mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-29 13:18:12 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-RC8

Browse Source
This commit is contained in:
Wietse Venema 2006-07-07 00:00:00 -05:00 committed by Viktor Dukhovni
parent 05249da535
commit cc94e64f58
25 changed files with 441 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
postfix/AAAREADME
View File

@ -47,7 +47,6 @@ Web sites:
Mail addresses (PLEASE send questions to the mailing list)
postfix-users@postfix.org Postfix users mailing list
wietse@porcupine.org the original author
In order to subscribe to the mailing list, see http://www.postfix.org/.
@ -162,8 +161,9 @@ Miscellaneous:
auxiliary/ Auxiliary software etc.
bin/ Postfix command executables
conf/ Configuration files, run-time scripts
include/ Installed include files
lib/ Installed object libraries
include/ Include files
implementation-notes/ Background information
lib/ Object libraries
libexec/ Postfix daemon executables
mantools/ Manual page utilities
mantools/ Documentation utilities
proto/ Documentation source

16
postfix/COMPATIBILITY
View File

@ -8,12 +8,13 @@ address probing yes (optional persistent database)
aliases yes (can enable/disable mail to /file or |command)
bare newlines yes (but will send CRLF)
blacklisting yes (client name/addr; helo hostname; mail from; rcpt to)
connection caching yes (SMTP shared cache; LMTP in-process cache)
connection caching yes (SMTP shared cache; LMTP shared cache)
content filter yes (before and after queue, internal and external)
db tables yes (compile time option)
dbm tables yes (compile time option)
delivered-to yes (configurable with prepend_delivered_header)
dsn almost (supports enhanced status codes and DSN format bounces)
dsn yes
enhanced status codes yes
errors-to: no (removed with Postfix 2.2)
esmtp yes
etrn support yes (per-destination log for authorized destinations only)
@ -23,9 +24,9 @@ genericstable yes (Postfix 2.2 generic(5) table)
greylist yes (delegated policy script)
home mailbox yes
ident lookup no
ipv6 yes (compatibility for ipv4-only kernels/libraries)
ipv6 yes (compatibility for ipv4-only systems)
ldap tables yes (contributed)
lmtp support yes (client)
lmtp support yes (client only)
luser relay yes
m4 config no
mail to command yes (configurable for .forward, aliases, :include:)
@ -34,6 +35,7 @@ maildir yes (in home, system mailspool, /file/name/ alias)
mailertable yes (it's called transport)
mailq yes
majordomo yes (edit approve script to delete /^delivered-to:/i)
milter yes (except body replacement)
mime yes (including 8bit to quoted-printable conversion)
mysql tables yes (contributed)
netinfo tables yes (contributed)
@ -42,11 +44,11 @@ nis tables yes
nis+ tables yes (contributed)
no <> in smtp yes (most common address forms)
pgsql tables yes (contributed)
pipeline option yes (server and client)
pop/imap yes (with third-party daemons that use mailbox or maildir)
pipeline option yes (SMTP server and client; LMTP client)
pop/imap no
qmqp server yes (with verp support)
rbl support yes
return-receipt: no
return-receipt: no (use DSN NOTIFY=SUCCESS)
rhsbl support yes
sasl support yes (compile time option)
sendmail -bt no

44
postfix/HISTORY
View File

@ -12461,6 +12461,24 @@ Apologies for any names omitted.
Cleanup: comments, error messages, and crumbling interfaces.
20060707
Workaround: apparently, Solaris gettimeofday() can return
out-of range microsecond values. File: src/global/log_adhoc.c.
Robustness: the SMTPD policy client now encodes the
ccert_subject and ccert-issuer attributes as xtext. Some
characters are replaced by +XX, where XX is the two-digit
hexadecimal code for the character value. File:
smtpd/smtpd_check.c.
Safety: the SMTP/LMTP client now defers delivery when a
SASL password exists but the server does not offer SASL
authentication. Mail could be rejected otherwise. This
may become an issue now that Postfix retries delivery in
plaintext after an opportunistic TLS handshake fails. Specify
"smtp_sasl_auth_enforce = no" to deliver mail anyway.
Wish list:
The usage of TLScontext->cache_type is unclear. It specifies
@ -12474,37 +12492,27 @@ Wish list:
around as pointers. TLScontext->cache_type is a case in
point.
In the SMTPD policy client (encode or strip) non-printable
non-ASCII in (TLS or all) attributes.
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
Introduce structured API for tls_server_mumble() just like
with smtp(8): this eliminates ever-growing lists of arguments.
Defer delivery when a SASL password exists but the server
does not offer SASL authentication, as mail might otherwise
be bounced. This may become an issue now that Postfix will
retry in plaintext after optional TLS fails. Make this
configurable so people can get the old behavior.
Don't lose bits when converting st_dev into maildir file
name. It's 64 bits on Linux. Found with the BEAM source
code analyzer.
code analyzer. Is this really a problem, or are they just
using 64 bits for upwards compatibility with LP64 systems?
Do or don't introduce unknown_reverse_client_reject_code.
mail_addr/rcpt_addr should be externalized as they are in
Sendmail. Likewise, addresses in add/delete requests should
be internalized before updating the queue file.
In Milter events, mail_addr/rcpt_addr should be externalized
as they are in Sendmail. Likewise, addresses in add/delete
requests should be internalized before updating the queue
file.
Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
UNIX).
Fix milter_argv() so it does not forget how much memory it
has.
Tempfail when a Milter application wants content access,
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
@ -12531,8 +12539,8 @@ Wish list:
Eliminate the (incoming,deferred)->active rename operation.
Softbounce fallback-to-ISP for SOHO users. This requires
playing with with the soft_error test in the smtp_trouble.c
module, and a way to avoid trying direct-to-backup-MX.
playing with the soft_error test in the smtp_trouble.c
module, and avoiding delivery to backup MX hosts.
select -> kqueue, epoll, /dev/poll, poll() ...

6
postfix/README_FILES/SMTPD_POLICY_README
View File

@ -58,7 +58,7 @@ a delegated SMTPD access policy request:
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
ccert_issuer=Wietse Venema
ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
PPoossttffiixx vveerrssiioonn 22..33 aanndd llaatteerr::
encryption_protocol=TLSv1/SSLv3
@ -114,7 +114,9 @@ Notes:
* The "ccert_*" attributes (Postfix 2.2 and later) specify information about
how the client was authenticated via TLS. These attributes are empty in
case of no certificate authentication.
case of no certificate authentication. As of Postfix 2.2.11 these attribute
values are encoded as xtext: some characters are represented by +XX, where
XX is the two-digit hecadecimal representation of the character value.
* The "encryption_*" attributes (Postfix 2.3 and later) specify information
about how the connection is encrypted. With plaintext connections the

311
postfix/RELEASE_NOTES
View File

@ -11,20 +11,19 @@ instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
Major changes - critical
------------------------
Critical notes
--------------
See RELEASE_NOTES_2.2 if you upgrade from Postfix 2.1 or earlier.
Postfix internal protocols have has changed. You need to "postfix
Some Postfix internal protocols have changed. You need to "postfix
reload" or restart Postfix, otherwise many servers will log warning
messages with "unexpected attribute" or "problem talking to service
rewrite: Unknown error: 0", and mail will not be delivered.
[Incompat 20060515] Milter support introduces a three new queue
file record types. Queue files created with this Postfix version
will be understood by older Postfix versions ONLY if Milter support
is turned off, which is the default.
The Sendmail-compatible Milter support introduces three new queue
file record types. As long as you leave this feature turned off,
you can still go back to Postfix version 2.2 without losing mail.
Major changes - DNS lookups
---------------------------
@ -41,19 +40,11 @@ Major changes - DSN
This gives senders control over successful and failed delivery
notifications. DSN involves extra parameters to the SMTP MAIL FROM
and RCPT TO commands, as well as extra Postfix sendmail command
line options that provide a sub-set of the functions of those extra
SMTP command parameters.
line options for mail submission.
See DSN_README for details. Some implementation notes are in
implementation-notes/DSN.
[Incompat 20050828] When the cleanup server rejects the content or
size of mail that was submitted with the Postfix sendmail command,
forwarded with the local(8) delivery agent, or that was re-queued
with "postsuper -r", Postfix no longer sends DSN SUCCESS notification
of virtual alias expansions. Since all the recipients are reported
as failed, the SUCCESS notification seems redundant.
[Incompat 20050615] The new DSN support conflicts with VERP support.
For Sendmail compatibility, Postfix now uses the sendmail -V command
line option for DSN. In order to request VERP style delivery, you
@ -61,16 +52,23 @@ must now specify -XV instead of -V. The Postfix sendmail command
will recognize if you try to use -V for VERP-style delivery. It
will do the right thing and will remind you of the new syntax.
[Incompat 20050828] When the cleanup server rejects the content or
size of mail that was submitted with the Postfix sendmail command,
that was forwarded with the local(8) delivery agent, or that was
re-queued with "postsuper -r", Postfix no longer sends DSN SUCCESS
notification after virtual alias expansions. Since all the recipients
are reported as failed, the SUCCESS notification seems redundant.
Major changes - LMTP client
---------------------------
[Feature 20051208] The SMTP client now implements the LMTP protocol.
Most but not all smtp_xxx parameters have an lmtp_xxx "ghost"
parameter. This means there are lot of new LMTP features, including
support for TLS and for the shared connection cache.
See the "SASL authentication" and "TLS" sections for changes related
to SASL authentication and TLS support, respectively.
[Feature 20060614] The unified SMTP/LMTP client now has complete
sets of configuration parameters for each protocol.
[Feature 20051208] The SMTP client now implements the LMTP protocol.
Most but not all smtp_xxx parameters now have an lmtp_xxx equivalent.
This means there are lot of new LMTP features, including support
for TLS and for the shared connection cache.
[Incompat 20051208] The LMTP client now reports the server as
"myhostname[/path/name]". With the real server hostname in delivery
@ -81,19 +79,18 @@ Major changes - Milter support
[Feature 20060515] Milter (mail filter) application support,
compatible with Sendmail version 8.13.6 and earlier. This allows
you to run a large number of plug-ins to reject unwanted mail and
to sign mail with, for example, domain keys. All Milter functions
are implemented except replacing the message body, which will be
added later. Milters are before-queue filters, so they don't change
the queue ID.
you to run a large number of plug-ins to reject unwanted mail, and
to sign mail with for example domain keys. All Milter functions are
implemented except replacing the message body, which will be added
later. Milters are before-queue filters, so they don't change the
queue ID.
See the MILTER_README document for a discussion of how to use Milter
support with Postfix.
support with Postfix, and limitations of the current implementation.
[Incompat 20060515] Milter support introduces a three new queue
file record types. Queue files created with this Postfix version
will be understood by older Postfix versions ONLY if Milter support
is turned off, which is the default.
[Incompat 20060515] Milter support introduces three new queue file
record types. As long as you leave this feature turned off, you can
still go back to Postfix version 2.2 without losing mail.
[Incompat 20060515] Milter support introduces new logfile event
types: milter-reject, milter-discard and milter-hold, that identify
@ -103,8 +100,15 @@ software.
Major changes - SASL authentication
-----------------------------------
[Incompat 20060707] The SMTP/LMTP client now defers delivery when
a SASL password exists but the server does not offer SASL authentication.
Otherwise, the server could reject the mail. This may become an
issue now that Postfix retries delivery in plaintext after an
opportunistic TLS handshake fails. Specify "smtp_sasl_auth_enforce
= no" to deliver mail anyway.
[Feature 20051220] Plug-in support for SASL authentication in the
SMTP server and in the SMTP+LMTP client. With this, Postfix can
SMTP server and in the SMTP/LMTP client. With this, Postfix can
support multiple SASL implementations without source code patches.
Some distributors may even make SASL support a run-time linking
option, just like they already do with Postfix lookup tables.
@ -117,7 +121,7 @@ are slightly different, but these are generally improvements.
The "postconf -a" command shows what plug-in implementations are
available for the SMTP server, and "postconf -A" does the same for
the SMTP+LMTP client. Plug-in implementations are selected with
the SMTP/LMTP client. Plug-in implementations are selected with
the smtpd_sasl_type, smtp_sasl_type and lmtp_sasl_type configuration
parameters.
@ -163,15 +167,13 @@ ISP accounts.
Major changes - SMTP client
---------------------------
[Feature 20051208] The SMTP client now implements the LMTP protocol.
Most but not all smtp_xxx parameters have an lmtp_xxx "ghost"
parameter. This means there are lot of new LMTP features, including
support for TLS and for the shared connection cache. There are no
lmtp_xxx "ghost" parameters for the HELO or EHLO commands, because
those commands exist only in SMTP.
See the "SASL authentication" and "TLS" sections for changes related
to SASL authentication and TLS support, respectively.
[Feature 20060614] The unified SMTP/LMTP client now has complete
sets of configuration parameters for each protocol.
[Feature 20051208] The SMTP client now implements the LMTP protocol.
Most but not all smtp_xxx parameters now have an lmtp_xxx equivalent.
This means there are lot of new LMTP features, including support
for TLS and for the shared connection cache.
[Incompat 20060112] The Postfix SMTP/LMTP client by default no
longer allows DNS CNAME records to override the server hostname
@ -180,13 +182,13 @@ and TLS server certificate verification. Specify
"smtp_cname_overrides_servername = yes" to get the old behavior.
[Incompat 20060103] The Postfix SMTP/LMTP client no longer defers
mail when it receives a malformed SMTP server reply in a session
with command pipelining. When helpful warnings are enabled, it
will suggest that command pipelining be disabled for the affected
mail delivery when it receives a malformed SMTP server reply in a
session with command pipelining. When helpful warnings are enabled,
it will suggest that command pipelining be disabled for the affected
destination.
[Incompat 20051208] The fallback_relay feature is renamed to
smtp_fallback_relay, to make clear that the combined SMTP+LMTP
smtp_fallback_relay, to make clear that the combined SMTP/LMTP
client uses this setting only for SMTP deliveries. The old name
still works.
@ -274,29 +276,27 @@ this limit was disabled by default. The new limit prevents Postfix
from spending lots of time trying to connect to lots of bogus MX
servers.
[Incompat 20050622] The Postfix SMTP handling of [45]XX server
greetings was cleaned up. The server reply is now properly reported.
Major changes - SMTP server
---------------------------
[Incompat 20060207] The Postfix SMTP server no longer complains
when TLS support is not compiled in, but permit_tls_clientcerts,
permit_tls_all_clientcerts, or check_ccert_access are used. These
features now are effectively ignored. However, the
reject_plaintext_session feature is not ignored and will reject
mail.
See the "SASL authentication" and "TLS" sections for changes related
to SASL authentication and TLS support, respectively.
[Incompat 20051202] The Postfix SMTP daemon will not receive mail
from the network if it isn't running with postfix mail_owner
[Feature 20051222] You can now use "resolve_numeric_domain = yes"
to stop Postfix from rejecting user@ipaddress as an invalid
destination. It will deliver the mail to user@[ipaddress] instead.
[Incompat 20051202] The Postfix SMTP server now refuses to receive
mail from the network if it isn't running with postfix mail_owner
privileges. This prevents surprises when, for example, "sendmail
-bs" is configured to run as root from xinetd.
[Incompat 20051121] The permit_mx_backup feature still accepts mail
for authorized destinations (see permit_mx_backup for definition),
but with other destinations it requires that the local MTA is listed
as non-primary MX. This prevents mail loop problems when someone
points the primary MX record at Postfix.
[Incompat 20051121] Although the permit_mx_backup feature still
accepts mail for authorized destinations (see permit_mx_backup for
definition), with all other destinations it now requires that the
local MTA is listed as non-primary MX. This prevents mail loop
problems when someone points the primary MX record at a Postfix
system.
[Feature 20051011] Optional protection against SMTP clients that
hammer the server with too many new (i.e. uncached) SMTP-over-TLS
@ -339,8 +339,8 @@ parameters. The old parameters are still supported but will be
removed in a future Postfix release.
[Feature 20060614] New smtpd_tls_protocols parameter complements
the smtp_tls_mandatory_protocols parameter, only recommended for
MSA configurations, not MX hosts.
the smtp_tls_mandatory_protocols parameter. This recommended for
MSA configurations, not for MX for hosts that face the Internet.
[Feature 20060626] Both the SMTP client and server can be configured
without a client or server certificate. An SMTP server without
@ -356,11 +356,15 @@ is required (notably Postfix 2.3 in "opportunistic" mode) and the
administrator has not excluded the "aNULL" OpenSSL cipher type with
smtp_tls_exclude_ciphers.
[Feature 20060626] You can specify cipher grades with the
smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers and
smtpd_tls_ciphers parameters. Specify
one of "high", "medium", "low", "export" or "null". See TLS_README
for details.
[Feature 20060626] You can specify cipher grades (instead of cipher
names) with the smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers
and smtpd_tls_ciphers parameters. Specify one of "high", "medium",
"low", "export" or "null". See TLS_README for details.
[Incompat 20060707] The SMTPD policy client now encodes the
ccert_subject and ccert_issuer attributes as xtext. Some characters
are represented by +XX, where XX is the two-digit hexadecimal
representation of the character value.
[Incompat 20060614] The smtp_sasl_tls_verified_security_options
feature is not yet complete, and will therefore not appear in the
@ -378,9 +382,9 @@ now also logs TLS session cache activity. Use level 2 and higher
for debugging only, use levels 0 or 1 as production settings.
[Incompat 20060207] The Postfix SMTP server no longer complains
when TLS support is not compiled in, but permit_tls_clientcerts,
permit_tls_all_clientcerts, or check_ccert_access are used. These
features now are effectively ignored. However, the
when TLS support is not compiled in while permit_tls_clientcerts,
permit_tls_all_clientcerts, or check_ccert_access are specified in
main.cf. These features now are effectively ignored. However, the
reject_plaintext_session feature is not ignored and will reject
mail.
@ -388,7 +392,8 @@ mail.
smtp_tls_per_site feature, without changes to the user interface.
Some Postfix internals had to be re-structured in preparation for
a more general TLS policy mechanism; this required that smtp_tls_per_site
be re-implemented from scratch.
be re-implemented from scratch. The obscure behavior was found
during compatibility testing.
[Feature 20051011] Optional protection against SMTP clients that
hammer the server with too many new (i.e. uncached) SMTP-over-TLS
@ -412,13 +417,14 @@ Major changes - XCLIENT and XFORWARD
[Incompat 20060611] The SMTP server XCLIENT implementation has
changed. The SMTP server now resets state to the initial server
greeting stage, so that it can accurately simulate the effect of
connection-level access restrictions. Without this change, XCLIENT
will not work at all with Milter applications.
greeting stage, immediately before the EHLO/HELO greeting. This
was needed to correctly simulate the effect of connection-level
access restrictions. Without this change, XCLIENT would not work
with Milter applications.
[Incompat 20060611] The SMTP server XCLIENT and XFORWARD commands
now expect that attributes are xtext encoded (RFC 1891). For backwards
compatibility they will accept unencoded attribute values. The
compatibility they will also accept unencoded attribute values. The
XFORWARD client code in the SMTP client and in the SMTPD_PROXY
client will always encode attribute values. This change will have
effect only for malformed hostname and helo parameter values.
@ -426,8 +432,8 @@ effect only for malformed hostname and helo parameter values.
For more details, see the XCLIENT_README and XFORWARD_README
documents.
Major changes - address rewriting
---------------------------------
Major changes - address manipulation
------------------------------------
[Incompat 20060123] Postfix now preserves uppercase information
while mapping addresses with canonical, virtual, relocated or generic
@ -435,6 +441,10 @@ maps; this happens even with $number substitutions in regular
expression maps. However, the local(8) and virtual(8) delivery
agents still fold addresses to lower case.
As a side effect, Postfix now also does a better job at being case
insensitive where it should be, for example while searching per-host
TLS policies or SASL passwords.
By default, Postfix now folds the search string to lowercase only
with tables that have fixed-case lookup fields such as btree:,
hash:, dbm:, ldap:, or *sql:. The search string is no longer case
@ -444,13 +454,6 @@ case, such as regexp:, pcre:, or cidr:.
For safety reasons, Postfix no longer allows $number substitution
in regexp: or pcre: transport tables or per-sender relayhost tables.
[Feature 20060123] Postfix now does a better job at preserving
upper/lower case information while transforming addresses. The
table lookup code was revised, and is now more careful about when
it folds search strings to lower case. As a side effect, Postfix
now also does a better job at being case insensitive where it should,
for example while searching per-host TLS policies or SASL passwords.
Major changes - bounce message templates
----------------------------------------
@ -481,13 +484,6 @@ this:
The $mail_name program
EOF
Major changes - broken SMTP clients
-----------------------------------
[Feature 20051222] You can now use "resolve_numeric_domain = yes"
to stop Postfix from rejecting user@ipaddress as an invalid
destination. It will deliver the mail to user@[ipaddress] instead.
Major changes - built-in filters
--------------------------------
@ -503,55 +499,6 @@ command (or re-queued with "postsuper -r"), the returned message
is now limited to just the message headers, to avoid the risk of
exposure to harmful content in the message body or attachments.
Major changes - connection caching
----------------------------------
[Incompat 20051026] The smtp_connection_cache_reuse_limit parameter
(which limits the number of deliveries per SMTP connection) is
replaced by the new smtp_connection_reuse_time_limit parameter (the
time after which a connection is no longer stored into the connection
cache).
[Feature 20051026] This snapshot addresses a performance stability
problem with remote SMTP servers. The problem is not specific to
Postfix: it can happen when any MTA sends large amounts of SMTP
email to a site that has multiple MX hosts. The insight that led
to the solution, as well as an initial implementation, are due to
Victor Duchovni.
The problem starts when one of a set of MX hosts becomes slower
than the rest. Even though SMTP clients connect to fast and slow
MX hosts with equal probability, the slow MX host ends up with more
simultaneous inbound connections than the faster MX hosts, because
the slow MX host needs more time to serve each client request.
The slow MX host becomes a connection attractor. If one MX host
becomes N times slower than the rest, it dominates mail delivery
latency unless there are more than N fast MX hosts to counter the
effect. And if the number of MX hosts is smaller than N, the mail
delivery latency becomes effectively that of the slowest MX host
divided by the total number of MX hosts.
The solution uses connection caching in a way that differs from
Postfix 2.2. By limiting the amount of time during which a connection
can be used repeatedly (instead of limiting the number of deliveries
over that connection), Postfix not only restores fairness in the
distribution of simultaneous connections across a set of MX hosts,
it also favors deliveries over connections that perform well, which
is exactly what we want.
The smtp_connection_reuse_time_limit feature implements the connection
reuse time limit as discussed above. It limits the amount of time
after which an SMTP connection is no longer stored into the connection
cache. The default limit, 300s, can result in a huge number of
deliveries over a single connection.
This solution will be complete when Postfix logging is updated to
include information about the number of times that a connection was
used. This information is needed to diagnose inter-operability
problems with servers that exhibit bugs when they receive multiple
messages over the same connection.
Major changes - database support
--------------------------------
@ -639,18 +586,17 @@ software.
[Incompat 20051106] The relay=... logging has changed and now
includes the remote SMTP server port number as hostname[hostaddr]:port.
[Incompat 20060112] The Postfix SMTP/LMTP client by default no
longer allows DNS CNAME records to override the server hostname
that is used for logging, SASL password lookup, TLS policy selection
and TLS server certificate verification. Specify
"smtp_cname_overrides_servername = yes" to get the old behavior.
[Incompat 20051105] All delay logging now has sub-second resolution,
including the over-all "delay=nnn" logging. A patch is available
for pflogsumm (pflogsumm-conn-delays-dsn-patch). The qshape script
has been updated (auxiliary/qshape/qshape.pl).
At this point the Postfix logging for a recipient looks like this:
Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
to=<wietse@test.example.com>, orig_to=<wietse@test>,
relay=mail.example.com[1.2.3.4], conn_use=2, delay=0.22,
delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
[Feature 20051103] This release makes a beginning with a series of
new attributes in Postfix logfile records.
@ -664,8 +610,9 @@ new attributes in Postfix logfile records.
- Logging of the connection reuse count when SMTP connections are
used for more than one message delivery. This information is
needed because Postfix can now reuse connections hundreds of times
or more, and can help to diagnose inter-operability problems with
servers that suffer from memory leaks or other resource leaks.
or more. Logging of the connection reuse count can help to diagnose
inter-operability problems with servers that suffer from memory
leaks or other resource leaks.
At this point the Postfix logging for a recipient looks like this:
@ -696,6 +643,12 @@ where y and z can be up to three digits each.
Major changes - performance
---------------------------
[Incompat 20050622] The Postfix SMTP client by default limits the
number of MX server addresses to smtp_mx_address_limit=5. Previously
this limit was disabled by default. The new limit prevents Postfix
from spending lots of time trying to connect to lots of bogus MX
servers.
[Feature 20051026] This snapshot addresses a performance stability
problem with remote SMTP servers. The problem is not specific to
Postfix: it can happen when any MTA sends large amounts of SMTP
@ -752,42 +705,41 @@ Major changes - portability
---------------------------
[Incompat 20050716] Internal interfaces have changed; this may break
third-party patches because the text of function argument and result
type definitions has changed. The type of buffer lengths and offsets
were changed from "(unsigned) int" (32 bit on 32-bit and LP64
systems) to "(s)size_t" (64 bit on LP64 systems, 32 bit on 32-bit
systems).
third-party patches because the types of function arguments and of
result values have changed. The types of buffer lengths and offsets
were changed from "int" or "unsigned int" (32 bit on 32-bit and
LP64 systems) to "ssize_t" or "size_t" (64 bit on LP64 systems, 32
bit on 32-bit systems).
Otherwise, this change makes no difference on 32-bit systems. On
LP64 systems, however, software may mis-behave 1) when Postfix is
This change makes no difference in Postfix behavior on 32-bit
systems. On LP64 systems, however, this change not only eliminates
some obscure portability bugs, it also eliminates unnecessary
conversions between 32/64 bit integer types, because many system
library routines take "(s)size_t" arguments or return "(s)size_t"
values.
This change may break software on LP64 systems 1) when Postfix is
linked with pre-compiled code that was compiled with old Postfix
interface definitions and 2) when compiling Postfix source that was
modified by a third-party patch: incorrect code may be generated
modified by a third-party patch: incorrect code will be generated
when the patch passes the wrong integer argument type in contexts
that disable automatic argument type conversions. Examples of such
contexts are formatting with printf-like arguments, and invoking
functions that write Postfix request or reply attributes across
inter-process communication channels. Unfortunately, gcc does not
report "(unsigned) int" versus "(s)size_t" format string argument
mis-matches on 32-bit systems; they can be found only on 64-bit
mis-matches on 32-bit systems; it reports them only on 64-bit
systems.
[Feature 20050716] Improved portability to LP64 systems, by converting
the type of buffer lengths and offsets from "(unsigned) int" to
"(s)size_t". This change has zero effect on 32-bit systems. On
LP64 platforms, however, this change not only eliminates some obscure
portability bugs, it also eliminates unnecessary conversions between
32/64 bit integer types, because many system library routines take
"(s)size_t" arguments or return "(s)size_t" values.
Major changes - safety
----------------------
[Incompat 20051121] The permit_mx_backup feature still accepts mail
for authorized destinations (see permit_mx_backup for definition),
but with other destinations it requires that the local MTA is listed
as non-primary MX. This prevents mail loop problems when someone
points the primary MX record at Postfix.
[Incompat 20051121] Although the permit_mx_backup feature still
accepts mail for authorized destinations (see permit_mx_backup for
definition), with all other destinations it now requires that the
local MTA is listed as non-primary MX. This prevents mail loop
problems when someone points the primary MX record at a Postfix
system.
[Incompat 20051011] The Postfix local(8) delivery agent no longer
updates its idea of the Delivered-To: address while it expands
@ -808,8 +760,17 @@ command (or re-queued with "postsuper -r"), the returned message
is now limited to just the message headers, to avoid the risk of
exposure to harmful content in the message body or attachments.
[Incompat 20051202] The Postfix SMTP daemon will not receive mail
from the network if it isn't running with postfix mail_owner
[Incompat 20051202] The Postfix SMTP server now refuses to receive
mail from the network if it isn't running with postfix mail_owner
privileges. This prevents surprises when, for example, "sendmail
-bs" is configured to run as root from xinetd.
[Incompat 20060123] For safety reasons, Postfix no longer allows
$number substitution in regexp: or pcre: transport tables or
per-sender relayhost tables.
[Incompat 20060112] The Postfix SMTP/LMTP client by default no
longer allows DNS CNAME records to override the server hostname
that is used for logging, SASL password lookup, TLS policy selection
and TLS server certificate verification. Specify
"smtp_cname_overrides_servername = yes" to get the old behavior.

5
postfix/html/SMTPD_POLICY_README.html
View File

@ -90,7 +90,7 @@ sasl_username=you
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
ccert_issuer=Wietse Venema
ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
<b>Postfix version 2.3 and later:</b>
encryption_protocol=TLSv1/SSLv3
@ -161,6 +161,9 @@ etrn_domain=
<li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
information about how the client was authenticated via TLS.
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
two-digit hecadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)

23
postfix/html/postconf.5.html
View File

@ -3528,6 +3528,17 @@ Enable SASL authentication in the Postfix LMTP client.
</p>
</DD>
<DT><b><a name="lmtp_sasl_auth_enforce">lmtp_sasl_auth_enforce</a>
(default: yes)</b></DT><DD>
<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a>
@ -7550,6 +7561,18 @@ Example:
</pre>
</DD>
<DT><b><a name="smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a>
(default: yes)</b></DT><DD>
<p> Defer mail delivery when an SMTP server does not support SASL
authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> contains SASL
login/password information for that server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>

208
postfix/html/smtp.8.html
View File

@ -293,60 +293,66 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a> (yes)</b>
Defer mail delivery when an SMTP server does not
support SASL authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_pass</a>-
<a href="postconf.5.html#smtp_sasl_password_maps">word_maps</a> contains SASL login/password information
for that server.
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
Enable sender-dependent authentication in the SMTP
client; this is available only with SASL authenti-
cation, and disables SMTP connection caching to
ensure that mail from different senders will use
Enable sender-dependent authentication in the SMTP
client; this is available only with SASL authenti-
cation, and disables SMTP connection caching to
ensure that mail from different senders will use
the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
Implementation-specific information that is passed
through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
The SASL plug-in type that the Postfix SMTP client
The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
Detailed information about STARTTLS configuration may be
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for all desti-
nations; when a non-empty value is specified, this
The default SMTP TLS security level for all desti-
nations; when a non-empty value is specified, this
overrides the obsolete parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
Time limit for Postfix SMTP client write and read
operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
The file with the certificate of the certification
authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
Directory with PEM format certificate authority
certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
File with the Postfix SMTP client RSA certificate
File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
The minimum SMTP client TLS cipher grade that is
strong enough to be used with the "encrypt" secu-
The minimum SMTP client TLS cipher grade that is
strong enough to be used with the "encrypt" secu-
rity level and higher.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
@ -355,43 +361,43 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
SMTP client cipher list at the mandatory TLS secu-
SMTP client cipher list at the mandatory TLS secu-
rity levels: "encrypt", "verify" and "secure".
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
File with the Postfix SMTP client DSA certificate
File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
File with the Postfix SMTP client DSA private key
File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix SMTP client RSA private key
File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
Enable additional Postfix SMTP client logging of
Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
Log the hostname of a remote SMTP server that
offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
non-empty value is specified, this overrides the
non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
List of TLS protocol versions that are secure
List of TLS protocol versions that are secure
enough to be used with the "encrypt" security level
and higher.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
@ -399,7 +405,7 @@ SMTP(8) SMTP(8)
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
Name of the file containing the optional Postfix
Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
@ -411,9 +417,9 @@ SMTP(8) SMTP(8)
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
or <a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
@ -425,7 +431,7 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "LOW" or higher grade
The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
@ -433,66 +439,66 @@ SMTP(8) SMTP(8)
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
The OpenSSL cipherlist for "NULL" grade ciphers
The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
The SASL authentication security options that the
Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
Opportunistic mode: use TLS when a remote SMTP
server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
Enforcement mode: require that remote SMTP servers
use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
When TLS encryption is enforced, require that the
When TLS encryption is enforced, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS usage policy by next-hop destination and by
TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
The maximal number of parallel deliveries to the
same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
The maximal number of recipients per delivery via
The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
The SMTP client time limit for completing a TCP
The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
The SMTP client time limit for sending the HELO or
EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
The LMTP client time limit for sending the LHLO
The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
@ -501,30 +507,30 @@ SMTP(8) SMTP(8)
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
The SMTP client time limit for sending the MAIL
FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
The SMTP client time limit for sending the SMTP
RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
The SMTP client time limit for sending the SMTP
DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
The SMTP client time limit for sending the SMTP
The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
The SMTP client time limit for sending the QUIT
The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
@ -535,12 +541,12 @@ SMTP(8) SMTP(8)
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
The maximal number of SMTP sessions per delivery
request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
The SMTP client time limit for sending the RSET
The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
@ -552,11 +558,11 @@ SMTP(8) SMTP(8)
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
Permanently enable SMTP connection caching for the
Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
Temporarily enable SMTP connection caching while a
Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
@ -566,57 +572,57 @@ SMTP(8) SMTP(8)
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
of time that an unused SMTP client socket is kept
of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
Time limit for connection cache connect, send or
Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
The increment in verbose logging level when a
remote client or server matches a pattern in the
The increment in verbose logging level when a
remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
Optional list of remote client or server hostname
or network address patterns that cause the verbose
logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
The recipient of postmaster notifications about
mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
Where the Postfix SMTP client should deliver mail
Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal
The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP
Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
@ -624,7 +630,7 @@ SMTP(8) SMTP(8)
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
@ -632,74 +638,74 @@ SMTP(8) SMTP(8)
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client
The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon
The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv4 connec-
client should bind to when making an IPv4 connec-
tion.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv6 connec-
client should bind to when making an IPv6 connec-
tion.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com-
The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
What mechanisms when the SMTP client uses to look
What mechanisms when the SMTP client uses to look
up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
Randomize the order of equal-preference MX host
Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
The mail system name that is prepended to the
process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
Optional list of relay hosts for SMTP destinations
Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
@ -717,7 +723,7 @@ SMTP(8) SMTP(8)
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

11
postfix/man/man5/postconf.5
View File

@ -1883,6 +1883,11 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH lmtp_sasl_auth_enable (default: no)
Enable SASL authentication in the Postfix LMTP client.
.SH lmtp_sasl_auth_enforce (default: yes)
The LMTP-specific version of the smtp_sasl_auth_enforce
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
.SH lmtp_sasl_mechanism_filter (default: empty)
The LMTP-specific version of the smtp_sasl_mechanism_filter
configuration parameter. See there for details.
@ -4194,6 +4199,12 @@ smtp_sasl_auth_enable = yes
.fi
.ad
.ft R
.SH smtp_sasl_auth_enforce (default: yes)
Defer mail delivery when an SMTP server does not support SASL
authentication, while smtp_sasl_password_maps contains SASL
login/password information for that server.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_sasl_mechanism_filter (default: empty)
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and

4
postfix/man/man8/smtp.8
View File

@ -262,6 +262,10 @@ If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
Defer mail delivery when an SMTP server does not support SASL
authentication, while smtp_sasl_password_maps contains SASL
login/password information for that server.
.IP "\fBsmtp_sender_dependent_authentication (no)\fR"
Enable sender-dependent authentication in the SMTP client; this is
available only with SASL authentication, and disables SMTP connection

4
postfix/mantools/postlink
View File

@ -252,6 +252,7 @@ while (<>) {
s;\blmtp_rcpt_timeout\b;<a href="postconf.5.html#lmtp_rcpt_timeout">$&</a>;g;
s;\blmtp_rset_timeout\b;<a href="postconf.5.html#lmtp_rset_timeout">$&</a>;g;
s;\blmtp_sasl_auth_enable\b;<a href="postconf.5.html#lmtp_sasl_auth_enable">$&</a>;g;
s;\blmtp_sasl_auth_enforce\b;<a href="postconf.5.html#lmtp_sasl_auth_enforce">$&</a>;g;
s;\blmtp_sasl_password_maps\b;<a href="postconf.5.html#lmtp_sasl_password_maps">$&</a>;g;
s;\blmtp_sasl_security_options\b;<a href="postconf.5.html#lmtp_sasl_security_options">$&</a>;g;
s;\blmtp_sasl_type\b;<a href="postconf.5.html#lmtp_sasl_type">$&</a>;g;
@ -418,7 +419,7 @@ while (<>) {
s;\bsmtp_rset_timeout\b;<a href="postconf.5.html#smtp_rset_timeout">$&</a>;g;
s;\bsmtp_sasl_auth_enable\b;<a href="postconf.5.html#smtp_sasl_auth_enable">$&</a>;g;
s;\bsmtp_sasl_mechanism_filter\b;<a href="postconf.5.html#smtp_sasl_mechanism_filter">$&</a>;g;
s;\bsmtp_sasl_password_maps\b;<a href="postconf.5.html#smtp_sasl_password_maps">$&</a>;g;
s;\bsmtp_sasl_pass[-</Bb>]*\n* *[<Bb>]*word_maps\b;<a href="postconf.5.html#smtp_sasl_password_maps">$&</a>;g;
s;\bsmtp_sasl_path\b;<a href="postconf.5.html#smtp_sasl_path">$&</a>;g;
s;\bsmtp_sasl_secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtp_sasl_security_options">$&</a>;g;
s;\bsmtp_send_xforward_command\b;<a href="postconf.5.html#smtp_send_xforward_command">$&</a>;g;
@ -524,6 +525,7 @@ while (<>) {
s;\bsmtp_[-</Bb>]*\n* *[<Bb>]*sasl_[-</Bb>]*\n* *[<Bb>]*tls_[-</Bb>]*\n* *[<Bb>]*secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtp_sasl_tls_security_options">$&</a>;g;
s;\bsmtp_sasl_tls_verified_secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">$&</a>;g;
s;\bsmtp_sasl_type\b;<a href="postconf.5.html#smtp_sasl_type">$&</a>;g;
s;\bsmtp_sasl_auth_enforce\b;<a href="postconf.5.html#smtp_sasl_auth_enforce">$&</a>;g;
s;\bsmtp_starttls_timeout\b;<a href="postconf.5.html#smtp_starttls_timeout">$&</a>;g;
s;\bsmtp_tls_CAfile\b;<a href="postconf.5.html#smtp_tls_CAfile">$&</a>;g;
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;

5
postfix/proto/SMTPD_POLICY_README.html
View File

@ -90,7 +90,7 @@ sasl_username=you
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
ccert_issuer=Wietse Venema
ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
<b>Postfix version 2.3 and later:</b>
encryption_protocol=TLSv1/SSLv3
@ -161,6 +161,9 @@ etrn_domain=
<li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
information about how the client was authenticated via TLS.
These attributes are empty in case of no certificate authentication.
As of Postfix 2.2.11 these attribute values are encoded as
xtext: some characters are represented by +XX, where XX is the
two-digit hecadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)

15
postfix/proto/postconf.proto
View File

@ -10345,3 +10345,18 @@ configuration parameter. See there for details. </p>
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM smtp_sasl_auth_enforce yes
<p> Defer mail delivery when an SMTP server does not support SASL
authentication, while smtp_sasl_password_maps contains SASL
login/password information for that server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM lmtp_sasl_auth_enforce yes
<p> The LMTP-specific version of the smtp_sasl_auth_enforce
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>

5
postfix/src/cleanup/cleanup_milter.c
View File

@ -1187,6 +1187,11 @@ static const char *cleanup_milter_eval(const char *name, void *ptr)
{
CLEANUP_STATE *state = (CLEANUP_STATE *) ptr;
/*
* Note: if we use XFORWARD attributes here, then consistency requires
* that we forward all Sendmail macros via XFORWARD.
*/
/*
* Canonicalize the name.
*/

9
postfix/src/global/log_adhoc.c
View File

@ -133,15 +133,22 @@ void log_adhoc(const char *id, MSG_STATS *stats, RECIPIENT *recipient,
*
* Don't compute the sdelay (connection setup latency) if there is no time
* stamp for connection setup completion.
*
* XXX Apparently, Solaris gettimeofday() can return out-of-range
* microsecond values.
*/
#define DELTA(x, y, z) \
do { \
(x).dt_sec = (y).tv_sec - (z).tv_sec; \
(x).dt_usec = (y).tv_usec - (z).tv_usec; \
if ((x).dt_usec < 0) { \
while ((x).dt_usec < 0) { \
(x).dt_usec += 1000000; \
(x).dt_sec -= 1; \
} \
while ((x).dt_usec >= 1000000) { \
(x).dt_usec -= 1000000; \
(x).dt_sec += 1; \
} \
if ((x).dt_sec < 0) \
(x).dt_sec = (x).dt_usec = 0; \
} while (0)

7
postfix/src/global/mail_params.h
View File

@ -1384,6 +1384,10 @@ extern bool var_smtp_sasl_enable;
#define DEF_SMTP_SASL_PASSWD ""
extern char *var_smtp_sasl_passwd;
#define VAR_SMTP_SASL_ENFORCE "smtp_sasl_auth_enforce"
#define DEF_SMTP_SASL_ENFORCE 1
extern bool var_smtp_sasl_enforce;
#define VAR_SMTP_SASL_OPTS "smtp_sasl_security_options"
#define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous"
extern char *var_smtp_sasl_opts;
@ -1479,6 +1483,9 @@ extern bool var_lmtp_sasl_enable;
#define DEF_LMTP_SASL_PASSWD ""
extern char *var_lmtp_sasl_passwd;
#define VAR_LMTP_SASL_ENFORCE "lmtp_sasl_auth_enforce"
#define DEF_LMTP_SASL_ENFORCE 1
#define VAR_LMTP_SASL_OPTS "lmtp_sasl_security_options"
#define DEF_LMTP_SASL_OPTS "noplaintext, noanonymous"
extern char *var_lmtp_sasl_opts;

2
postfix/src/global/mail_proto.h
View File

@ -135,7 +135,7 @@ extern char *mail_pathname(const char *, const char *);
#define MAIL_ATTR_LABEL "label"
#define MAIL_ATTR_PROP "property"
#define MAIL_ATTR_CCERT_SUBJECT "ccert_subject"
#define MAIL_ATTR_CCERT_ISSSUER "ccert_issuer"
#define MAIL_ATTR_CCERT_ISSUER "ccert_issuer"
#define MAIL_ATTR_CCERT_FINGERPRINT "ccert_fingerprint"
#define MAIL_ATTR_CRYPTO_PROTOCOL "encryption_protocol"
#define MAIL_ATTR_CRYPTO_CIPHER "encryption_cipher"

4
postfix/src/global/mail_version.h
View File

@ -20,8 +20,8 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20060706"
#define MAIL_VERSION_NUMBER "2.3-RC7"
#define MAIL_RELEASE_DATE "20060707"
#define MAIL_VERSION_NUMBER "2.3-RC8"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER

1
postfix/src/smtp/lmtp_params.c
View File

@ -95,5 +95,6 @@
#endif
VAR_LMTP_SENDER_AUTH, DEF_LMTP_SENDER_AUTH, &var_smtp_sender_auth,
VAR_LMTP_CNAME_OVERR, DEF_LMTP_CNAME_OVERR, &var_smtp_cname_overr,
VAR_LMTP_SASL_ENFORCE, DEF_LMTP_SASL_ENFORCE, &var_smtp_sasl_enforce,
0,
};

5
postfix/src/smtp/smtp.c
View File

@ -234,6 +234,10 @@
/* server's list of offered SASL mechanisms.
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
/* Defer mail delivery when an SMTP server does not support SASL
/* authentication, while smtp_sasl_password_maps contains SASL
/* login/password information for that server.
/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
/* Enable sender-dependent authentication in the SMTP client; this is
/* available only with SASL authentication, and disables SMTP connection
@ -691,6 +695,7 @@ bool var_smtp_sender_auth;
char *var_lmtp_tcp_port;
int var_scache_proto_tmout;
bool var_smtp_cname_overr;
bool var_smtp_sasl_enforce;
/*
* Global variables.

1
postfix/src/smtp/smtp_params.c
View File

@ -99,5 +99,6 @@
#endif
VAR_SMTP_SENDER_AUTH, DEF_SMTP_SENDER_AUTH, &var_smtp_sender_auth,
VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr,
VAR_SMTP_SASL_ENFORCE, DEF_SMTP_SASL_ENFORCE, &var_smtp_sasl_enforce,
0,
};

9
postfix/src/smtp/smtp_proto.c
View File

@ -600,6 +600,15 @@ int smtp_helo(SMTP_STATE *state)
#ifdef USE_SASL_AUTH
if (var_smtp_sasl_enable && (session->features & SMTP_FEATURE_AUTH))
return (smtp_sasl_helo_login(state));
else if (var_smtp_sasl_enable
&& *var_smtp_sasl_passwd
&& var_smtp_sasl_enforce
&& smtp_sasl_passwd_lookup(session) != 0)
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "4.7.0"),
"SASL login/password exists, but host %s "
"does not announce SASL authentication support",
session->namaddr));
#endif
return (0);

1
postfix/src/smtpd/Makefile.in
View File

@ -286,6 +286,7 @@ smtpd_check.o: ../../include/vbuf.h
smtpd_check.o: ../../include/verify_clnt.h
smtpd_check.o: ../../include/vstream.h
smtpd_check.o: ../../include/vstring.h
smtpd_check.o: ../../include/xtext.h
smtpd_check.o: smtpd.h
smtpd_check.o: smtpd_check.c
smtpd_check.o: smtpd_check.h

52
postfix/src/smtpd/smtpd_check.c
View File

@ -236,6 +236,7 @@
#include <valid_mailhost_addr.h>
#include <dsn_util.h>
#include <conv_time.h>
#include <xtext.h>
/* Application-specific. */
@ -3251,6 +3252,15 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
static VSTRING *action = 0;
ATTR_CLNT *policy_clnt;
#ifdef USE_TLS
VSTRING *subject_buf;
VSTRING *issuer_buf;
const char *subject;
const char *issuer;
#endif
int ret;
/*
* Sanity check.
*/
@ -3265,6 +3275,23 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
if (action == 0)
action = vstring_alloc(10);
#ifdef USE_TLS
#define ENCODE_CN(coded_CN, coded_CN_buf, CN) do { \
if (state->tls_context == 0 \
|| state->tls_context->peer_verified == 0 || (CN) == 0) { \
coded_CN_buf = 0; \
coded_CN = ""; \
} else { \
coded_CN_buf = vstring_alloc(strlen(CN)); \
xtext_quote(coded_CN_buf, CN, ""); \
coded_CN = STR(coded_CN_buf); \
} \
} while (0);
ENCODE_CN(subject, subject_buf, state->tls_context->peer_CN);
ENCODE_CN(issuer, issuer_buf, state->tls_context->issuer_CN);
#endif
if (attr_clnt_request(policy_clnt,
ATTR_FLAG_NONE, /* Query attributes. */
ATTR_TYPE_STR, MAIL_ATTR_REQ, "smtpd_access_policy",
@ -3308,10 +3335,8 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
#define IF_VERIFIED(x) \
((state->tls_context && \
state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")
ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
IF_VERIFIED(state->tls_context->peer_CN),
ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSSUER,
IF_VERIFIED(state->tls_context->issuer_CN),
ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT, subject,
ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER, issuer,
ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
IF_VERIFIED(state->tls_context->peer_fingerprint),
#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
@ -3326,19 +3351,26 @@ static int check_policy_service(SMTPD_STATE *state, const char *server,
ATTR_FLAG_MISSING, /* Reply attributes. */
ATTR_TYPE_STR, MAIL_ATTR_ACTION, action,
ATTR_TYPE_END) != 1) {
return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
451, "4.3.5",
"Server configuration problem"));
ret = smtpd_check_reject(state, MAIL_ERROR_POLICY,
451, "4.3.5",
"Server configuration problem");
} else {
/*
* XXX This produces bogus error messages when the reply is
* malformed.
*/
return (check_table_result(state, server, STR(action),
"policy query", reply_name,
reply_class, def_acl));
ret = check_table_result(state, server, STR(action),
"policy query", reply_name,
reply_class, def_acl);
}
#ifdef USE_TLS
if (subject_buf)
vstring_free(subject_buf);
if (issuer_buf)
vstring_free(issuer_buf);
#endif
return (ret);
}
/* is_map_command - restriction has form: check_xxx_access type:name */

9
postfix/src/smtpd/smtpd_peer.c
View File

@ -138,6 +138,15 @@ void smtpd_peer_init(SMTPD_STATE *state)
/*
* Look up the peer address information.
*
* XXX If we make local endpoint (getsockname) information available to
* Milter applications as {if_name} and {if_addr}, then we also must be
* able to provide this via the XCLIENT command for Milter testing.
*
* XXX If support were to be added for Milter applications in down-stream
* MTAs, then consistency demands that we propagate a lot of Sendmail
* macro information via the XFORWARD command. Otherwise we could end up
* with a very confusing situation.
*/
if (getpeername(vstream_fileno(state->client), sa, &sa_length) >= 0) {
errno = 0;