The tcp_table(5) interface is now part of the stable release.
The last protocol change was in Postfix 2.1. File:
util/dict_open.c.
+
+20100305
+
+ Feature: reject_rhsbl_reverse_client, to reject a remote
+ SMTP client based on its unverified reverse hostname. Code
+ by Noel Jones. Files: smtpd/smtpd_check.c, proto/postconf.proto.
+
+ Feature: smtp_address_preference (default: ipv6) to control
+ the order in which the Postfix SMTP client will connect to
+ a destination that has IPv6 and IPv4 addresses with equal
+ MX preference. Files: global/mail_params.c, smtp/smtp.c,
+ smtp/smtp_params.c, smtp/smtp_addr.c, proto/postconf.proto.
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
+ # Do not indent the text between "if" and "endif".
if /^Received:/
/^Received: +from +(porcupine\.org) +/
reject forged client name in Received: header: $1
reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks:
+ # Do not indent the text between "if" and "endif".
if /^[> ]*Received:/
/^[> ]*Received: +from +(porcupine\.org) /
reject forged client name in Received: header: $1
% t\bte\bel\bln\bne\bet\bt s\bse\ber\brv\bve\ber\br.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm 2\b25\b5
...
+ 220 server.example.com ESMTP Postfix
E\bEH\bHL\bLO\bO c\bcl\bli\bie\ben\bnt\bt.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm
250-server.example.com
250-PIPELINING
To test the server side, connect (for example, with telnet) to the Postfix SMTP
server port and you should be able to have a conversation as shown below.
-Information sent by the client (that is, you) is shown in bold font.
+Information sent by the client (that is, you) is shown in b\bbo\bol\bld\bd font.
% t\bte\bel\bln\bne\bet\bt s\bse\ber\brv\bve\ber\br.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm 2\b25\b5
...
This same error message will also be logged when the libplain.so or
liblogin.so modules are not installed in the /usr/lib/sasl2 directory.
-The less secure approach is to lower the security standards and permit
-plaintext authentication mechanisms:
+The insecure approach is to lower the security standards and permit plaintext
+authentication mechanisms:
/etc/postfix/main.cf:
smtp_sasl_security_options = noanonymous
-If the remote server supports TLS, you can protect the plaintext username and
-password by turning on TLS in the Postfix SMTP client (see: TLS_README), and
-configuring the client as discussed next.
+The more secure approach is to protect the plaintext username and password with
+TLS session encryption. To find out if the remote SMTP server supports TLS,
+connect to the server and see if it announces STARTTLS support as shown in the
+example. Information sent by the client (that is, you) is shown in b\bbo\bol\bld\bd font.
+
+ % t\bte\bel\bln\bne\bet\bt s\bse\ber\brv\bve\ber\br.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm 2\b25\b5
+ ...
+ 220 server.example.com ESMTP Postfix
+ E\bEH\bHL\bLO\bO c\bcl\bli\bie\ben\bnt\bt.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm
+ 250-server.example.com
+ 250-PIPELINING
+ 250-SIZE 10240000
+ 250-STARTTLS
+ ...
+
+Instead of port 25 (smtp), specify port 587 (submission) where appriopriate.
E\bEn\bnc\bcr\bry\byp\bpt\bte\bed\bd S\bSM\bMT\bTP\bP s\bse\bes\bss\bsi\bio\bon\bn (\b(T\bTL\bLS\bS)\b)
-A separate parameter controls Postfix SASL mechanism policy during a TLS-
-encrypted SMTP session. The default is to copy the settings from the
-unencrypted session:
+To turn on TLS in the Postfix SMTP client, see TLS_README for configuration
+details.
+
+The smtp_sasl_tls_security_options parameter controls Postfix SASL mechanism
+policy during a TLS-encrypted SMTP session. The default is to copy the settings
+from the unencrypted session:
/etc/postfix/main.cf:
smtp_sasl_tls_security_options = $smtp_sasl_security_options
P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP/\b/L\bLM\bMT\bTP\bP c\bcl\bli\bie\ben\bnt\bt p\bpo\bol\bli\bic\bcy\by -\b- S\bSA\bAS\bSL\bL m\bme\bec\bch\bha\ban\bni\bis\bsm\bm n\bna\bam\bme\bes\bs
-Unfortunately, Postfix needs a second client policy for SASL mechanism
-selection. Reason: the Cyrus SASL library will choose the most secure
-authentication mechanism that both the SMTP client and server implement - even
-if one of the parties was not configured for that mechanism.
+Given the SASL security options of the previous section, the Cyrus SASL library
+will choose the most secure authentication mechanism that both the SMTP client
+and server implement. Unfortunately, that authentication mechanism may fail
+because the client or server is not configured to use that mechanism.
To prevent this, the Postfix SMTP client can filter the names of the
authentication mechanisms from the remote SMTP server. Used correctly, the
<a href="postconf.5.html#body_checks">body_checks</a> = <a href="pcre_table.5.html">pcre</a>:/etc/postfix/body_checks
/etc/postfix/header_checks:
+ # Do not indent the text between "if" and "endif".
if /^Received:/
/^Received: +from +(porcupine\.org) +/
reject forged client name in Received: header: $1
reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks:
+ # Do not indent the text between "if" and "endif".
if /^[> ]*Received:/
/^[> ]*Received: +from +(porcupine\.org) /
reject forged client name in Received: header: $1
<pre>
% <strong>telnet server.example.com 25</strong>
...
+220 server.example.com ESMTP Postfix
<strong>EHLO client.example.com</strong>
250-server.example.com
250-PIPELINING
<p> To test the server side, connect (for example, with
<code>telnet</code>) to the Postfix SMTP server port and you should
be able to have a conversation as shown below. Information sent by
-the client (that is, you) is shown in bold font. </p>
+the client (that is, you) is shown in <strong>bold</strong> font.
+</p>
<blockquote>
<pre>
</blockquote>
-<p> The less secure approach is to lower the security standards and
+<p> The insecure approach is to lower the security standards and
permit plaintext authentication mechanisms: </p>
<blockquote>
</pre>
</blockquote>
-<p> If the remote server supports TLS, you can protect the plaintext
-username and password by turning on TLS in the Postfix SMTP client
-(see: <a href="TLS_README.html">TLS_README</a>), and configuring the client as discussed next.
+<p> The more secure approach is to protect the plaintext username
+and password with TLS session encryption. To find out if the remote
+SMTP server supports TLS, connect to the server and see if it
+announces STARTTLS support as shown in the example. Information
+sent by the client (that is, you) is shown in <strong>bold</strong>
+font. </p>
+
+<blockquote>
+<pre>
+% <strong>telnet server.example.com 25</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-STARTTLS
+...
+</pre>
+</blockquote>
+
+<p> Instead of port 25 (smtp), specify port 587 (submission) where
+appriopriate. </p>
<h4>Encrypted SMTP session (TLS)</h4>
-<p> A separate parameter controls Postfix SASL mechanism policy
-during a TLS-encrypted SMTP session. The default is to copy the
-settings from the unencrypted session: </p>
+<p> To turn on TLS in the Postfix SMTP client, see <a href="TLS_README.html">TLS_README</a> for
+configuration details. </p>
+
+<p> The <a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> parameter controls Postfix
+SASL mechanism policy during a TLS-encrypted SMTP session. The
+default is to copy the settings from the unencrypted session: </p>
<blockquote>
<pre>
<h3><a name="client_sasl_filter">Postfix SMTP/LMTP client policy -
SASL mechanism <em>names</em></a></h3>
-<p> Unfortunately, Postfix needs a second client policy for SASL
-mechanism selection. Reason: the Cyrus SASL library will choose
-the most secure authentication mechanism that both the SMTP client
-and server implement - even if one of the parties was not configured
-for that mechanism. </p>
+<p> Given the SASL security options of the previous section, the
+Cyrus SASL library will choose the most secure authentication
+mechanism that both the SMTP client and server implement. Unfortunately,
+that authentication mechanism may fail because the client or server
+is not configured to use that mechanism.</p>
<p> To prevent this, the Postfix SMTP client can filter the names
of the authentication mechanisms from the remote SMTP server. Used
tem receives mail on by way of a proxy or network
address translation unit.
+ <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (ipv6)</b>
+ The address type ("ipv6", "ipv4" or "any") that the
+ Postfix SMTP client will try first, when a destina-
+ tion has IPv6 and IPv4 addresses with equal MX
+ preference.
+
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms the Postfix SMTP client uses to
+ What mechanisms the Postfix SMTP client uses to
look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
this length; upon delivery, long lines are reconstructed. </p>
+</DD>
+
+<DT><b><a name="lmtp_address_preference">lmtp_address_preference</a>
+(default: ipv6)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
</DD>
<DT><b><a name="lmtp_assume_final">lmtp_assume_final</a>
<p>
Optional shell program for <a href="local.8.html">local(8)</a> delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands
-are given to given to /bin/sh only when they contain shell meta
-characters or shell built-in commands. </p>
+are given to given to the default shell (typically, /bin/sh) only
+when they contain shell meta characters or shell built-in commands.
+</p>
<p> "sendmail's restricted shell" (smrsh) is what most people will
use in order to restrict what programs can be run from e.g. .forward
<pre>
<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /some/where/smrsh -c
+<a href="postconf.5.html#local_command_shell">local_command_shell</a> = /bin/bash -c
</pre>
<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
-<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
+<a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
+<a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
</p>
<p>
</p>
+</DD>
+
+<DT><b><a name="smtp_address_preference">smtp_address_preference</a>
+(default: ipv6)</b></DT><DD>
+
+<p> The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference. This feature has no effect
+unless the <a href="postconf.5.html#inet_protocols">inet_protocols</a> setting enables both IPv4 and IPv6. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
</DD>
<DT><b><a name="smtp_always_send_ehlo">smtp_always_send_ehlo</a>
the request when the client hostname is listed with
any A record under <i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>
description above for additional RBL related configuration parameters.
-This feature is available in Postfix 2.0 and later. </dd>
+This feature is available in Postfix 2.0 and later; with Postfix
+version 2.8 and later, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a> will usually
+produce better results. </dd>
+
+<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the unverified reverse client hostname
+is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>.
+If no "<i>=d.d.d.d</i>" is specified, reject the request when the
+unverified reverse client hostname is listed with any A record under
+<i>rbl_domain</i>. See the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a> description above for
+additional RBL related configuration parameters. This feature is
+available in Postfix 2.8 and later. </dd>
<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt>
<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, <a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>,
<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> or <a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
+<li>However, no recipient information is available in the case of
+multi-recipient mail. Acting on only one recipient would be misleading,
+because any decision will affect all recipients equally. Acting on
+all recipients would require a possibly very large amount of memory,
+and would also be misleading for the reasons mentioned before. </p>
+
</ul>
<p>
<p> This feature is available in Postfix 2.2 and later. </p>
-<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for syntax details. </p>
+<p> See <a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> for details and limitations. </p>
</DD>
tem receives mail on by way of a proxy or network
address translation unit.
+ <b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (ipv6)</b>
+ The address type ("ipv6", "ipv4" or "any") that the
+ Postfix SMTP client will try first, when a destina-
+ tion has IPv6 and IPv4 addresses with equal MX
+ preference.
+
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the
- Postfix SMTP client should bind to when making an
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhlo_name">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms the Postfix SMTP client uses to
+ What mechanisms the Postfix SMTP client uses to
look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
- <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
- restriction.
+ reject_rhsbl_reverse_client, <a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or
+ <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
.SH line_length_limit (default: 2048)
Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.
+.SH lmtp_address_preference (default: ipv6)
+The LMTP-specific version of the smtp_address_preference
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.8 and later.
.SH lmtp_assume_final (default: no)
When an LMTP server announces no DSN support, assume that the
server performs final delivery, and send "delivered" delivery status
.SH local_command_shell (default: empty)
Optional shell program for \fBlocal\fR(8) delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands
-are given to given to /bin/sh only when they contain shell meta
-characters or shell built-in commands.
+are given to given to the default shell (typically, /bin/sh) only
+when they contain shell meta characters or shell built-in commands.
.PP
"sendmail's restricted shell" (smrsh) is what most people will
use in order to restrict what programs can be run from e.g. .forward
.na
.ft C
local_command_shell = /some/where/smrsh -c
+local_command_shell = /bin/bash -c
.fi
.ad
.ft R
.SH maps_rbl_reject_code (default: 554)
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
-reject_rhsbl_sender or reject_rhsbl_recipient restriction.
+reject_rhsbl_reverse_client, reject_rhsbl_sender or
+reject_rhsbl_recipient restriction.
.PP
Do not change this unless you have a complete understanding of RFC 2821.
.SH masquerade_classes (default: envelope_sender, header_sender, header_recipient)
status reports.
.PP
This feature is available in Postfix 2.0 and later.
+.SH smtp_address_preference (default: ipv6)
+The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference. This feature has no effect
+unless the inet_protocols setting enables both IPv4 and IPv6.
+.PP
+This feature is available in Postfix 2.8 and later.
.SH smtp_always_send_ehlo (default: yes)
Always send EHLO at the start of an SMTP session.
.PP
the request when the client hostname is listed with
any A record under \fIrbl_domain\fR. See the reject_rbl_client
description above for additional RBL related configuration parameters.
-This feature is available in Postfix 2.0 and later.
+This feature is available in Postfix 2.0 and later; with Postfix
+version 2.8 and later, reject_rhsbl_reverse_client will usually
+produce better results.
+.IP "\fBreject_rhsbl_reverse_client \fIrbl_domain=d.d.d.d\fR\fR"
+Reject the request when the unverified reverse client hostname
+is listed with the A record "\fId.d.d.d\fR" under \fIrbl_domain\fR.
+If no "\fI=d.d.d.d\fR" is specified, reject the request when the
+unverified reverse client hostname is listed with any A record under
+\fIrbl_domain\fR. See the reject_rbl_client description above for
+additional RBL related configuration parameters. This feature is
+available in Postfix 2.8 and later.
.IP "\fBreject_unknown_client_hostname\fR (with Postfix < 2.3: reject_unknown_client)"
Reject the request when 1) the client IP address->name mapping
fails, 2) the name->address mapping fails, or 3) the name->address
SMTP command specific restrictions described under
smtpd_client_restrictions, smtpd_helo_restrictions,
smtpd_sender_restrictions or smtpd_recipient_restrictions.
+.IP \(bu
+However, no recipient information is available in the case of
+multi-recipient mail. Acting on only one recipient would be misleading,
+because any decision will affect all recipients equally. Acting on
+all recipients would require a possibly very large amount of memory,
+and would also be misleading for the reasons mentioned before.
.PP
Examples:
.PP
.PP
This feature is available in Postfix 2.2 and later.
.PP
-See smtpd_data_restrictions for syntax details.
+See smtpd_data_restrictions for details and limitations.
.SH smtpd_enforce_tls (default: no)
Mandatory TLS: announce STARTTLS support to SMTP clients,
and require that clients use TLS encryption. According to RFC 2487
.IP "\fBproxy_interfaces (empty)\fR"
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
+.IP "\fBsmtp_address_preference (ipv6)\fR"
+The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference.
.IP "\fBsmtp_bind_address (empty)\fR"
An optional numerical network address that the Postfix SMTP client
should bind to when making an IPv4 connection.
.IP "\fBmaps_rbl_reject_code (554)\fR"
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
-reject_rhsbl_sender or reject_rhsbl_recipient restriction.
+reject_rhsbl_reverse_client, reject_rhsbl_sender or
+reject_rhsbl_recipient restriction.
.IP "\fBnon_fqdn_reject_code (504)\fR"
The numerical Postfix SMTP server reply code when a client request
is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
s;\bsmtp_nested_header_checks\b;<a href="postconf.5.html#smtp_nested_header_checks">$&</a>;g;
s;\bsmtp_body_checks\b;<a href="postconf.5.html#smtp_body_checks">$&</a>;g;
s;\bsmtp_reply_filter\b;<a href="postconf.5.html#smtp_reply_filter">$&</a>;g;
+ s;\bsmtp_address_preference\b;<a href="postconf.5.html#smtp_address_preference">$&</a>;g;
s;\bsmtpd_enforce_tls\b;<a href="postconf.5.html#smtpd_enforce_tls">$&</a>;g;
s;\bsmtpd_sasl_tls_security_options\b;<a href="postconf.5.html#smtpd_sasl_tls_security_options">$&</a>;g;
s;\bsmtpd_sasl_type\b;<a href="postconf.5.html#smtpd_sasl_type">$&</a>;g;
s;\breject_unknown_forward_client_hostname\b;<a href="postconf.5.html#reject_unknown_forward_client_hostname">$&</a>;g;
s;\breject_rbl_client\b;<a href="postconf.5.html#reject_rbl_client">$&</a>;g;
s;\breject_rhsbl_client\b;<a href="postconf.5.html#reject_rhsbl_client">$&</a>;g;
+ s;\breject_rhsbl_reverse_client\b;<a href="postconf.5.html#reject_rhsbl_reverse_client">$&</a>;g;
# Access restrictions - helo
body_checks = pcre:/etc/postfix/body_checks
/etc/postfix/header_checks:
+ # Do not indent the text between "if" and "endif".
if /^Received:/
/^Received: +from +(porcupine\.org) +/
reject forged client name in Received: header: $1
reject forged domain name in Message-ID: header: $1
/etc/postfix/body_checks:
+ # Do not indent the text between "if" and "endif".
if /^[> ]*Received:/
/^[> ]*Received: +from +(porcupine\.org) /
reject forged client name in Received: header: $1
<pre>
% <strong>telnet server.example.com 25</strong>
...
+220 server.example.com ESMTP Postfix
<strong>EHLO client.example.com</strong>
250-server.example.com
250-PIPELINING
<p> To test the server side, connect (for example, with
<code>telnet</code>) to the Postfix SMTP server port and you should
be able to have a conversation as shown below. Information sent by
-the client (that is, you) is shown in bold font. </p>
+the client (that is, you) is shown in <strong>bold</strong> font.
+</p>
<blockquote>
<pre>
</blockquote>
-<p> The less secure approach is to lower the security standards and
+<p> The insecure approach is to lower the security standards and
permit plaintext authentication mechanisms: </p>
<blockquote>
</pre>
</blockquote>
-<p> If the remote server supports TLS, you can protect the plaintext
-username and password by turning on TLS in the Postfix SMTP client
-(see: TLS_README), and configuring the client as discussed next.
+<p> The more secure approach is to protect the plaintext username
+and password with TLS session encryption. To find out if the remote
+SMTP server supports TLS, connect to the server and see if it
+announces STARTTLS support as shown in the example. Information
+sent by the client (that is, you) is shown in <strong>bold</strong>
+font. </p>
+
+<blockquote>
+<pre>
+% <strong>telnet server.example.com 25</strong>
+...
+220 server.example.com ESMTP Postfix
+<strong>EHLO client.example.com</strong>
+250-server.example.com
+250-PIPELINING
+250-SIZE 10240000
+250-STARTTLS
+...
+</pre>
+</blockquote>
+
+<p> Instead of port 25 (smtp), specify port 587 (submission) where
+appriopriate. </p>
<h4>Encrypted SMTP session (TLS)</h4>
-<p> A separate parameter controls Postfix SASL mechanism policy
-during a TLS-encrypted SMTP session. The default is to copy the
-settings from the unencrypted session: </p>
+<p> To turn on TLS in the Postfix SMTP client, see TLS_README for
+configuration details. </p>
+
+<p> The smtp_sasl_tls_security_options parameter controls Postfix
+SASL mechanism policy during a TLS-encrypted SMTP session. The
+default is to copy the settings from the unencrypted session: </p>
<blockquote>
<pre>
<h3><a name="client_sasl_filter">Postfix SMTP/LMTP client policy -
SASL mechanism <em>names</em></a></h3>
-<p> Unfortunately, Postfix needs a second client policy for SASL
-mechanism selection. Reason: the Cyrus SASL library will choose
-the most secure authentication mechanism that both the SMTP client
-and server implement - even if one of the parties was not configured
-for that mechanism. </p>
+<p> Given the SASL security options of the previous section, the
+Cyrus SASL library will choose the most secure authentication
+mechanism that both the SMTP client and server implement. Unfortunately,
+that authentication mechanism may fail because the client or server
+is not configured to use that mechanism.</p>
<p> To prevent this, the Postfix SMTP client can filter the names
of the authentication mechanisms from the remote SMTP server. Used
<p>
Optional shell program for local(8) delivery to non-Postfix command.
By default, non-Postfix commands are executed directly; commands
-are given to given to /bin/sh only when they contain shell meta
-characters or shell built-in commands. </p>
+are given to given to the default shell (typically, /bin/sh) only
+when they contain shell meta characters or shell built-in commands.
+</p>
<p> "sendmail's restricted shell" (smrsh) is what most people will
use in order to restrict what programs can be run from e.g. .forward
<pre>
local_command_shell = /some/where/smrsh -c
+local_command_shell = /bin/bash -c
</pre>
%PARAM local_destination_concurrency_limit 2
<p>
The numerical Postfix SMTP server response code when a remote SMTP
client request is blocked by the reject_rbl_client, reject_rhsbl_client,
-reject_rhsbl_sender or reject_rhsbl_recipient restriction.
+reject_rhsbl_reverse_client, reject_rhsbl_sender or
+reject_rhsbl_recipient restriction.
</p>
<p>
the request when the client hostname is listed with
any A record under <i>rbl_domain</i>. See the reject_rbl_client
description above for additional RBL related configuration parameters.
-This feature is available in Postfix 2.0 and later. </dd>
+This feature is available in Postfix 2.0 and later; with Postfix
+version 2.8 and later, reject_rhsbl_reverse_client will usually
+produce better results. </dd>
+
+<dt><b><a name="reject_rhsbl_reverse_client">reject_rhsbl_reverse_client <i>rbl_domain=d.d.d.d</i></a></b></dt>
+
+<dd>Reject the request when the unverified reverse client hostname
+is listed with the A record "<i>d.d.d.d</i>" under <i>rbl_domain</i>.
+If no "<i>=d.d.d.d</i>" is specified, reject the request when the
+unverified reverse client hostname is listed with any A record under
+<i>rbl_domain</i>. See the reject_rbl_client description above for
+additional RBL related configuration parameters. This feature is
+available in Postfix 2.8 and later. </dd>
<dt><b><a name="reject_unknown_client_hostname">reject_unknown_client_hostname</a></b> (with Postfix < 2.3: reject_unknown_client)</dt>
smtpd_client_restrictions, smtpd_helo_restrictions,
smtpd_sender_restrictions or smtpd_recipient_restrictions.
+<li>However, no recipient information is available in the case of
+multi-recipient mail. Acting on only one recipient would be misleading,
+because any decision will affect all recipients equally. Acting on
+all recipients would require a possibly very large amount of memory,
+and would also be misleading for the reasons mentioned before. </p>
+
</ul>
<p>
<p> This feature is available in Postfix 2.2 and later. </p>
-<p> See smtpd_data_restrictions for syntax details. </p>
+<p> See smtpd_data_restrictions for details and limitations. </p>
%PARAM smtpd_delay_reject yes
<p> This feature is available in Postfix 2.7 and later. </p>
+%PARAM smtp_address_preference ipv6
+
+<p> The address type ("ipv6", "ipv4" or "any") that the Postfix
+SMTP client will try first, when a destination has IPv6 and IPv4
+addresses with equal MX preference. This feature has no effect
+unless the inet_protocols setting enables both IPv4 and IPv6. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+%PARAM lmtp_address_preference ipv6
+
+<p> The LMTP-specific version of the smtp_address_preference
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
extern DNS_RR *dns_rr_copy(DNS_RR *);
extern DNS_RR *dns_rr_append(DNS_RR *, DNS_RR *);
extern DNS_RR *dns_rr_sort(DNS_RR *, int (*) (DNS_RR *, DNS_RR *));
+extern int dns_rr_compare_pref_ipv6(DNS_RR *, DNS_RR *);
+extern int dns_rr_compare_pref_ipv4(DNS_RR *, DNS_RR *);
+extern int dns_rr_compare_pref_any(DNS_RR *, DNS_RR *);
extern int dns_rr_compare_pref(DNS_RR *, DNS_RR *);
extern DNS_RR *dns_rr_shuffle(DNS_RR *);
extern DNS_RR *dns_rr_remove(DNS_RR *, DNS_RR *);
/* DNS_RR *list
/* int (*compar)(DNS_RR *, DNS_RR *);
/*
-/* int dns_rr_compare_pref(DNS_RR *a, DNS_RR *b)
+/* int dns_rr_compare_pref_ipv6(DNS_RR *a, DNS_RR *b)
+/* DNS_RR *list
+/* DNS_RR *list
+/*
+/* int dns_rr_compare_pref_ipv4(DNS_RR *a, DNS_RR *b)
+/* DNS_RR *list
+/* DNS_RR *list
+/*
+/* int dns_rr_compare_pref_any(DNS_RR *a, DNS_RR *b)
/* DNS_RR *list
/* DNS_RR *list
/*
/* order according to a user-specified criterion. The result is the
/* sorted list.
/*
-/* dns_rr_compare_pref() is a dns_rr_sort() helper to sort records
-/* by their MX preference.
+/* dns_rr_compare_pref_XXX() are dns_rr_sort() helpers to sort
+/* records by their MX preference and by their address family.
/*
/* dns_rr_shuffle() randomly permutes a list of resource records.
/*
return (list);
}
-/* dns_rr_compare_pref - compare resource records by preference */
+/* dns_rr_compare_pref_ipv6 - compare records by preference, ipv6 preferred */
-int dns_rr_compare_pref(DNS_RR *a, DNS_RR *b)
+int dns_rr_compare_pref_ipv6(DNS_RR *a, DNS_RR *b)
{
if (a->pref != b->pref)
return (a->pref - b->pref);
return 0;
}
+/* dns_rr_compare_pref_ipv4 - compare records by preference, ipv4 preferred */
+
+int dns_rr_compare_pref_ipv4(DNS_RR *a, DNS_RR *b)
+{
+ if (a->pref != b->pref)
+ return (a->pref - b->pref);
+#ifdef HAS_IPV6
+ if (a->type == b->type)
+ return 0;
+ if (a->type == T_AAAA)
+ return (+1);
+ if (b->type == T_AAAA)
+ return (-1);
+#endif
+ return 0;
+}
+
+/* dns_rr_compare_pref_any - compare records by preference, protocol-neutral */
+
+int dns_rr_compare_pref_any(DNS_RR *a, DNS_RR *b)
+{
+ if (a->pref != b->pref)
+ return (a->pref - b->pref);
+ return 0;
+}
+
+/* dns_rr_compare_pref - binary compatibility helper after name change */
+
+int dns_rr_compare_pref(DNS_RR *a, DNS_RR *b)
+{
+ return (dns_rr_compare_pref_ipv6(a, b));
+}
+
/* dns_rr_sort_callback - glue function */
static int (*dns_rr_sort_user) (DNS_RR *, DNS_RR *);
if (argc != 3)
msg_fatal("usage: %s types name", argv[0]);
types_argv = argv_split(argv[1], ", \t\r\n");
- types = (int *) mymalloc(sizeof(*types) * (types_argv->argc + 1));
+ types = (unsigned *) mymalloc(sizeof(*types) * (types_argv->argc + 1));
for (i = 0; i < types_argv->argc; i++)
if ((types[i] = dns_type(types_argv->argv[i])) == 0)
msg_fatal("invalid query type: %s", types_argv->argv[i]);
#define INET_PROTO_NAME_IPV4 "ipv4"
#define INET_PROTO_NAME_IPV6 "ipv6"
#define INET_PROTO_NAME_ALL "all"
+#define INET_PROTO_NAME_ANY "any"
#define VAR_INET_PROTOCOLS "inet_protocols"
extern char *var_inet_protocols;
#define REJECT_RBL "reject_rbl" /* LaMont compatibility */
#define REJECT_RBL_CLIENT "reject_rbl_client"
#define REJECT_RHSBL_CLIENT "reject_rhsbl_client"
+#define REJECT_RHSBL_REVERSE_CLIENT "reject_rhsbl_reverse_client"
#define REJECT_RHSBL_HELO "reject_rhsbl_helo"
#define REJECT_RHSBL_SENDER "reject_rhsbl_sender"
#define REJECT_RHSBL_RECIPIENT "reject_rhsbl_recipient"
#define VAR_LMTP_BODY_CHKS "lmtp_body_checks"
#define DEF_LMTP_BODY_CHKS ""
+#define VAR_SMTP_ADDR_PREF "smtp_address_preference"
+#ifdef HAS_IPV6
+#define DEF_SMTP_ADDR_PREF INET_PROTO_NAME_IPV6
+#else
+#define DEF_SMTP_ADDR_PREF INET_PROTO_NAME_IPV4
+#endif
+extern char *var_smtp_addr_pref;
+
+#define VAR_LMTP_ADDR_PREF "lmtp_address_preference"
+#define DEF_LMTP_ADDR_PREF DEF_SMTP_ADDR_PREF
+
/*
* Scheduler concurrency feedback algorithms.
*/
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20100213"
+#define MAIL_RELEASE_DATE "20100306"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT
VAR_LMTP_NEST_CHKS, DEF_LMTP_NEST_CHKS, &var_smtp_nest_chks, 0, 0,
VAR_LMTP_BODY_CHKS, DEF_LMTP_BODY_CHKS, &var_smtp_body_chks, 0, 0,
VAR_LMTP_RESP_FILTER, DEF_LMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0,
+ VAR_LMTP_ADDR_PREF, DEF_LMTP_ADDR_PREF, &var_smtp_addr_pref, 1, 0,
0,
};
static const CONFIG_TIME_TABLE lmtp_time_table[] = {
/* .IP "\fBproxy_interfaces (empty)\fR"
/* The network interface addresses that this mail system receives mail
/* on by way of a proxy or network address translation unit.
+/* .IP "\fBsmtp_address_preference (ipv6)\fR"
+/* The address type ("ipv6", "ipv4" or "any") that the Postfix
+/* SMTP client will try first, when a destination has IPv6 and IPv4
+/* addresses with equal MX preference.
/* .IP "\fBsmtp_bind_address (empty)\fR"
/* An optional numerical network address that the Postfix SMTP client
/* should bind to when making an IPv4 connection.
bool var_smtp_cache_demand;
char *var_smtp_ehlo_dis_words;
char *var_smtp_ehlo_dis_maps;
+char *var_smtp_addr_pref;
char *var_smtp_tls_level;
bool var_smtp_use_tls;
#endif
+ /*
+ * IPv6 preference.
+ */
+static int smtp_addr_pref;
+
/* deliver_message - deliver message with extreme prejudice */
static int deliver_message(const char *service, DELIVER_REQUEST *request)
state->request = request;
state->src = request->fp;
state->service = service;
+ state->misc_flags = smtp_addr_pref;
SMTP_RCPT_INIT(state);
/*
static void pre_init(char *unused_name, char **unused_argv)
{
int use_tls;
+ static const NAME_CODE addr_pref_map[] = {
+ INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6,
+ INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4,
+ INET_PROTO_NAME_ANY, 0,
+ 0, -1,
+ };
/*
* Turn on per-peer debugging.
smtp_chat_resp_filter =
dict_open(var_smtp_resp_filter, O_RDONLY,
DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
+
+ /*
+ * Address family preference.
+ */
+ if (*var_smtp_addr_pref) {
+ smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE,
+ var_smtp_addr_pref);
+ if (smtp_addr_pref < 0)
+ msg_fatal("bad %s value: %s", VAR_SMTP_ADDR_PREF, var_smtp_addr_pref);
+ }
}
/* pre_accept - see if tables have changed */
#define SMTP_MISC_FLAG_CONN_LOAD (1<<6)
#define SMTP_MISC_FLAG_CONN_STORE (1<<7)
#define SMTP_MISC_FLAG_COMPLETE_SESSION (1<<8)
+#define SMTP_MISC_FLAG_PREF_IPV6 (1<<9)
+#define SMTP_MISC_FLAG_PREF_IPV4 (1<<10)
#define SMTP_MISC_FLAG_CONN_CACHE_MASK \
(SMTP_MISC_FLAG_CONN_LOAD | SMTP_MISC_FLAG_CONN_STORE)
addr_list = smtp_host_addr(name, misc_flags, why);
break;
case DNS_OK:
- mx_names = dns_rr_sort(mx_names, dns_rr_compare_pref);
+ mx_names = dns_rr_sort(mx_names, dns_rr_compare_pref_any);
best_pref = (mx_names ? mx_names->pref : IMPOSSIBLE_PREFERENCE);
addr_list = smtp_addr_list(mx_names, why);
dns_rr_free(mx_names);
}
}
}
+#define SMTP_COMPARE_ADDR(flags) \
+ (((flags) & SMTP_MISC_FLAG_PREF_IPV6) ? dns_rr_compare_pref_ipv6 : \
+ ((flags) & SMTP_MISC_FLAG_PREF_IPV4) ? dns_rr_compare_pref_ipv4 : \
+ dns_rr_compare_pref_any)
+
if (addr_list && addr_list->next && var_smtp_rand_addr) {
addr_list = dns_rr_shuffle(addr_list);
- addr_list = dns_rr_sort(addr_list, dns_rr_compare_pref);
+ addr_list = dns_rr_sort(addr_list, SMTP_COMPARE_ADDR(misc_flags));
}
break;
case DNS_NOTFOUND:
addr_list = dns_rr_shuffle(addr_list);
/* The following changes the order of equal-preference hosts. */
if (inet_proto_info()->ai_family_list[1] != 0)
- addr_list = dns_rr_sort(addr_list, dns_rr_compare_pref);
+ addr_list = dns_rr_sort(addr_list, SMTP_COMPARE_ADDR(misc_flags));
}
if (msg_verbose)
smtp_print_addr(host, addr_list);
VAR_SMTP_NEST_CHKS, DEF_SMTP_NEST_CHKS, &var_smtp_nest_chks, 0, 0,
VAR_SMTP_BODY_CHKS, DEF_SMTP_BODY_CHKS, &var_smtp_body_chks, 0, 0,
VAR_SMTP_RESP_FILTER, DEF_SMTP_RESP_FILTER, &var_smtp_resp_filter, 0, 0,
+ VAR_SMTP_ADDR_PREF, DEF_SMTP_ADDR_PREF, &var_smtp_addr_pref, 1, 0,
0,
};
static const CONFIG_TIME_TABLE smtp_time_table[] = {
/* .IP "\fBmaps_rbl_reject_code (554)\fR"
/* The numerical Postfix SMTP server response code when a remote SMTP
/* client request is blocked by the reject_rbl_client, reject_rhsbl_client,
-/* reject_rhsbl_sender or reject_rhsbl_recipient restriction.
+/* reject_rhsbl_reverse_client, reject_rhsbl_sender or
+/* reject_rhsbl_recipient restriction.
/* .IP "\fBnon_fqdn_reject_code (504)\fR"
/* The numerical Postfix SMTP server reply code when a client request
/* is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender
/*
* Separate MX list into primaries and backups.
*/
- mx_list = dns_rr_sort(mx_list, dns_rr_compare_pref);
+ mx_list = dns_rr_sort(mx_list, dns_rr_compare_pref_any);
for (middle = mx_list; /* see below */ ; middle = rest) {
rest = middle->next;
if (rest == 0)
status = reject_rbl_domain(state, *cpp, state->name,
SMTPD_NAME_CLIENT);
}
+ } else if (strcasecmp(name, REJECT_RHSBL_REVERSE_CLIENT) == 0) {
+ if (cpp[1] == 0)
+ msg_warn("restriction %s requires domain name argument",
+ name);
+ else {
+ cpp += 1;
+ if (strcasecmp(state->name, "unknown") != 0)
+ status = reject_rbl_domain(state, *cpp, state->reverse_name,
+ SMTPD_NAME_REV_CLIENT);
+ }
} else if (is_map_command(state, name, CHECK_CCERT_ACL, &cpp)) {
status = check_ccert_access(state, *cpp, def_acl);
} else if (is_map_command(state, name, CHECK_CLIENT_NS_ACL, &cpp)) {
(unsigned long) var_queue_minfree,
(unsigned long) var_message_limit);
if (BLOCKS(var_queue_minfree) >= fsbuf.block_free
- || BLOCKS(var_message_limit) >= fsbuf.block_free / smtpd_space_multf) {
+ || BLOCKS(var_message_limit) >= fsbuf.block_free / smtpd_space_multf) {
(void) smtpd_check_reject(state, MAIL_ERROR_RESOURCE,
452, "4.3.1",
"Insufficient system storage");
msg_warn("not enough free space in mail queue: %lu bytes < "
"%g*message size limit",
(unsigned long) fsbuf.block_free * fsbuf.block_size,
- smtpd_space_multf);
+ smtpd_space_multf);
return (STR(error_text));
}
return (0);
projects / thirdparty / postfix.git / commitdiff
