to addresses in
other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
Optional lookup tables that alias specific mail
addresses or domains to other local or remote
Optional lookup tables that alias specific mail
addresses or domains to other local or remote
address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual
Parameters concerning known/unknown recipients in virtual
mailbox domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
Postfix is final destination for the specified list
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in
Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
that does not match the recipient address.
<b>RESOURCE AND RATE CONTROLS</b>
The following parameters limit resource usage by the SMTP
The following parameters limit resource usage by the SMTP
server and/or control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
Upon input, long lines are chopped up into pieces
of at most this length; upon delivery, long lines
Upon input, long lines are chopped up into pieces
of at most this length; upon delivery, long lines
are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
The minimal amount of free space in bytes in the
The minimal amount of free space in bytes in the
queue file system that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
The maximal size in bytes of a message, including
The maximal size in bytes of a message, including
envelope information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
The maximal number of recipients that the Postfix
The maximal number of recipients that the Postfix
SMTP server accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
The time limit for sending a Postfix SMTP server
response and for receiving a remote SMTP client
The time limit for sending a Postfix SMTP server
response and for receiving a remote SMTP client
request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
The maximal number of lines in the Postfix SMTP
server command history before it is flushed upon
The maximal number of lines in the Postfix SMTP
server command history before it is flushed upon
receipt of EHLO, RSET, or end of DATA.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
Attempt to look up the SMTP client hostname, and
Attempt to look up the SMTP client hostname, and
verify that the name matches the client IP address.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
vice, and are available in Postfix version 2.2 and later.
vice, and are available in Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
How many simultaneous connections any client is
How many simultaneous connections any client is
allowed to make to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
The maximal number of connection attempts any
client is allowed to make to this service per time
client is allowed to make to this service per time
unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
The maximal number of message delivery requests
that any client is allowed to make to this service
The maximal number of message delivery requests
that any client is allowed to make to this service
per time unit, regardless of whether or not Postfix
actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
The maximal number of recipient addresses that any
client is allowed to send to this service per time
The maximal number of recipient addresses that any
client is allowed to send to this service per time
unit, regardless of whether or not Postfix actually
accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
Clients that are excluded from connection count,
Clients that are excluded from connection count,
connection rate, or SMTP request rate restrictions.
Available in Postfix version 2.3 and later:
@ -708,52 +717,52 @@ SMTPD(8) SMTPD(8)
tiate with this service per time unit.
<b>TARPIT CONTROLS</b>
When a remote SMTP client makes errors, the Postfix SMTP
server can insert delays before responding. This can help
to slow down run-away software. The behavior is con-
trolled by an error counter that counts the number of
errors within an SMTP session that a client makes without
When a remote SMTP client makes errors, the Postfix SMTP
server can insert delays before responding. This can help
to slow down run-away software. The behavior is con-
trolled by an error counter that counts the number of
errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
With Postfix version 2.1 and later: the SMTP server
response delay after a client has made more than
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
response delay after a client has made more than
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
The number of errors a remote SMTP client is
allowed to make without delivering mail before the
The number of errors a remote SMTP client is
allowed to make without delivering mail before the
Postfix SMTP server slows down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
The maximal number of errors a remote SMTP client
The maximal number of errors a remote SMTP client
is allowed to make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
The number of junk commands (NOOP, VRFY, ETRN or
The number of junk commands (NOOP, VRFY, ETRN or
RSET) that a remote SMTP client can send before the
Postfix SMTP server starts to increment the error
Postfix SMTP server starts to increment the error
counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
server increments the per-session error count for
server increments the per-session error count for
each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
As of version 2.1, Postfix can be configured to delegate
access policy decisions to an external server that runs
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
As of version 2.1, Postfix can be configured to delegate
access policy decisions to an external server that runs
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
The time after which an idle SMTPD policy service
The time after which an idle SMTPD policy service
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
@ -761,161 +770,161 @@ SMTPD(8) SMTPD(8)
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
The time limit for connecting to, writing to or
The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
all the SMTP server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
Wait until the RCPT TO command before evaluating
Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
the ETRN command before evaluating
the ETRN command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
tions.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client SMTP connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
Require that a remote SMTP client introduces itself
at the beginning of an SMTP session with the HELO
at the beginning of an SMTP session with the HELO
or EHLO command.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the SMTP HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
The access restrictions that the Postfix SMTP
server applies in the context of the RCPT TO com-
server applies in the context of the RCPT TO com-
mand.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client ETRN request.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restric-
User-defined aliases for groups of access restric-
tions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables
instead of the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
access feature to only domains whose primary MX
access feature to only domains whose primary MX
hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
Optional access restrictions that the Postfix SMTP
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP DATA com-
mand.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
What characters are allowed in $name expansions of
What characters are allowed in $name expansions of
RBL reply templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
Request that the Postfix SMTP server rejects mail
Request that the Postfix SMTP server rejects mail
for unknown recipient addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
tion is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP END-OF-
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP END-OF-
DATA command.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
tained by the <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VER</a>-
<a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about how to configure
<a href="ADDRESS_VERIFICATION_README.html">IFICATION_README</a> for information about how to configure
and operate the Postfix sender/recipient address verifica-
tion service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
the completion of an address verification request
How many times to query the <a href="verify.8.html"><b>verify</b>(8)</a> service for
the completion of an address verification request
in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
The delay between queries for the completion of an
The delay between queries for the completion of an
address verification request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
The sender address to use in address verification
The sender address to use in address verification
probes.
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
The numerical Postfix SMTP server response when a
The numerical Postfix SMTP server response when a
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
<b>ACCESS CONTROL RESPONSES</b>
The following parameters control numerical SMTP reply
The following parameters control numerical SMTP reply
codes and/or text responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html"><b>access</b>(5)</a> map
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html"><b>access</b>(5)</a> map
restriction.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a>
restriction.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
@ -923,53 +932,53 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
client request is rejected by the
client request is rejected by the
<a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a>
restriction.
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a request is rejected by the <b>reject_plain-</b>
The numerical Postfix SMTP server response code
when a request is rejected by the <b>reject_plain-</b>
<b>text_session</b> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "reject" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client request is rejected by the
The numerical Postfix SMTP server response code
when a client request is rejected by the
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
ping is rejected by the reject_unknown_client_host-
name restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
tion.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
@ -978,16 +987,16 @@ SMTPD(8) SMTPD(8)
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@ -1008,36 +1017,36 @@ SMTPD(8) SMTPD(8)
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
The list of "trusted" SMTP clients that have more
The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
come from, and that locally posted mail is deliv-
come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -1045,22 +1054,22 @@ SMTPD(8) SMTPD(8)
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
The text that follows the 220 status code in the
The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
List of commands that causes the Postfix SMTP
server to immediately terminate the session with a
List of commands that causes the Postfix SMTP
server to immediately terminate the session with a
221 code.
<b>SEE ALSO</b>
@ -1090,7 +1099,7 @@ SMTPD(8) SMTPD(8)
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

85
postfix/man/man5/postconf.5
View File

@ -4884,9 +4884,9 @@ example.net secure match=example.com:.example.com
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_security_level (default: empty)
The default SMTP TLS security level for all destinations; when
a non-empty value is specified, this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
The default SMTP TLS security level for the Postfix SMTP client;
when a non-empty value is specified, this overrides the obsolete
parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
.PP
Specify one of the following security levels:
.IP "\fBnone\fR"
@ -5621,19 +5621,20 @@ This feature is available in Postfix 2.2 and later.
.PP
See smtpd_data_restrictions for syntax details.
.SH smtpd_enforce_tls (default: no)
Enforcement mode: announce STARTTLS support to SMTP clients,
Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption. According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is off by default and should be used only on
dedicated servers.
.PP
Note 1: this mode implies "smtpd_tls_auth_only = yes".
Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes".
.PP
Note 2: when invoked via "\fBsendmail -bs\fR", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.PP
This feature is available in Postfix 2.2 and later.
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead.
.SH smtpd_error_sleep_time (default: 1s)
With Postfix version 2.1 and later: the SMTP server response delay after
a client has made more than $smtpd_soft_error_limit errors, and
@ -6470,15 +6471,15 @@ able to authenticate the server, but unless it is running Postfix 2.3 or
similar software, it will still insist on a server certificate.
.PP
For servers that are \fBnot\fR public Internet MX hosts, Postfix
2.3 supports configurations with no certificates. This entails the use
of just the anonymous TLS ciphers, which are not supported by typical
SMTP clients. Since such clients will not, as a rule, fall back to plain
text after a TLS handshake failure, the server will be unable to receive
email from TLS enabled clients. To avoid accidental configurations with
no certificates, Postfix 2.3 enables certificate-less operation only
when the administrator explicitly sets "smtpd_tls_cert_file = none". This
ensures that new Postfix configurations with just "smtpd_use_tls = yes"
added, will not accidentally run with no certificates.
2.3 supports configurations with no certificates. This entails the
use of just the anonymous TLS ciphers, which are not supported by
typical SMTP clients. Since such clients will not, as a rule, fall
back to plain text after a TLS handshake failure, the server will
be unable to receive email from TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly
sets "smtpd_tls_cert_file = none". This ensures that new Postfix
configurations will not accidentally run with no certificates.
.PP
Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
@ -6723,17 +6724,15 @@ loglevel 4 is strongly discouraged.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_protocols (default: empty)
The list of TLS protocols supported by the server. If empty the
default list of protocols is used (i.e. all TLS protocol versions are
supported). Any non-empty value is interpreted as a list of protocol
names separated by whitespace, commas or colons. The supported protocol
names are "SSLv2", "SSLv3" and "TLSv1", and are not
case-sensitive.
The list of TLS protocols supported by the Postfix SMTP server.
If the list is empty, the server supports all available TLS protocol
versions. A non-empty value is a list of protocol names separated
by whitespace, commas or colons. The supported protocol names are
"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive.
.PP
DO NOT set this to a non-default value on an MX-host,
as some clients may not support any of the narrower set of protocols,
and may be unable to fallback to plaintext sessions. If you restrict
the protocol list on an MX host, you may lose mail.
DO NOT set this to a non-default value on an Internet MX host,
as this may cause inter-operability problems. If you restrict the
protocol list on an Internet MX host, you may lose mail.
.PP
Example:
.PP
@ -6764,6 +6763,37 @@ When TLS encryption is optional, this setting is ignored with
a warning written to the mail log.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_security_level (default: empty)
The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
"smtpd_tls_wrappermode = yes".
.PP
Specify one of the following security levels:
.IP "\fBnone\fR"
TLS will not be used.
.IP "\fBmay\fR"
Opportunistic TLS: announce STARTTLS support
to SMTP clients, but do not require that clients use TLS encryption.
.IP "\fBencrypt\fR"
Mandatory TLS encryption: announce
STARTTLS support to SMTP clients, and require that clients use TLS
encryption. According to RFC 2487 this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers.
.PP
Note 1: the "verify" and "secure" levels are not supported.
The Postfix SMTP server logs a warning and uses "encrypt" instead.
To verify SMTP client certificates, see TLS_README for a discussion
of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
features.
.PP
Note 2: The parameter setting "smtpd_tls_security_level =
encrypt" implies "smtpd_tls_auth_only = yes".
.PP
Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.
.SH smtpd_tls_session_cache_database (default: empty)
Name of the file containing the optional Postfix SMTP server
TLS session cache. Specify a database type that supports enumeration,
@ -6812,14 +6842,15 @@ purpose.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_use_tls (default: no)
Opportunistic mode: announce STARTTLS support to SMTP clients,
Opportunistic TLS: announce STARTTLS support to SMTP clients,
but do not require that clients use TLS encryption.
.PP
Note: when invoked via "\fBsendmail -bs\fR", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior.
.PP
This feature is available in Postfix 2.2 and later.
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead.
.SH soft_bounce (default: no)
Safety net to keep mail queued that would otherwise be returned to
the sender. This parameter disables locally-generated bounces,

6
postfix/man/man8/smtp.8
View File

@ -286,9 +286,9 @@ for authentication.
Detailed information about STARTTLS configuration may be found
in the TLS_README document.
.IP "\fBsmtp_tls_security_level (empty)\fR"
The default SMTP TLS security level for all destinations; when
a non-empty value is specified, this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
The default SMTP TLS security level for the Postfix SMTP client;
when a non-empty value is specified, this overrides the obsolete
parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
.IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
The SASL authentication security options that the Postfix SMTP
client uses for TLS encrypted SMTP sessions.

12
postfix/man/man8/smtpd.8
View File

@ -295,10 +295,10 @@ for authentication.
Detailed information about STARTTLS configuration may be
found in the TLS_README document.
.IP "\fBsmtpd_use_tls (no)\fR"
Opportunistic mode: announce STARTTLS support to SMTP clients,
Opportunistic TLS: announce STARTTLS support to SMTP clients,
but do not require that clients use TLS encryption.
.IP "\fBsmtpd_enforce_tls (no)\fR"
Enforcement mode: announce STARTTLS support to SMTP clients,
Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption.
.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
The SASL authentication security options that the Postfix SMTP
@ -342,7 +342,7 @@ File with the Postfix SMTP server RSA private key in PEM format.
.IP "\fBsmtpd_tls_loglevel (0)\fR"
Enable additional Postfix SMTP server logging of TLS activity.
.IP "\fBsmtpd_tls_protocols (empty)\fR"
The list of TLS protocols supported by the server.
The list of TLS protocols supported by the Postfix SMTP server.
.IP "\fBsmtpd_tls_received_header (no)\fR"
Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
@ -364,6 +364,12 @@ instead of using the STARTTLS command.
The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
process requests from the \fBtlsmgr\fR(8) server in order to seed its
internal pseudo random number generator (PRNG).
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_tls_security_level (empty)\fR"
The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls.
.IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
The OpenSSL cipherlist for "HIGH" grade ciphers.
.IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"

1
postfix/mantools/postlink
View File

@ -566,6 +566,7 @@ while (<>) {
s;\bsmtpd_tls_dh512_param_file\b;<a href="postconf.5.html#smtpd_tls_dh512_param_file">$&</a>;g;
s;\bsmtpd_tls_dkey_file\b;<a href="postconf.5.html#smtpd_tls_dkey_file">$&</a>;g;
s;\bsmtpd_tls_key_file\b;<a href="postconf.5.html#smtpd_tls_key_file">$&</a>;g;
s;\bsmtpd_tls_security_level\b;<a href="postconf.5.html#smtpd_tls_security_level">$&</a>;g;
s;\bsmtpd_tls_loglevel\b;<a href="postconf.5.html#smtpd_tls_loglevel">$&</a>;g;
s;\bsmtpd_tls_protocols\b;<a href="postconf.5.html#smtpd_tls_protocols">$&</a>;g;
s;\bsmtpd_tls_received_header\b;<a href="postconf.5.html#smtpd_tls_received_header">$&</a>;g;

2
postfix/proto/INSTALL.html
View File

@ -156,7 +156,7 @@ OPENSTEP 4.x <br>
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
Rhapsody 5.x <br>
SunOS 4.1.4 (December 2005) <br>
SunOS 4.1.4 (July 2006) <br>
SunOS 5.4 - 5.9 (Solaris 2.4..9) <br>
Ultrix 4.x (well, that was long ago) <br>
</p>

182
postfix/proto/TLS_README.html
View File

@ -248,8 +248,7 @@ be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly sets
"smtpd_tls_cert_file&nbsp;=&nbsp;none". This ensures that new Postfix
configurations with just "smtpd_use_tls&nbsp;=&nbsp;yes" added, will
not accidentally run with no certificates. </p>
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
only have RSA certificates issued by a commercial CA. In addition,
@ -437,13 +436,18 @@ since the headers may be changed by intermediate servers. </p>
<p> By default, TLS is disabled in the Postfix SMTP server, so no
difference to plain Postfix is visible. Explicitly switch it on
using "smtpd_use_tls&nbsp;=&nbsp;yes". </p>
with "smtpd_tls_security_level&nbsp;=&nbsp;may" (Postfix 2.3 and
later) or "smtpd_use_tls&nbsp;=&nbsp;yes" (obsolete but still
supported). </p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
# Postfix 2.3 and later
smtpd_tls_security_level = may
# Obsolete, but still supported
smtpd_use_tls = yes
</pre>
</blockquote>
@ -456,18 +460,23 @@ SMTP clients, but does not require that clients use TLS encryption.
is never offered due to insufficient privileges to access the server
private key. This is intended behavior. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>, so that
the Postfix SMTP server announces STARTTLS and accepts no mail without
TLS encryption, by setting "smtpd_enforce_tls&nbsp;=&nbsp;yes". According
to RFC 2487 this MUST NOT be applied in case of a publicly-referenced
Postfix SMTP server. This option is off by default and should only
seldom be used. </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
"smtpd_tls_security_level&nbsp;=&nbsp;encrypt" (Postfix 2.3 and
later) or "smtpd_enforce_tls&nbsp;=&nbsp;yes" (obsolete but still
supported). According to RFC 2487 this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
<p> Example: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
smtpd_enforce_tls = yes
</pre>
</blockquote>
@ -517,8 +526,11 @@ when the server is configured to ask for client certificates. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_use_tls = yes
smtpd_tls_ask_ccert = yes
# Postfix 2.3 and later
smtpd_tls_security_level = may
# Obsolete, but still supported
smtpd_use_tls = yes
</pre>
</blockquote>
@ -534,8 +546,11 @@ logged. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_enforce_tls = yes
smtpd_tls_req_ccert = yes
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
smtpd_enforce_tls = yes
</pre>
</blockquote>
@ -556,15 +571,18 @@ CA issues special CA which then issues the actual certificate...)
<h3><a name="server_tls_auth">Supporting AUTH over TLS only</a></h3>
<p> Sending AUTH data over an unencrypted channel poses a security risk.
When TLS layer encryption is required (smtpd_enforce_tls&nbsp;=&nbsp;yes),
the Postfix SMTP server will announce and accept AUTH only
after the TLS layer has been activated with STARTTLS. When TLS
layer encryption is optional (smtpd_enforce_tls&nbsp;=&nbsp;no), it may
however still be useful to only offer AUTH when TLS is active. To
maintain compatibility with non-TLS clients, the default is to
accept AUTH without encryption. In order to change this behavior,
set "smtpd_tls_auth_only&nbsp;=&nbsp;yes". </p>
<p> Sending AUTH data over an unencrypted channel poses a security
risk. When TLS layer encryption is required
("smtpd_tls_security_level&nbsp;=&nbsp;encrypt" or the obsolete
"smtpd_enforce_tls&nbsp;=&nbsp;yes"), the Postfix SMTP server will
announce and accept AUTH only after the TLS layer has been activated
with STARTTLS. When TLS layer encryption is optional
("smtpd_tls_security_level&nbsp;=&nbsp;may" or the obsolete
"smtpd_enforce_tls&nbsp;=&nbsp;no"), it may however still be useful
to only offer AUTH when TLS is active. To maintain compatibility
with non-TLS clients, the default is to accept AUTH without encryption.
In order to change this behavior, set
"smtpd_tls_auth_only&nbsp;=&nbsp;yes". </p>
<p> Example: </p>
@ -715,12 +733,14 @@ and not specifying an smtpd_tls_dcert_file. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_use_tls = yes
smtpd_enforce_tls = yes
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = aNULL, MD5
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
smtpd_enforce_tls = yes
</pre>
</blockquote>
@ -1257,12 +1277,12 @@ on TLS <a href="#client_tls_limits">limitations</a> above. </p>
<p> At the "encrypt" TLS security level, messages are sent only
over TLS encrypted sessions. The SMTP transaction is aborted unless
the STARTTLS ESMTP feature is supported by the server. If no
suitable servers are found, the message will be deferred. With Postfix
2.3 and later, mandatory TLS encryption can be configured by setting
"smtp_tls_security_level&nbsp;=&nbsp;encrypt". Even though TLS encryption
is always used, mail delivery continues if the server certificate is
untrusted or bears the wrong name. </p>
the STARTTLS ESMTP feature is supported by the server. If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
"smtp_tls_security_level&nbsp;=&nbsp;encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
certificate is untrusted or bears the wrong name. </p>
<p> At this security level and higher, the smtp_tls_mandatory_protocols
and smtp_tls_mandatory_ciphers configuration parameters determine
@ -1382,15 +1402,15 @@ use the new <a href="#client_tls_policy">policy table</a> instead. </p>
<h3><a name="client_tls_verify"> Mandatory server certificate verification </a>
</h3>
<p> At the "verify" TLS security level, messages are sent only
over TLS encrypted sessions for which server certificate verification
succeeds. If no suitable servers are found, the message will be
deferred. With Postfix 2.3 and later, mandatory server certificate
verification can be configured by setting
"smtp_tls_security_level&nbsp;=&nbsp;verify", the
<p> At the "verify" TLS security level, messages are sent only over
TLS encrypted sessions if the server certificate is valid (not
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
server certificate verification can be configured by setting
"smtp_tls_security_level&nbsp;=&nbsp;verify". The
smtp_tls_verify_cert_match parameter can override the default
"hostname" certificate match strategy. Fine-tuning the matching
strategy is generally only appropriate for <a
"hostname" certificate name matching strategy. Fine-tuning the
matching strategy is generally only appropriate for <a
href="#client_tls_secure">secure-channel</a> destinations. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
@ -1676,33 +1696,51 @@ describe the corresponding table syntax: </p>
<dd>Opportunistic TLS. No additional attributes are supported at this
level. </dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level and
higher the optional "ciphers" attribute overrides the main.cf
smtp_tls_mandatory_ciphers parameter and the optional "protocols"
keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
In the policy table, multiple protocols must be separated by colons,
as attribute values may not contain whitespace or commas.</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. Mail is
delivered only if remote SMTP server offers STARTTLS and the TLS
handshake succeeds. At this level and higher the optional "ciphers"
attribute overrides the main.cf smtp_tls_mandatory_ciphers parameter
and the optional "protocols" keyword overrides the main.cf
smtp_tls_mandatory_protocols parameter. </dd>
<dt><b>verify</b></dt>
<dd>Mandatory server certificate verification. The optional "match"
attribute overrides the main.cf smtp_tls_verify_cert_match parameter.
In the policy table, multiple match patterns and strategies must
be separated by colons. </dd>
<dt><b>verify</b></dt> <dd>Mandatory server certificate verification.
Mail is delivered only if the TLS handshake succeeds, if the server
certificate can be validated (not expired or revoked, and signed
by a trusted certificate authority), and if the server certificate
name matches the optional "match" attribute (or the main.cf
smtp_tls_verify_cert_match parameter value when no optional "match"
attribute is specified). </dd>
<dt><b>secure</b></dt> <dd>Secure-channel TLS. The optional "match"
attribute overrides the main.cf smtp_tls_secure_cert_match parameter. In
the policy table, multiple match patterns and strategies must be separated
by colons. The match attribute is useful when additional domains are
supported by common server, the policy entries for the additional domains
specify matching rules for the primary domain certificate. While transport
table overrides routing secondary domains to the primary nexthop also
allow secure verification, they risk delivery to the wrong destination
when domains change hands or are re-assigned to new gateways. With the
"match" attribute approach, routing is not perturbed, and mail is deferred
if verification of a new MX host fails. </dd>
<dt><b>secure</b></dt> <dd>Secure-channel TLS. Mail is delivered
only if the TLS handshake succeeds, if the server certificate can
be validated (not expired or revoked, and signed by a trusted
certificate authority), and if the server certificate name matches
the optional "match" attribute (or the main.cf smtp_tls_secure_cert_match
parameter value when no optional "match" attribute is specified).
</dd>
</dl>
<p> Notes: </p>
<ul>
<li> <p> The "match" attribute is especially useful to verify TLS
certificates for domains that are hosted on a shared server. In
that case, specify "match" rules for the shared server's name.
While secure verification can also be achieved with manual routing
overrides in Postfix transport(5) tables, that approach can deliver
mail to the wrong host when domains are assigned to new gateway
hosts. The "match" attribute approach avoids the problems of manual
routing overrides; mail is deferred if verification of a new MX
host fails. </p>
<li> <p> When a policy table entry specifies multiple match patterns,
multiple match strategies, or multiple protocols, these must be
separated by colons. </p>
</ul>
<p>
Example:
</p>
@ -2238,18 +2276,22 @@ but don't require them from all clients. </p>
<blockquote>
<pre>
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database =
btree:/var/spool/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
/etc/postfix/main.cf:
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_session_cache_database =
btree:/var/spool/postfix/smtp_tls_session_cache
smtp_use_tls = yes
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/FOO-cert.pem
smtpd_tls_key_file = /etc/postfix/FOO-key.pem
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database =
btree:/var/spool/postfix/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
# Postfix 2.3 and later
smtpd_tls_security_level = may
# Obsolete, but still supported
smtpd_use_tls = yes
</pre>
</blockquote>

93
postfix/proto/postconf.proto
View File

@ -8068,15 +8068,15 @@ able to authenticate the server, but unless it is running Postfix 2.3 or
similar software, it will still insist on a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
2.3 supports configurations with no certificates. This entails the use
of just the anonymous TLS ciphers, which are not supported by typical
SMTP clients. Since such clients will not, as a rule, fall back to plain
text after a TLS handshake failure, the server will be unable to receive
email from TLS enabled clients. To avoid accidental configurations with
no certificates, Postfix 2.3 enables certificate-less operation only
when the administrator explicitly sets "smtpd_tls_cert_file = none". This
ensures that new Postfix configurations with just "smtpd_use_tls = yes"
added, will not accidentally run with no certificates. </p>
2.3 supports configurations with no certificates. This entails the
use of just the anonymous TLS ciphers, which are not supported by
typical SMTP clients. Since such clients will not, as a rule, fall
back to plain text after a TLS handshake failure, the server will
be unable to receive email from TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly
sets "smtpd_tls_cert_file = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
@ -8225,30 +8225,32 @@ that was recorded by the final destination can be trusted. </p>
%PARAM smtpd_use_tls no
<p> Opportunistic mode: announce STARTTLS support to SMTP clients,
<p> Opportunistic TLS: announce STARTTLS support to SMTP clients,
but do not require that clients use TLS encryption. </p>
<p> Note: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
%PARAM smtpd_enforce_tls no
<p> Enforcement mode: announce STARTTLS support to SMTP clients,
<p> Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption. According to RFC 2487
this MUST NOT be applied in case of a publicly-referenced SMTP
server. This option is off by default and should be used only on
dedicated servers. </p>
<p> Note 1: this mode implies "smtpd_tls_auth_only = yes". </p>
<p> Note 1: "smtpd_enforce_tls = yes" implies "smtpd_tls_auth_only = yes". </p>
<p> Note 2: when invoked via "<b>sendmail -bs</b>", Postfix will never offer
STARTTLS due to insufficient privileges to access the server private
key. This is intended behavior. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtpd_tls_security_level instead. </p>
%PARAM smtpd_tls_wrappermode no
@ -9772,17 +9774,15 @@ configuration parameter. See there for details. </p>
%PARAM smtpd_tls_protocols
<p> The list of TLS protocols supported by the server. If empty the
default list of protocols is used (i.e. all TLS protocol versions are
supported). Any non-empty value is interpreted as a list of protocol
names separated by whitespace, commas or colons. The supported protocol
names are "SSLv2", "SSLv3" and "TLSv1", and are not
case-sensitive. </p>
<p> The list of TLS protocols supported by the Postfix SMTP server.
If the list is empty, the server supports all available TLS protocol
versions. A non-empty value is a list of protocol names separated
by whitespace, commas or colons. The supported protocol names are
"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
<p> DO NOT set this to a non-default value on an MX-host,
as some clients may not support any of the narrower set of protocols,
and may be unable to fallback to plaintext sessions. If you restrict
the protocol list on an MX host, you may lose mail. </p>
<p> DO NOT set this to a non-default value on an Internet MX host,
as this may cause inter-operability problems. If you restrict the
protocol list on an Internet MX host, you may lose mail. </p>
<p> Example: </p>
@ -9794,9 +9794,10 @@ smtpd_tls_protocols = SSLv3, TLSv1
%PARAM smtp_tls_security_level
<p> The default SMTP TLS security level for all destinations; when
a non-empty value is specified, this overrides the obsolete parameters
smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. </p>
<p> The default SMTP TLS security level for the Postfix SMTP client;
when a non-empty value is specified, this overrides the obsolete
parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
</p>
<p> Specify one of the following security levels: </p>
@ -10360,3 +10361,41 @@ login/password information for that server. </p>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtpd_tls_security_level
<p> The SMTP TLS security level for the Postfix SMTP server; when
a non-empty value is specified, this overrides the obsolete parameters
smtpd_use_tls and smtpd_enforce_tls. This parameter is ignored with
"smtpd_tls_wrappermode = yes". </p>
<p> Specify one of the following security levels: </p>
<dl>
<dt><b>none</b></dt> <dd> TLS will not be used. </dd>
<dt><b>may</b></dt> <dd> Opportunistic TLS: announce STARTTLS support
to SMTP clients, but do not require that clients use TLS encryption.
</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption: announce
STARTTLS support to SMTP clients, and require that clients use TLS
encryption. According to RFC 2487 this MUST NOT be applied in case
of a publicly-referenced SMTP server. Instead, this option should
be used only on dedicated servers. </dd>
</dl>
<p> Note 1: the "verify" and "secure" levels are not supported.
The Postfix SMTP server logs a warning and uses "encrypt" instead.
To verify SMTP client certificates, see TLS_README for a discussion
of the smtpd_tls_ask_ccert, smtpd_tls_req_ccert, and permit_tls_clientcerts
features. </p>
<p> Note 2: The parameter setting "smtpd_tls_security_level =
encrypt" implies "smtpd_tls_auth_only = yes".</p>
<p> Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>

4
postfix/src/cleanup/cleanup_milter.c
View File

@ -1178,6 +1178,10 @@ static const char *cleanup_repl_body(void *context, VSTRING *body)
{
const char *myname = "cleanup_repl_body";
/*
* XXX Sendmail compatibility: milters don't see the first body line, so
* don't expect they will send one.
*/
msg_panic("%s: message body replace operation is not implemented", myname);
}

4
postfix/src/global/mail_params.h
View File

@ -1091,6 +1091,10 @@ extern char *var_smtpd_forbid_cmds;
#define DEF_SMTPD_TLS_WRAPPER 0
extern bool var_smtpd_tls_wrappermode;
#define VAR_SMTPD_TLS_LEVEL "smtpd_tls_security_level"
#define DEF_SMTPD_TLS_LEVEL ""
extern char *var_smtpd_tls_level;
#define VAR_SMTPD_USE_TLS "smtpd_use_tls"
#define DEF_SMTPD_USE_TLS 0
extern bool var_smtpd_use_tls;

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20060707"
#define MAIL_VERSION_NUMBER "2.3-RC8"
#define MAIL_RELEASE_DATE "20060709"
#define MAIL_VERSION_NUMBER "2.3-RC9"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER

18
postfix/src/milter/milter8.c
View File

@ -1886,7 +1886,8 @@ static void milter8_disc_event(MILTER *m)
typedef struct {
MILTER8 *milter; /* milter client */
ARGV *macros; /* end-of-body macros */
int hdr_count; /* header counter */
int first_header; /* first header */
int first_body; /* first body line */
const char *resp; /* milter application response */
} MILTER_MSG_CONTEXT;
@ -1916,8 +1917,10 @@ static void milter8_header(void *ptr, int unused_header_class,
* dk-filter signature will be inserted at the wrong position. It should
* precede the headers that it signs.
*/
if (msg_ctx->hdr_count++ == 0)
if (msg_ctx->first_header) {
msg_ctx->first_header = 0;
return;
}
/*
* Sendmail 8 sends multi-line headers as text separated by newline.
@ -1982,6 +1985,14 @@ static void milter8_body(void *ptr, int rec_type,
ssize_t space;
ssize_t count;
/*
* XXX Sendmail compatibility: don't expose our first body line.
*/
if (msg_ctx->first_body) {
msg_ctx->first_body = 0;
return;
}
/*
* XXX I thought I was going to delegate all the on-the-wire formatting
* to a common lower layer, but unfortunately it's not practical. If we
@ -2082,7 +2093,8 @@ static const char *milter8_message(MILTER *m, VSTREAM *qfile,
}
msg_ctx.milter = milter;
msg_ctx.macros = macros;
msg_ctx.hdr_count = 0;
msg_ctx.first_header = 1;
msg_ctx.first_body = 1;
msg_ctx.resp = 0;
mime_state =
mime_state_alloc(MIME_OPT_DISABLE_MIME,

11
postfix/src/smtp/smtp.c
View File

@ -256,9 +256,9 @@
/* Detailed information about STARTTLS configuration may be found
/* in the TLS_README document.
/* .IP "\fBsmtp_tls_security_level (empty)\fR"
/* The default SMTP TLS security level for all destinations; when
/* a non-empty value is specified, this overrides the obsolete parameters
/* smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
/* The default SMTP TLS security level for the Postfix SMTP client;
/* when a non-empty value is specified, this overrides the obsolete
/* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername.
/* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
/* The SASL authentication security options that the Postfix SMTP
/* client uses for TLS encrypted SMTP sessions.
@ -716,8 +716,6 @@ SSL_CTX *smtp_tls_ctx;
#endif
extern NAME_CODE smtp_tls_levels[]; /* smtp_session.c name_code table */
/* deliver_message - deliver message with extreme prejudice */
static int deliver_message(const char *service, DELIVER_REQUEST *request)
@ -853,8 +851,7 @@ static void pre_init(char *unused_name, char **unused_argv)
/*
* Initialize the TLS data before entering the chroot jail
*/
if (name_code(smtp_tls_levels, NAME_CODE_FLAG_NONE,
var_smtp_tls_level) > TLS_LEV_NONE ||
if (tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE ||
var_smtp_use_tls || var_smtp_enforce_tls ||
var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
#ifdef USE_TLS

16
postfix/src/smtp/smtp_session.c
View File

@ -126,15 +126,6 @@
#include "smtp.h"
#include "smtp_sasl.h"
NAME_CODE smtp_tls_levels[] = {
"none", TLS_LEV_NONE,
"may", TLS_LEV_MAY,
"encrypt", TLS_LEV_ENCRYPT,
"verify", TLS_LEV_VERIFY,
"secure", TLS_LEV_SECURE,
0, TLS_LEV_NOTFOUND,
};
#ifdef USE_TLS
static MAPS *tls_policy; /* lookup table(s) */
@ -162,7 +153,7 @@ void smtp_tls_list_init(void)
static const char *policy_name(int tls_level)
{
const char *name = str_name_code(smtp_tls_levels, tls_level);
const char *name = str_tls_level(tls_level);
if (name == 0)
name = "unknown";
@ -241,7 +232,7 @@ static int tls_policy_lookup_one(SMTP_SESSION *session,
msg_warn("ignoring empty tls policy for %s", site_name);
FREE_RETURN(1); /* No further lookups */
}
*site_level = name_code(smtp_tls_levels, NAME_CODE_FLAG_NONE, tok);
*site_level = tls_level_lookup(tok);
if (*site_level == TLS_LEV_NOTFOUND) {
msg_warn("%s: unknown security level '%s' ignored",
str_context(cbuf, site_class, site_name), tok);
@ -418,8 +409,7 @@ static void session_tls_init(SMTP_SESSION *session, const char *dest,
* per-site policy.
*/
if (*var_smtp_tls_level) {
global_level = name_code(smtp_tls_levels, NAME_CODE_FLAG_NONE,
var_smtp_tls_level);
global_level = tls_level_lookup(var_smtp_tls_level);
if (global_level == TLS_LEV_NOTFOUND) {
msg_fatal("%s: unknown TLS security level '%s'",
lmtp ? VAR_LMTP_TLS_LEVEL : VAR_SMTP_TLS_LEVEL,

54
postfix/src/smtpd/smtpd.c
View File

@ -263,10 +263,10 @@
/* Detailed information about STARTTLS configuration may be
/* found in the TLS_README document.
/* .IP "\fBsmtpd_use_tls (no)\fR"
/* Opportunistic mode: announce STARTTLS support to SMTP clients,
/* Opportunistic TLS: announce STARTTLS support to SMTP clients,
/* but do not require that clients use TLS encryption.
/* .IP "\fBsmtpd_enforce_tls (no)\fR"
/* Enforcement mode: announce STARTTLS support to SMTP clients,
/* Mandatory TLS: announce STARTTLS support to SMTP clients,
/* and require that clients use TLS encryption.
/* .IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
/* The SASL authentication security options that the Postfix SMTP
@ -310,7 +310,7 @@
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
/* Enable additional Postfix SMTP server logging of TLS activity.
/* .IP "\fBsmtpd_tls_protocols (empty)\fR"
/* The list of TLS protocols supported by the server.
/* The list of TLS protocols supported by the Postfix SMTP server.
/* .IP "\fBsmtpd_tls_received_header (no)\fR"
/* Request that the Postfix SMTP server produces Received: message
/* headers that include information about the protocol and cipher used,
@ -332,6 +332,12 @@
/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
/* process requests from the \fBtlsmgr\fR(8) server in order to seed its
/* internal pseudo random number generator (PRNG).
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_tls_security_level (empty)\fR"
/* The SMTP TLS security level for the Postfix SMTP server; when
/* a non-empty value is specified, this overrides the obsolete parameters
/* smtpd_use_tls and smtpd_enforce_tls.
/* .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
/* The OpenSSL cipherlist for "HIGH" grade ciphers.
/* .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
@ -1019,6 +1025,7 @@ char *var_local_rwr_clients;
char *var_smtpd_ehlo_dis_words;
char *var_smtpd_ehlo_dis_maps;
char *var_smtpd_tls_level;
bool var_smtpd_use_tls;
bool var_smtpd_enforce_tls;
bool var_smtpd_tls_wrappermode;
@ -4109,8 +4116,8 @@ static void pre_accept(char *unused_name, char **unused_argv)
static void pre_jail_init(char *unused_name, char **unused_argv)
{
int enforce_tls = var_smtpd_tls_wrappermode || var_smtpd_enforce_tls;
int use_tls = var_smtpd_use_tls || enforce_tls;
int enforce_tls;
int use_tls;
/*
* Initialize blacklist/etc. patterns before entering the chroot jail, in
@ -4139,10 +4146,42 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
VAR_SMTPD_SASL_ENABLE);
#endif
/*
* XXX Temporary fix to pretend that we consistently implement TLS
* security levels. We implement only a subset for now. If we implement
* more levels, wrappermode should override only weaker TLS security
* levels.
*/
if (!var_smtpd_tls_wrappermode && *var_smtpd_tls_level) {
switch (tls_level_lookup(var_smtpd_tls_level)) {
default:
msg_warn("%s: ignoring unknown TLS level \"%s\"",
VAR_SMTPD_TLS_LEVEL, var_smtpd_tls_level);
break;
case TLS_LEV_SECURE:
case TLS_LEV_VERIFY:
msg_warn("%s: unsupported TLS level \"%s\", using \"encrypt\"",
VAR_SMTPD_TLS_LEVEL, var_smtpd_tls_level);
/* FALLTHROUGH */
case TLS_LEV_ENCRYPT:
var_smtpd_enforce_tls = var_smtpd_use_tls = 1;
break;
case TLS_LEV_MAY:
var_smtpd_enforce_tls = 0;
var_smtpd_use_tls = 1;
break;
case TLS_LEV_NONE:
var_smtpd_enforce_tls = var_smtpd_use_tls = 0;
break;
}
}
enforce_tls = var_smtpd_tls_wrappermode || var_smtpd_enforce_tls;
use_tls = var_smtpd_use_tls || enforce_tls;
/*
* Keys can only be loaded when running with suitable permissions. When
* called from "sendmail -bs" this is not the case, but STARTTLS is not
* used in this scenario anyhow.
* called from "sendmail -bs" this is not the case, so we must not
* announce STARTTLS support.
*/
if (getuid() == 0 || getuid() == var_owner_uid) {
if (use_tls) {
@ -4442,6 +4481,7 @@ int main(int argc, char **argv)
VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0,
VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0,
#endif
VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0,
VAR_SMTPD_SASL_TYPE, DEF_SMTPD_SASL_TYPE, &var_smtpd_sasl_type, 1, 0,
VAR_SMTPD_MILTERS, DEF_SMTPD_MILTERS, &var_smtpd_milters, 0, 0,
VAR_MILT_CONN_MACROS, DEF_MILT_CONN_MACROS, &var_milt_conn_macros, 0, 0,

2
postfix/src/smtpd/smtpd.h
View File

@ -30,9 +30,7 @@
/*
* Postfix TLS library.
*/
#ifdef USE_TLS
#include <tls.h>
#endif
/*
* Milter library.

14
postfix/src/tls/Makefile.in
View File

@ -2,11 +2,13 @@ SHELL = /bin/sh
SRCS = tls_prng_dev.c tls_prng_egd.c tls_prng_file.c \
tls_prng_exch.c tls_stream.c tls_bio_ops.c tls_misc.c tls_dh.c \
tls_rsa.c tls_verify.c tls_certkey.c tls_session.c \
tls_client.c tls_server.c tls_scache.c tls_mgr.c tls_seed.c
tls_client.c tls_server.c tls_scache.c tls_mgr.c tls_seed.c \
tls_level.c
OBJS = tls_prng_dev.o tls_prng_egd.o tls_prng_file.o \
tls_prng_exch.o tls_stream.o tls_bio_ops.o tls_misc.o tls_dh.o \
tls_rsa.o tls_verify.o tls_certkey.o tls_session.o \
tls_client.o tls_server.o tls_scache.o tls_mgr.o tls_seed.o
tls_client.o tls_server.o tls_scache.o tls_mgr.o tls_seed.o \
tls_level.o
HDRS = tls.h tls_prng.h tls_scache.h tls_mgr.h
TESTSRC =
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
@ -129,6 +131,14 @@ tls_dh.o: ../../include/vstream.h
tls_dh.o: ../../include/vstring.h
tls_dh.o: tls.h
tls_dh.o: tls_dh.c
tls_level.o: ../../include/name_code.h
tls_level.o: ../../include/name_mask.h
tls_level.o: ../../include/sys_defs.h
tls_level.o: ../../include/vbuf.h
tls_level.o: ../../include/vstream.h
tls_level.o: ../../include/vstring.h
tls_level.o: tls.h
tls_level.o: tls_level.c
tls_mgr.o: ../../include/attr.h
tls_mgr.o: ../../include/attr_clnt.h
tls_mgr.o: ../../include/iostuff.h

10
postfix/src/tls/tls.h
View File

@ -11,6 +11,11 @@
/* DESCRIPTION
/* .nf
/*
* Utility library.
*/
#include <name_code.h>
/*
* TLS enforcement levels. Non-sentinel values also be used to indicate
* the actual security level of a session.
@ -22,6 +27,11 @@
#define TLS_LEV_VERIFY 3 /* certificate verified */
#define TLS_LEV_SECURE 4 /* "secure" verification */
extern NAME_CODE tls_level_table[];
#define tls_level_lookup(s) name_code(tls_level_table, NAME_CODE_FLAG_NONE, (s))
#define str_tls_level(l) str_name_code(tls_level_table, (l))
#ifdef USE_TLS
/*

60
postfix/src/tls/tls_level.c Normal file
View File

@ -0,0 +1,60 @@
/*++
/* NAME
/* tls_level 3
/* SUMMARY
/* TLS security level conversion
/* SYNOPSIS
/* #include <tls.h>
/*
/* int tls_level_lookup(name)
/* const char *name;
/*
/* const char *str_tls_level(level)
/* int level;
/* DESCRIPTION
/* The macros in this module convert TLS levels from symbolic
/* name to internal form and vice versa. The macros are safe
/* because they evaluate their arguments only once.
/*
/* tls_level_lookup() converts a TLS level from symbolic name
/* to internal form. The result is TLS_NOTFOUND for an unknown
/* level.
/*
/* str_tls_level() converts a TLS level from internal form to
/* symbolic name. The result is a null pointer for an unknown
/* level.
/* SEE ALSO
/* name_code(3) name to number mapping
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
/* Utility library. */
#include <name_code.h>
/* TLS library. */
#include <tls.h>
/* Application-specific. */
NAME_CODE tls_level_table[] = {
"none", TLS_LEV_NONE,
"may", TLS_LEV_MAY,
"encrypt", TLS_LEV_ENCRYPT,
"verify", TLS_LEV_VERIFY,
"secure", TLS_LEV_SECURE,
0, TLS_LEV_NOTFOUND,
};