Cleanup: unit tests now build with -fno-common. Files:
global/server_acl.c, smtpd/smtpd_check.c, global/strip_addr.c,
proxymap/proxymap.c.
+
+20200525
+
+ Documentation: revised text about TLS connection reuse.
+ File: proto/CONNECTION_CACHE_README.html
+
+20200530
+
+ Bugfix (introduced: Postfix 3.1): "postfix tls deploy-server-cert"
+ did not handle a missing optional argument. File:
+ conf/postfix-tls-script.
+
+20200531
+
+ Debugging: per-nexthop SMTP client "debug peer" logging so
+ that we can also see what happens before, between, and after
+ SMTP sessions; add explicit SMTP client debug logging for
+ non-DNS host lookups. Files: smtp/smtp.c, proto/postconf.proto,
+ smtp/smtp_addr.c, smtp/smtp.c, smtp/smtp.h, smtp/smtp_session.c,
+ smtp/smtp_state.c.
+
+ Postfix delivery agents now log an explicit record when
+ delegating delivery to a different Postfix delivery agent.
+ Example: "postfix/smtp[pid] queueid: passing <recipient>
+ to transport=local". This makes the delegating delivery
+ agent visible, where it would otherwise have remained
+ invisible, which would complicate troubleshooting. File:
+ global/deliver_pass.c.
This document describes the Postfix connection cache implementation, which is
available with Postfix version 2.2 and later.
-See Client-side TLS connection reuse for how this connection cache is used to
-implement multiple deliveries per TLS-encrypted connection.
-
Topics covered in this document:
* What SMTP connection caching can do for you
W\bWh\bha\bat\bt S\bSM\bMT\bTP\bP c\bco\bon\bnn\bne\bec\bct\bti\bio\bon\bn c\bca\bac\bch\bhi\bin\bng\bg c\bca\ban\bn d\bdo\bo f\bfo\bor\br y\byo\bou\bu
With SMTP connection caching, Postfix can deliver multiple messages over the
-same SMTP connection. By default, Postfix 2.2 reuses an SMTP connection
-automatically when a destination has high volume of mail in the active queue.
+same SMTP connection. By default, Postfix 2.2 reuses a plaintext SMTP
+connection automatically when a destination has high volume of mail in the
+active queue.
+
+See Client-side TLS connection reuse to also implement multiple deliveries over
+a TLS-encrypted connection (Postfix version 3.4 and later).
SMTP Connection caching is a performance feature. Whether or not it actually
improves performance depends on the conditions:
mail to a destination with multiple mail servers, because it can help
Postfix to skip over a non-responding server.
+ * SMTP Connection caching can also help with receivers that impose rate
+ limits on new connections.
+
* Otherwise, the benefits of SMTP connection caching are minor: it eliminates
the latency of the TCP handshake (SYN, SYN+ACK, ACK), plus the latency of
the SMTP initial handshake (220 greeting, EHLO command, EHLO response).
+ With TLS-encrypted connections, this can save an additional two roundtrips
+ that would otherwise be needed to send STARTTLS and to resume a TLS
+ session.
* SMTP Connection caching gives no gains with respect to SMTP session tear-
down. The Postfix smtp(8) client normally does not wait for the server's
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
+Incompatible change with snapshot 20200531
+==========================================
+
+Postfix delivery agents now log an explicit record when delegating
+delivery to a different Postfix delivery agent.
+
+For example, with "best_mx_transport = local", an SMTP delivery
+agent will now log when a recipient will be delivered locally. This
+makes the delegating delivery agent visible, where it would otherwise
+have remained invisible, which would complicate troubleshooting.
+
+ postfix/smtp[pid]: queueid: passing <recipient> to transport=local
+
+This will usually be followed by logging for an actual delivery:
+
+ postfix/local[pid]: queueid: to=<recipient>, relay=local, ...
+
+Other examples: the local delivery agent defers mailbox delivery
+through mailbox_transport or through fallback_transport.
+
Major changes with snapshot 20200509
====================================
Wish list:
+ DNS wrapper class, like XSASL, to support different stub
+ resolvers without contaminating Postfix programs with the
+ idiosyncracies of stub resolvers. Handle differences in
+ resolver feature sets gracefully: an unsupported request
+ will result in an error status, not program termination.
+
DNSSEC end-to-end test, probing a configurable zone (".")
and resource type (default: NS).
deploy_server_cert() {
certfile=$1; shift
keyfile=$1; shift
- deploy=$1; shift
+ case $# in 0) deploy=;; *) deploy=$1; shift;; esac
# Sets key_algo, key_param and cert_param
check_key "$keyfile" || return 1
<p> This document describes the Postfix connection cache implementation,
which is available with Postfix version 2.2 and later. </p>
-<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
-connection reuse</a> for how this connection cache is used to
-implement multiple deliveries per TLS-encrypted connection. </p>
-
<p> Topics covered in this document: </p>
<ul>
<p> With SMTP connection caching, Postfix can deliver multiple
messages over the same SMTP connection. By default, Postfix 2.2
-reuses an SMTP connection automatically when a destination has
-high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
+reuses a plaintext SMTP connection automatically when a destination has
+high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>. </p>
+
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to also implement multiple deliveries over a
+TLS-encrypted connection (Postfix version 3.4 and later). </p>
<p> SMTP Connection caching is a performance feature. Whether or not
it actually improves performance depends on the conditions: </p>
because it can help Postfix to skip over a non-responding server.
</p>
+<li> <p> SMTP Connection caching can also help with receivers that
+impose rate limits on new connections. </p>
+
<li> <p> Otherwise, the benefits of SMTP connection caching are
minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK,
ACK), plus the latency of the SMTP initial handshake (220 greeting,
-EHLO command, EHLO response).
+EHLO command, EHLO response). With TLS-encrypted connections, this
+can save an additional two roundtrips that would otherwise be needed
+to send STARTTLS and to resume a TLS session. </p>
<li> <p> SMTP Connection caching gives no gains with respect to
SMTP session tear-down. The Postfix <a href="smtp.8.html">smtp(8)</a> client normally does
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
- server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a next-hop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
- address patterns that cause the verbose logging level to
- increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of next-hop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
<DT><b><a name="debug_peer_level">debug_peer_level</a>
(default: 2)</b></DT><DD>
-<p> The increment in verbose logging level when a remote client or
-server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p>
+<p> The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter. </p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
</DD>
<DT><b><a name="debug_peer_list">debug_peer_list</a>
(default: empty)</b></DT><DD>
-<p> Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>. </p>
+<p> Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+</p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
<p> Specify domain names, network/netmask patterns, "/file/name"
patterns or "<a href="DATABASE_README.html">type:table</a>" lookup tables. The right-hand side result
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
- server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
+ The increment in verbose logging level when a next-hop destina-
+ tion, remote client or server name or network address matches a
+ pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
- address patterns that cause the verbose logging level to
- increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
+ Optional list of next-hop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
+ $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
The recipient of postmaster notifications about mail delivery
.PP
This feature is available in Postfix 2.5 and later.
.SH debug_peer_level (default: 2)
-The increment in verbose logging level when a remote client or
-server matches a pattern in the debug_peer_list parameter.
+The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
+.PP
+Per\-nexthop debug logging is available in Postfix 3.6 and later.
.SH debug_peer_list (default: empty)
-Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $debug_peer_level.
+Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+.PP
+Per\-nexthop debug logging is available in Postfix 3.6 and later.
.PP
Specify domain names, network/netmask patterns, "/file/name"
patterns or "type:table" lookup tables. The right\-hand side result
.ad
.fi
.IP "\fBdebug_peer_level (2)\fR"
-The increment in verbose logging level when a remote client or
-server matches a pattern in the debug_peer_list parameter.
+The increment in verbose logging level when a next\-hop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter.
.IP "\fBdebug_peer_list (empty)\fR"
-Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $debug_peer_level.
+Optional list of next\-hop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
.IP "\fBerror_notice_recipient (postmaster)\fR"
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
<p> This document describes the Postfix connection cache implementation,
which is available with Postfix version 2.2 and later. </p>
-<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
-connection reuse</a> for how this connection cache is used to
-implement multiple deliveries per TLS-encrypted connection. </p>
-
<p> Topics covered in this document: </p>
<ul>
<p> With SMTP connection caching, Postfix can deliver multiple
messages over the same SMTP connection. By default, Postfix 2.2
-reuses an SMTP connection automatically when a destination has
-high volume of mail in the active queue. </p>
+reuses a plaintext SMTP connection automatically when a destination has
+high volume of mail in the active queue. </p>
+
+<p> See <a href="TLS_README.html#client_tls_reuse">Client-side TLS
+connection reuse</a> to also implement multiple deliveries over a
+TLS-encrypted connection (Postfix version 3.4 and later). </p>
<p> SMTP Connection caching is a performance feature. Whether or not
it actually improves performance depends on the conditions: </p>
because it can help Postfix to skip over a non-responding server.
</p>
+<li> <p> SMTP Connection caching can also help with receivers that
+impose rate limits on new connections. </p>
+
<li> <p> Otherwise, the benefits of SMTP connection caching are
minor: it eliminates the latency of the TCP handshake (SYN, SYN+ACK,
ACK), plus the latency of the SMTP initial handshake (220 greeting,
-EHLO command, EHLO response).
+EHLO command, EHLO response). With TLS-encrypted connections, this
+can save an additional two roundtrips that would otherwise be needed
+to send STARTTLS and to resume a TLS session. </p>
<li> <p> SMTP Connection caching gives no gains with respect to
SMTP session tear-down. The Postfix smtp(8) client normally does
%PARAM debug_peer_level 2
-<p> The increment in verbose logging level when a remote client or
-server matches a pattern in the debug_peer_list parameter. </p>
+<p> The increment in verbose logging level when a nexthop destination,
+remote client or server name or network address matches a pattern
+given with the debug_peer_list parameter. </p>
-%PARAM debug_peer_list
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
-<p> Optional list of remote client or server hostname or network
-address patterns that cause the verbose logging level to increase
-by the amount specified in $debug_peer_level. </p>
+%PARAM debug_peer_list
+
+<p> Optional list of nexthop destination, remote client or server
+name or network address patterns that, if matched, cause the verbose
+logging level to increase by the amount specified in $debug_peer_level.
+</p>
+
+<p> Per-nexthop debug logging is available in Postfix 3.6 and later. </p>
<p> Specify domain names, network/netmask patterns, "/file/name"
patterns or "type:table" lookup tables. The right-hand side result
deliver_pass.o: dsb_scan.h
deliver_pass.o: dsn.h
deliver_pass.o: dsn_buf.h
+deliver_pass.o: info_log_addr_form.h
deliver_pass.o: mail_params.h
deliver_pass.o: mail_proto.h
deliver_pass.o: msg_stats.h
haproxy_srvr.o: ../../include/msg.h
haproxy_srvr.o: ../../include/myaddrinfo.h
haproxy_srvr.o: ../../include/mymalloc.h
+haproxy_srvr.o: ../../include/sock_addr.h
haproxy_srvr.o: ../../include/split_at.h
haproxy_srvr.o: ../../include/stringops.h
haproxy_srvr.o: ../../include/sys_defs.h
#include <dsb_scan.h>
#include <defer.h>
#include <rcpt_print.h>
+#include <info_log_addr_form.h>
#define DELIVER_PASS_DEFER 1
#define DELIVER_PASS_UNKNOWN 2
/*
* Initialize.
*/
+ msg_info("%s: passing <%s> to transport=%s",
+ request->queue_id, info_log_addr_form_recipient(rcpt->address),
+ transport);
stream = mail_connect_wait(class, transport);
dsb = dsb_create();
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20200523"
+#define MAIL_RELEASE_DATE "20200531"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT
smtp.o: ../../include/check_arg.h
smtp.o: ../../include/debug_peer.h
smtp.o: ../../include/deliver_request.h
+smtp.o: ../../include/delivered_hdr.h
smtp.o: ../../include/dict.h
smtp.o: ../../include/dns.h
smtp.o: ../../include/dsn.h
smtp.o: ../../include/dsn_buf.h
smtp.o: ../../include/ext_prop.h
smtp.o: ../../include/flush_clnt.h
+smtp.o: ../../include/fold_addr.h
smtp.o: ../../include/header_body_checks.h
smtp.o: ../../include/header_opts.h
smtp.o: ../../include/htable.h
smtp_state.o: ../../include/argv.h
smtp_state.o: ../../include/attr.h
smtp_state.o: ../../include/check_arg.h
+smtp_state.o: ../../include/debug_peer.h
smtp_state.o: ../../include/deliver_request.h
smtp_state.o: ../../include/dict.h
smtp_state.o: ../../include/dns.h
/* .ad
/* .fi
/* .IP "\fBdebug_peer_level (2)\fR"
-/* The increment in verbose logging level when a remote client or
-/* server matches a pattern in the debug_peer_list parameter.
+/* The increment in verbose logging level when a next-hop destination,
+/* remote client or server name or network address matches a pattern
+/* given with the debug_peer_list parameter.
/* .IP "\fBdebug_peer_list (empty)\fR"
-/* Optional list of remote client or server hostname or network
-/* address patterns that cause the verbose logging level to increase
-/* by the amount specified in $debug_peer_level.
+/* Optional list of next-hop destination, remote client or server
+/* name or network address patterns that, if matched, cause the verbose
+/* logging level to increase by the amount specified in $debug_peer_level.
/* .IP "\fBerror_notice_recipient (postmaster)\fR"
/* The recipient of postmaster notifications about mail delivery
/* problems that are caused by policy, resource, software or protocol
state->src = request->fp;
state->service = service;
state->misc_flags |= smtp_addr_pref;
+ state->debug_peer_per_nexthop =
+ debug_peer_check(request->nexthop, "noaddr");
SMTP_RCPT_INIT(state);
/*
* DSN Support introduced major bloat in error processing.
*/
DSN_BUF *why; /* on-the-fly formatting buffer */
+
+ /*
+ * Whether per-nexthop debug_peer support was requested. Otherwise,
+ * assume per-server debug_peer support.
+ */
+ int debug_peer_per_nexthop;
} SMTP_STATE;
/*
msg_fatal("host %s: conversion error for address family "
"%d: %m", host, res0->ai_addr->sa_family);
addr_list = dns_rr_append(addr_list, addr);
+ if (msg_verbose)
+ msg_info("%s: using numerical host %s", myname, host);
freeaddrinfo(res0);
return (addr_list);
}
msg_fatal("host %s: conversion error for address family "
"%d: %m", host, res0->ai_addr->sa_family);
addr_list = dns_rr_append(addr_list, addr);
+ if (msg_verbose) {
+ MAI_HOSTADDR_STR hostaddr_str;
+
+ SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen,
+ &hostaddr_str, (MAI_SERVPORT_STR *) 0, 0);
+ msg_info("%s: native lookup result: %s",
+ myname, hostaddr_str.buf);
+ }
}
freeaddrinfo(res0);
if (found == 0) {
DNS_RR *next;
int v6_count;
int v4_count;
- int v6_target,
- v4_target;
+ int v6_target, v4_target;
int *p;
/*
smtp_sasl_cleanup(session);
#endif
- debug_peer_restore();
+ if (session->state->debug_peer_per_nexthop == 0)
+ debug_peer_restore();
myfree((void *) session);
}
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
/* System library. */
/* Global library. */
#include <mail_params.h>
+#include <debug_peer.h>
/* Application-specific. */
state->cache_used = 0;
}
state->why = dsb_create();
+ state->debug_peer_per_nexthop = 0;
return (state);
}
htable_free(state->cache_used, (void (*) (void *)) 0);
if (state->why)
dsb_free(state->why);
+ if (state->debug_peer_per_nexthop)
+ debug_peer_restore();
myfree((void *) state);
}
projects / thirdparty / postfix.git / commitdiff
