postfix-2.12-20140209

postfix/HISTORY

@@ -19528,3 +19528,23 @@ Apologies for any names omitted.
 20140110-15
 
 	Miscellaneous documentation cleanups.
+
+20140116
+
+	Workaround: prepend "-I. -I../../include" to CCARGS, to
+	avoid name clashes with non-Postfix header files. File:
+	makedefs.
+
+20140125
+
+	Cleanup: assorted documentation glitches.
+
+20140209
+
+	Workaround: the Postfix SMTP client now also falls back to
+	plaintext when TLS fails after the TLS protocol handshake.
+	Files: smtp/smtp.h, smtp/smtp_connect.c, smtp/smtp_trouble.c.
+
+	Testbed: unsupported HANGUP access map action that drops
+	the connection without responding to the remote SMTP client.
+	File: smtpd/smtpd_check.c.

postfix/README_FILES/FORWARD_SECRECY_README

@@ -181,12 +181,13 @@ main.cf.
 FFoorrwwaarrdd SSeeccrreeccyy iinn tthhee PPoossttffiixx SSMMTTPP CClliieenntt
 
 The Postfix >= 2.2 SMTP client supports forward secrecy in its default
-configuration. No configuration changes are needed besides turning on elliptic-
+configuration. All supported OpenSSL releases support EDH key exchange. OpenSSL
-curve support with Postfix 2.6 and 2.7 (see the quick-start section). If the
+releases >= 1.0.0 also support EECDH key exchange (provided elliptic-curve
-remote SMTP server supports cipher suites with forward secrecy (and does not
+support has not been disabled by the vendor as in some versions of RedHat
-override the SMTP client's cipher preference), then the traffic between the
+Linux). If the remote SMTP server supports cipher suites with forward secrecy
-server and client will resist decryption even if the server's long-term
+(and does not override the SMTP client's cipher preference), then the traffic
-authentication keys are later compromised.
+between the server and client will resist decryption even if the server's long-
+term authentication keys are later compromised.
 
 The default Postfix SMTP client cipher lists are correctly ordered to prefer
 EECDH and EDH cipher suites ahead of similar cipher suites that don't implement
@@ -200,12 +201,16 @@ a case-by-case basis via the TLS policy table.
 
 GGeettttiinngg ssttaarrtteedd,, qquuiicckk aanndd ddiirrttyy
 
-EEEECCDDHH CClliieenntt aanndd sseerrvveerr ssuuppppoorrtt ((PPoossttffiixx >>== 22..66 wwiitthh OOppeennSSSSLL >>== 11..00..00))
+EEEECCDDHH CClliieenntt ssuuppppoorrtt ((PPoossttffiixx >>== 22..22 wwiitthh OOppeennSSSSLL >>== 11..00..00))
+
+This works "out of the box" without additional configuration.
+
+EEEECCDDHH SSeerrvveerr ssuuppppoorrtt ((PPoossttffiixx >>== 22..66 wwiitthh OOppeennSSSSLL >>== 11..00..00))
 
 With Postfix 2.6 and 2.7, enable elliptic-curve support in the Postfix SMTP
-client and server. This is the default with Postfix >= 2.8. Note, however, that
+server. This is the default with Postfix >= 2.8. Note, however, that elliptic-
-elliptic-curve support may be disabled by the vendor, as in some versions of
+curve support may be disabled by the vendor, as in some versions of RedHat
-RedHat Linux.
+Linux.
 
     /etc/postfix/main.cf:
         # Postfix 2.6 or 2.7 only. This is default with Postfix 2.8 and later.

postfix/html/FORWARD_SECRECY_README.html

@@ -253,9 +253,10 @@ more curves at the desired security level without any changes to
 <h2> <a name="client_fs">Forward Secrecy in the Postfix SMTP Client</a> </h2>
 
 <p> The Postfix &ge; 2.2 SMTP client supports forward secrecy in
-its default configuration.  No configuration changes are needed
+its default configuration.  All supported OpenSSL releases support
-besides turning on elliptic-curve support with Postfix 2.6 and 2.7
+EDH key exchange.  OpenSSL releases &ge; 1.0.0 also support EECDH
-(see the <a href="#quick-start"> quick-start</a> section).  If the
+key exchange (provided elliptic-curve support has not been disabled
+by the vendor as in some versions of RedHat Linux).  If the
 remote SMTP server supports cipher suites with forward secrecy (and
 does not override the SMTP client's cipher preference), then the
 traffic between the server and client will resist decryption even
@@ -277,11 +278,14 @@ href="TLS_README.html#client_tls_policy">TLS policy</a> table. </p>
 
 <h2><a name="quick-start">Getting started, quick and dirty</a></h2>
 
-<h3> EECDH Client and server support (Postfix &ge; 2.6 with OpenSSL
+<h3> EECDH Client support (Postfix &ge; 2.2 with OpenSSL &ge; 1.0.0) </h3>
-&ge; 1.0.0) </h3>
+
+<p> This works "out of the box" without additional configuration. </p>
+
+<h3> EECDH Server support (Postfix &ge; 2.6 with OpenSSL &ge; 1.0.0) </h3>
 
 <p> With Postfix 2.6 and 2.7, enable elliptic-curve support in the
-Postfix SMTP client and server. This is the default with Postfix
+Postfix SMTP server. This is the default with Postfix
 &ge; 2.8. Note, however, that elliptic-curve support may be disabled
 by the vendor, as in some versions of RedHat Linux. </p>
 

postfix/html/postconf.1.html

@@ -123,6 +123,8 @@ POSTCONF(1)                                                        POSTCONF(1)
 
               The default is as if "<b>-C all</b>" is specified.
 
+              This feature is available with Postfix 2.9 and later.
+
        <b>-d</b>     Print  <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of actual set-
               tings.  Specify <b>-df</b> to fold long  lines  for  human  readability
               (Postfix 2.9 and later).
@@ -330,6 +332,8 @@ POSTCONF(1)                                                        POSTCONF(1)
 
        <b>-p</b>     Show <a href="postconf.5.html"><b>main.cf</b></a> parameter settings. This is the default.
 
+              This feature is available with Postfix 2.11 and later.
+
        <b>-P</b>     Show  <a href="master.5.html"><b>master.cf</b></a>  service parameter settings (by default all ser-
               vices   and   all   parameters).    formatted   as   one   "<i>ser-</i>
               <i>vice/type/parameter=value</i>"  per  line.  Specify <b>-Pf</b> to fold long
@@ -444,8 +448,10 @@ POSTCONF(1)                                                        POSTCONF(1)
        The Secure Mailer license must be distributed with this software.
 
 <b>AUTHOR(S)</b>
-       Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
+       Wietse Venema
-       Heights, NY 10598, USA
+       IBM T.J. Watson Research
+       P.O. Box 704
+       Yorktown Heights, NY 10598, USA
 
                                                                    POSTCONF(1)
 </pre> </body> </html>

postfix/makedefs

@@ -638,6 +638,9 @@ CCARGS="$CCARGS -DSNAPSHOT"
 # needed before the code stabilizes.
 #CCARGS="$CCARGS -DNONPROD"
 
+# Workaround: prepend Postfix include files before other include files.
+CCARGS="-I. -I../../include $CCARGS"
+
 sed 's/  / /g' <<EOF
 SYSTYPE	= $SYSTYPE
 AR	= $AR

postfix/man/man1/postconf.1

@@ -143,6 +143,8 @@ All the above classes.
 .IP
 The default is as if "\fB-C all\fR" is
 specified.
+
+This feature is available with Postfix 2.9 and later.
 .IP \fB-d\fR
 Print \fBmain.cf\fR default parameter settings instead of
 actual settings.
@@ -347,6 +349,8 @@ Override \fBmain.cf\fR parameter settings.
 This feature is available with Postfix 2.10 and later.
 .IP \fB-p\fR
 Show \fBmain.cf\fR parameter settings. This is the default.
+
+This feature is available with Postfix 2.11 and later.
 .IP \fB-P\fR
 Show \fBmaster.cf\fR service parameter settings (by default
 all services and all parameters).  formatted as one
@@ -486,5 +490,7 @@ software.
 .SH "AUTHOR(S)"
 .na
 .nf
-Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
+Wietse Venema
-Heights, NY 10598, USA
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA

postfix/proto/FORWARD_SECRECY_README.html

@@ -253,9 +253,10 @@ main.cf. </p>
 <h2> <a name="client_fs">Forward Secrecy in the Postfix SMTP Client</a> </h2>
 
 <p> The Postfix &ge; 2.2 SMTP client supports forward secrecy in
-its default configuration.  No configuration changes are needed
+its default configuration.  All supported OpenSSL releases support
-besides turning on elliptic-curve support with Postfix 2.6 and 2.7
+EDH key exchange.  OpenSSL releases &ge; 1.0.0 also support EECDH
-(see the <a href="#quick-start"> quick-start</a> section).  If the
+key exchange (provided elliptic-curve support has not been disabled
+by the vendor as in some versions of RedHat Linux).  If the
 remote SMTP server supports cipher suites with forward secrecy (and
 does not override the SMTP client's cipher preference), then the
 traffic between the server and client will resist decryption even
@@ -277,11 +278,14 @@ href="TLS_README.html#client_tls_policy">TLS policy</a> table. </p>
 
 <h2><a name="quick-start">Getting started, quick and dirty</a></h2>
 
-<h3> EECDH Client and server support (Postfix &ge; 2.6 with OpenSSL
+<h3> EECDH Client support (Postfix &ge; 2.2 with OpenSSL &ge; 1.0.0) </h3>
-&ge; 1.0.0) </h3>
+
+<p> This works "out of the box" without additional configuration. </p>
+
+<h3> EECDH Server support (Postfix &ge; 2.6 with OpenSSL &ge; 1.0.0) </h3>
 
 <p> With Postfix 2.6 and 2.7, enable elliptic-curve support in the
-Postfix SMTP client and server. This is the default with Postfix
+Postfix SMTP server. This is the default with Postfix
 &ge; 2.8. Note, however, that elliptic-curve support may be disabled
 by the vendor, as in some versions of RedHat Linux. </p>
 

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20140115"
+#define MAIL_RELEASE_DATE	"20140209"
 #define MAIL_VERSION_NUMBER	"2.12"
 
 #ifdef SNAPSHOT

postfix/src/global/rcpt_print.c

@@ -26,8 +26,10 @@
 /*	The Secure Mailer license must be distributed with this
 /*	software.
 /* AUTHOR(S)
-/*	Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
+/*	Wietse Venema
-/*	Heights, NY 10598, USA
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
 /*--*/
 
 /* System library. */

postfix/src/milter/milter_macros.c

@@ -94,8 +94,10 @@
 /*	The Secure Mailer license must be distributed with this
 /*	software.
 /* AUTHOR(S)
-/*	Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
+/*	Wietse Venema
-/*	Heights, NY 10598, USA
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
 /*--*/
 
 /* System library. */

postfix/src/postconf/postconf.c

@@ -137,6 +137,8 @@
 /* .IP
 /*	The default is as if "\fB-C all\fR" is
 /*	specified.
+/*
+/*	This feature is available with Postfix 2.9 and later.
 /* .IP \fB-d\fR
 /*	Print \fBmain.cf\fR default parameter settings instead of
 /*	actual settings.
@@ -341,6 +343,8 @@
 /*	This feature is available with Postfix 2.10 and later.
 /* .IP \fB-p\fR
 /*	Show \fBmain.cf\fR parameter settings. This is the default.
+/*
+/*	This feature is available with Postfix 2.11 and later.
 /* .IP \fB-P\fR
 /*	Show \fBmaster.cf\fR service parameter settings (by default
 /*	all services and all parameters).  formatted as one
@@ -464,8 +468,10 @@
 /*	The Secure Mailer license must be distributed with this
 /*	software.
 /* AUTHOR(S)
-/*	Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
+/*	Wietse Venema
-/*	Heights, NY 10598, USA
+/*	IBM T.J. Watson Research
+/*	P.O. Box 704
+/*	Yorktown Heights, NY 10598, USA
 /*--*/
 
 /* System library. */

postfix/src/smtp/Makefile.in

@@ -728,6 +728,7 @@ smtp_trouble.o: ../../include/vbuf.h
 smtp_trouble.o: ../../include/vstream.h
 smtp_trouble.o: ../../include/vstring.h
 smtp_trouble.o: smtp.h
+smtp_trouble.o: smtp_sasl.h
 smtp_trouble.o: smtp_trouble.c
 smtp_unalias.o: ../../include/argv.h
 smtp_unalias.o: ../../include/attr.h

postfix/src/smtp/smtp.h

@@ -453,6 +453,29 @@ extern HBC_CALL_BACKS smtp_hbc_callbacks[];
   * Encapsulate the following so that we don't expose details of of
   * connection management and error handling to the SMTP protocol engine.
   */
+#ifdef USE_SASL_AUTH
+#define HAVE_SASL_CREDENTIALS \
+	(var_smtp_sasl_enable \
+	     && *var_smtp_sasl_passwd \
+	     && smtp_sasl_passwd_lookup(session))
+#else
+#define HAVE_SASL_CREDENTIALS	(0)
+#endif
+
+#define PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE \
+	(session->tls_context == 0 \
+	    && session->tls->level == TLS_LEV_MAY \
+	    && !HAVE_SASL_CREDENTIALS)
+
+#define PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE \
+	(session->tls_context != 0 \
+	    && session->tls->level == TLS_LEV_MAY \
+	    && !HAVE_SASL_CREDENTIALS)
+
+ /*
+  * XXX The following will not retry recipients that were deferred while the
+  * SMTP_MISC_FLAG_FINAL_SERVER flag was already set.
+  */
 #define RETRY_AS_PLAINTEXT do { \
 	session->tls_retry_plain = 1; \
 	state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; \

postfix/src/smtp/smtp_connect.c

@@ -1015,6 +1015,19 @@ static void smtp_connect_inet(SMTP_STATE *state, const char *nexthop,
 			&& next == 0)
 			state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
 		    smtp_xfer(state);
+#ifdef USE_TLS
+
+		    /*
+		     * When opportunistic TLS fails after the STARTTLS
+		     * handshake, try the same address again, with TLS
+		     * disabled. See also the RETRY_AS_PLAINTEXT macro.
+		     */
+		    if ((retry_plain = session->tls_retry_plain) != 0) {
+			--sess_count;
+			--addr_count;
+			next = addr;
+		    }
+#endif
 		}
 		smtp_cleanup_session(state);
 	    } else {

postfix/src/smtp/smtp_proto.c

@@ -838,13 +838,7 @@ static int smtp_start_tls(SMTP_STATE *state)
 	 * plaintext connections, then we don't want delivery to fail with
 	 * "relay access denied".
 	 */
-	if (session->tls->level == TLS_LEV_MAY
+	if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
-#ifdef USE_SASL_AUTH
-	    && !(var_smtp_sasl_enable
-		 && *var_smtp_sasl_passwd
-		 && smtp_sasl_passwd_lookup(session))
-#endif
-	    )
 	    RETRY_AS_PLAINTEXT;
 	return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
 			       SMTP_RESP_FAKE(&fake, "4.7.5"),

postfix/src/smtp/smtp_trouble.c

@@ -156,6 +156,7 @@
 /* Application-specific. */
 
 #include "smtp.h"
+#include "smtp_sasl.h"
 
 #define SMTP_THROTTLE	1
 #define SMTP_NOTHROTTLE	0
@@ -433,10 +434,18 @@ int     smtp_stream_except(SMTP_STATE *state, int code, const char *description)
     case SMTP_ERR_EOF:
 	dsb_simple(why, "4.4.2", "lost connection with %s while %s",
 		   session->namaddr, description);
+#ifdef USE_TLS
+	if (PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE)
+	    RETRY_AS_PLAINTEXT;
+#endif
 	break;
     case SMTP_ERR_TIME:
 	dsb_simple(why, "4.4.2", "conversation with %s timed out while %s",
 		   session->namaddr, description);
+#ifdef USE_TLS
+	if (PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE)
+	    RETRY_AS_PLAINTEXT;
+#endif
 	break;
     case SMTP_ERR_DATA:
 	session->error_mask |= MAIL_ERROR_DATA;

postfix/src/smtpd/smtpd_check.c

@@ -236,6 +236,7 @@
 #include <dsn_util.h>
 #include <conv_time.h>
 #include <xtext.h>
+#include <smtp_stream.h>
 
 /* Application-specific. */
 
@@ -1068,7 +1069,7 @@ static int permit_inet_interfaces(SMTPD_STATE *state)
     if (msg_verbose)
 	msg_info("%s: %s %s", myname, state->name, state->addr);
 
-    if (own_inet_addr((struct sockaddr *) & (state->sockaddr)))
+    if (own_inet_addr((struct sockaddr *) &(state->sockaddr)))
 	/* Permit logging in generic_checks() only. */
 	return (SMTPD_CHECK_OK);
     return (SMTPD_CHECK_DUNNO);
@@ -2110,6 +2111,22 @@ static int check_table_result(SMTPD_STATE *state, const char *table,
 				   reply_name, reply_class,
 				   *dp.text ? dp.text : "Access denied"));
     }
+#ifndef SHUT_RDWR
+#define SHUT_RDWR   2
+#endif
+
+    /*
+     * HANGUP. Text is optional. Drop the connection without sending any
+     * reply.
+     * 
+     * Note: this is an unsupported test feature. No attempt is made to maintain
+     * compatibility between successive versions.
+     */
+    if (STREQUAL(value, "HANGUP", cmd_len)) {
+	shutdown(vstream_fileno(state->client), SHUT_RDWR);
+	log_whatsup(state, "hangup", cmd_text);
+	vstream_longjmp(state->client, SMTP_ERR_QUIET);
+    }
 
     /*
      * WARN. Text is optional.