mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-24 02:47:36 +00:00
Code Issues Releases Wiki Activity

postfix-2.7-20091110

Browse Source
This commit is contained in:
Wietse Venema 2009-11-10 00:00:00 -05:00 committed by Viktor Dukhovni
parent 705c4e1dd4
commit c4461a1730
16 changed files with 288 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
postfix/HISTORY
View File

@ -15487,3 +15487,14 @@ Apologies for any names omitted.
caused by an incomplete API change; refined the queue space caused by an incomplete API change; refined the queue space
check; release scratch space immediately after delivering check; release scratch space immediately after delivering
mail to the before-queue filter. Files: smtpd.c, smtpd_proxy.c. mail to the before-queue filter. Files: smtpd.c, smtpd_proxy.c.
20091110
Workaround: specify "smtp_tls_block_early_mail_reply = yes"
to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555). The attack involves prepending
malicious HELO/MAIL/RCPT/DATA commands to a Postfix SMTP
client TLS session. The attack would succeed with non-Postfix
SMTP servers that reply to the malicious commands after
negotiating the Postfix SMTP client TLS session. File:
smtp/smtp_proto.c.

148
postfix/html/lmtp.8.html
View File

@ -534,29 +534,37 @@ SMTP(8) SMTP(8)
File with the Postfix SMTP client ECDSA private key File with the Postfix SMTP client ECDSA private key
in PEM format. in PEM format.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
Try to detect a mail hijacking attack based on a
TLS protocol vulnerability (CVE-2009-3555), where
an attacker prepends malicious HELO/MAIL/RCPT/DATA
commands to a Postfix client TLS session.
<b>OBSOLETE STARTTLS CONTROLS</b> <b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati- The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these bility with Postfix versions before 2.3. Support for these
will be removed in a future release. will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b> <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send server announces STARTTLS support, otherwise send
the mail in the clear. the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b> <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the use TLS encryption, and never send mail in the
clear. clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b> <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
With mandatory TLS encryption, require that the With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information remote SMTP server hostname matches the information
in the remote SMTP server certificate. in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b> <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client Optional lookup tables with the Postfix SMTP client
TLS usage policy by next-hop destination and by TLS usage policy by next-hop destination and by
remote SMTP server hostname. remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b> <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
@ -566,27 +574,27 @@ SMTP(8) SMTP(8)
<b>RESOURCE AND RATE CONTROLS</b> <b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b> <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b> <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the The maximal number of parallel deliveries to the
same destination via the smtp message delivery same destination via the smtp message delivery
transport. transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b> <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b> <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per message for The maximal number of recipients per message for
the smtp message delivery transport. the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b> <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP The SMTP client time limit for completing a TCP
connection, or zero (use the operating system connection, or zero (use the operating system
built-in time limit). built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server EHLO command, and for receiving the initial server
response. response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b> <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO The LMTP client time limit for sending the LHLO
command, and for receiving the initial server command, and for receiving the initial server
response. response.
@ -595,30 +603,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response. command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server FROM command, and for receiving the server
response. response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server RCPT TO command, and for receiving the server
response. response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b> <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server DATA command, and for receiving the server
response. response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b> <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
message content. message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b> <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
".", and for receiving the server response. ".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT The SMTP client time limit for sending the QUIT
command, and for receiving the server response. command, and for receiving the server response.
Available in Postfix version 2.1 and later: Available in Postfix version 2.1 and later:
@ -629,12 +637,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit). lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b> <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall- request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit). back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b> <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET The SMTP client time limit for sending the RSET
command, and for receiving the server response. command, and for receiving the server response.
Available in Postfix version 2.2 and earlier: Available in Postfix version 2.2 and earlier:
@ -646,11 +654,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later: Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b> <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the Permanently enable SMTP connection caching for the
specified destinations. specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b> <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active destination has a high volume of mail in the active
queue. queue.
@ -660,62 +668,62 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b> <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept of time that an unused SMTP client socket is kept
open before it is closed. open before it is closed.
Available in Postfix version 2.3 and later: Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b> <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or Time limit for connection cache connect, send or
receive operations. receive operations.
<b>TROUBLE SHOOTING CONTROLS</b> <b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a The increment in verbose logging level when a
remote client or server matches a pattern in the remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname Optional list of remote client or server hostname
or network address patterns that cause the verbose or network address patterns that cause the verbose
logging level to increase by the amount specified logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about The recipient of postmaster notifications about
mail delivery problems that are caused by policy, mail delivery problems that are caused by policy,
resource, software or protocol errors. resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub- What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the The list of error classes that are reported to the
postmaster. postmaster.
<b>MISCELLANEOUS CONTROLS</b> <b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b> <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error when it detects a "mail loops back to myself" error
condition. condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files. <a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to How much time a Postfix daemon process may take to
handle a request before it is terminated by a handle a request before it is terminated by a
built-in watchdog timer. built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal The maximal number of digits after the decimal
point when logging sub-second delay values. point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP Disable DNS lookups in the Postfix SMTP and LMTP
clients. clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -723,7 +731,7 @@ SMTP(8) SMTP(8)
tem receives mail on. tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b> <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use The Internet protocols Postfix will attempt to use
when making or accepting connections. when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -731,81 +739,81 @@ SMTP(8) SMTP(8)
over an internal communication channel. over an internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b> <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
When an LMTP server announces no DSN support, When an LMTP server announces no DSN support,
assume that the server performs final delivery, and assume that the server performs final delivery, and
send "delivered" delivery status notifications send "delivered" delivery status notifications
instead of "relayed". instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b> <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client The default TCP port that the Postfix LMTP client
connects to. connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection daemon process waits for an incoming connection
before terminating voluntarily. before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b> <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a The maximal number of incoming connections that a
Postfix daemon process will service before termi- Postfix daemon process will service before termi-
nating voluntarily. nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon The process ID of a Postfix command or daemon
process. process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon The process name of a Postfix command or daemon
process. process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys- The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network tem receives mail on by way of a proxy or network
address translation unit. address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b> <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the An optional numerical network address that the
Postfix SMTP client should bind to when making an Postfix SMTP client should bind to when making an
IPv4 connection. IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b> <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the An optional numerical network address that the
Postfix SMTP client should bind to when making an Postfix SMTP client should bind to when making an
IPv6 connection. IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com- The hostname to send in the SMTP EHLO or HELO com-
mand. mand.
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command. The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b> <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the Postfix SMTP client uses What mechanisms the Postfix SMTP client uses to
to look up a host's IP address. look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b> <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host Randomize the order of equal-preference MX host
addresses. addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging. The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the The mail system name that is prepended to the
process name in syslog records, so that "smtpd" process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd". becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier: Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b> <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable. that can't be found or that are unreachable.
Available with Postfix 2.3 and later: Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b> <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable. that can't be found or that are unreachable.
<b>SEE ALSO</b> <b>SEE ALSO</b>
@ -826,7 +834,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

15
postfix/html/postconf.5.html
View File

@ -9236,6 +9236,21 @@ must be inside the chroot jail. </p>
<p> This feature is available in Postfix 2.2 and later. </p> <p> This feature is available in Postfix 2.2 and later. </p>
</DD>
<DT><b><a name="smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a>
(default: no)</b></DT><DD>
<p> Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session. The
attack would succeed with non-Postfix SMTP servers that reply to
the malicious HELO/MAIL/RCPT/DATA commands after negotiating the
Postfix SMTP client TLS session. </p>
<p> This feature is available in Postfix 2.7. </p>
</DD> </DD>
<DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a> <DT><b><a name="smtp_tls_cert_file">smtp_tls_cert_file</a>

148
postfix/html/smtp.8.html
View File

@ -534,29 +534,37 @@ SMTP(8) SMTP(8)
File with the Postfix SMTP client ECDSA private key File with the Postfix SMTP client ECDSA private key
in PEM format. in PEM format.
Available in Postfix version 2.7 and later:
<b><a href="postconf.5.html#smtp_tls_block_early_mail_reply">smtp_tls_block_early_mail_reply</a> (no)</b>
Try to detect a mail hijacking attack based on a
TLS protocol vulnerability (CVE-2009-3555), where
an attacker prepends malicious HELO/MAIL/RCPT/DATA
commands to a Postfix client TLS session.
<b>OBSOLETE STARTTLS CONTROLS</b> <b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati- The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these bility with Postfix versions before 2.3. Support for these
will be removed in a future release. will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b> <b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send server announces STARTTLS support, otherwise send
the mail in the clear. the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b> <b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the use TLS encryption, and never send mail in the
clear. clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b> <b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
With mandatory TLS encryption, require that the With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information remote SMTP server hostname matches the information
in the remote SMTP server certificate. in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b> <b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client Optional lookup tables with the Postfix SMTP client
TLS usage policy by next-hop destination and by TLS usage policy by next-hop destination and by
remote SMTP server hostname. remote SMTP server hostname.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b> <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
@ -566,27 +574,27 @@ SMTP(8) SMTP(8)
<b>RESOURCE AND RATE CONTROLS</b> <b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b> <b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b> <b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the The maximal number of parallel deliveries to the
same destination via the smtp message delivery same destination via the smtp message delivery
transport. transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b> <b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b> <b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per message for The maximal number of recipients per message for
the smtp message delivery transport. the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b> <b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP The SMTP client time limit for completing a TCP
connection, or zero (use the operating system connection, or zero (use the operating system
built-in time limit). built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server EHLO command, and for receiving the initial server
response. response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b> <b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO The LMTP client time limit for sending the LHLO
command, and for receiving the initial server command, and for receiving the initial server
response. response.
@ -595,30 +603,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response. command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server FROM command, and for receiving the server
response. response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server RCPT TO command, and for receiving the server
response. response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b> <b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server DATA command, and for receiving the server
response. response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b> <b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
message content. message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b> <b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP The SMTP client time limit for sending the SMTP
".", and for receiving the server response. ".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b> <b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT The SMTP client time limit for sending the QUIT
command, and for receiving the server response. command, and for receiving the server response.
Available in Postfix version 2.1 and later: Available in Postfix version 2.1 and later:
@ -629,12 +637,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit). lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b> <b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall- request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit). back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b> <b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET The SMTP client time limit for sending the RSET
command, and for receiving the server response. command, and for receiving the server response.
Available in Postfix version 2.2 and earlier: Available in Postfix version 2.2 and earlier:
@ -646,11 +654,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later: Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b> <b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the Permanently enable SMTP connection caching for the
specified destinations. specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b> <b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active destination has a high volume of mail in the active
queue. queue.
@ -660,62 +668,62 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b> <b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept of time that an unused SMTP client socket is kept
open before it is closed. open before it is closed.
Available in Postfix version 2.3 and later: Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b> <b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or Time limit for connection cache connect, send or
receive operations. receive operations.
<b>TROUBLE SHOOTING CONTROLS</b> <b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b> <b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a The increment in verbose logging level when a
remote client or server matches a pattern in the remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b> <b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname Optional list of remote client or server hostname
or network address patterns that cause the verbose or network address patterns that cause the verbose
logging level to increase by the amount specified logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b> <b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about The recipient of postmaster notifications about
mail delivery problems that are caused by policy, mail delivery problems that are caused by policy,
resource, software or protocol errors. resource, software or protocol errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b> <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
What categories of Postfix-generated mail are sub- What categories of Postfix-generated mail are sub-
ject to before-queue content inspection by ject to before-queue content inspection by
<a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>. <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b> <b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the The list of error classes that are reported to the
postmaster. postmaster.
<b>MISCELLANEOUS CONTROLS</b> <b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b> <b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error when it detects a "mail loops back to myself" error
condition. condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files. <a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b> <b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to How much time a Postfix daemon process may take to
handle a request before it is terminated by a handle a request before it is terminated by a
built-in watchdog timer. built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b> <b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal The maximal number of digits after the decimal
point when logging sub-second delay values. point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b> <b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP Disable DNS lookups in the Postfix SMTP and LMTP
clients. clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b> <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -723,7 +731,7 @@ SMTP(8) SMTP(8)
tem receives mail on. tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b> <b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use The Internet protocols Postfix will attempt to use
when making or accepting connections. when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b> <b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -731,81 +739,81 @@ SMTP(8) SMTP(8)
over an internal communication channel. over an internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b> <b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
When an LMTP server announces no DSN support, When an LMTP server announces no DSN support,
assume that the server performs final delivery, and assume that the server performs final delivery, and
send "delivered" delivery status notifications send "delivered" delivery status notifications
instead of "relayed". instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b> <b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client The default TCP port that the Postfix LMTP client
connects to. connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b> <b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix The maximum amount of time that an idle Postfix
daemon process waits for an incoming connection daemon process waits for an incoming connection
before terminating voluntarily. before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b> <b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of incoming connections that a The maximal number of incoming connections that a
Postfix daemon process will service before termi- Postfix daemon process will service before termi-
nating voluntarily. nating voluntarily.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b> <b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon The process ID of a Postfix command or daemon
process. process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b> <b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon The process name of a Postfix command or daemon
process. process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b> <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys- The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network tem receives mail on by way of a proxy or network
address translation unit. address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b> <b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the An optional numerical network address that the
Postfix SMTP client should bind to when making an Postfix SMTP client should bind to when making an
IPv4 connection. IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b> <b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the An optional numerical network address that the
Postfix SMTP client should bind to when making an Postfix SMTP client should bind to when making an
IPv6 connection. IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> <b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com- The hostname to send in the SMTP EHLO or HELO com-
mand. mand.
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b> <b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command. The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b> <b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the Postfix SMTP client uses What mechanisms the Postfix SMTP client uses to
to look up a host's IP address. look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b> <b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host Randomize the order of equal-preference MX host
addresses. addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b> <b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging. The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b> <b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
The mail system name that is prepended to the The mail system name that is prepended to the
process name in syslog records, so that "smtpd" process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd". becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier: Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b> <b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable. that can't be found or that are unreachable.
Available with Postfix 2.3 and later: Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b> <b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable. that can't be found or that are unreachable.
<b>SEE ALSO</b> <b>SEE ALSO</b>
@ -826,7 +834,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto <a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

9
postfix/man/man5/postconf.5
View File

@ -5254,6 +5254,15 @@ smtp_tls_CApath = /etc/postfix/certs
.ft R .ft R
.PP .PP
This feature is available in Postfix 2.2 and later. This feature is available in Postfix 2.2 and later.
.SH smtp_tls_block_early_mail_reply (default: no)
Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session. The
attack would succeed with non-Postfix SMTP servers that reply to
the malicious HELO/MAIL/RCPT/DATA commands after negotiating the
Postfix SMTP client TLS session.
.PP
This feature is available in Postfix 2.7.
.SH smtp_tls_cert_file (default: empty) .SH smtp_tls_cert_file (default: empty)
File with the Postfix SMTP client RSA certificate in PEM format. File with the Postfix SMTP client RSA certificate in PEM format.
This file may also contain the Postfix SMTP client private RSA key, This file may also contain the Postfix SMTP client private RSA key,

8
postfix/man/man8/smtp.8
View File

@ -430,6 +430,12 @@ will use with opportunistic TLS encryption.
File with the Postfix SMTP client ECDSA certificate in PEM format. File with the Postfix SMTP client ECDSA certificate in PEM format.
.IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
File with the Postfix SMTP client ECDSA private key in PEM format. File with the Postfix SMTP client ECDSA private key in PEM format.
.PP
Available in Postfix version 2.7 and later:
.IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.
.SH "OBSOLETE STARTTLS CONTROLS" .SH "OBSOLETE STARTTLS CONTROLS"
.na .na
.nf .nf
@ -610,7 +616,7 @@ The hostname to send in the SMTP EHLO or HELO command.
.IP "\fBlmtp_lhlo_name ($myhostname)\fR" .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
The hostname to send in the LMTP LHLO command. The hostname to send in the LMTP LHLO command.
.IP "\fBsmtp_host_lookup (dns)\fR" .IP "\fBsmtp_host_lookup (dns)\fR"
What mechanisms when the Postfix SMTP client uses to look up a host's IP What mechanisms the Postfix SMTP client uses to look up a host's IP
address. address.
.IP "\fBsmtp_randomize_addresses (yes)\fR" .IP "\fBsmtp_randomize_addresses (yes)\fR"
Randomize the order of equal-preference MX host addresses. Randomize the order of equal-preference MX host addresses.

2
postfix/mantools/postlink
View File

@ -259,6 +259,7 @@ while (<>) {
s;\blmtp_enforce_tls\b;<a href="postconf.5.html#lmtp_enforce_tls">$&</a>;g; s;\blmtp_enforce_tls\b;<a href="postconf.5.html#lmtp_enforce_tls">$&</a>;g;
s;\blmtp_tls_enforce_peername\b;<a href="postconf.5.html#lmtp_tls_enforce_peername">$&</a>;g; s;\blmtp_tls_enforce_peername\b;<a href="postconf.5.html#lmtp_tls_enforce_peername">$&</a>;g;
s;\blmtp_tls_note_starttls_offer\b;<a href="postconf.5.html#lmtp_tls_note_starttls_offer">$&</a>;g; s;\blmtp_tls_note_starttls_offer\b;<a href="postconf.5.html#lmtp_tls_note_starttls_offer">$&</a>;g;
s;\blmtp_tls_block_early_mail_reply\b;<a href="postconf.5.html#lmtp_tls_block_early_mail_reply">$&</a>;g;
s;\blmtp_sender_dependent_authentication\b;<a href="postconf.5.html#lmtp_sender_dependent_authentication">$&</a>;g; s;\blmtp_sender_dependent_authentication\b;<a href="postconf.5.html#lmtp_sender_dependent_authentication">$&</a>;g;
s;\blmtp_sasl_path\b;<a href="postconf.5.html#lmtp_sasl_path">$&</a>;g; s;\blmtp_sasl_path\b;<a href="postconf.5.html#lmtp_sasl_path">$&</a>;g;
s;\blmtp_lhlo_name\b;<a href="postconf.5.html#lmtp_lhlo_name">$&</a>;g; s;\blmtp_lhlo_name\b;<a href="postconf.5.html#lmtp_lhlo_name">$&</a>;g;
@ -613,6 +614,7 @@ while (<>) {
s;\bsmtp_tls_security_level\b;<a href="postconf.5.html#smtp_tls_security_level">$&</a>;g; s;\bsmtp_tls_security_level\b;<a href="postconf.5.html#smtp_tls_security_level">$&</a>;g;
s;\bsmtp_tls_session_cache_database\b;<a href="postconf.5.html#smtp_tls_session_cache_database">$&</a>;g; s;\bsmtp_tls_session_cache_database\b;<a href="postconf.5.html#smtp_tls_session_cache_database">$&</a>;g;
s;\bsmtp_tls_session_cache_timeout\b;<a href="postconf.5.html#smtp_tls_session_cache_timeout">$&</a>;g; s;\bsmtp_tls_session_cache_timeout\b;<a href="postconf.5.html#smtp_tls_session_cache_timeout">$&</a>;g;
s;\bsmtp_tls_block_early_mail_reply\b;<a href="postconf.5.html#smtp_tls_block_early_mail_reply">$&</a>;g;
s;\bsmtp_use_tls\b;<a href="postconf.5.html#smtp_use_tls">$&</a>;g; s;\bsmtp_use_tls\b;<a href="postconf.5.html#smtp_use_tls">$&</a>;g;
s;\bsmtp_header_checks\b;<a href="postconf.5.html#smtp_header_checks">$&</a>;g; s;\bsmtp_header_checks\b;<a href="postconf.5.html#smtp_header_checks">$&</a>;g;
s;\bsmtp_mime_header_checks\b;<a href="postconf.5.html#smtp_mime_header_checks">$&</a>;g; s;\bsmtp_mime_header_checks\b;<a href="postconf.5.html#smtp_mime_header_checks">$&</a>;g;

11
postfix/proto/postconf.proto
View File

@ -12625,3 +12625,14 @@ result value is executed by the Postfix SMTP server. </p>
</pre> </pre>
<p> This feature is available in Postfix 2.7. </p> <p> This feature is available in Postfix 2.7. </p>
%PARAM smtp_tls_block_early_mail_reply no
<p> Try to detect a mail hijacking attack based on a TLS protocol
vulnerability (CVE-2009-3555), where an attacker prepends malicious
HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session. The
attack would succeed with non-Postfix SMTP servers that reply to
the malicious HELO/MAIL/RCPT/DATA commands after negotiating the
Postfix SMTP client TLS session. </p>
<p> This feature is available in Postfix 2.7. </p>

6
postfix/src/global/mail_params.h
View File

@ -1465,6 +1465,12 @@ extern char *var_smtp_tls_sec_cmatch;
#define DEF_LMTP_TLS_FPT_CMATCH "" #define DEF_LMTP_TLS_FPT_CMATCH ""
extern char *var_smtp_tls_fpt_cmatch; extern char *var_smtp_tls_fpt_cmatch;
#define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply"
#define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0
#define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply"
#define DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY 0
extern bool var_smtp_tls_blk_early_mail_reply;
/* /*
* SASL authentication support, SMTP server side. * SASL authentication support, SMTP server side.
*/ */

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20091109" #define MAIL_RELEASE_DATE "20091110"
#define MAIL_VERSION_NUMBER "2.7" #define MAIL_VERSION_NUMBER "2.7"
#ifdef SNAPSHOT #ifdef SNAPSHOT

1
postfix/src/smtp/lmtp_params.c
View File

@ -99,6 +99,7 @@
#ifdef USE_TLS #ifdef USE_TLS
VAR_LMTP_TLS_ENFORCE_PN, DEF_LMTP_TLS_ENFORCE_PN, &var_smtp_tls_enforce_peername, VAR_LMTP_TLS_ENFORCE_PN, DEF_LMTP_TLS_ENFORCE_PN, &var_smtp_tls_enforce_peername,
VAR_LMTP_TLS_NOTEOFFER, DEF_LMTP_TLS_NOTEOFFER, &var_smtp_tls_note_starttls_offer, VAR_LMTP_TLS_NOTEOFFER, DEF_LMTP_TLS_NOTEOFFER, &var_smtp_tls_note_starttls_offer,
VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY, DEF_LMTP_TLS_BLK_EARLY_MAIL_REPLY, &var_smtp_tls_blk_early_mail_reply,
#endif #endif
VAR_LMTP_SENDER_AUTH, DEF_LMTP_SENDER_AUTH, &var_smtp_sender_auth, VAR_LMTP_SENDER_AUTH, DEF_LMTP_SENDER_AUTH, &var_smtp_sender_auth,
VAR_LMTP_CNAME_OVERR, DEF_LMTP_CNAME_OVERR, &var_smtp_cname_overr, VAR_LMTP_CNAME_OVERR, DEF_LMTP_CNAME_OVERR, &var_smtp_cname_overr,

9
postfix/src/smtp/smtp.c
View File

@ -400,6 +400,12 @@
/* File with the Postfix SMTP client ECDSA certificate in PEM format. /* File with the Postfix SMTP client ECDSA certificate in PEM format.
/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
/* File with the Postfix SMTP client ECDSA private key in PEM format. /* File with the Postfix SMTP client ECDSA private key in PEM format.
/* .PP
/* Available in Postfix version 2.7 and later:
/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
/* Try to detect a mail hijacking attack based on a TLS protocol
/* vulnerability (CVE-2009-3555), where an attacker prepends malicious
/* HELO/MAIL/RCPT/DATA commands to a Postfix client TLS session.
/* OBSOLETE STARTTLS CONTROLS /* OBSOLETE STARTTLS CONTROLS
/* .ad /* .ad
/* .fi /* .fi
@ -572,7 +578,7 @@
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
/* The hostname to send in the LMTP LHLO command. /* The hostname to send in the LMTP LHLO command.
/* .IP "\fBsmtp_host_lookup (dns)\fR" /* .IP "\fBsmtp_host_lookup (dns)\fR"
/* What mechanisms when the Postfix SMTP client uses to look up a host's IP /* What mechanisms the Postfix SMTP client uses to look up a host's IP
/* address. /* address.
/* .IP "\fBsmtp_randomize_addresses (yes)\fR" /* .IP "\fBsmtp_randomize_addresses (yes)\fR"
/* Randomize the order of equal-preference MX host addresses. /* Randomize the order of equal-preference MX host addresses.
@ -769,6 +775,7 @@ char *var_smtp_tls_proto;
char *var_smtp_tls_ciph; char *var_smtp_tls_ciph;
char *var_smtp_tls_eccert_file; char *var_smtp_tls_eccert_file;
char *var_smtp_tls_eckey_file; char *var_smtp_tls_eckey_file;
bool var_smtp_tls_blk_early_mail_reply;
#endif #endif

1
postfix/src/smtp/smtp.h
View File

@ -119,6 +119,7 @@ typedef struct SMTP_STATE {
#define SMTP_FEATURE_PIX_NO_ESMTP (1<<16) /* PIX smtp fixup mode */ #define SMTP_FEATURE_PIX_NO_ESMTP (1<<16) /* PIX smtp fixup mode */
#define SMTP_FEATURE_PIX_DELAY_DOTCRLF (1<<17) /* PIX smtp fixup mode */ #define SMTP_FEATURE_PIX_DELAY_DOTCRLF (1<<17) /* PIX smtp fixup mode */
#define SMTP_FEATURE_XFORWARD_PORT (1<<18) #define SMTP_FEATURE_XFORWARD_PORT (1<<18)
#define SMTP_FEATURE_EARLY_TLS_MAIL_REPLY (1<<19) /* CVE-2009-3555 */
/* /*
* Features that passivate under the endpoint. * Features that passivate under the endpoint.

1
postfix/src/smtp/smtp_params.c
View File

@ -103,6 +103,7 @@
#ifdef USE_TLS #ifdef USE_TLS
VAR_SMTP_TLS_ENFORCE_PN, DEF_SMTP_TLS_ENFORCE_PN, &var_smtp_tls_enforce_peername, VAR_SMTP_TLS_ENFORCE_PN, DEF_SMTP_TLS_ENFORCE_PN, &var_smtp_tls_enforce_peername,
VAR_SMTP_TLS_NOTEOFFER, DEF_SMTP_TLS_NOTEOFFER, &var_smtp_tls_note_starttls_offer, VAR_SMTP_TLS_NOTEOFFER, DEF_SMTP_TLS_NOTEOFFER, &var_smtp_tls_note_starttls_offer,
VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY, DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY, &var_smtp_tls_blk_early_mail_reply,
#endif #endif
VAR_SMTP_SENDER_AUTH, DEF_SMTP_SENDER_AUTH, &var_smtp_sender_auth, VAR_SMTP_SENDER_AUTH, DEF_SMTP_SENDER_AUTH, &var_smtp_sender_auth,
VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr, VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr,

56
postfix/src/smtp/smtp_proto.c
View File

@ -1292,6 +1292,36 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
&& (session->features & SMTP_FEATURE_AUTH)) && (session->features & SMTP_FEATURE_AUTH))
vstring_strcat(next_command, " AUTH=<>"); vstring_strcat(next_command, " AUTH=<>");
#endif #endif
/*
* CVE-2009-3555 (TLS renegotiation). Try to detect a mail
* hijacking attack that prepends malicious EHLO/MAIL/RCPT/DATA
* commands to our TLS session.
*
* For the attack to succeed, the remote SMTP server must reply to
* the malicious EHLO/MAIL/RCPT/DATA commands after completing
* TLS (re)negotiation, so that the replies arrive in our TLS
* session (otherwise the Postfix SMTP client would time out
* waiting for an answer). With some luck we can detect this
* specific attack as a server MAIL reply that arrives before we
* send our own MAIL command.
*
* We don't apply this test to the HELO command because the result
* would be very timing sensitive, and we don't apply this test
* to RCPT and DATA replies because these may be pipelined for
* legitimate reasons.
*/
#ifdef USE_TLS
if (var_smtp_tls_blk_early_mail_reply
&& (state->misc_flags & SMTP_MISC_FLAG_IN_STARTTLS) != 0
&& (vstream_peek(session->stream) > 0
|| peekfd(vstream_fileno(session->stream)) > 0))
session->features |= SMTP_FEATURE_EARLY_TLS_MAIL_REPLY;
#endif
/*
* We now return to our regular broadcast.
*/
next_state = SMTP_STATE_RCPT; next_state = SMTP_STATE_RCPT;
break; break;
@ -1512,6 +1542,32 @@ static int smtp_loop(SMTP_STATE *state, NOCLOBBER int send_state,
xfer_request[SMTP_STATE_MAIL]); xfer_request[SMTP_STATE_MAIL]);
mail_from_rejected = 1; mail_from_rejected = 1;
} }
/*
* CVE-2009-3555 (TLS renegotiation). Whatever it was
* that arrived before we sent our MAIL FROM command, it
* was not a fatal-level TLS alert message. It could be a
* warning-level TLS alert message, or a ChangeCipherSpec
* message, but such messages are not normally sent in
* the middle of a TLS session. We disconnect and try
* again later.
*/
#ifdef USE_TLS
if (var_smtp_tls_blk_early_mail_reply
&& (session->features & SMTP_FEATURE_EARLY_TLS_MAIL_REPLY)) {
smtp_site_fail(state, DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "4.7.0"),
"unexpected server message");
msg_warn("server %s violates %s policy",
session->namaddr,
VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY);
mail_from_rejected = 1;
}
#endif
/*
* We now return to our regular broadcast.
*/
recv_state = SMTP_STATE_RCPT; recv_state = SMTP_STATE_RCPT;
break; break;

3
postfix/src/util/inet_addr_local.c
View File

@ -183,6 +183,9 @@ static int ial_getifaddrs(INET_ADDR_LIST *addr_list,
for (ifa = ifap; ifa; ifa = ifa->ifa_next) { for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
if (!(ifa->ifa_flags & IFF_UP) || ifa->ifa_addr == 0) if (!(ifa->ifa_flags & IFF_UP) || ifa->ifa_addr == 0)
continue; continue;
/* XXX Should we cons up a default mask instead? */
if (ifa->ifa_netmask == 0)
continue;
sa = ifa->ifa_addr; sa = ifa->ifa_addr;
sam = ifa->ifa_netmask; sam = ifa->ifa_netmask;
if (af != AF_UNSPEC && sa->sa_family != af) if (af != AF_UNSPEC && sa->sa_family != af)