postfix-2.12-20141106

postfix/HISTORY

@@ -20696,3 +20696,43 @@ Apologies for any names omitted.
 	Cleanup: the last remaining remnants of the withdrawn
 	smtp_tls_fallback_level feature. Files: mantools/postlink,
 	global/mail_params.h.
+
+20141021
+
+	Per IETF TLS WG consensus, the tls_session_ticket_cipher
+	default setting was changed from aes-128-cbc to aes-256-cbc.
+	Take that, you quantum computer attackers! Viktor Dukhovni.
+	Files: proto/postconf.proto, global/mail_params.h.
+
+20141024
+
+	Cleanup: added $smtpd_mumble_restrictions to the proxy_read_maps
+	default setting. File: global/mail_params.h.
+
+	Documentation: different header/body checks for MX service
+	and SMTP submissions. File: proto/BUILTIN_FILTER_README.html.
+
+	Cleanup: don't send "bare" original recipient in SMTP DSN
+	attributes. File: cleanup/cleanup_addr.c.
+
+	Feature: smtp-sink -N option to suppress DSN announcement.
+	File: smtpstone/smtp-sink.c.
+
+20141025
+
+	Bugfix (introduced: Postfix 2,11): core dump when
+	smtp_policy_maps specifies an invalid TLS level. Viktor
+	Dukhovni. File: smtp/smtp_tls_policy.c.
+
+20141103
+
+	Logging: when a connection is closed, log the request counts
+	for unimplemented STARTTLS or AUTH commands separately,
+	instead of logging such commands as "unknown". File:
+	smtpd/smtpd.c.
+
+20141106
+
+	Cleanup: set errno to ETIMEDOUT after postscreen handshake
+	timeout event, so that warnings report the correct error.
+	File: tlsproxy/tlsproxy.c.

postfix/README_FILES/BUILTIN_FILTER_README

@@ -52,6 +52,8 @@ Topics covered by this document:
   * Limitations of Postfix header/body checks
   * Preventing daily mail status reports from being blocked
   * Configuring header/body checks for mail from outside users only
+  * Configuring different header/body checks for MX service and submission
+    service
   * Configuring header/body checks for mail to some domains only
 
 WWhhaatt mmaaiill iiss ssuubbjjeecctteedd ttoo hheeaaddeerr//bbooddyy cchheecckkss
@@ -105,8 +107,9 @@ make the decision in the cleanup(8) server, as this program receives mail from
 so many different sources. Instead, header/body checks are requested by the
 source. Examples of how to turn off header/body checks for mail received with
 smtpd(8), qmqpd(8) or pickup(8) are given below under "Configuring header/body
-checks for mail from outside users only" and "Configuring header/body checks
-for mail to some domains only".
+checks for mail from outside users only", "Configuring different header/body
+checks for MX service and submission service", and "Configuring header/body
+checks for mail to some domains only".
 
 LLiimmiittaattiioonnss ooff PPoossttffiixx hheeaaddeerr//bbooddyy cchheecckkss
 
@@ -248,6 +251,50 @@ server IP addresses in master.cf:
         # =================================================================
         1.2.3.5:smtp  inet  n       -       n       -       -       smtpd
 
+CCoonnffiigguurriinngg ddiiffffeerreenntt hheeaaddeerr//bbooddyy cchheecckkss ffoorr MMXX sseerrvviiccee aanndd ssuubbmmiissssiioonn sseerrvviiccee
+
+If authorized user submissions require different header/body checks than mail
+from remote MTAs, then this is possible as long as you have separate mail
+streams for authorized users and for MX service.
+
+The example below assumes that authorized users connect to TCP port 587
+(submission) or 465 (smtps), and that remote MTAs connect to TCP port 25
+(smtp).
+
+First, we define a few "user-defined" parameters that will override settings
+for the submission and smtps services.
+
+    /etc/postfix/main.cf:
+        mua_cleanup_service_name = mua_cleanup
+        mua_header_checks = pcre:/etc/postfix/mua_header_checks
+        mua_body_checks = pcre:/etc/postfix/mua_body_checks
+
+Next, we define mua_cleanup as a dedicated cleanup service that will be used
+only by the submission and smtps services. This service uses the header_checks
+and body_checks overrides that were defined above.
+
+    /etc/postfix.master.cf:
+        # =================================================================
+        # service     type  private unpriv  chroot  wakeup  maxproc command
+        #                   (yes)   (yes)   (yes)   (never) (100)
+        # =================================================================
+        smtp          inet  n       -       n       -       -       smtpd
+        mua_cleanup   unix  n       -       n       -       0       cleanup
+            -o header_checks=$mua_header_checks
+            -o body_checks=$mua_body_checks
+        submission    inet  n       -       n       -       -       smtpd
+            -o cleanup_service_name=$mua_cleanup_service_name
+            -o syslog_name=postfix/submission
+            ...[see sample master.cf file for more]...
+        smtps         inet  n       -       n       -       -       smtpd
+            -o cleanup_service_name=$mua_cleanup_service_name
+            -o syslog_name=postfix/smtps
+            -o smtpd_tls_wrappermode=yes
+            ...[see sample master.cf file for more]...
+
+By keeping the "mua_xxx" parameter settings in main.cf, you keep your master.cf
+file simple, and you minimize the amount of duplication.
+
 CCoonnffiigguurriinngg hheeaaddeerr//bbooddyy cchheecckkss ffoorr mmaaiill ttoo ssoommee ddoommaaiinnss oonnllyy
 
 The following information applies to Postfix 2.1. Earlier Postfix versions do

postfix/WISHLIST

@@ -10,6 +10,8 @@ Wish list:
 
 	Update smtputf8_enable in postconf(5)
 
+	Clobber ORCPT when sender is owner-mumble?
+
 	Add milter_mumble_macros to the list of per-macro features.
 
 	The pickup daemon logs warnings only when the cleanup daemon
@@ -36,11 +38,6 @@ Wish list:
 	lookups for the invidual addresses, converting back and
 	forth between external and internal forms.
 
-	Include <3htPpS5B6bzbcpM@spike.porcupine.org> example with
-	filter policies for different mail streams. Correction:
-	filter should be content_filter. Posted Wed, 10 Sep 2014
-	09:53:52 -0400 (EDT).
-
 	Clarify that receive_override_options have no effect with
 	smtpd_proxy_filter.
 
@@ -51,17 +48,14 @@ Wish list:
 	comparison specifically for UTF-8. Use libicu functions
 	instead.
 
-	The postfix-mumble@postfix.org list manager sends list mail
-	with ORCPT=rfc822;postfix-mumble-outgoing.  The local
-	delivery agent drops the ORCPT when the alias has an
-	owner-alias, so what is going on here?
-
 	When downgrading message/global to 7bit, is quoted-printable
 	the appropriate encoding? Should it be base64?
 
 	Should we encode headers with RFC 2047, when that is the
 	only reason that Postfix cannot deliver to a non-UTF8SMTP
-	server?
+	server? Probably not in the general case. What about 
+	Postfix as a gateway server that converts UTF8SMTP
+	for delivery to non-UTF8SMTP environments?
 
 	Document and test restriction_classes example for 
 	smtpd_policy_service_default_action.
@@ -333,14 +327,6 @@ Wish list:
 	whitelisting database before the primary MX connection is
 	closed, because a client may still make a mistake.
 
-	Simplify postscreen logic. Individual "fail" flags help to
-	avoid repeated testing/logging the same mistake.  Individual
-	"pass" flags provide evidence that the client didn't skip
-	tests by hanging up early. The current global "noforward"
-	flag implements the wrong model: instead we need an indicator
-	that a client has passed all tests or that all mistakes
-	were forgiven.
-
 	In the SMTP server, check if the connection is closed before
 	replying to ".", and discard the message if the reply can't
 	be sent. This reduces the time window for RFC 1047 message

postfix/html/BUILTIN_FILTER_README.html

@@ -126,6 +126,8 @@ same message repeatedly. </p>
 
 <li><a href="#remote_only">Configuring header/body checks for mail from outside users only</a>
 
+<li><a href="#mx_submission">Configuring different header/body checks for MX service and submission service</a>
+
 <li><a href="#domain_except">Configuring header/body checks for mail to some domains only</a>
 
 </ul>
@@ -209,7 +211,9 @@ header/body checks are requested by the source.  Examples of how
 to turn off header/body checks for mail received with <a href="smtpd.8.html">smtpd(8)</a>,
 <a href="qmqpd.8.html">qmqpd(8)</a> or <a href="pickup.8.html">pickup(8)</a> are given below under "<a
 href="#remote_only">Configuring header/body checks for mail from
-outside users only</a>" and "<a href="#domain_except">Configuring
+outside users only</a>", "<a href="#mx_submission">Configuring
+different header/body checks for MX service and submission
+service</a>", and "<a href="#domain_except">Configuring
 header/body checks for mail to some domains only</a>".  </p>
 
 <h2><a name="limitations">Limitations of Postfix header/body checks </a></h2>
@@ -393,6 +397,61 @@ header/body filtering turned on via <a href="postconf.5.html">main.cf</a>. </p>
 
 </ul>
 
+<h2><a name="mx_submission">Configuring different header/body checks for MX service and submission service</a></h2>
+
+<p> If authorized user submissions require different header/body
+checks than mail from remote MTAs, then this is possible as long
+as you have separate mail streams for authorized users and for MX
+service. </p>
+
+<p> The example below assumes that authorized users connect to TCP
+port 587 (submission) or 465 (smtps), and that remote MTAs connect
+to TCP port 25 (smtp). </p>
+
+<p> First, we define a few "user-defined" parameters that will
+override settings for the submission and smtps services. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+    mua_cleanup_service_name = mua_cleanup
+    mua_header_checks = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mua_header_checks
+    mua_body_checks = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mua_body_checks
+</pre>
+</blockquote>
+
+<p> Next, we define mua_cleanup as a dedicated cleanup service that
+will be used only by the submission and smtps services.  This service
+uses the <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> overrides that were defined
+above. </p>
+
+<blockquote>
+<pre>
+/etc/postfix.<a href="master.5.html">master.cf</a>:
+    # =================================================================
+    # service     type  private unpriv  chroot  wakeup  maxproc command
+    #                   (yes)   (yes)   (yes)   (never) (100)
+    # =================================================================
+    smtp          inet  n       -       n       -       -       smtpd
+    mua_cleanup   unix  n       -       n       -       0       cleanup
+        -o <a href="postconf.5.html#header_checks">header_checks</a>=$mua_header_checks
+        -o <a href="postconf.5.html#body_checks">body_checks</a>=$mua_body_checks
+    submission    inet  n       -       n       -       -       smtpd
+        -o <a href="postconf.5.html#cleanup_service_name">cleanup_service_name</a>=$mua_cleanup_service_name
+        -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/submission
+        <i>...[see sample <a href="master.5.html">master.cf</a> file for more]...</i>
+    smtps         inet  n       -       n       -       -       smtpd
+        -o <a href="postconf.5.html#cleanup_service_name">cleanup_service_name</a>=$mua_cleanup_service_name
+        -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/smtps
+        -o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes
+        <i>...[see sample <a href="master.5.html">master.cf</a> file for more]...</i>
+</pre>
+</blockquote>
+
+<p> By keeping the "mua_xxx" parameter settings in <a href="postconf.5.html">main.cf</a>, you
+keep your <a href="master.5.html">master.cf</a> file simple, and you minimize the amount
+of duplication. </p>
+
 <h2><a name="domain_except">Configuring header/body checks for mail to some domains only</a></h2>
 
 <p> The following information applies to Postfix 2.1. Earlier

postfix/html/postconf.5.html

@@ -17486,13 +17486,13 @@ gives timeout errors.  </p>
 </DD>
 
 <DT><b><a name="tls_session_ticket_cipher">tls_session_ticket_cipher</a>
-(default: aes-128-cbc)</b></DT><DD>
+(default: Postfix &ge; 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)</b></DT><DD>
 
 <p> Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.  This
-algorithm must use CBC mode, have a 128-bit initialization vector
-(IV), and must have a key length between 128 and 256 bits.  The
-default is aes-128-cbc.  Sensible alternatives include aes-192-cbc
-and aes-256-cbc.  </p>
+algorithm must use CBC mode, have a 128-bit block size, and must
+have a key length between 128 and 256 bits.  The default is
+aes-256-cbc.  Overriding the default to choose a different algorithm
+is discouraged.  </p>
 
 <p> Setting this parameter empty disables session ticket support
 in the Postfix SMTP server.  Another way to disable session ticket

postfix/html/smtp-sink.1.html

@@ -116,6 +116,8 @@ SMTP-SINK(1)                                                      SMTP-SINK(1)
        <b>-n</b> <i>count</i>
               Terminate after <i>count</i> sessions.
 
+       <b>-N</b>     Do not announce support for DSN.
+
        <b>-p</b>     Do not announce support for ESMTP command pipelining.
 
        <b>-P</b>     Change the server greeting so that it appears to come through  a

postfix/html/smtpd.8.html

@@ -541,7 +541,8 @@ SMTPD(8)                                                              SMTPD(8)
 
        Available in Postfix version 2.12 and later:
 
-       <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (aes-128-cbc)</b>
+       <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> &amp;<b>ge; 2.12: aes-256-cbc, postfix</b>  &amp;<b>lt</b>
+       <b>2.12: aes-128-cbc)</b>
               Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
 
 <b>OBSOLETE STARTTLS CONTROLS</b>

postfix/man/man1/smtp-sink.1

@@ -112,6 +112,8 @@ connections will stay queued in the TCP/IP stack.
 Terminate after receiving \fIcount\fR messages.
 .IP "\fB-n \fIcount\fR"
 Terminate after \fIcount\fR sessions.
+.IP \fB-N\fR
+Do not announce support for DSN.
 .IP \fB-p\fR
 Do not announce support for ESMTP command pipelining.
 .IP \fB-P\fR

postfix/man/man5/postconf.5

@@ -12024,12 +12024,12 @@ Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
 gives timeout errors.
 .PP
 This feature is available in Postfix 2.2 and later.
-.SH tls_session_ticket_cipher (default: aes-128-cbc)
+.SH tls_session_ticket_cipher (default: Postfix >= 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)
 Algorithm used to encrypt RFC5077 TLS session tickets.  This
-algorithm must use CBC mode, have a 128-bit initialization vector
-(IV), and must have a key length between 128 and 256 bits.  The
-default is aes-128-cbc.  Sensible alternatives include aes-192-cbc
-and aes-256-cbc.
+algorithm must use CBC mode, have a 128-bit block size, and must
+have a key length between 128 and 256 bits.  The default is
+aes-256-cbc.  Overriding the default to choose a different algorithm
+is discouraged.
 .PP
 Setting this parameter empty disables session ticket support
 in the Postfix SMTP server.  Another way to disable session ticket

postfix/man/man8/smtpd.8

@@ -489,7 +489,7 @@ Available in Postfix version 2.11 and later:
 The name of the \fBtlsmgr\fR(8) service entry in master.cf.
 .PP
 Available in Postfix version 2.12 and later:
-.IP "\fBtls_session_ticket_cipher (aes-128-cbc)\fR"
+.IP "\fBtls_session_ticket_cipher (Postfix ≥ 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)\fR"
 Algorithm used to encrypt RFC5077 TLS session tickets.
 .SH "OBSOLETE STARTTLS CONTROLS"
 .na

postfix/proto/BUILTIN_FILTER_README.html

@@ -126,6 +126,8 @@ same message repeatedly. </p>
 
 <li><a href="#remote_only">Configuring header/body checks for mail from outside users only</a>
 
+<li><a href="#mx_submission">Configuring different header/body checks for MX service and submission service</a>
+
 <li><a href="#domain_except">Configuring header/body checks for mail to some domains only</a>
 
 </ul>
@@ -209,7 +211,9 @@ header/body checks are requested by the source.  Examples of how
 to turn off header/body checks for mail received with smtpd(8),
 qmqpd(8) or pickup(8) are given below under "<a
 href="#remote_only">Configuring header/body checks for mail from
-outside users only</a>" and "<a href="#domain_except">Configuring
+outside users only</a>", "<a href="#mx_submission">Configuring
+different header/body checks for MX service and submission
+service</a>", and "<a href="#domain_except">Configuring
 header/body checks for mail to some domains only</a>".  </p>
 
 <h2><a name="limitations">Limitations of Postfix header/body checks </a></h2>
@@ -393,6 +397,61 @@ header/body filtering turned on via main.cf. </p>
 
 </ul>
 
+<h2><a name="mx_submission">Configuring different header/body checks for MX service and submission service</a></h2>
+
+<p> If authorized user submissions require different header/body
+checks than mail from remote MTAs, then this is possible as long
+as you have separate mail streams for authorized users and for MX
+service. </p>
+
+<p> The example below assumes that authorized users connect to TCP
+port 587 (submission) or 465 (smtps), and that remote MTAs connect
+to TCP port 25 (smtp). </p>
+
+<p> First, we define a few "user-defined" parameters that will
+override settings for the submission and smtps services. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+    mua_cleanup_service_name = mua_cleanup
+    mua_header_checks = pcre:/etc/postfix/mua_header_checks
+    mua_body_checks = pcre:/etc/postfix/mua_body_checks
+</pre>
+</blockquote>
+
+<p> Next, we define mua_cleanup as a dedicated cleanup service that
+will be used only by the submission and smtps services.  This service
+uses the header_checks and body_checks overrides that were defined
+above. </p>
+
+<blockquote>
+<pre>
+/etc/postfix.master.cf:
+    # =================================================================
+    # service     type  private unpriv  chroot  wakeup  maxproc command
+    #                   (yes)   (yes)   (yes)   (never) (100)
+    # =================================================================
+    smtp          inet  n       -       n       -       -       smtpd
+    mua_cleanup   unix  n       -       n       -       0       cleanup
+        -o header_checks=$mua_header_checks
+        -o body_checks=$mua_body_checks
+    submission    inet  n       -       n       -       -       smtpd
+        -o cleanup_service_name=$mua_cleanup_service_name
+        -o syslog_name=postfix/submission
+        <i>...[see sample master.cf file for more]...</i>
+    smtps         inet  n       -       n       -       -       smtpd
+        -o cleanup_service_name=$mua_cleanup_service_name
+        -o syslog_name=postfix/smtps
+        -o smtpd_tls_wrappermode=yes
+        <i>...[see sample master.cf file for more]...</i>
+</pre>
+</blockquote>
+
+<p> By keeping the "mua_xxx" parameter settings in main.cf, you
+keep your master.cf file simple, and you minimize the amount
+of duplication. </p>
+
 <h2><a name="domain_except">Configuring header/body checks for mail to some domains only</a></h2>
 
 <p> The following information applies to Postfix 2.1. Earlier

postfix/proto/postconf.proto

@@ -15899,13 +15899,13 @@ anchor assertion) TLSA records. </p>
 
 <p> This feature is available in Postfix 2.11 and later. </p>
 
-%PARAM tls_session_ticket_cipher aes-128-cbc
+%PARAM tls_session_ticket_cipher Postfix &ge; 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc
 
 <p> Algorithm used to encrypt RFC5077 TLS session tickets.  This
-algorithm must use CBC mode, have a 128-bit initialization vector
-(IV), and must have a key length between 128 and 256 bits.  The
-default is aes-128-cbc.  Sensible alternatives include aes-192-cbc
-and aes-256-cbc.  </p>
+algorithm must use CBC mode, have a 128-bit block size, and must
+have a key length between 128 and 256 bits.  The default is
+aes-256-cbc.  Overriding the default to choose a different algorithm
+is discouraged.  </p>
 
 <p> Setting this parameter empty disables session ticket support
 in the Postfix SMTP server.  Another way to disable session ticket

postfix/src/cleanup/cleanup_addr.c

@@ -204,6 +204,11 @@ void    cleanup_addr_recipient(CLEANUP_STATE *state, const char *buf)
 	if (state->flags & CLEANUP_FLAG_AUTOUTF8)
 	    state->smtputf8 |= SMTPUTF8_FLAG_REQUESTED;
     }
+    /* Fix 20141024: Don't fake up a "bare" DSN original rcpt in smtp(8). */
+    if (state->dsn_orcpt == 0 && *STR(clean_addr) != 0)
+	state->dsn_orcpt = concatenate((!allascii(STR(clean_addr))
+			   && (state->smtputf8 & SMTPUTF8_FLAG_REQUESTED)) ?
+		      "utf-8" : "rfc822", ";", STR(clean_addr), (char *) 0);
     cleanup_out_recipient(state, state->dsn_orcpt, state->dsn_notify,
 			  state->orig_rcpt, STR(clean_addr));
     if (state->recip)				/* This can happen */

postfix/src/global/mail_params.h

@@ -2329,7 +2329,12 @@ extern int var_local_rcpt_code;
 				" $" VAR_RCPT_BCC_MAPS \
 				" $" VAR_SMTP_GENERIC_MAPS \
 				" $" VAR_LMTP_GENERIC_MAPS \
-				" $" VAR_ALIAS_MAPS
+				" $" VAR_ALIAS_MAPS \
+				" $" VAR_CLIENT_CHECKS \
+				" $" VAR_HELO_CHECKS \
+				" $" VAR_MAIL_CHECKS \
+				" $" VAR_RELAY_CHECKS \
+				" $" VAR_RCPT_CHECKS
 extern char *var_proxy_read_maps;
 
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"

postfix/src/global/mail_version.h

@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20141020"
+#define MAIL_RELEASE_DATE	"20141106"
 #define MAIL_VERSION_NUMBER	"2.12"
 
 #ifdef SNAPSHOT

postfix/src/smtp/smtp_tls_policy.c

@@ -518,9 +518,11 @@ static void *policy_create(const char *unused_key, void *context)
     switch (site_level) {
     default:
 	tls->level = site_level;
+	/* FALLTHROUGH */
     case TLS_LEV_NOTFOUND:
 	break;
     case TLS_LEV_INVALID:
+	tls->level = site_level;
 	return ((void *) tls);
     }
 

postfix/src/smtpd/smtpd.c

@@ -455,7 +455,7 @@
 /*	The name of the \fBtlsmgr\fR(8) service entry in master.cf.
 /* .PP
 /*	Available in Postfix version 2.12 and later:
-/* .IP "\fBtls_session_ticket_cipher (aes-128-cbc)\fR"
+/* .IP "\fBtls_session_ticket_cipher (Postfix ≥ 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)\fR"
 /*	Algorithm used to encrypt RFC5077 TLS session tickets.
 /* OBSOLETE STARTTLS CONTROLS
 /* .ad
@@ -4614,6 +4614,22 @@ static void tls_reset(SMTPD_STATE *state)
 
 #endif
 
+/* unimpl_cmd - dummy for functionality that is not compiled in */
+
+static int unimpl_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
+{
+
+    /*
+     * When a connection is closed we want to log the request counts for
+     * unimplemented STARTTLS or AUTH commands separately, instead of logging
+     * those commands as "unknown". By handling unimplemented commands with
+     * this dummy function, we avoid messing up the command processing loop.
+     */
+    state->error_mask |= MAIL_ERROR_PROTOCOL;
+    smtpd_chat_reply(state, "502 5.5.1 Error: command not implemented");
+    return (-1);
+}
+
  /*
   * The table of all SMTP commands that we know. Set the junk limit flag on
   * any command that can be repeated an arbitrary number of times without
@@ -4638,9 +4654,13 @@ static SMTPD_CMD smtpd_cmd_table[] = {
     {SMTPD_CMD_XFORWARD, xforward_cmd,},
 #ifdef USE_TLS
     {SMTPD_CMD_STARTTLS, starttls_cmd, SMTPD_CMD_FLAG_PRE_TLS,},
+#else
+    {SMTPD_CMD_STARTTLS, unimpl_cmd, SMTPD_CMD_FLAG_PRE_TLS,},
 #endif
 #ifdef USE_SASL_AUTH
     {SMTPD_CMD_AUTH, smtpd_sasl_auth_cmd,},
+#else
+    {SMTPD_CMD_AUTH, unimpl_cmd,},
 #endif
     {SMTPD_CMD_MAIL, mail_cmd,},
     {SMTPD_CMD_RCPT, rcpt_cmd,},

postfix/src/smtpstone/smtp-sink.c

@@ -106,6 +106,8 @@
 /*	Terminate after receiving \fIcount\fR messages.
 /* .IP "\fB-n \fIcount\fR"
 /*	Terminate after \fIcount\fR sessions.
+/* .IP \fB-N\fR
+/*	Do not announce support for DSN.
 /* .IP \fB-p\fR
 /*	Do not announce support for ESMTP command pipelining.
 /* .IP \fB-P\fR
@@ -369,6 +371,7 @@ static int disable_saslauth;
 static int disable_xclient;
 static int disable_xforward;
 static int disable_enh_status;
+static int disable_dsn;
 static int max_client_count = DEF_MAX_CLIENT_COUNT;
 static int client_count;
 static int sock;
@@ -628,6 +631,8 @@ static void ehlo_response(SINK_STATE *state, const char *args)
 	smtp_printf(state->stream, "250-XFORWARD NAME ADDR PROTO HELO");
     if (!disable_enh_status)
 	smtp_printf(state->stream, "250-ENHANCEDSTATUSCODES");
+    if (!disable_dsn)
+	smtp_printf(state->stream, "250-DSN");
     /* RFC 821/2821/5321: Format is replycode<SPACE>optional-text<CRLF> */
     smtp_printf(state->stream, "250 ");
     SMTP_FLUSH(state->stream);
@@ -1422,7 +1427,7 @@ int     main(int argc, char **argv)
     /*
      * Parse JCL.
      */
-    while ((ch = GETOPT(argc, argv, "468aA:b:B:cCd:D:eEf:Fh:Ln:m:M:pPq:Q:r:R:s:S:t:T:u:vw:W:")) > 0) {
+    while ((ch = GETOPT(argc, argv, "468aA:b:B:cCd:D:eEf:Fh:Ln:m:M:NpPq:Q:r:R:s:S:t:T:u:vw:W:")) > 0) {
 	switch (ch) {
 	case '4':
 	    protocols = INET_PROTO_NAME_IPV4;
@@ -1499,6 +1504,9 @@ int     main(int argc, char **argv)
 	    if ((max_quit_count = atoi(optarg)) <= 0)
 		msg_fatal("bad quit count: %s", optarg);
 	    break;
+	case 'N':
+	    disable_dsn = 1;
+	    break;
 	case 'p':
 	    disable_pipelining = 1;
 	    break;

postfix/src/tlsproxy/tlsproxy.c

@@ -192,6 +192,7 @@
   * System library.
   */
 #include <sys_defs.h>
+#include <errno.h>
 
  /*
   * Utility library.
@@ -732,6 +733,8 @@ static void tlsp_get_fd_event(int event, char *context)
     event_disable_readwrite(plaintext_fd);
     if (event != EVENT_TIME)
 	event_cancel_timer(tlsp_get_fd_event, (char *) state);
+    else
+	errno = ETIMEDOUT;
 
     /*
      * Initialize plaintext-related session state.  Once we have this behind
@@ -796,6 +799,8 @@ static void tlsp_get_request_event(int event, char *context)
      */
     if (event != EVENT_TIME)
 	event_cancel_timer(tlsp_get_request_event, (char *) state);
+    else
+	errno = ETIMEDOUT;
 
     /*
      * We must send some data, after receiving the request attributes and