20081005
- Further refinements to the handling of missing or non-existent
- remote client attributes. Files: smtpd/smtpd.c, smtpd/smtpd.h.
+ Bugfix: further refinements to the handling of missing or
+ non-existent remote client attributes. Files: smtpd/smtpd.c,
+ smtpd/smtpd.h.
- The XFORWARD specification of the ADDR attribute did not
- agree with the actual on-the-wire protocol. The spec has
- been updated. File: proto/XFORWARD_README.html.
+ Documentation: the XFORWARD specification of the ADDR
+ attribute did not agree with the actual on-the-wire protocol.
+ Since we can't change already existing deployments, the
+ spec has been updated. File: proto/XFORWARD_README.html.
20081006
- Further refinements to the handling of remote client
+ Bugfix: further refinements to the handling of remote client
attributes. Introduced a dummy "we have forwarded client
info" record, to eliminate the need for the backwards
incompatible queue file change that was introduced 20081003.
Files: smtpd/smtpd.c, cleanup/cleanup_envelope.c,
*qmgr/qmgr_message.c.
- Hardened the proxymap client, in case it ever ends up in
- a set-gid program. File: global/dict_proxy.c.
+ Security: hardened the proxymap client, in case it ever
+ ends up in a set-gid program. File: global/dict_proxy.c.
10081007
- Undo the proxymap client change. It broke chrooted servers
- when they attempted to reconnect to the proxy read/write
- service. File: global/dict_proxy.c.
+ Workaround: undo the proxymap client change. It broke
+ chrooted servers when they attempted to reconnect to the
+ proxy read/write service. File: global/dict_proxy.c.
+
+20081008
+
+ Safety: added checks that $queue_directory/pid is owned by
+ root, and that $queue_directory/saved is owned by $mail_owner.
+ File: conf/postfix-script.
+
+20081010
+
+ Feature: controls for opportunistic TLS protocols and
+ ciphers. The smtp_tls_protocols, smtp_tls_ciphers, and
+ equivalent parameters for lmtp and smtpd provide global
+ settings; The SMTP client TLS policy table provides ciphers
+ and protocols settings for specific peers. Code by Victor
+ Duchovni. Files: smtp/smtp.c, smtp/smtp_session.c, smtpd/smtpd.c
+ and documentation.
OpenSSL cipherlist. The obsolete setting applies even when TLS encryption is
not enforced. Use of this control on public MX hosts is strongly discouraged.
-With mandatory TLS encryption, the Postfix SMTP server will by default only use
-SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. This is
-controlled by the smtpd_tls_mandatory_protocols configuration parameter.
-
The Postfix SMTP server supports 5 distinct cipher security levels as specified
by the smtpd_tls_mandatory_ciphers configuration parameter, which determines
the cipher grade with mandatory TLS encryption. The default value is "medium"
which is essentially 128-bit encryption or better. With opportunistic TLS
-encryption, the minimum accepted cipher grade is always "export".
+encryption, the minimum accepted cipher grade is typically "export". Postfix >=
+2.6 has a corresponding smtpd_tls_ciphers parameter which controls the cipher
+grade used with opportunistic TLS.
+
+By default anonymous ciphers are enabled. They are automatically disabled when
+remote SMTP client certificates are requested. If clients are expected to
+always verify the Postfix SMTP server certificate you may want to disable
+anonymous ciphers by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL" or
+"smtpd_tls_exclude_ciphers = aNULL", as appropriate. One can't force a remote
+SMTP client to check the server certificate, so excluding anonymous ciphers is
+generally unnecessary.
+
+The "smtpd_tls_ciphers" (Postfix >= 2.6) configuration parameter provides
+control over the minimum cipher grade for opportunistic TLS. With Postfix <
+2.6, the minimum opportunistic TLS cipher grade is always "export".
-By default anonymous ciphers are allowed, and automatically disabled when
-client certificates are requested. If clients are expected to always verify the
-server certificate you may want to exclude anonymous ciphers by setting
-"smtpd_tls_mandatory_exclude_ciphers = aNULL". One can't force a client to
-check the server certificate, so excluding anonymous ciphers is generally
-unnecessary.
+With mandatory TLS encryption, the Postfix SMTP server will by default only use
+SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. The
+mandatory TLS protocol list is specified via the smtpd_tls_mandatory_protocols
+configuration parameter. Postfix >= 2.6 has a corresponding smtpd_tls_protocols
+parameter which controls the SSL/TLS protocols used with opportunistic TLS.
-For a server that is not a public Internet MX host, Postfix 2.3 supports
+For a server that is not a public Internet MX host, Postfix (>= 2.3) supports
configurations with no server certificates that use o\bon\bnl\bly\by the anonymous ciphers.
This is enabled by explicitly setting "smtpd_tls_cert_file = none" and not
specifying an smtpd_tls_dcert_file.
opportunistic TLS can be configured by setting "smtp_tls_security_level = may".
Since sending in the clear is acceptable, demanding stronger than default TLS
-security merely reduces inter-operability. For this reason, Postfix 2.3 and
-later ignore the smtp_tls_mandatory_ciphers and smtp_tls_mandatory_protocols
-parameters at the "may" security level: all protocols are allowed, and "export"
-grade or better ciphers are used.
+security mostly reduces inter-operability. If you must restrict TLS protocol or
+cipher selection even with opportunistic TLS, the Postfix >= 2.6
+"smtp_tls_ciphers" and "smtp_tls_protocols" configuration parameters provide
+control over the protocols and cipher grade used with opportunistic TLS. With
+earlier releases the opportunistic TLS cipher grade is always "export" and no
+protocols are disabled.
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
n\bno\bon\bne\be
No TLS. No additional attributes are supported at this level.
m\bma\bay\by
- Opportunistic TLS. No additional attributes are supported at this level.
+ Opportunistic TLS. The optional "ciphers", "exclude" and "protocols"
+ attributes (available for opportunistic TLS with Postfix >= 2.6) override
+ the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols"
+ configuration parameters.
e\ben\bnc\bcr\bry\byp\bpt\bt
Mandatory encryption. Mail is delivered only if the remote SMTP server
- offers STARTTLS and the TLS handshake succeeds. At this level and higher
- the optional "ciphers" attribute overrides the main.cf
- smtp_tls_mandatory_ciphers parameter, and the optional "protocols"
- attribute overrides the main.cf smtp_tls_mandatory_protocols parameter.
+ offers STARTTLS and the TLS handshake succeeds. At this level and higher,
+ the optional "protocols" attribute overrides the main.cf
+ smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
+ overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the
+ optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf
+ smtp_tls_mandatory_exclude_ciphers parameter.
f\bfi\bin\bng\bge\ber\brp\bpr\bri\bin\bnt\bt
Certificate fingerprint verification. Available with Postfix 2.5 and later.
At this security level, there are no trusted certificate authorities. The
* When a policy table entry specifies multiple match patterns, multiple match
strategies, or multiple protocols, these must be separated by colons.
+ * The "exclude" attribute (Postfix >= 2.6) is used to disable ciphers that
+ cause handshake failures with a specific mandatory TLS destination, without
+ disabling the ciphers for all mandatory destinations. Alternatively, you
+ can exclude ciphers that cause issues with multiple remote servers in
+ main.cf, and selectively enable them on a per-destination basis in the
+ policy table by setting a shorter or empty exclusion list. The per-
+ destination "exclude" list preempts both the opportunistic and mandatory
+ security level exclusions, so that all excluded ciphers can be enabled for
+ known-good destinations. For non-mandatory TLS destinations that exhibit
+ cipher-specific problems, Postfix will fall back to plain-text delivery. If
+ plain-text is not acceptable make TLS mandatory and exclude the problem
+ ciphers.
+
Example:
/etc/postfix/main.cf:
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
+ # Postfix 2.6 and later
+ example.info may protocols=!SSLv2 ciphers=medium
+ exclude=3DES
N\bNo\bot\bte\be:\b: The "hostname" strategy if listed in a non-default setting of
smtp_tls_secure_cert_match or in the "match" attribute in the policy table can
TLS session cache space, if certificates are ignored, there is little point in
requesting them.
+The "smtp_tls_ciphers" (Postfix >= 2.6) configuration parameter provides
+control over the minimum cipher grade for opportunistic TLS. With Postfix <
+2.6, the minimum opportunistic TLS cipher grade is always "export".
+
+With mandatory TLS encryption, the Postfix SMTP client will by default only use
+SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. The
+mandatory TLS protocol list is specified via the smtp_tls_mandatory_protocols
+configuration parameter. Postfix >= 2.6 has a corresponding smtp_tls_protocols
+parameter which controls the SSL/TLS protocols used with opportunistic TLS.
+
Example:
/etc/postfix/main.cf:
smtp_tls_mandatory_protocols = SSLv3, TLSv1
# Also available with Postfix >= 2.5:
smtp_tls_mandatory_protocols = !SSLv2
+ # Also available with Postfix >= 2.6:
+ smtp_tls_ciphers = export
+ smtp_tls_protocols =
C\bCl\bli\bie\ben\bnt\bt-\b-s\bsi\bid\bde\be S\bSM\bMT\bTP\bPS\bS s\bsu\bup\bpp\bpo\bor\brt\bt
when the address information is unavailable. Address information is not
enclosed with [].
+ * When both the NAME and ADDR attributes have the value [UNAVAILABLE], the
+ upcoming MAIL FROM transaction corresponds to a local submission.
+
* The PORT attribute specifies an up-stream client TCP port number in
decimal, or [UNAVAILABLE] when the information is unavailable.
XFORWARD attributes to [UNAVAILABLE]. With each valid XFORWARD command, the
server updates XFORWARD attributes with the specified values.
-When both the NAME and ADDR attributes have the value [UNAVAILABLE], the MAIL
-FROM transaction corresponds to a local submission. In this case the server
-must also treat the HELO, PORT and PROTO attributes as [UNAVAILABLE].
-
When the server uses XFORWARD attributes for logging purposes, it must not mix
XFORWARD attributes with attributes from the current SMTP session.
check-warn)
# This command is NOT part of the public interface.
- for dir in $daemon_directory $config_directory $queue_directory
+ for dir in $daemon_directory $config_directory $queue_directory \
+ $queue_directory/pid
do
ls -lLd $dir | (grep " root " >/dev/null ||
$WARN not owned by root: $dir)
-exec $WARN not owned by $mail_owner: {} \;
find `ls -d $queue_directory/* | \
- egrep '/(incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
+ egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
! \( -type p -o -type s \) ! -user $mail_owner \
-exec $WARN not owned by $mail_owner: {} \;
encryption is not enforced. Use of this control on public MX hosts is
strongly discouraged. </p>
-<p> With mandatory TLS encryption, the Postfix SMTP server will by
-default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
-is optional. This is controlled by the <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
-configuration parameter. </p>
-
<p> The Postfix SMTP server supports 5 distinct cipher security levels
as specified by the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter,
which determines the cipher grade with mandatory TLS encryption. The
default value is "medium" which is essentially 128-bit encryption or better.
With opportunistic TLS encryption, the minimum accepted cipher grade is
-always "export". </p>
-
-<p> By default anonymous ciphers are allowed, and automatically disabled
-when client certificates are requested. If clients are expected to always
-verify the server certificate you may want to exclude anonymous ciphers
-by setting "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL".
-One can't force a client to check the server certificate, so excluding
+typically "export". Postfix ≥ 2.6 has a corresponding <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>
+parameter which controls the cipher grade used with opportunistic TLS. </p>
+
+<p> By default anonymous ciphers are enabled. They are automatically
+disabled when remote SMTP client certificates are requested. If
+clients are expected to always verify the Postfix SMTP
+server certificate you may want to disable anonymous ciphers
+by setting "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL" or
+"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL", as appropriate. One can't force
+a remote SMTP client to check the server certificate, so excluding
anonymous ciphers is generally unnecessary. </p>
-<p> For a server that is not a public Internet MX host, Postfix 2.3
+<p> The "<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>" (Postfix ≥ 2.6) configuration parameter
+provides control over the minimum cipher grade for opportunistic TLS. With
+Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
+"export". </p>
+
+<p> With mandatory TLS encryption, the Postfix SMTP server will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. The mandatory TLS protocol list is specified via the
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> configuration parameter. Postfix ≥
+2.6 has a corresponding <a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> parameter which controls
+the SSL/TLS protocols used with opportunistic TLS. </p>
+
+<p> For a server that is not a public Internet MX host, Postfix (≥ 2.3)
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none"
setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may".
<p> Since sending in the clear is acceptable, demanding stronger
-than default TLS security merely reduces inter-operability. For
-this reason, Postfix 2.3 and later ignore the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
-and <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters at the "may"
-security level: all protocols are allowed, and "export" grade or
-better ciphers are used. </p>
+than default TLS security mostly reduces inter-operability. If you
+must restrict TLS protocol or cipher selection even with opportunistic
+TLS, the Postfix ≥ 2.6 "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>"
+configuration parameters provide control over the protocols and cipher grade
+used with opportunistic TLS. With earlier releases the opportunistic TLS
+cipher grade is always "export" and no protocols are disabled. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> is
set to its default (backwards compatible) empty value, the appropriate
additional attributes are supported at this level. </dd>
<dt><b>may</b></dt> <dd><a href="#client_tls_may">Opportunistic TLS</a>.
-No additional attributes are supported at this level. </dd>
-
-<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt">Mandatory
-encryption</a>. Mail is delivered only if the remote SMTP
-server offers STARTTLS and the TLS handshake succeeds. At this
-level and higher the optional "ciphers" attribute overrides the
+The optional "ciphers", "exclude" and "protocols" attributes
+(available for opportunistic TLS with Postfix ≥ 2.6) override the
+"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>"
+configuration parameters. </dd>
+
+<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt"> Mandatory encryption</a>.
+Mail is delivered only if the remote SMTP server offers STARTTLS
+and the TLS handshake succeeds. At this level and higher, the optional
+"protocols" attribute overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
+parameter, the optional "ciphers" attribute overrides the
<a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the optional
-"protocols" attribute
-overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter. </dd>
+"exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. </dd>
<dt><b>fingerprint</b></dt> <dd><a href="#client_tls_fprint">Certificate
fingerprint verification.</a> Available with Postfix 2.5 and
multiple match strategies, or multiple protocols, these must be
separated by colons. </p>
+<li> <p> The "exclude" attribute (Postfix ≥ 2.6) is used to disable
+ciphers that cause handshake failures with a specific mandatory TLS
+destination, without disabling the ciphers for all mandatory destinations.
+Alternatively, you can exclude ciphers that cause issues with multiple
+remote servers in <a href="postconf.5.html">main.cf</a>, and selectively enable them on a per-destination
+basis in the policy table by setting a shorter or empty exclusion list. The
+per-destination "exclude" list preempts both the opportunistic and
+mandatory security level exclusions, so that all excluded ciphers
+can be enabled for known-good destinations. For non-mandatory TLS
+destinations that exhibit cipher-specific problems, Postfix will fall
+back to plain-text delivery. If plain-text is not acceptable make TLS
+mandatory and exclude the problem ciphers. </p>
+
</ul>
<p>
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
+ # Postfix 2.6 and later
+ example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
</pre>
</blockquote>
and TLS session cache space, if certificates are ignored, there is
little point in requesting them. </p>
+<p> The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" (Postfix ≥ 2.6) configuration parameter
+provides control over the minimum cipher grade for opportunistic TLS. With
+Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
+"export". </p>
+
+<p> With mandatory TLS encryption, the Postfix SMTP client will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. The mandatory TLS protocol list is specified via the
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> configuration parameter. Postfix ≥
+2.6 has a corresponding <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> parameter which controls
+the SSL/TLS protocols used with opportunistic TLS. </p>
+
<p> Example: </p>
<blockquote>
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = SSLv3, TLSv1
# Also available with Postfix ≥ 2.5:
<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> = !SSLv2
+ # Also available with Postfix ≥ 2.6:
+ <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
+ <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> =
</pre>
</blockquote>
is unavailable. Address information is not enclosed with [].
</p>
+ <li> <p> When both the NAME and ADDR attributes have the value
+ [UNAVAILABLE], the upcoming MAIL FROM transaction corresponds
+ to a local submission. </p>
+
<li> <p> The PORT attribute specifies an up-stream client TCP
port number in decimal, or [UNAVAILABLE] when the information
is unavailable. </p>
valid XFORWARD command, the server updates XFORWARD attributes with
the specified values. </p>
-<p> When both the NAME and ADDR attributes have the value [UNAVAILABLE],
-the MAIL FROM transaction corresponds to a local submission. In
-this case the server must also treat the HELO, PORT and PROTO
-attributes as [UNAVAILABLE]. </p>
-
<p> When the server uses XFORWARD attributes for logging purposes,
it must not mix XFORWARD attributes with attributes from the current
SMTP session. </p>
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in SMTP MAIL FROM and RCPT TO com-
- mands as required by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+ mands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 5XX status code
The message digest algorithm used to construct
remote SMTP server certificate fingerprints.
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (empty)</b>
+ List of TLS protocols that the Postfix SMTP client
+ will exclude or include with opportunistic TLS
+ encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
+ The minimum TLS cipher grade that the Postfix SMTP
+ client will use with opportunistic TLS encryption.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per message for
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a>
+(default: export)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
</DD>
<DT><b><a name="lmtp_tls_dcert_file">lmtp_tls_dcert_file</a>
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="lmtp_tls_protocols">lmtp_tls_protocols</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
</DD>
<DT><b><a name="lmtp_tls_scert_verifydepth">lmtp_tls_scert_verifydepth</a>
Postfix 2.3 and later; use <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> instead. </p>
+</DD>
+
+<DT><b><a name="smtp_tls_ciphers">smtp_tls_ciphers</a>
+(default: export)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. </p>
+
+<p> When TLS is mandatory the cipher grade is chosen via the
+<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> configuration parameter, see there for syntax
+details. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
+ciphers on a per-destination basis. </p>
+
+<p> Example: </p>
+<pre>
+<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
+
+
</DD>
<DT><b><a name="smtp_tls_dcert_file">smtp_tls_dcert_file</a>
works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
(see there for syntax details). </p>
+<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per-destination basis via the TLS policy "exclude"
+attribute. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for notes and examples. </p>
+
<p> This feature is available in Postfix 2.3 and later. </p>
"verify" security levels for the new <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> parameter
introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
of how the policy is specified, the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters only apply when TLS encryption
-is mandatory. Connections for which encryption is optional enable
-all "export" grade and better ciphers. </p>
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters apply when TLS encryption
+is mandatory. Connections for which encryption is optional typically
+enable all "export" grade and better ciphers and all SSL/TLS protocols
+(see <a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> and <a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>). </p>
<p> As long as no secure DNS lookup mechanism is available, false
hostnames in MX or CNAME responses can change the server hostname
<dd>No TLS. No additional attributes are supported at this level. </dd>
<dt><b>may</b></dt>
-<dd>Opportunistic TLS. No additional attributes are supported at this
-level. Since sending in the clear is acceptable, demanding stronger
-than default TLS security parameters merely reduces inter-operability.
-Postfix 2.3 and later ignore the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
-When TLS handshakes fail, the connection is retried with TLS disabled.
+<dd>Opportunistic TLS. Since sending in the clear is acceptable,
+demanding stronger than default TLS security merely reduces
+inter-operability. The optional "ciphers", "exclude" and "protocols"
+attributes (available for opportunistic TLS with Postfix ≥ 2.6)
+override the "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and
+"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" configuration parameters. When opportunistic TLS
+handshakes fail, Postfix retries the connection with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations.</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level
-and higher the optional "ciphers" attribute overrides the <a href="postconf.5.html">main.cf</a>
-<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter and the optional "protocols"
-keyword overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter.
-In the policy table, multiple protocols must be separated by colons,
+and higher, the optional "protocols" attribute overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameter, the optional "ciphers" attribute
+overrides the <a href="postconf.5.html">main.cf</a> <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> parameter, and the
+optional "exclude" attribute (Postfix ≥ 2.6) overrides the <a href="postconf.5.html">main.cf</a>
+<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> parameter. In the policy table,
+multiple protocols or excluded ciphers must be separated by colons,
as attribute values may not contain whitespace or commas. </dd>
<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="smtp_tls_protocols">smtp_tls_protocols</a>
+(default: empty)</b></DT><DD>
+
+<p> List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. </p>
+
+<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or
+colons. In the policy table (see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid
+separator is colon. An empty value means allow all protocols. The valid
+protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
+and "TLSv1". </p>
+
+<p> To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. </p>
+
+<p> Example: </p>
+<pre>
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> = !SSLv2
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
</DD>
<DT><b><a name="smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a>
<dd> Opportunistic TLS. Use TLS if this is supported by the remote
SMTP server, otherwise use plaintext. Since
sending in the clear is acceptable, demanding stronger than default TLS
-security parameters merely reduces inter-operability. Postfix 2.3 and
-later ignore the <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
-<a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
+security merely reduces inter-operability.
+The "<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>" (Postfix ≥ 2.6)
+configuration parameters provide control over the protocols and
+cipher grade used with opportunistic TLS. With earlier releases the
+opportunistic TLS cipher grade is always "export" and no protocols
+are disabled.
When TLS handshakes fail, the connection is retried with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations. </dd>
<pre>
# Opportunistic TLS.
<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may
+# Postfix ≥ 2.6:
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade from "export" to "low" or "medium").
+<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> = export
+<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> =
</pre>
<pre>
Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p>
+</DD>
+
+<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a>
+(default: export)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. </p>
+
+<p> When TLS is mandatory the cipher grade is chosen via the
+<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter, see there for syntax
+details. </p>
+
+<p> Example: </p>
+<pre>
+<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = export
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
+
+
</DD>
<DT><b><a name="smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>
<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
(default: medium)</b></DT><DD>
-<p> The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption. Cipher types listed in <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
-or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition
-of the selected cipher grade. With opportunistic TLS encryption,
-the "export" grade is used unconditionally with exclusions specified
-only via <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>. </p>
+<p> The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption. Cipher types listed in
+<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are
+excluded from the base definition of the selected cipher grade. See
+<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> for cipher controls that apply to opportunistic
+TLS. </p>
<p> The following cipher grades are supported: </p>
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
+(default: empty)</b></DT><DD>
+
+<p> List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. </p>
+
+<p> In <a href="postconf.5.html">main.cf</a> the values are separated by whitespace, commas or
+colons. An empty value means allow all protocols. The valid protocol
+names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and
+"TLSv1". In <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> table entries, "protocols" attribute
+values are separated by a colon. </p>
+
+<p> To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. </p>
+
+<p> Example: </p>
+<pre>
+<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = !SSLv2
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+
</DD>
<DT><b><a name="smtpd_tls_received_header">smtpd_tls_received_header</a>
<b><a href="postconf.5.html#smtp_quote_rfc821_envelope">smtp_quote_rfc821_envelope</a> (yes)</b>
Quote addresses in SMTP MAIL FROM and RCPT TO com-
- mands as required by <a href="http://tools.ietf.org/html/rfc821">RFC 821</a>.
+ mands as required by <a href="http://tools.ietf.org/html/rfc2821">RFC 2821</a>.
<b><a href="postconf.5.html#smtp_skip_5xx_greeting">smtp_skip_5xx_greeting</a> (yes)</b>
Skip SMTP servers that greet with a 5XX status code
The message digest algorithm used to construct
remote SMTP server certificate fingerprints.
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a> (empty)</b>
+ List of TLS protocols that the Postfix SMTP client
+ will exclude or include with opportunistic TLS
+ encryption.
+
+ <b><a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a> (export)</b>
+ The minimum TLS cipher grade that the Postfix SMTP
+ client will use with opportunistic TLS encryption.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per message for
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
client-certificate fingerprints for
<b><a href="postconf.5.html#check_ccert_access">check_ccert_access</a></b> and <b><a href="postconf.5.html#permit_tls_clientcerts">permit_tls_clientcerts</a></b>.
+ Available in Postfix version 2.6 and later:
+
+ <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
+ List of TLS protocols that the Postfix SMTP server
+ will exclude or include with opportunistic TLS
+ encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
+ The minimum TLS cipher grade that the Postfix SMTP
+ server will use with opportunistic TLS encryption.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_ciphers (default: export)
+The LMTP-specific version of the smtp_tls_ciphers configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later.
.SH lmtp_tls_dcert_file (default: empty)
The LMTP-specific version of the smtp_tls_dcert_file
configuration parameter. See there for details.
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_protocols (default: empty)
+The LMTP-specific version of the smtp_tls_protocols configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later.
.SH lmtp_tls_scert_verifydepth (default: 9)
The LMTP-specific version of the smtp_tls_scert_verifydepth
configuration parameter. See there for details.
.PP
This feature is available in Postfix version 2.2. It is not used with
Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead.
+.SH smtp_tls_ciphers (default: export)
+The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+smtp_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential.
+.PP
+When TLS is mandatory the cipher grade is chosen via the
+smtp_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. See smtp_tls_policy_maps for information on how to configure
+ciphers on a per-destination basis.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtp_tls_ciphers = export
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtp_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers.
.SH smtp_tls_dcert_file (default: empty)
File with the Postfix SMTP client DSA certificate in PEM format.
This file may also contain the Postfix SMTP client private DSA key.
works in addition to the exclusions listed with smtp_tls_exclude_ciphers
(see there for syntax details).
.PP
+Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per-destination basis via the TLS policy "exclude"
+attribute. See smtp_tls_policy_maps for notes and examples.
+.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_mandatory_protocols (default: SSLv3, TLSv1)
List of SSL/TLS protocols that the Postfix SMTP client will use with
"verify" security levels for the new smtp_tls_security_level parameter
introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
of how the policy is specified, the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters only apply when TLS encryption
-is mandatory. Connections for which encryption is optional enable
-all "export" grade and better ciphers.
+smtp_tls_mandatory_protocols parameters apply when TLS encryption
+is mandatory. Connections for which encryption is optional typically
+enable all "export" grade and better ciphers and all SSL/TLS protocols
+(see smtp_tls_ciphers and smtp_tls_protocols).
.PP
As long as no secure DNS lookup mechanism is available, false
hostnames in MX or CNAME responses can change the server hostname
.IP "\fBnone\fR"
No TLS. No additional attributes are supported at this level.
.IP "\fBmay\fR"
-Opportunistic TLS. No additional attributes are supported at this
-level. Since sending in the clear is acceptable, demanding stronger
-than default TLS security parameters merely reduces inter-operability.
-Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
-When TLS handshakes fail, the connection is retried with TLS disabled.
+Opportunistic TLS. Since sending in the clear is acceptable,
+demanding stronger than default TLS security merely reduces
+inter-operability. The optional "ciphers", "exclude" and "protocols"
+attributes (available for opportunistic TLS with Postfix >= 2.6)
+override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and
+"smtp_tls_protocols" configuration parameters. When opportunistic TLS
+handshakes fail, Postfix retries the connection with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations.
.IP "\fBencrypt\fR"
Mandatory TLS encryption. At this level
-and higher the optional "ciphers" attribute overrides the main.cf
-smtp_tls_mandatory_ciphers parameter and the optional "protocols"
-keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
-In the policy table, multiple protocols must be separated by colons,
+and higher, the optional "protocols" attribute overrides the main.cf
+smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
+overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the
+optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf
+smtp_tls_mandatory_exclude_ciphers parameter. In the policy table,
+multiple protocols or excluded ciphers must be separated by colons,
as attribute values may not contain whitespace or commas.
.IP "\fBfingerprint\fR"
Certificate fingerprint
configurations in environments where DNS security is not assured.
.PP
This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_protocols (default: empty)
+List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS.
+.PP
+In main.cf the values are separated by whitespace, commas or
+colons. In the policy table (see smtp_tls_policy_maps) the only valid
+separator is colon. An empty value means allow all protocols. The valid
+protocol names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3"
+and "TLSv1".
+.PP
+To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtp_tls_protocols = !SSLv2
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
.SH smtp_tls_scert_verifydepth (default: 9)
The verification depth for remote SMTP server certificates. A depth
of 1 is sufficient if the issuing CA is listed in a local CA file.
Opportunistic TLS. Use TLS if this is supported by the remote
SMTP server, otherwise use plaintext. Since
sending in the clear is acceptable, demanding stronger than default TLS
-security parameters merely reduces inter-operability. Postfix 2.3 and
-later ignore the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
+security merely reduces inter-operability.
+The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6)
+configuration parameters provide control over the protocols and
+cipher grade used with opportunistic TLS. With earlier releases the
+opportunistic TLS cipher grade is always "export" and no protocols
+are disabled.
When TLS handshakes fail, the connection is retried with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations.
.ft C
# Opportunistic TLS.
smtp_tls_security_level = may
+# Postfix >= 2.6:
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade from "export" to "low" or "medium").
+smtp_tls_ciphers = export
+smtp_tls_protocols =
.fi
.ad
.ft R
.PP
This feature is available with Postfix version 2.2. It is not used with
Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead.
+.SH smtpd_tls_ciphers (default: export)
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+smtpd_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential.
+.PP
+When TLS is mandatory the cipher grade is chosen via the
+smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
+details.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtpd_tls_ciphers = export
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers.
.SH smtpd_tls_dcert_file (default: empty)
File with the Postfix SMTP server DSA certificate in PEM format.
This file may also contain the Postfix SMTP server private DSA key.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_mandatory_ciphers (default: medium)
-The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
-or smtpd_tls_exclude_ciphers are excluded from the base definition
-of the selected cipher grade. With opportunistic TLS encryption,
-the "export" grade is used unconditionally with exclusions specified
-only via smtpd_tls_exclude_ciphers.
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption. Cipher types listed in
+smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
+excluded from the base definition of the selected cipher grade. See
+smtpd_tls_ciphers for cipher controls that apply to opportunistic
+TLS.
.PP
The following cipher grades are supported:
.IP "\fBexport\fR"
.ft R
.PP
This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_protocols (default: empty)
+List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS.
+.PP
+In main.cf the values are separated by whitespace, commas or
+colons. An empty value means allow all protocols. The valid protocol
+names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and
+"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
+values are separated by a colon.
+.PP
+To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtpd_tls_protocols = !SSLv2
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
.SH smtpd_tls_received_header (default: no)
Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
per-destination workarounds for CISCO PIX firewall bugs.
.IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-by RFC 821.
+by RFC 2821.
.IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
Skip SMTP servers that greet with a 5XX status code (go away, do
not try again later).
.IP "\fBsmtp_tls_fingerprint_digest (md5)\fR"
The message digest algorithm used to construct remote SMTP server
certificate fingerprints.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBsmtp_tls_protocols (empty)\fR"
+List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption.
+.IP "\fBsmtp_tls_ciphers (export)\fR"
+The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
The maximal number of parallel deliveries to the same destination
via the smtp message delivery transport.
.IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR"
-The maximal number of recipients per delivery via the smtp
+The maximal number of recipients per message for the smtp
message delivery transport.
.IP "\fBsmtp_connect_timeout (30s)\fR"
The SMTP client time limit for completing a TCP connection, or
.IP "\fBsmtpd_tls_loglevel (0)\fR"
Enable additional Postfix SMTP server logging of TLS activity.
.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
-The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption.
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption.
.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
Additional list of ciphers or cipher types to exclude from the
SMTP server cipher list at mandatory TLS security levels.
The message digest algorithm used to construct client-certificate
fingerprints for \fBcheck_ccert_access\fR and
\fBpermit_tls_clientcerts\fR.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBsmtpd_tls_protocols (empty)\fR"
+List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption.
+.IP "\fBsmtpd_tls_ciphers (export)\fR"
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
s;\blmtp_connection_cache_destinations\b;<a href="postconf.5.html#lmtp_connection_cache_destinations">$&</a>;g;
s;\blmtp_connection_cache_time_limit\b;<a href="postconf.5.html#lmtp_connection_cache_time_limit">$&</a>;g;
s;\blmtp_tls_mandatory_protocols\b;<a href="postconf.5.html#lmtp_tls_mandatory_protocols">$&</a>;g;
+ s;\blmtp_tls_protocols\b;<a href="postconf.5.html#lmtp_tls_protocols">$&</a>;g;
+ s;\blmtp_tls_ciphers\b;<a href="postconf.5.html#lmtp_tls_ciphers">$&</a>;g;
s;\blmtp_tls_policy_maps\b;<a href="postconf.5.html#lmtp_tls_policy_maps">$&</a>;g;
s;\blmtp_tls_secure_cert_match\b;<a href="postconf.5.html#lmtp_tls_secure_cert_match">$&</a>;g;
s;\blmtp_tls_security_level\b;<a href="postconf.5.html#lmtp_tls_security_level">$&</a>;g;
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;
s;\bsmtp_tls_cert_file\b;<a href="postconf.5.html#smtp_tls_cert_file">$&</a>;g;
s;\bsmtp_tls_fingerprint_digest\b;<a href="postconf.5.html#smtp_tls_fingerprint_digest">$&</a>;g;
+ s;\bsmtp_tls_protocols\b;<a href="postconf.5.html#smtp_tls_protocols">$&</a>;g;
+ s;\bsmtp_tls_ciphers\b;<a href="postconf.5.html#smtp_tls_ciphers">$&</a>;g;
s;\bsmtp_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtp_tls_mandatory_ciphers">$&</a>;g;
s;\bsmtp_tls_cipherlist\b;<a href="postconf.5.html#smtp_tls_cipherlist">$&</a>;g;
s;\bsmtp_tls_exclude_ciphers\b;<a href="postconf.5.html#smtp_tls_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_cipherlist\b;<a href="postconf.5.html#smtpd_tls_cipherlist">$&</a>;g;
s;\bsmtpd_tls_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_fingerprint_digest\b;<a href="postconf.5.html#smtpd_tls_fingerprint_digest">$&</a>;g;
+ s;\bsmtpd_tls_protocols\b;<a href="postconf.5.html#smtpd_tls_protocols">$&</a>;g;
+ s;\bsmtpd_tls_ciphers\b;<a href="postconf.5.html#smtpd_tls_ciphers">$&</a>;g;
s;\bsmtpd_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">$&</a>;g;
s;\bsmtpd_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_dcert_file\b;<a href="postconf.5.html#smtpd_tls_dcert_file">$&</a>;g;
encryption is not enforced. Use of this control on public MX hosts is
strongly discouraged. </p>
-<p> With mandatory TLS encryption, the Postfix SMTP server will by
-default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
-is optional. This is controlled by the smtpd_tls_mandatory_protocols
-configuration parameter. </p>
-
<p> The Postfix SMTP server supports 5 distinct cipher security levels
as specified by the smtpd_tls_mandatory_ciphers configuration parameter,
which determines the cipher grade with mandatory TLS encryption. The
default value is "medium" which is essentially 128-bit encryption or better.
With opportunistic TLS encryption, the minimum accepted cipher grade is
-always "export". </p>
-
-<p> By default anonymous ciphers are allowed, and automatically disabled
-when client certificates are requested. If clients are expected to always
-verify the server certificate you may want to exclude anonymous ciphers
-by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL".
-One can't force a client to check the server certificate, so excluding
+typically "export". Postfix ≥ 2.6 has a corresponding smtpd_tls_ciphers
+parameter which controls the cipher grade used with opportunistic TLS. </p>
+
+<p> By default anonymous ciphers are enabled. They are automatically
+disabled when remote SMTP client certificates are requested. If
+clients are expected to always verify the Postfix SMTP
+server certificate you may want to disable anonymous ciphers
+by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL" or
+"smtpd_tls_exclude_ciphers = aNULL", as appropriate. One can't force
+a remote SMTP client to check the server certificate, so excluding
anonymous ciphers is generally unnecessary. </p>
-<p> For a server that is not a public Internet MX host, Postfix 2.3
+<p> The "smtpd_tls_ciphers" (Postfix ≥ 2.6) configuration parameter
+provides control over the minimum cipher grade for opportunistic TLS. With
+Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
+"export". </p>
+
+<p> With mandatory TLS encryption, the Postfix SMTP server will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. The mandatory TLS protocol list is specified via the
+smtpd_tls_mandatory_protocols configuration parameter. Postfix ≥
+2.6 has a corresponding smtpd_tls_protocols parameter which controls
+the SSL/TLS protocols used with opportunistic TLS. </p>
+
+<p> For a server that is not a public Internet MX host, Postfix (≥ 2.3)
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
enabled by explicitly setting "smtpd_tls_cert_file = none"
setting "smtp_tls_security_level = may".
<p> Since sending in the clear is acceptable, demanding stronger
-than default TLS security merely reduces inter-operability. For
-this reason, Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers
-and smtp_tls_mandatory_protocols parameters at the "may"
-security level: all protocols are allowed, and "export" grade or
-better ciphers are used. </p>
+than default TLS security mostly reduces inter-operability. If you
+must restrict TLS protocol or cipher selection even with opportunistic
+TLS, the Postfix ≥ 2.6 "smtp_tls_ciphers" and "smtp_tls_protocols"
+configuration parameters provide control over the protocols and cipher grade
+used with opportunistic TLS. With earlier releases the opportunistic TLS
+cipher grade is always "export" and no protocols are disabled. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level is
set to its default (backwards compatible) empty value, the appropriate
additional attributes are supported at this level. </dd>
<dt><b>may</b></dt> <dd><a href="#client_tls_may">Opportunistic TLS</a>.
-No additional attributes are supported at this level. </dd>
-
-<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt">Mandatory
-encryption</a>. Mail is delivered only if the remote SMTP
-server offers STARTTLS and the TLS handshake succeeds. At this
-level and higher the optional "ciphers" attribute overrides the
+The optional "ciphers", "exclude" and "protocols" attributes
+(available for opportunistic TLS with Postfix ≥ 2.6) override the
+"smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols"
+configuration parameters. </dd>
+
+<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt"> Mandatory encryption</a>.
+Mail is delivered only if the remote SMTP server offers STARTTLS
+and the TLS handshake succeeds. At this level and higher, the optional
+"protocols" attribute overrides the main.cf smtp_tls_mandatory_protocols
+parameter, the optional "ciphers" attribute overrides the
main.cf smtp_tls_mandatory_ciphers parameter, and the optional
-"protocols" attribute
-overrides the main.cf smtp_tls_mandatory_protocols parameter. </dd>
+"exclude" attribute (Postfix ≥ 2.6) overrides the main.cf
+smtp_tls_mandatory_exclude_ciphers parameter. </dd>
<dt><b>fingerprint</b></dt> <dd><a href="#client_tls_fprint">Certificate
fingerprint verification.</a> Available with Postfix 2.5 and
multiple match strategies, or multiple protocols, these must be
separated by colons. </p>
+<li> <p> The "exclude" attribute (Postfix ≥ 2.6) is used to disable
+ciphers that cause handshake failures with a specific mandatory TLS
+destination, without disabling the ciphers for all mandatory destinations.
+Alternatively, you can exclude ciphers that cause issues with multiple
+remote servers in main.cf, and selectively enable them on a per-destination
+basis in the policy table by setting a shorter or empty exclusion list. The
+per-destination "exclude" list preempts both the opportunistic and
+mandatory security level exclusions, so that all excluded ciphers
+can be enabled for known-good destinations. For non-mandatory TLS
+destinations that exhibit cipher-specific problems, Postfix will fall
+back to plain-text delivery. If plain-text is not acceptable make TLS
+mandatory and exclude the problem ciphers. </p>
+
</ul>
<p>
[thumb.example.org] fingerprint
match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
+ # Postfix 2.6 and later
+ example.info may protocols=!SSLv2 ciphers=medium exclude=3DES
</pre>
</blockquote>
and TLS session cache space, if certificates are ignored, there is
little point in requesting them. </p>
+<p> The "smtp_tls_ciphers" (Postfix ≥ 2.6) configuration parameter
+provides control over the minimum cipher grade for opportunistic TLS. With
+Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
+"export". </p>
+
+<p> With mandatory TLS encryption, the Postfix SMTP client will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. The mandatory TLS protocol list is specified via the
+smtp_tls_mandatory_protocols configuration parameter. Postfix ≥
+2.6 has a corresponding smtp_tls_protocols parameter which controls
+the SSL/TLS protocols used with opportunistic TLS. </p>
+
<p> Example: </p>
<blockquote>
smtp_tls_mandatory_protocols = SSLv3, TLSv1
# Also available with Postfix ≥ 2.5:
smtp_tls_mandatory_protocols = !SSLv2
+ # Also available with Postfix ≥ 2.6:
+ smtp_tls_ciphers = export
+ smtp_tls_protocols =
</pre>
</blockquote>
is unavailable. Address information is not enclosed with [].
</p>
+ <li> <p> When both the NAME and ADDR attributes have the value
+ [UNAVAILABLE], the upcoming MAIL FROM transaction corresponds
+ to a local submission. </p>
+
<li> <p> The PORT attribute specifies an up-stream client TCP
port number in decimal, or [UNAVAILABLE] when the information
is unavailable. </p>
valid XFORWARD command, the server updates XFORWARD attributes with
the specified values. </p>
-<p> When both the NAME and ADDR attributes have the value [UNAVAILABLE],
-the MAIL FROM transaction corresponds to a local submission. In
-this case the server must also treat the HELO, PORT and PROTO
-attributes as [UNAVAILABLE]. </p>
-
<p> When the server uses XFORWARD attributes for logging purposes,
it must not mix XFORWARD attributes with attributes from the current
SMTP session. </p>
"verify" security levels for the new smtp_tls_security_level parameter
introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
of how the policy is specified, the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters only apply when TLS encryption
-is mandatory. Connections for which encryption is optional enable
-all "export" grade and better ciphers. </p>
+smtp_tls_mandatory_protocols parameters apply when TLS encryption
+is mandatory. Connections for which encryption is optional typically
+enable all "export" grade and better ciphers and all SSL/TLS protocols
+(see smtp_tls_ciphers and smtp_tls_protocols). </p>
<p> As long as no secure DNS lookup mechanism is available, false
hostnames in MX or CNAME responses can change the server hostname
<dd>No TLS. No additional attributes are supported at this level. </dd>
<dt><b>may</b></dt>
-<dd>Opportunistic TLS. No additional attributes are supported at this
-level. Since sending in the clear is acceptable, demanding stronger
-than default TLS security parameters merely reduces inter-operability.
-Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
-When TLS handshakes fail, the connection is retried with TLS disabled.
+<dd>Opportunistic TLS. Since sending in the clear is acceptable,
+demanding stronger than default TLS security merely reduces
+inter-operability. The optional "ciphers", "exclude" and "protocols"
+attributes (available for opportunistic TLS with Postfix ≥ 2.6)
+override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and
+"smtp_tls_protocols" configuration parameters. When opportunistic TLS
+handshakes fail, Postfix retries the connection with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations.</dd>
<dt><b>encrypt</b></dt> <dd>Mandatory TLS encryption. At this level
-and higher the optional "ciphers" attribute overrides the main.cf
-smtp_tls_mandatory_ciphers parameter and the optional "protocols"
-keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
-In the policy table, multiple protocols must be separated by colons,
+and higher, the optional "protocols" attribute overrides the main.cf
+smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
+overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the
+optional "exclude" attribute (Postfix ≥ 2.6) overrides the main.cf
+smtp_tls_mandatory_exclude_ciphers parameter. In the policy table,
+multiple protocols or excluded ciphers must be separated by colons,
as attribute values may not contain whitespace or commas. </dd>
<dt><b>fingerprint</b></dt> <dd>Certificate fingerprint
<dd> Opportunistic TLS. Use TLS if this is supported by the remote
SMTP server, otherwise use plaintext. Since
sending in the clear is acceptable, demanding stronger than default TLS
-security parameters merely reduces inter-operability. Postfix 2.3 and
-later ignore the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
+security merely reduces inter-operability.
+The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6)
+configuration parameters provide control over the protocols and
+cipher grade used with opportunistic TLS. With earlier releases the
+opportunistic TLS cipher grade is always "export" and no protocols
+are disabled.
When TLS handshakes fail, the connection is retried with TLS disabled.
This allows mail delivery to sites with non-interoperable TLS
implementations. </dd>
<pre>
# Opportunistic TLS.
smtp_tls_security_level = may
+# Postfix ≥ 2.6:
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade from "export" to "low" or "medium").
+smtp_tls_ciphers = export
+smtp_tls_protocols =
</pre>
<pre>
%PARAM smtpd_tls_mandatory_ciphers medium
-<p> The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
-or smtpd_tls_exclude_ciphers are excluded from the base definition
-of the selected cipher grade. With opportunistic TLS encryption,
-the "export" grade is used unconditionally with exclusions specified
-only via smtpd_tls_exclude_ciphers. </p>
+<p> The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption. Cipher types listed in
+smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
+excluded from the base definition of the selected cipher grade. See
+smtpd_tls_ciphers for cipher controls that apply to opportunistic
+TLS. </p>
<p> The following cipher grades are supported: </p>
works in addition to the exclusions listed with smtp_tls_exclude_ciphers
(see there for syntax details). </p>
+<p> Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per-destination basis via the TLS policy "exclude"
+attribute. See smtp_tls_policy_maps for notes and examples. </p>
+
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM tls_high_cipherlist ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
<p> This feature is available in Postfix 2.5 and later. </p>
+%PARAM smtp_tls_protocols
+
+<p> List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. </p>
+
+<p> In main.cf the values are separated by whitespace, commas or
+colons. In the policy table (see smtp_tls_policy_maps) the only valid
+separator is colon. An empty value means allow all protocols. The valid
+protocol names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3"
+and "TLSv1". </p>
+
+<p> To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. </p>
+
+<p> Example: </p>
+<pre>
+smtp_tls_protocols = !SSLv2
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+%PARAM smtpd_tls_protocols
+
+<p> List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. </p>
+
+<p> In main.cf the values are separated by whitespace, commas or
+colons. An empty value means allow all protocols. The valid protocol
+names, (see <b>SSL_get_version(3)</b>), are "SSLv2", "SSLv3" and
+"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
+values are separated by a colon. </p>
+
+<p> To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. </p>
+
+<p> Example: </p>
+<pre>
+smtpd_tls_protocols = !SSLv2
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+%PARAM lmtp_tls_protocols
+
+<p> The LMTP-specific version of the smtp_tls_protocols configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
+%PARAM smtp_tls_ciphers export
+
+<p> The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+smtp_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. </p>
+
+<p> When TLS is mandatory the cipher grade is chosen via the
+smtp_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. See smtp_tls_policy_maps for information on how to configure
+ciphers on a per-destination basis. </p>
+
+<p> Example: </p>
+<pre>
+smtp_tls_ciphers = export
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtp_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
+
+%PARAM smtpd_tls_ciphers export
+
+<p> The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+smtpd_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. </p>
+
+<p> When TLS is mandatory the cipher grade is chosen via the
+smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. </p>
+
+<p> Example: </p>
+<pre>
+smtpd_tls_ciphers = export
+</pre>
+
+<p> This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. </p>
+
+%PARAM lmtp_tls_ciphers export
+
+<p> The LMTP-specific version of the smtp_tls_ciphers configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.6 and later. </p>
+
%PARAM smtp_header_checks
<p> Restricted header_checks(5) tables for the Postfix SMTP client.
state->errs |= CLEANUP_STAT_BAD;
return;
}
+ /* Zero-length values are place holders for unavailable values. */
if (*attr_value == 0) {
msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
state->queue_id, attr_name);
#define DEF_SMTPD_TLS_CA_PATH ""
extern char *var_smtpd_tls_CApath;
+#define VAR_SMTPD_TLS_PROTO "smtpd_tls_protocols"
+#define DEF_SMTPD_TLS_PROTO ""
+extern char *var_smtpd_tls_proto;
+
#define VAR_SMTPD_TLS_MAND_PROTO "smtpd_tls_mandatory_protocols"
#define DEF_SMTPD_TLS_MAND_PROTO "SSLv3, TLSv1"
extern char *var_smtpd_tls_mand_proto;
+#define VAR_SMTPD_TLS_CIPH "smtpd_tls_ciphers"
+#define DEF_SMTPD_TLS_CIPH "export"
+extern char *var_smtpd_tls_ciph;
+
#define VAR_SMTPD_TLS_MAND_CIPH "smtpd_tls_mandatory_ciphers"
#define DEF_SMTPD_TLS_MAND_CIPH "medium"
extern char *var_smtpd_tls_mand_ciph;
#define DEF_LMTP_TLS_CA_PATH ""
extern char *var_smtp_tls_CApath;
+#define VAR_SMTP_TLS_CIPH "smtp_tls_ciphers"
+#define DEF_SMTP_TLS_CIPH "export"
+#define VAR_LMTP_TLS_CIPH "lmtp_tls_ciphers"
+#define DEF_LMTP_TLS_CIPH "export"
+extern char *var_smtp_tls_ciph;
+
#define VAR_SMTP_TLS_MAND_CIPH "smtp_tls_mandatory_ciphers"
#define DEF_SMTP_TLS_MAND_CIPH "medium"
#define VAR_LMTP_TLS_MAND_CIPH "lmtp_tls_mandatory_ciphers"
#define DEF_LMTP_TLS_POLICY ""
extern char *var_smtp_tls_policy;
+#define VAR_SMTP_TLS_PROTO "smtp_tls_protocols"
+#define DEF_SMTP_TLS_PROTO ""
+#define VAR_LMTP_TLS_PROTO "lmtp_tls_protocols"
+#define DEF_LMTP_TLS_PROTO ""
+extern char *var_smtp_tls_proto;
+
#define VAR_SMTP_TLS_MAND_PROTO "smtp_tls_mandatory_protocols"
#define DEF_SMTP_TLS_MAND_PROTO "SSLv3, TLSv1"
#define VAR_LMTP_TLS_MAND_PROTO "lmtp_tls_mandatory_protocols"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20081007"
+#define MAIL_RELEASE_DATE "20081010"
#define MAIL_VERSION_NUMBER "2.6"
#ifdef SNAPSHOT
-# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
+#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
#else
-# define MAIL_VERSION_DATE ""
+#define MAIL_VERSION_DATE ""
#endif
#ifdef NONPROD
-# define MAIL_VERSION_PROD "-nonprod"
+#define MAIL_VERSION_PROD "-nonprod"
#else
-# define MAIL_VERSION_PROD ""
+#define MAIL_VERSION_PROD ""
#endif
#define VAR_MAIL_VERSION "mail_version"
VAR_LMTP_TLS_SEC_CMATCH, DEF_LMTP_TLS_SEC_CMATCH, &var_smtp_tls_sec_cmatch, 1, 0,
VAR_LMTP_TLS_FPT_CMATCH, DEF_LMTP_TLS_FPT_CMATCH, &var_smtp_tls_fpt_cmatch, 0, 0,
VAR_LMTP_TLS_FPT_DGST, DEF_LMTP_TLS_FPT_DGST, &var_smtp_tls_fpt_dgst, 1, 0,
+ VAR_LMTP_TLS_PROTO, DEF_LMTP_TLS_PROTO, &var_smtp_tls_proto, 0, 0,
+ VAR_LMTP_TLS_CIPH, DEF_LMTP_TLS_CIPH, &var_smtp_tls_ciph, 1, 0,
#endif
VAR_LMTP_SASL_MECHS, DEF_LMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
VAR_LMTP_SASL_TYPE, DEF_LMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0,
/* per-destination workarounds for CISCO PIX firewall bugs.
/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
/* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-/* by RFC 821.
+/* by RFC 2821.
/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
/* Skip SMTP servers that greet with a 5XX status code (go away, do
/* not try again later).
/* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR"
/* The message digest algorithm used to construct remote SMTP server
/* certificate fingerprints.
+/* .PP
+/* Available in Postfix version 2.6 and later:
+/* .IP "\fBsmtp_tls_protocols (empty)\fR"
+/* List of TLS protocols that the Postfix SMTP client will exclude
+/* or include with opportunistic TLS encryption.
+/* .IP "\fBsmtp_tls_ciphers (export)\fR"
+/* The minimum TLS cipher grade that the Postfix SMTP client
+/* will use with opportunistic TLS encryption.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
/* The maximal number of parallel deliveries to the same destination
/* via the smtp message delivery transport.
/* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR"
-/* The maximal number of recipients per delivery via the smtp
+/* The maximal number of recipients per message for the smtp
/* message delivery transport.
/* .IP "\fBsmtp_connect_timeout (30s)\fR"
/* The SMTP client time limit for completing a TCP connection, or
char *var_smtp_tls_vfy_cmatch;
char *var_smtp_tls_fpt_cmatch;
char *var_smtp_tls_fpt_dgst;
+char *var_smtp_tls_proto;
+char *var_smtp_tls_ciph;
#endif
VAR_SMTP_TLS_SEC_CMATCH, DEF_SMTP_TLS_SEC_CMATCH, &var_smtp_tls_sec_cmatch, 1, 0,
VAR_SMTP_TLS_FPT_CMATCH, DEF_SMTP_TLS_FPT_CMATCH, &var_smtp_tls_fpt_cmatch, 0, 0,
VAR_SMTP_TLS_FPT_DGST, DEF_SMTP_TLS_FPT_DGST, &var_smtp_tls_fpt_dgst, 1, 0,
+ VAR_SMTP_TLS_PROTO, DEF_SMTP_TLS_PROTO, &var_smtp_tls_proto, 0, 0,
+ VAR_SMTP_TLS_CIPH, DEF_SMTP_TLS_CIPH, &var_smtp_tls_ciph, 1, 0,
#endif
VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
VAR_SMTP_SASL_TYPE, DEF_SMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0,
}
/* Only one instance per policy. */
if (!strcasecmp(name, "ciphers")) {
- if (*site_level < TLS_LEV_ENCRYPT) {
- msg_warn("%s: attribute \"%s\" invalid at security level \"%s\"",
- WHERE, name, policy_name(*site_level));
- *site_level = TLS_LEV_INVALID;
- break;
- }
if (*val == 0) {
msg_warn("%s: attribute \"%s\" has empty value", WHERE, name);
*site_level = TLS_LEV_INVALID;
*site_level = TLS_LEV_INVALID;
break;
}
- /* set_cipher_grade() assumes this is NULL with level < encrypt */
session->tls_grade = mystrdup(val);
continue;
}
/* Only one instance per policy. */
if (!strcasecmp(name, "protocols")) {
- if (*site_level < TLS_LEV_ENCRYPT) {
- msg_warn("%s: attribute \"%s\" invalid at security level \"%s\"",
- WHERE, name, policy_name(*site_level));
- *site_level = TLS_LEV_INVALID;
- break;
- }
if (session->tls_protocols) {
msg_warn("%s: attribute \"%s\" is specified multiple times",
WHERE, name);
else
argv_split_append(session->tls_matchargv, val, delim);
continue;
+ }
+ /* Only one instance per policy. */
+ if (!strcasecmp(name, "exclude")) {
+ if (session->tls_exclusions) {
+ msg_warn("%s: attribute \"%s\" is specified multiple times",
+ WHERE, name);
+ *site_level = TLS_LEV_INVALID;
+ break;
+ }
+ session->tls_exclusions = vstring_strcpy(vstring_alloc(10), val);
+ continue;
} else {
msg_warn("%s: invalid attribute name: \"%s\"", WHERE, name);
*site_level = TLS_LEV_INVALID;
return;
case TLS_LEV_MAY:
- /* tls_policy_lookup_one() leaves this NULL with level < encrypt. */
- session->tls_grade = mystrdup("export");/* XXX: For now */
+ if (session->tls_grade == 0)
+ session->tls_grade = mystrdup(var_smtp_tls_ciph);
break;
case TLS_LEV_ENCRYPT:
} while (0)
/*
- * Soon, the "exclude" policy table attribute will be able to override
- * the main.cf mandatory exclusion list, and the latter may become
- * obsolete.
+ * The "exclude" policy table attribute overrides main.cf exclusion
+ * lists.
*/
if (session->tls_exclusions == 0) {
session->tls_exclusions = vstring_alloc(10);
if (session->tls_level > TLS_LEV_NONE && session->tls_protocols == 0)
session->tls_protocols =
mystrdup((session->tls_level == TLS_LEV_MAY) ?
- "" : var_smtp_tls_mand_proto);
+ var_smtp_tls_proto : var_smtp_tls_mand_proto);
/*
* Compute cipher grade (if set in per-destination table, else
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
/* Enable additional Postfix SMTP server logging of TLS activity.
/* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
-/* The minimum TLS cipher grade that the Postfix SMTP server will
-/* use with mandatory
-/* TLS encryption.
+/* The minimum TLS cipher grade that the Postfix SMTP server
+/* will use with mandatory TLS encryption.
/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
/* Additional list of ciphers or cipher types to exclude from the
/* SMTP server cipher list at mandatory TLS security levels.
/* The message digest algorithm used to construct client-certificate
/* fingerprints for \fBcheck_ccert_access\fR and
/* \fBpermit_tls_clientcerts\fR.
+/* .PP
+/* Available in Postfix version 2.6 and later:
+/* .IP "\fBsmtpd_tls_protocols (empty)\fR"
+/* List of TLS protocols that the Postfix SMTP server will exclude
+/* or include with opportunistic TLS encryption.
+/* .IP "\fBsmtpd_tls_ciphers (export)\fR"
+/* The minimum TLS cipher grade that the Postfix SMTP server
+/* will use with opportunistic TLS encryption.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
int var_smtpd_tls_scache_timeout;
bool var_smtpd_tls_set_sessid;
char *var_smtpd_tls_fpt_dgst;
+char *var_smtpd_tls_ciph;
+char *var_smtpd_tls_proto;
#endif
if (cipher_grade == 0) {
cipher_grade =
- enforce_tls ? var_smtpd_tls_mand_ciph : "export";
+ enforce_tls ? var_smtpd_tls_mand_ciph : var_smtpd_tls_ciph;
cipher_exclusions = vstring_alloc(10);
ADD_EXCLUDE(cipher_exclusions, var_smtpd_tls_excl_ciph);
if (enforce_tls)
dh512_param_file
= var_smtpd_tls_dh512_param_file,
protocols = enforce_tls ?
- var_smtpd_tls_mand_proto : "",
+ var_smtpd_tls_mand_proto :
+ var_smtpd_tls_proto,
ask_ccert = var_smtpd_tls_ask_ccert,
fpt_dgst = var_smtpd_tls_fpt_dgst);
else
VAR_SMTPD_TLS_DKEY_FILE, DEF_SMTPD_TLS_DKEY_FILE, &var_smtpd_tls_dkey_file, 0, 0,
VAR_SMTPD_TLS_CA_FILE, DEF_SMTPD_TLS_CA_FILE, &var_smtpd_tls_CAfile, 0, 0,
VAR_SMTPD_TLS_CA_PATH, DEF_SMTPD_TLS_CA_PATH, &var_smtpd_tls_CApath, 0, 0,
+ VAR_SMTPD_TLS_CIPH, DEF_SMTPD_TLS_CIPH, &var_smtpd_tls_ciph, 1, 0,
VAR_SMTPD_TLS_MAND_CIPH, DEF_SMTPD_TLS_MAND_CIPH, &var_smtpd_tls_mand_ciph, 1, 0,
VAR_SMTPD_TLS_EXCL_CIPH, DEF_SMTPD_TLS_EXCL_CIPH, &var_smtpd_tls_excl_ciph, 0, 0,
VAR_SMTPD_TLS_MAND_EXCL, DEF_SMTPD_TLS_MAND_EXCL, &var_smtpd_tls_mand_excl, 0, 0,
+ VAR_SMTPD_TLS_PROTO, DEF_SMTPD_TLS_PROTO, &var_smtpd_tls_proto, 0, 0,
VAR_SMTPD_TLS_MAND_PROTO, DEF_SMTPD_TLS_MAND_PROTO, &var_smtpd_tls_mand_proto, 0, 0,
VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0,
VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0,
/*
* Choose between normal or forwarded attributes.
*
- * Note 1: inside the SMTP server, forwarded attributes must have the exact
- * same representation as normal attributes: unknown string values are
- * "unknown", and non-existent HELO is null.
+ * Inside the SMTP server, unknown real client attributes are represented by
+ * the string "unknown", and non-existent HELO is represented as a null
+ * pointer. The SMTP server uses this same representation internally for
+ * forwarded client attributes; the XFORWARD syntax makes no distinction
+ * between unknown (remote submission) and non-existent (local submission).
+ * The SMTP server decides between remote and local submission when it
+ * generates queue file records (see below) so that the correct result is
+ * produced with down-stream logging and with $name expansion in delivery
+ * agents.
*
- * Note 2: the SMTP server representation of unknown/known attribute values is
- * also used in queue files and in delivery requests, while non-existent
- * information is represented in those contexts as empty strings. In queue
- * files and delivery requests, forwarded local submissions are represented
- * by forwarded client attributes with empty string values (actually one
- * attribute is sufficient).
+ * Known/unknown client attribute values use the SMTP server's internal
+ * representation in queue files, in queue manager delivery requests, and in
+ * delivery agent $name expansions.
*
- * Note 3: if forwarding client information, don't mix information from the
- * current SMTP session with forwarded information from an up-stream
- * session.
+ * Non-existent attribute values are never present in queue files. The SMTP
+ * server stores a dummy attribute to indicate that no client attributes
+ * exist. Non-existent information is represented as empty strings in queue
+ * manager delivery requests and in delivery agent $name expansions.
+ *
+ * When forwarding client information, don't mix information from the current
+ * SMTP session with forwarded information from an up-stream session.
*/
#define SMTPD_HAVE_XFORWARD_ATTR(s) \
((s)->xforward.flags & SMTPD_STATE_XFORWARD_INIT)
projects / thirdparty / postfix.git / commitdiff
