postfix-3.4-20190202

postfix/HISTORY

@@ -23808,6 +23808,24 @@ Apologies for any names omitted.
 	or whether the connection is reused ("TLS connection reused").
 	Files: smtp/smtp.h, smtp/smtp_proto.c, smtp/smtp_session.c.
 
+	(20181117-nonprod) Unified summary logging in the SMTP
+	client, SMTP server, and posttls-finger. Viktor Dukhovni.
+	Files: tls/tls.h, tls/tls_misc.c, tls/tls_proxy.h,
+	tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
+	tls/tls_client.c, src/tls/tls_server.c, smtpd/smtpd.c,
+	posttls-finger/posttls-finger.c.
+
+	(20181117-nonprod) Improved logging of TLS 1.3 summary
+	information. On the server side this also affects the TLS
+	information optionally recorded in "Received" headers.
+	Viktor Dukhovni. Files: smtpd/smtpd.c, tls/tls.h,
+	tls/tls_client.c, tls/tls_misc.c, tls/tls_proxy.h,
+	tls/tls_proxy_context_print.c, tls/tls_proxy_context_scan.c,
+	tls/tls_server.c.
+
+	(20181117-nonprod) FORWARD_SECRECY examples with TLS 1.3
+	logging. Viktor Dukhovni. File: proto/FORWARD_SECRECY_README.html.
+
 20181118
 
 	Cleanup, no behavior change: updated comments concerning
@@ -23924,10 +23942,22 @@ Apologies for any names omitted.
 	message to the postscreen_pre_queue_limit. Problem reported
 	by Michael Orlitzky. File: proto/POSTSCREEN_README.html.
 
-	Compatibility: removed support for OpenSSL 1.0.1 and earlier.
+	(20181226-nonprod) Compatibility: removed support for OpenSSL
+	1.0.1 (not supported since December 31, 2016) and earlier
+	releases. This eliminated a large number of #ifdefs with
+	bitrot workarounds.  Viktor Dukhovni. Files: global/mail_params.h,
+	posttls-finger/posttls-finger.c, tls/tls.h, tls/tls_certkey.c,
+	tls/tls_client.c, tls/tls_dane.c, tls/tls_dh.c, tls/tls_misc.c,
+	tls/tls_proxy_client_scan.c, tls/tls_rsa.c, tls/tls_server.c,
+	tls/tls_session.c.
 
-	Feature: TLS support for client-side and server-side SNI
-	in the Postfix SMTP server, SMTP client, and tlsproxy.
+	(20181226-nonprod) Use the OpenSSL 1.0.2 and later API for
+	setting ECDHE curves. Viktor Dukhovni. Files: tls/tls.h,
+	tls/tls_client.c, tls/tls_dh.c.
+
+	(20181226-nonprod) Documentation update for TLS support.
+	Viktor Dukhovni. Files: mantools/postlink, proto/TLS_README.html,
+	proto/postconf.proto, src/sendmail/sendmail.c, src/smtpd/smtpd.c.
 
 20181229
 
@@ -23946,6 +23976,34 @@ Apologies for any names omitted.
         dict_open.c, and updated the -F description in the postmap
         manpage. Files: util/dict_open.c, postmap/postmap.c.
 
+	(20190106-nonprod) Feature: support for files that combine
+	multiple (key, certificate, trust chain) instances in one
+	file, to avoid separate files for RSA, DSA, Elliptic Curve,
+	and so on. Viktor Dukhovni. Files: .indent.pro,
+	global/mail_params.h, posttls-finger/posttls-finger.c,
+	smtp/lmtp_params.c, smtp/smtp.c, smtp/smtp_params.c,
+	smtp/smtp_proto.c, smtpd/smtpd.c, tls/tls.h, tls/tls_certkey.c,
+	tls/tls_client.c, tls/tls_proxy.h, tls/tls_proxy_client_print.c,
+	tls/tls_proxy_client_scan.c, tls/tls_proxy_server_print.c,
+	tls/tls_proxy_server_scan.c, tls/tls_server.c, tlsproxy/tlsproxy.c.
+
+	(20190106-nonprod) Create a second, no-key no-cert, SSL_CTX
+	for use with SNI. Viktor Dukhovni. Files: src/tls/tls.h,
+	src/tls/tls_client.c, src/tls/tls_misc.c, src/tls/tls_server.c.
+
+	(20190106-nonprod) Server-side SNI support. Viktor Dukhovni.
+	Files: src/global/mail_params.h, src/smtp/smtp.c,
+	src/smtpd/smtpd.c, src/tls/tls.h, src/tls/tls_certkey.c,
+	src/tls/tls_misc.c, src/tlsproxy/tlsproxy.c,
+
+	(20190106-nonprod) Configurable client-side SNI signal.
+	Viktor Dukhovni. Files: global/mail_params.h,
+	posttls-finger/posttls-finger.c, smtp/lmtp_params.c,
+	smtp/smtp.c, smtp/smtp.h, smtp/smtp_params.c, smtp/smtp_proto.c,
+	smtp/smtp_tls_policy.c, tls/tls.h, tls/tls_client.c,
+	tls/tls_proxy.h, tls/tls_proxy_client_print.c,
+	tls/tls_proxy_client_scan.c.
+
 20190121
 
 	Logging: support for internal logging file, without using
@@ -23976,9 +24034,9 @@ Apologies for any names omitted.
 	util/msg_output.h, util/unix_dgram_connect.c,
 	util/unix_dgram_listen.c.
 
-	Safety: temporary postlogd fix to avoid recursion when main.cf
-	has "maillog_file =" but master(8) still still tells its child
-	processes to send logs to postlogd. File: postlogd/postlogd.c.
+	Cleanup: cert/key/chain loading, plus unit tests to exercise
+	non-error and error cases. Viktor Dukhovni. Files: tls/*.pem,
+	tls*.pem.ref, tls/tls_certkey.c.
 
 20190126
 
@@ -24016,7 +24074,22 @@ Apologies for any names omitted.
 20190129
 
 	Safety: require that $maillog_file matches one of the
-	pathname prefixes specified in $maillog_file_prefixes.  The
+	pathname prefixes specified in $maillog_file_prefixes. The
 	maillog file is created by root, and the prefixes limit the
 	damage from a single configuration error. Files:
 	global/mail_params.[hc], global/maillog_client.c.
+
+20191201
+
+	Feature: "postfix logrotate" command with configurable
+	compression program and datestamp filename suffix. File:
+	conf/postfix-script.
+
+20190202
+
+	Cleanup: log a warning when the client sends a malformed
+	SNI; log an info message when the client sends a valid SNI
+	that does not match the SNI lookup tables; update the
+	FORWARD_SECRECY_README logging examples. Viktor Dukhovni.
+	Files: proto/FORWARD_SECRECY_README.html, tls/tls.h,
+	tls/tls_client.c, tls/tls_misc.c.

postfix/README_FILES/FORWARD_SECRECY_README

@@ -449,6 +449,20 @@ Examples of Postfix SMTP server logging:
       TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
       server-signature ED25519
 
+Note that Postfix >= 3.4 server logging may also include a "to sni-name"
+element to record the use of an alternate server certificate chain for the
+connection in question. This happens when the client uses the TLS SNI
+extension, and the server selects a non-default certificate chain based on the
+client's SNI value:
+
+    postfix/smtpd[process-id]:
+      Untrusted TLS connection established from client.example[192.0.2.1]
+      to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256
+    bits)
+      key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
+    SHA256
+      client-signature ECDSA (P-256) client-digest SHA256
+
 WWhhaatt ddoo ""AAnnoonnyymmoouuss"",, ""UUnnttrruusstteedd"",, eettcc.. iinn PPoossttffiixx llooggggiinngg mmeeaann??
 
 The verification levels below are subject to man-in-the-middle attacks to

postfix/RELEASE_NOTES

@@ -25,26 +25,23 @@ more recent Eclipse Public License 2.0. Recipients can choose to take
 the software under the license of their choice. Those who are more
 comfortable with the IPL can continue with that license.
 
-Major changes with snapshot 20190127
-====================================
-
-[TODO: summary of SNI and chain-file support]
-
 Incompatible changes with snapshot 20190126-nonprod
 ====================================================
 
 This introduces a new master.cf service type 'unix-dgram' that is
 used by the new postlogd(8) daemon. This type is not supported by
-older Postfix versions. Before backing out to an older release,
+older Postfix versions. Before backing out to an older version,
 edit the master.cf file and remove the postlog entry.
 
 Major changes with snapshot 20190126-nonprod
 ============================================
 
-Support for logging to file or stdout. This disables syslog logging.
+[TODO: move most of this text to MAILLOG_README file]
 
-- Logging to file solves a usability problem for MacOS users, and
-  may also be useful on LINUX when systemd is getting in the way.
+Support for logging to file or stdout, instead of using syslog.
+
+- Logging to file solves a usability problem for MacOS, and
+  eliminates multiple problems with systemd-based systems.
 
 - Logging to stdout is useful when Postfix runs in a container, as
   it eliminates a syslogd dependency.
@@ -52,8 +49,8 @@ Support for logging to file or stdout. This disables syslog logging.
 To enable Postfix logging to file or stdout:
 --------------------------------------------
 
-Add the following line to master.cf if not already present (no
-whitespace at the start of the line):
+Add the following line to master.cf if not already present (note:
+there must be no whitespace at the start of the line):
     postlog   unix-dgram n  -       n       -       1       postlogd
 
 To write logs to Postfix logfile (see below for logfile rotation): 
@@ -65,9 +62,10 @@ To write logs to stdout, typically while Postfix runs in a container:
     # postconf maillog_file=/dev/stdout
     # postfix start-fg
 
-The maillog_file parameter must contain a prefix that is specified
-with the maillog_file_prefixes parameter (default: /var, /dev/stdout).
-This limits the damage from a single configuration mistake.
+The maillog_file parameter must contain one of the prefixes that
+are specified with the maillog_file_prefixes parameter (default:
+/var, /dev/stdout). This limits the damage from a single configuration
+mistake.
 
 To rotate a Postfix logfile with a daily cronjob:
 -------------------------------------------------
@@ -112,6 +110,25 @@ Limitations:
   executable file has set-gid permission. Do not set this permision
   on programs other than postdrop(1) and postqueue(1).
 
+Incompatible changes with snapshot 20190106
+===========================================
+
+Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life December
+31, 2016) and earlier releases.
+
+Major changes with snapshot 20190106
+====================================
+
+SNI support in the Postfix SMTP server, the Postfix SMTP client,
+and in the tlsproxy daemon (both server and client roles).
+
+Support for files that combine multiple (key, certificate, trust
+chain) instances. This was required to implement server-side SNI
+table lookups, but it also eliminates the need for separate cert/key
+files for RSA, DSA, Elliptic Curve, and so on. The file format is
+documented in TLS_README sections [TODO] and in the postconf
+documentation for parameters [TODO].
+
 Major changes with snapshot 20180826
 ====================================
 

postfix/conf/postfix-script

@@ -425,15 +425,15 @@ logrotate)
 	/dev/*) $FATAL "not rotating '$maillog_file'"; exit 1;;
 	esac
 
-	(
-	    suffix="`date +$maillog_file_rotate_suffix`" || exit 1
+	errors=`(
+	    suffix="\`date +$maillog_file_rotate_suffix\`" || exit 1
 	    mv "$maillog_file" "$maillog_file.$suffix" || exit 1
 	    $daemon_directory/master -t 2>/dev/null ||
-		kill -HUP `sed 1q pid/master.pid`
+		kill -HUP \`sed 1q pid/master.pid\` || exit 1
 	    sleep 1
 	    "$maillog_file_compressor" "$maillog_file.$suffix" || exit 1
-	) || {
-	    $FATAL "logfile '$maillog_file' rotation failed"
+	) 2>&1` || {
+	    $FATAL "logfile '$maillog_file' rotation failed: $errors"
 	    exit 1
 	}
 	;;

postfix/html/FORWARD_SECRECY_README.html

@@ -576,6 +576,23 @@ postfix/smtpd[<i>process-id</i>]:
 </pre>
 </blockquote>
 
+<p> Note that Postfix &ge; 3.4 server logging may also include a 
+"to <i>sni-name</i>" element to record the use of an alternate
+server certificate chain for the connection in question. This happens
+when the client uses the TLS SNI extension, and the server selects
+a non-default certificate chain based on the client's SNI value:
+</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+  Untrusted TLS connection established from client.example[192.0.2.1]
+  to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+  key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+  client-signature ECDSA (P-256) client-digest SHA256
+</pre>
+</blockquote>
+
 <h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
 Postfix logging mean? </a> </h2>
 

postfix/html/master.8.html

@@ -48,13 +48,17 @@ MASTER(8)                                                            MASTER(8)
               cesses terminate at their convenience.
 
        <b>-i</b>     Enable  <b>init</b>  mode:  do  not  become  a session or process group
-              leader; similar to <b>-s</b>, do not redirect stdout to  /dev/null,  so
-              that  "<a href="postconf.5.html#maillog_file">maillog_file</a>  = /dev/stdout" works.  This mode is allowed
-              only if the process ID equals 1.
+              leader; and similar to <b>-s</b>, do not redirect stdout to  /dev/null,
+              so  that  "<a href="postconf.5.html#maillog_file">maillog_file</a>  =  /dev/stdout"  works.   This  mode is
+              allowed only if the process ID equals 1.
+
+              This feature is available in Postfix 3.3 and later.
 
        <b>-s</b>     Do not redirect stdout to /dev/null,  so  that  "<a href="postconf.5.html#maillog_file">maillog_file</a>  =
               /dev/stdout" works.
 
+              This feature is available in Postfix 3.4 and later.
+
        <b>-t</b>     Test  mode.  Return  a zero exit status when the <b>master.pid</b> lock
               file does not exist or when that file is not  locked.   This  is
               evidence that the <a href="master.8.html"><b>master</b>(8)</a> daemon is not running.

postfix/html/postconf.5.html

@@ -12867,7 +12867,8 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix ≥ 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
@@ -13212,7 +13213,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"</p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -17580,7 +17582,8 @@ disabled.  The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> Example: </p>
@@ -17614,7 +17617,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -18725,6 +18729,22 @@ ancestor domain prefixed with a leading dot.  For internationalized
 domains, the lookup key must be in IDNA 2008 A-label form (as
 required in the TLS SNI extension). </p>
 
+<p> When this parameter is non-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the the specified tables.  When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.  </p>
+
+<p> Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's <a href="ADDRESS_CLASS_README.html#default_domain_class">default domains</a>, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for. </p>
+
 <p> The mapping from an SNI domain name to a certificate chain is
 typically indirect.  In the input source files for "cdb", "hash",
 "btree" or other tables that are converted to on-disk indexed files

postfix/man/man5/postconf.5

@@ -8364,7 +8364,8 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix >= 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2".
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 At the dane and
@@ -8694,7 +8695,8 @@ and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 To include a protocol list its name, to exclude it, prefix the name
@@ -12226,7 +12228,8 @@ disabled.  The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2".
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 Example:
@@ -12258,7 +12261,8 @@ and "TLSv1.2". The latest patch levels of Postfix >= 2.6, and all
 versions of Postfix >= 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2".
 .PP
-OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix >= 3.4,
+OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+>= 3.4 (or patch releases >= 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3".
 .PP
 To include a protocol list its name, to exclude it, prefix the name
@@ -13057,6 +13061,22 @@ ancestor domain prefixed with a leading dot.  For internationalized
 domains, the lookup key must be in IDNA 2008 A\-label form (as
 required in the TLS SNI extension).
 .PP
+When this parameter is non\-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the the specified tables.  When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.
+.PP
+Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's default domains, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for.
+.PP
 The mapping from an SNI domain name to a certificate chain is
 typically indirect.  In the input source files for "cdb", "hash",
 "btree" or other tables that are converted to on\-disk indexed files

postfix/man/man8/master.8

@@ -45,12 +45,16 @@ Terminate the master process after \fIexit_time\fR seconds. Child
 processes terminate at their convenience.
 .IP \fB\-i\fR
 Enable \fBinit\fR mode: do not become a session or process
-group leader; similar to \fB\-s\fR, do not redirect stdout
+group leader; and similar to \fB\-s\fR, do not redirect stdout
 to /dev/null, so that "maillog_file = /dev/stdout" works.
 This mode is allowed only if the process ID equals 1.
+.sp
+This feature is available in Postfix 3.3 and later.
 .IP \fB\-s\fR
 Do not redirect stdout to /dev/null, so that "maillog_file
 = /dev/stdout" works.
+.sp
+This feature is available in Postfix 3.4 and later.
 .IP \fB\-t\fR
 Test mode. Return a zero exit status when the \fBmaster.pid\fR lock
 file does not exist or when that file is not locked.  This is evidence

postfix/proto/FORWARD_SECRECY_README.html

@@ -576,6 +576,23 @@ postfix/smtpd[<i>process-id</i>]:
 </pre>
 </blockquote>
 
+<p> Note that Postfix &ge; 3.4 server logging may also include a 
+"to <i>sni-name</i>" element to record the use of an alternate
+server certificate chain for the connection in question. This happens
+when the client uses the TLS SNI extension, and the server selects
+a non-default certificate chain based on the client's SNI value:
+</p>
+
+<blockquote>
+<pre>
+postfix/smtpd[<i>process-id</i>]:
+  Untrusted TLS connection established from client.example[192.0.2.1]
+  to server.example: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
+  key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
+  client-signature ECDSA (P-256) client-digest SHA256
+</pre>
+</blockquote>
+
 <h2><a name="status"> What do "Anonymous", "Untrusted", etc. in
 Postfix logging mean? </a> </h2>
 

postfix/proto/postconf.proto

@@ -11271,7 +11271,8 @@ disabled except by also disabling "TLSv1" (typically leaving just
 versions of Postfix ≥ 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> At the <a href="TLS_README.html#client_tls_dane">dane</a> and
@@ -11471,7 +11472,8 @@ disabled.  The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> Example: </p>
@@ -12632,7 +12634,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can explicitly disable support for
 "TLSv1.1" or "TLSv1.2"</p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -12667,7 +12670,8 @@ and "TLSv1.2". The latest patch levels of Postfix &ge; 2.6, and all
 versions of Postfix &ge; 2.10 can disable support for "TLSv1.1" or
 "TLSv1.2". </p>
 
-<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix &ge; 3.4,
+<p> OpenSSL 1.1.1 introduces support for "TLSv1.3".  With Postfix
+&ge; 3.4 (or patch releases &ge; 3.0.14, 3.1.10, 3.2.7 and 3.3.2)
 this can be disabled, if need be, via "!TLSv1.3". </p>
 
 <p> To include a protocol list its name, to exclude it, prefix the name
@@ -17435,6 +17439,22 @@ ancestor domain prefixed with a leading dot.  For internationalized
 domains, the lookup key must be in IDNA 2008 A-label form (as
 required in the TLS SNI extension). </p>
 
+<p> When this parameter is non-empty, the Postfix SMTP server enables
+SNI extension processing, and logs SNI values that are invalid or
+don't match an entry in the the specified tables.  When an entry
+does match, the SNI name is logged as part of the connection summary
+at log levels 1 and higher.  </p>
+
+<p> Note that the SNI lookup tables should also have entries for
+the domains that correspond to the Postfix SMTP server's default
+certificate(s). This ensures that the remote SMTP client's TLS SNI
+extension gets a positive response when it specifies one of the
+Postfix SMTP server's default domains, and ensures that the Postfix
+SMTP server will not log an SNI name mismatch for such a domain.
+The Postfix SMTP server's default certificates are then only used
+when the client sends no SNI or when it sends SNI with a domain
+that the server knows no certificate(s) for. </p>
+
 <p> The mapping from an SNI domain name to a certificate chain is
 typically indirect.  In the input source files for "cdb", "hash",
 "btree" or other tables that are converted to on-disk indexed files

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20190201"
+#define MAIL_RELEASE_DATE	"20190202"
 #define MAIL_VERSION_NUMBER	"3.4"
 
 #ifdef SNAPSHOT

postfix/src/master/master.c

@@ -39,12 +39,16 @@
 /*	processes terminate at their convenience.
 /* .IP \fB-i\fR
 /*	Enable \fBinit\fR mode: do not become a session or process
-/*	group leader; similar to \fB-s\fR, do not redirect stdout
+/*	group leader; and similar to \fB-s\fR, do not redirect stdout
 /*	to /dev/null, so that "maillog_file = /dev/stdout" works.
 /*	This mode is allowed only if the process ID equals 1.
+/* .sp
+/*	This feature is available in Postfix 3.3 and later.
 /* .IP \fB-s\fR
 /*	Do not redirect stdout to /dev/null, so that "maillog_file
 /*	= /dev/stdout" works.
+/* .sp
+/*	This feature is available in Postfix 3.4 and later.
 /* .IP \fB-t\fR
 /*	Test mode. Return a zero exit status when the \fBmaster.pid\fR lock
 /*	file does not exist or when that file is not locked.  This is evidence

postfix/src/postlogd/postlogd.c

@@ -241,6 +241,14 @@ int     main(int argc, char **argv)
      */
     MAIL_VERSION_STAMP_ALLOCATE;
 
+    /*
+     * This is a datagram service, not a stream service, so that postlogd can
+     * restart immediately after "postfix reload" without requiring clients
+     * to resend messages. Those messages remain queued in the kernel until a
+     * new postlogd process retrieves them. It would be unreasonable to
+     * require that clients retransmit logs, especially in the case of a
+     * fatal or panic error.
+     */
     dgram_server_main(argc, argv, postlogd_service,
 		      CA_MAIL_SERVER_TIME_TABLE(time_table),
 		      CA_MAIL_SERVER_PRE_INIT(pre_jail_init),

postfix/src/tls/tls.h

@@ -247,6 +247,7 @@ typedef struct {
     /* Public, read-only. */
     char   *peer_CN;			/* Peer Common Name */
     char   *issuer_CN;			/* Issuer Common Name */
+    char   *peer_sni;			/* SNI sent to or by the peer */
     char   *peer_cert_fprint;		/* ASCII certificate fingerprint */
     char   *peer_pkey_fprint;		/* ASCII public key fingerprint */
     int     peer_status;		/* Certificate and match status */

postfix/src/tls/tls_client.c

@@ -1042,6 +1042,13 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props)
 	    tls_free_context(TLScontext);
 	    return (0);
 	}
+	/*
+	 * The saved value is not presently used client-side, but could later
+	 * be logged if acked by the server (requires new client-side callback
+	 * to detect the ack).  For now this just maintains symmetry with the
+	 * server code, where do record the received SNI for logging.
+	 */
+	TLScontext->peer_sni = mystrdup(sni);
 	if (log_mask & TLS_LOG_DEBUG)
 	    msg_info("%s: SNI hostname: %s", props->namaddr, sni);
     }

postfix/src/tls/tls_misc.c

@@ -793,19 +793,27 @@ void    tls_pre_jail_init(TLS_ROLE role)
 static int server_sni_callback(SSL *ssl, int *alert, void *arg)
 {
     SSL_CTX *sni_ctx = (SSL_CTX *) arg;
+    TLS_SESS_STATE *TLScontext = SSL_get_ex_data(ssl, TLScontext_index);
     const char *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+    const char *cp = sni;
     const char *pem;
 
-    if (!sni_ctx || !tls_server_sni_maps
-	|| !sni || !*sni || !valid_hostname(sni, DONT_GRIPE))
+    /* SNI is silently ignored when we don't care or is NULL or empty */
+    if (!sni_ctx || !tls_server_sni_maps || !sni || !*sni)
 	return SSL_TLSEXT_ERR_NOACK;
 
+    if (!valid_hostname(sni, DONT_GRIPE)) {
+	msg_warn("TLS SNI from %s is invalid: %s",
+		 TLScontext->namaddr, sni);
+	return SSL_TLSEXT_ERR_NOACK;
+    }
+
     do {
 	/* Don't silently skip maps opened with the wrong flags. */
-	pem = maps_file_find(tls_server_sni_maps, sni, 0);
+	pem = maps_file_find(tls_server_sni_maps, cp, 0);
     } while (!pem
 	     && !tls_server_sni_maps->error
-	     && (sni = strchr(sni + 1, '.')) != 0);
+	     && (cp = strchr(cp + 1, '.')) != 0);
 
     if (!pem) {
 	if (tls_server_sni_maps->error) {
@@ -814,6 +822,14 @@ static int server_sni_callback(SSL *ssl, int *alert, void *arg)
 	    *alert = SSL_AD_INTERNAL_ERROR;
 	    return SSL_TLSEXT_ERR_ALERT_FATAL;
 	}
+	msg_info("TLS SNI %s from %s not matched, using default chain",
+		 sni, TLScontext->namaddr);
+	/*
+	 * XXX: We could lie and pretend to accept the name, but since we've
+	 * previously not impemented the callback (with OpenSSL then declining
+	 * the extension), and nothing bad happened, declining it explicitly
+	 * should be safe.
+	 */
 	return SSL_TLSEXT_ERR_NOACK;
     }
     SSL_set_SSL_CTX(ssl, sni_ctx);
@@ -822,6 +838,7 @@ static int server_sni_callback(SSL *ssl, int *alert, void *arg)
 	*alert = SSL_AD_INTERNAL_ERROR;
 	return SSL_TLSEXT_ERR_ALERT_FATAL;
     }
+    TLScontext->peer_sni = mystrdup(sni);
     return SSL_TLSEXT_ERR_OK;
 }
 
@@ -1101,15 +1118,23 @@ void    tls_log_summary(TLS_ROLE role, TLS_USAGE usage, TLS_SESS_STATE *ctx)
 {
     VSTRING *msg = vstring_alloc(100);
     const char *direction = (role == TLS_ROLE_CLIENT) ? "to" : "from";
+    const char *sni = (role == TLS_ROLE_CLIENT) ? 0 : ctx->peer_sni;
 
-    vstring_sprintf(msg, "%s TLS connection %s %s %s: %s"
+    /*
+     * When SNI was sent and accepted, the server-side log message now includes
+     * a "to <sni-name>" detail after the "from <namaddr>" detail identifying
+     * the remote client.  We don't presently log (purportedly) accepted SNI on
+     * the client side.
+     */
+    vstring_sprintf(msg, "%s TLS connection %s %s %s%s%s: %s"
 		    " with cipher %s (%d/%d bits)",
 		    !TLS_CERT_IS_PRESENT(ctx) ? "Anonymous" :
 		    TLS_CERT_IS_SECURED(ctx) ? "Verified" :
 		    TLS_CERT_IS_TRUSTED(ctx) ? "Trusted" : "Untrusted",
 		    usage == TLS_USAGE_NEW ? "established" : "reused",
-		    direction, ctx->namaddr, ctx->protocol, ctx->cipher_name,
-		    ctx->cipher_usebits, ctx->cipher_algbits);
+		    direction, ctx->namaddr, sni ? " to " : "", sni ? sni : "",
+		    ctx->protocol, ctx->cipher_name, ctx->cipher_usebits,
+		    ctx->cipher_algbits);
 
     if (ctx->kex_name && *ctx->kex_name) {
 	vstring_sprintf_append(msg, " key-exchange %s", ctx->kex_name);
@@ -1215,6 +1240,7 @@ TLS_SESS_STATE *tls_alloc_sess_context(int log_mask, const char *namaddr)
     TLScontext->serverid = 0;
     TLScontext->peer_CN = 0;
     TLScontext->issuer_CN = 0;
+    TLScontext->peer_sni = 0;
     TLScontext->peer_cert_fprint = 0;
     TLScontext->peer_pkey_fprint = 0;
     TLScontext->protocol = 0;
@@ -1263,6 +1289,8 @@ void    tls_free_context(TLS_SESS_STATE *TLScontext)
 	myfree(TLScontext->peer_CN);
     if (TLScontext->issuer_CN)
 	myfree(TLScontext->issuer_CN);
+    if (TLScontext->peer_sni)
+	myfree(TLScontext->peer_sni);
     if (TLScontext->peer_cert_fprint)
 	myfree(TLScontext->peer_cert_fprint);
     if (TLScontext->peer_pkey_fprint)