postfix-2.12-20141106

2025-08-30 13:48:06 +00:00 · 2014-10-25 14:17:24 -04:00
parent 291b3d6190
commit ffe80bd403
19 changed files with 285 additions and 44 deletions
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -20696,3 +20696,43 @@ Apologies for any names omitted.
 	Cleanup: the last remaining remnants of the withdrawn
 	smtp_tls_fallback_level feature. Files: mantools/postlink,
 	global/mail_params.h.
 20141021
 	Per IETF TLS WG consensus, the tls_session_ticket_cipher
 	default setting was changed from aes-128-cbc to aes-256-cbc.
 	Take that, you quantum computer attackers! Viktor Dukhovni.
 	Files: proto/postconf.proto, global/mail_params.h.
 20141024
 	Cleanup: added $smtpd_mumble_restrictions to the proxy_read_maps
 	default setting. File: global/mail_params.h.
 	Documentation: different header/body checks for MX service
 	and SMTP submissions. File: proto/BUILTIN_FILTER_README.html.
 	Cleanup: don't send "bare" original recipient in SMTP DSN
 	attributes. File: cleanup/cleanup_addr.c.
 	Feature: smtp-sink -N option to suppress DSN announcement.
 	File: smtpstone/smtp-sink.c.
 20141025
 	Bugfix (introduced: Postfix 2,11): core dump when
 	smtp_policy_maps specifies an invalid TLS level. Viktor
 	Dukhovni. File: smtp/smtp_tls_policy.c.
 20141103
 	Logging: when a connection is closed, log the request counts
 	for unimplemented STARTTLS or AUTH commands separately,
 	instead of logging such commands as "unknown". File:
 	smtpd/smtpd.c.
 20141106
 	Cleanup: set errno to ETIMEDOUT after postscreen handshake
 	timeout event, so that warnings report the correct error.
 	File: tlsproxy/tlsproxy.c.
--- a/postfix/README_FILES/BUILTIN_FILTER_README
+++ b/postfix/README_FILES/BUILTIN_FILTER_README
@@ -52,6 +52,8 @@ Topics covered by this document:
  * Limitations of Postfix header/body checks
  * Preventing daily mail status reports from being blocked
  * Configuring header/body checks for mail from outside users only
  * Configuring different header/body checks for MX service and submission
    service
  * Configuring header/body checks for mail to some domains only
 WWhhaatt mmaaiill iiss ssuubbjjeecctteedd ttoo hheeaaddeerr//bbooddyy cchheecckkss
@@ -105,8 +107,9 @@ make the decision in the cleanup(8) server, as this program receives mail from
 so many different sources. Instead, header/body checks are requested by the
 source. Examples of how to turn off header/body checks for mail received with
 smtpd(8), qmqpd(8) or pickup(8) are given below under "Configuring header/body
-checks for mail from outside users only" and "Configuring header/body checks
+checks for mail from outside users only", "Configuring different header/body
-for mail to some domains only".
+checks for MX service and submission service", and "Configuring header/body
 checks for mail to some domains only".
 LLiimmiittaattiioonnss ooff PPoossttffiixx hheeaaddeerr//bbooddyy cchheecckkss
@@ -248,6 +251,50 @@ server IP addresses in master.cf:
        # =================================================================
        1.2.3.5:smtp  inet  n       -       n       -       -       smtpd
 CCoonnffiigguurriinngg ddiiffffeerreenntt hheeaaddeerr//bbooddyy cchheecckkss ffoorr MMXX sseerrvviiccee aanndd ssuubbmmiissssiioonn sseerrvviiccee
 If authorized user submissions require different header/body checks than mail
 from remote MTAs, then this is possible as long as you have separate mail
 streams for authorized users and for MX service.
 The example below assumes that authorized users connect to TCP port 587
 (submission) or 465 (smtps), and that remote MTAs connect to TCP port 25
 (smtp).
 First, we define a few "user-defined" parameters that will override settings
 for the submission and smtps services.
    /etc/postfix/main.cf:
        mua_cleanup_service_name = mua_cleanup
        mua_header_checks = pcre:/etc/postfix/mua_header_checks
        mua_body_checks = pcre:/etc/postfix/mua_body_checks
 Next, we define mua_cleanup as a dedicated cleanup service that will be used
 only by the submission and smtps services. This service uses the header_checks
 and body_checks overrides that were defined above.
    /etc/postfix.master.cf:
        # =================================================================
        # service     type  private unpriv  chroot  wakeup  maxproc command
        #                   (yes)   (yes)   (yes)   (never) (100)
        # =================================================================
        smtp          inet  n       -       n       -       -       smtpd
        mua_cleanup   unix  n       -       n       -       0       cleanup
            -o header_checks=$mua_header_checks
            -o body_checks=$mua_body_checks
        submission    inet  n       -       n       -       -       smtpd
            -o cleanup_service_name=$mua_cleanup_service_name
            -o syslog_name=postfix/submission
            ...[see sample master.cf file for more]...
        smtps         inet  n       -       n       -       -       smtpd
            -o cleanup_service_name=$mua_cleanup_service_name
            -o syslog_name=postfix/smtps
            -o smtpd_tls_wrappermode=yes
            ...[see sample master.cf file for more]...
 By keeping the "mua_xxx" parameter settings in main.cf, you keep your master.cf
 file simple, and you minimize the amount of duplication.
 CCoonnffiigguurriinngg hheeaaddeerr//bbooddyy cchheecckkss ffoorr mmaaiill ttoo ssoommee ddoommaaiinnss oonnllyy
 The following information applies to Postfix 2.1. Earlier Postfix versions do
--- a/postfix/WISHLIST
+++ b/postfix/WISHLIST
@@ -10,6 +10,8 @@ Wish list:
 	Update smtputf8_enable in postconf(5)
 	Clobber ORCPT when sender is owner-mumble?
 	Add milter_mumble_macros to the list of per-macro features.
 	The pickup daemon logs warnings only when the cleanup daemon
@@ -36,11 +38,6 @@ Wish list:
 	lookups for the invidual addresses, converting back and
 	forth between external and internal forms.
 	Include <3htPpS5B6bzbcpM@spike.porcupine.org> example with
 	filter policies for different mail streams. Correction:
 	filter should be content_filter. Posted Wed, 10 Sep 2014
 	09:53:52 -0400 (EDT).
 	Clarify that receive_override_options have no effect with
 	smtpd_proxy_filter.
@@ -51,17 +48,14 @@ Wish list:
 	comparison specifically for UTF-8. Use libicu functions
 	instead.
 	The postfix-mumble@postfix.org list manager sends list mail
 	with ORCPT=rfc822;postfix-mumble-outgoing.  The local
 	delivery agent drops the ORCPT when the alias has an
 	owner-alias, so what is going on here?
 	When downgrading message/global to 7bit, is quoted-printable
 	the appropriate encoding? Should it be base64?
 	Should we encode headers with RFC 2047, when that is the
 	only reason that Postfix cannot deliver to a non-UTF8SMTP
-	server?
+	server? Probably not in the general case. What about 
 	Postfix as a gateway server that converts UTF8SMTP
 	for delivery to non-UTF8SMTP environments?
 	Document and test restriction_classes example for 
 	smtpd_policy_service_default_action.
@@ -333,14 +327,6 @@ Wish list:
 	whitelisting database before the primary MX connection is
 	closed, because a client may still make a mistake.
 	Simplify postscreen logic. Individual "fail" flags help to
 	avoid repeated testing/logging the same mistake.  Individual
 	"pass" flags provide evidence that the client didn't skip
 	tests by hanging up early. The current global "noforward"
 	flag implements the wrong model: instead we need an indicator
 	that a client has passed all tests or that all mistakes
 	were forgiven.
 	In the SMTP server, check if the connection is closed before
 	replying to ".", and discard the message if the reply can't
 	be sent. This reduces the time window for RFC 1047 message
--- a/postfix/html/BUILTIN_FILTER_README.html
+++ b/postfix/html/BUILTIN_FILTER_README.html
@@ -126,6 +126,8 @@ same message repeatedly. </p>
 <li><a href="#remote_only">Configuring header/body checks for mail from outside users only</a>
 <li><a href="#mx_submission">Configuring different header/body checks for MX service and submission service</a>
 <li><a href="#domain_except">Configuring header/body checks for mail to some domains only</a>
 </ul>
@@ -209,7 +211,9 @@ header/body checks are requested by the source.  Examples of how
 to turn off header/body checks for mail received with <a href="smtpd.8.html">smtpd(8)</a>,
 <a href="qmqpd.8.html">qmqpd(8)</a> or <a href="pickup.8.html">pickup(8)</a> are given below under "<a
 href="#remote_only">Configuring header/body checks for mail from
-outside users only</a>" and "<a href="#domain_except">Configuring
+outside users only</a>", "<a href="#mx_submission">Configuring
 different header/body checks for MX service and submission
 service</a>", and "<a href="#domain_except">Configuring
 header/body checks for mail to some domains only</a>".  </p>
 <h2><a name="limitations">Limitations of Postfix header/body checks </a></h2>
@@ -393,6 +397,61 @@ header/body filtering turned on via <a href="postconf.5.html">main.cf</a>. </p>
 </ul>
 <h2><a name="mx_submission">Configuring different header/body checks for MX service and submission service</a></h2>
 <p> If authorized user submissions require different header/body
 checks than mail from remote MTAs, then this is possible as long
 as you have separate mail streams for authorized users and for MX
 service. </p>
 <p> The example below assumes that authorized users connect to TCP
 port 587 (submission) or 465 (smtps), and that remote MTAs connect
 to TCP port 25 (smtp). </p>
 <p> First, we define a few "user-defined" parameters that will
 override settings for the submission and smtps services. </p>
 <blockquote>
 <pre>
 /etc/postfix/<a href="postconf.5.html">main.cf</a>:
    mua_cleanup_service_name = mua_cleanup
    mua_header_checks = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mua_header_checks
    mua_body_checks = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/mua_body_checks
 </pre>
 </blockquote>
 <p> Next, we define mua_cleanup as a dedicated cleanup service that
 will be used only by the submission and smtps services.  This service
 uses the <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a> overrides that were defined
 above. </p>
 <blockquote>
 <pre>
 /etc/postfix.<a href="master.5.html">master.cf</a>:
    # =================================================================
    # service     type  private unpriv  chroot  wakeup  maxproc command
    #                   (yes)   (yes)   (yes)   (never) (100)
    # =================================================================
    smtp          inet  n       -       n       -       -       smtpd
    mua_cleanup   unix  n       -       n       -       0       cleanup
        -o <a href="postconf.5.html#header_checks">header_checks</a>=$mua_header_checks
        -o <a href="postconf.5.html#body_checks">body_checks</a>=$mua_body_checks
    submission    inet  n       -       n       -       -       smtpd
        -o <a href="postconf.5.html#cleanup_service_name">cleanup_service_name</a>=$mua_cleanup_service_name
        -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/submission
        <i>...[see sample <a href="master.5.html">master.cf</a> file for more]...</i>
    smtps         inet  n       -       n       -       -       smtpd
        -o <a href="postconf.5.html#cleanup_service_name">cleanup_service_name</a>=$mua_cleanup_service_name
        -o <a href="postconf.5.html#syslog_name">syslog_name</a>=postfix/smtps
        -o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>=yes
        <i>...[see sample <a href="master.5.html">master.cf</a> file for more]...</i>
 </pre>
 </blockquote>
 <p> By keeping the "mua_xxx" parameter settings in <a href="postconf.5.html">main.cf</a>, you
 keep your <a href="master.5.html">master.cf</a> file simple, and you minimize the amount
 of duplication. </p>
 <h2><a name="domain_except">Configuring header/body checks for mail to some domains only</a></h2>
 <p> The following information applies to Postfix 2.1. Earlier
--- a/postfix/html/postconf.5.html
+++ b/postfix/html/postconf.5.html
@@ -17486,13 +17486,13 @@ gives timeout errors.  </p>
 </DD>
 <DT><b><a name="tls_session_ticket_cipher">tls_session_ticket_cipher</a>
-(default: aes-128-cbc)</b></DT><DD>
+(default: Postfix &ge; 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)</b></DT><DD>
 <p> Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.  This
-algorithm must use CBC mode, have a 128-bit initialization vector
+algorithm must use CBC mode, have a 128-bit block size, and must
-(IV), and must have a key length between 128 and 256 bits.  The
+have a key length between 128 and 256 bits.  The default is
-default is aes-128-cbc.  Sensible alternatives include aes-192-cbc
+aes-256-cbc.  Overriding the default to choose a different algorithm
-and aes-256-cbc.  </p>
+is discouraged.  </p>
 <p> Setting this parameter empty disables session ticket support
 in the Postfix SMTP server.  Another way to disable session ticket
--- a/postfix/html/smtp-sink.1.html
+++ b/postfix/html/smtp-sink.1.html
@@ -116,6 +116,8 @@ SMTP-SINK(1)                                                      SMTP-SINK(1)
       <b>-n</b> <i>count</i>
              Terminate after <i>count</i> sessions.
       <b>-N</b>     Do not announce support for DSN.
       <b>-p</b>     Do not announce support for ESMTP command pipelining.
       <b>-P</b>     Change the server greeting so that it appears to come through  a
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -541,7 +541,8 @@ SMTPD(8)                                                              SMTPD(8)
       Available in Postfix version 2.12 and later:
-       <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (aes-128-cbc)</b>
+       <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> &amp;<b>ge; 2.12: aes-256-cbc, postfix</b>  &amp;<b>lt</b>
       <b>2.12: aes-128-cbc)</b>
              Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
 <b>OBSOLETE STARTTLS CONTROLS</b>
--- a/postfix/man/man1/smtp-sink.1
+++ b/postfix/man/man1/smtp-sink.1
@@ -112,6 +112,8 @@ connections will stay queued in the TCP/IP stack.
 Terminate after receiving \fIcount\fR messages.
 .IP "\fB-n \fIcount\fR"
 Terminate after \fIcount\fR sessions.
 .IP \fB-N\fR
 Do not announce support for DSN.
 .IP \fB-p\fR
 Do not announce support for ESMTP command pipelining.
 .IP \fB-P\fR
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -12024,12 +12024,12 @@ Note: on OpenBSD systems specify /dev/arandom when /dev/urandom
 gives timeout errors.
 .PP
 This feature is available in Postfix 2.2 and later.
-.SH tls_session_ticket_cipher (default: aes-128-cbc)
+.SH tls_session_ticket_cipher (default: Postfix >= 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)
 Algorithm used to encrypt RFC5077 TLS session tickets.  This
-algorithm must use CBC mode, have a 128-bit initialization vector
+algorithm must use CBC mode, have a 128-bit block size, and must
-(IV), and must have a key length between 128 and 256 bits.  The
+have a key length between 128 and 256 bits.  The default is
-default is aes-128-cbc.  Sensible alternatives include aes-192-cbc
+aes-256-cbc.  Overriding the default to choose a different algorithm
-and aes-256-cbc.
+is discouraged.
 .PP
 Setting this parameter empty disables session ticket support
 in the Postfix SMTP server.  Another way to disable session ticket
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -489,7 +489,7 @@ Available in Postfix version 2.11 and later:
 The name of the \fBtlsmgr\fR(8) service entry in master.cf.
 .PP
 Available in Postfix version 2.12 and later:
-.IP "\fBtls_session_ticket_cipher (aes-128-cbc)\fR"
+.IP "\fBtls_session_ticket_cipher (Postfix &ge; 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)\fR"
 Algorithm used to encrypt RFC5077 TLS session tickets.
 .SH "OBSOLETE STARTTLS CONTROLS"
 .na
--- a/postfix/proto/BUILTIN_FILTER_README.html
+++ b/postfix/proto/BUILTIN_FILTER_README.html
@@ -126,6 +126,8 @@ same message repeatedly. </p>
 <li><a href="#remote_only">Configuring header/body checks for mail from outside users only</a>
 <li><a href="#mx_submission">Configuring different header/body checks for MX service and submission service</a>
 <li><a href="#domain_except">Configuring header/body checks for mail to some domains only</a>
 </ul>
@@ -209,7 +211,9 @@ header/body checks are requested by the source.  Examples of how
 to turn off header/body checks for mail received with smtpd(8),
 qmqpd(8) or pickup(8) are given below under "<a
 href="#remote_only">Configuring header/body checks for mail from
-outside users only</a>" and "<a href="#domain_except">Configuring
+outside users only</a>", "<a href="#mx_submission">Configuring
 different header/body checks for MX service and submission
 service</a>", and "<a href="#domain_except">Configuring
 header/body checks for mail to some domains only</a>".  </p>
 <h2><a name="limitations">Limitations of Postfix header/body checks </a></h2>
@@ -393,6 +397,61 @@ header/body filtering turned on via main.cf. </p>
 </ul>
 <h2><a name="mx_submission">Configuring different header/body checks for MX service and submission service</a></h2>
 <p> If authorized user submissions require different header/body
 checks than mail from remote MTAs, then this is possible as long
 as you have separate mail streams for authorized users and for MX
 service. </p>
 <p> The example below assumes that authorized users connect to TCP
 port 587 (submission) or 465 (smtps), and that remote MTAs connect
 to TCP port 25 (smtp). </p>
 <p> First, we define a few "user-defined" parameters that will
 override settings for the submission and smtps services. </p>
 <blockquote>
 <pre>
 /etc/postfix/main.cf:
    mua_cleanup_service_name = mua_cleanup
    mua_header_checks = pcre:/etc/postfix/mua_header_checks
    mua_body_checks = pcre:/etc/postfix/mua_body_checks
 </pre>
 </blockquote>
 <p> Next, we define mua_cleanup as a dedicated cleanup service that
 will be used only by the submission and smtps services.  This service
 uses the header_checks and body_checks overrides that were defined
 above. </p>
 <blockquote>
 <pre>
 /etc/postfix.master.cf:
    # =================================================================
    # service     type  private unpriv  chroot  wakeup  maxproc command
    #                   (yes)   (yes)   (yes)   (never) (100)
    # =================================================================
    smtp          inet  n       -       n       -       -       smtpd
    mua_cleanup   unix  n       -       n       -       0       cleanup
        -o header_checks=$mua_header_checks
        -o body_checks=$mua_body_checks
    submission    inet  n       -       n       -       -       smtpd
        -o cleanup_service_name=$mua_cleanup_service_name
        -o syslog_name=postfix/submission
        <i>...[see sample master.cf file for more]...</i>
    smtps         inet  n       -       n       -       -       smtpd
        -o cleanup_service_name=$mua_cleanup_service_name
        -o syslog_name=postfix/smtps
        -o smtpd_tls_wrappermode=yes
        <i>...[see sample master.cf file for more]...</i>
 </pre>
 </blockquote>
 <p> By keeping the "mua_xxx" parameter settings in main.cf, you
 keep your master.cf file simple, and you minimize the amount
 of duplication. </p>
 <h2><a name="domain_except">Configuring header/body checks for mail to some domains only</a></h2>
 <p> The following information applies to Postfix 2.1. Earlier
--- a/postfix/proto/postconf.proto
+++ b/postfix/proto/postconf.proto
@@ -15899,13 +15899,13 @@ anchor assertion) TLSA records. </p>
 <p> This feature is available in Postfix 2.11 and later. </p>
-%PARAM tls_session_ticket_cipher aes-128-cbc
+%PARAM tls_session_ticket_cipher Postfix &ge; 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc
 <p> Algorithm used to encrypt RFC5077 TLS session tickets.  This
-algorithm must use CBC mode, have a 128-bit initialization vector
+algorithm must use CBC mode, have a 128-bit block size, and must
-(IV), and must have a key length between 128 and 256 bits.  The
+have a key length between 128 and 256 bits.  The default is
-default is aes-128-cbc.  Sensible alternatives include aes-192-cbc
+aes-256-cbc.  Overriding the default to choose a different algorithm
-and aes-256-cbc.  </p>
+is discouraged.  </p>
 <p> Setting this parameter empty disables session ticket support
 in the Postfix SMTP server.  Another way to disable session ticket
--- a/postfix/src/cleanup/cleanup_addr.c
+++ b/postfix/src/cleanup/cleanup_addr.c
@@ -204,6 +204,11 @@ void    cleanup_addr_recipient(CLEANUP_STATE *state, const char *buf)
 	if (state->flags & CLEANUP_FLAG_AUTOUTF8)
 	    state->smtputf8 |= SMTPUTF8_FLAG_REQUESTED;
    }
    /* Fix 20141024: Don't fake up a "bare" DSN original rcpt in smtp(8). */
    if (state->dsn_orcpt == 0 && *STR(clean_addr) != 0)
 	state->dsn_orcpt = concatenate((!allascii(STR(clean_addr))
 			   && (state->smtputf8 & SMTPUTF8_FLAG_REQUESTED)) ?
 		      "utf-8" : "rfc822", ";", STR(clean_addr), (char *) 0);
    cleanup_out_recipient(state, state->dsn_orcpt, state->dsn_notify,
 			  state->orig_rcpt, STR(clean_addr));
    if (state->recip)				/* This can happen */
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -2329,7 +2329,12 @@ extern int var_local_rcpt_code;
 				" $" VAR_RCPT_BCC_MAPS \
 				" $" VAR_SMTP_GENERIC_MAPS \
 				" $" VAR_LMTP_GENERIC_MAPS \
-				" $" VAR_ALIAS_MAPS
+				" $" VAR_ALIAS_MAPS \
 				" $" VAR_CLIENT_CHECKS \
 				" $" VAR_HELO_CHECKS \
 				" $" VAR_MAIL_CHECKS \
 				" $" VAR_RELAY_CHECKS \
 				" $" VAR_RCPT_CHECKS
 extern char *var_proxy_read_maps;
 #define VAR_PROXY_WRITE_MAPS	"proxy_write_maps"
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
  * Patches change both the patchlevel and the release date. Snapshots have no
  * patchlevel; they change the release date only.
  */
-#define MAIL_RELEASE_DATE	"20141020"
+#define MAIL_RELEASE_DATE	"20141106"
 #define MAIL_VERSION_NUMBER	"2.12"
 #ifdef SNAPSHOT
--- a/postfix/src/smtp/smtp_tls_policy.c
+++ b/postfix/src/smtp/smtp_tls_policy.c
@@ -518,9 +518,11 @@ static void *policy_create(const char *unused_key, void *context)
    switch (site_level) {
    default:
 	tls->level = site_level;
 	/* FALLTHROUGH */
    case TLS_LEV_NOTFOUND:
 	break;
    case TLS_LEV_INVALID:
 	tls->level = site_level;
 	return ((void *) tls);
    }
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -455,7 +455,7 @@
 /*	The name of the \fBtlsmgr\fR(8) service entry in master.cf.
 /* .PP
 /*	Available in Postfix version 2.12 and later:
-/* .IP "\fBtls_session_ticket_cipher (aes-128-cbc)\fR"
+/* .IP "\fBtls_session_ticket_cipher (Postfix &ge; 2.12: aes-256-cbc, postfix &lt 2.12: aes-128-cbc)\fR"
 /*	Algorithm used to encrypt RFC5077 TLS session tickets.
 /* OBSOLETE STARTTLS CONTROLS
 /* .ad
@@ -4614,6 +4614,22 @@ static void tls_reset(SMTPD_STATE *state)
 #endif
 /* unimpl_cmd - dummy for functionality that is not compiled in */
 static int unimpl_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *unused_argv)
 {
    /*
     * When a connection is closed we want to log the request counts for
     * unimplemented STARTTLS or AUTH commands separately, instead of logging
     * those commands as "unknown". By handling unimplemented commands with
     * this dummy function, we avoid messing up the command processing loop.
     */
    state->error_mask |= MAIL_ERROR_PROTOCOL;
    smtpd_chat_reply(state, "502 5.5.1 Error: command not implemented");
    return (-1);
 }
 /*
  * The table of all SMTP commands that we know. Set the junk limit flag on
  * any command that can be repeated an arbitrary number of times without
@@ -4638,9 +4654,13 @@ static SMTPD_CMD smtpd_cmd_table[] = {
    {SMTPD_CMD_XFORWARD, xforward_cmd,},
 #ifdef USE_TLS
    {SMTPD_CMD_STARTTLS, starttls_cmd, SMTPD_CMD_FLAG_PRE_TLS,},
 #else
    {SMTPD_CMD_STARTTLS, unimpl_cmd, SMTPD_CMD_FLAG_PRE_TLS,},
 #endif
 #ifdef USE_SASL_AUTH
    {SMTPD_CMD_AUTH, smtpd_sasl_auth_cmd,},
 #else
    {SMTPD_CMD_AUTH, unimpl_cmd,},
 #endif
    {SMTPD_CMD_MAIL, mail_cmd,},
    {SMTPD_CMD_RCPT, rcpt_cmd,},
--- a/postfix/src/smtpstone/smtp-sink.c
+++ b/postfix/src/smtpstone/smtp-sink.c
@@ -106,6 +106,8 @@
 /*	Terminate after receiving \fIcount\fR messages.
 /* .IP "\fB-n \fIcount\fR"
 /*	Terminate after \fIcount\fR sessions.
 /* .IP \fB-N\fR
 /*	Do not announce support for DSN.
 /* .IP \fB-p\fR
 /*	Do not announce support for ESMTP command pipelining.
 /* .IP \fB-P\fR
@@ -369,6 +371,7 @@ static int disable_saslauth;
 static int disable_xclient;
 static int disable_xforward;
 static int disable_enh_status;
 static int disable_dsn;
 static int max_client_count = DEF_MAX_CLIENT_COUNT;
 static int client_count;
 static int sock;
@@ -628,6 +631,8 @@ static void ehlo_response(SINK_STATE *state, const char *args)
 	smtp_printf(state->stream, "250-XFORWARD NAME ADDR PROTO HELO");
    if (!disable_enh_status)
 	smtp_printf(state->stream, "250-ENHANCEDSTATUSCODES");
    if (!disable_dsn)
 	smtp_printf(state->stream, "250-DSN");
    /* RFC 821/2821/5321: Format is replycode<SPACE>optional-text<CRLF> */
    smtp_printf(state->stream, "250 ");
    SMTP_FLUSH(state->stream);
@@ -1422,7 +1427,7 @@ int     main(int argc, char **argv)
    /*
     * Parse JCL.
     */
-    while ((ch = GETOPT(argc, argv, "468aA:b:B:cCd:D:eEf:Fh:Ln:m:M:pPq:Q:r:R:s:S:t:T:u:vw:W:")) > 0) {
+    while ((ch = GETOPT(argc, argv, "468aA:b:B:cCd:D:eEf:Fh:Ln:m:M:NpPq:Q:r:R:s:S:t:T:u:vw:W:")) > 0) {
 	switch (ch) {
 	case '4':
 	    protocols = INET_PROTO_NAME_IPV4;
@@ -1499,6 +1504,9 @@ int     main(int argc, char **argv)
 	    if ((max_quit_count = atoi(optarg)) <= 0)
 		msg_fatal("bad quit count: %s", optarg);
 	    break;
 	case 'N':
 	    disable_dsn = 1;
 	    break;
 	case 'p':
 	    disable_pipelining = 1;
 	    break;
--- a/postfix/src/tlsproxy/tlsproxy.c
+++ b/postfix/src/tlsproxy/tlsproxy.c
@@ -192,6 +192,7 @@
  * System library.
  */
 #include <sys_defs.h>
 #include <errno.h>
 /*
  * Utility library.
@@ -732,6 +733,8 @@ static void tlsp_get_fd_event(int event, char *context)
    event_disable_readwrite(plaintext_fd);
    if (event != EVENT_TIME)
 	event_cancel_timer(tlsp_get_fd_event, (char *) state);
    else
 	errno = ETIMEDOUT;
    /*
     * Initialize plaintext-related session state.  Once we have this behind
@@ -796,6 +799,8 @@ static void tlsp_get_request_event(int event, char *context)
     */
    if (event != EVENT_TIME)
 	event_cancel_timer(tlsp_get_request_event, (char *) state);
    else
 	errno = ETIMEDOUT;
    /*
     * We must send some data, after receiving the request attributes and