20230815
- Bugfix (bug introduced: 20140218): when opportunistic TLS fails
- during or after the handshake, don't require that a probe
- message has a minimum time-in-queue before falling back to
- plaintext. Problem reported by Serg. File: smtp/smtp.h.
+ Bugfix (defect introduced: 20140218): when an address
+ verification probe fails during or after an opportunistic
+ TLS handshake, immediately fall back to plaintext, without
+ enforcing a minimum time-in-queue. Problem reported by Serg.
+ File: smtp/smtp.h.
20230820
but legitimate wildcard names (*.name) in some DNS lookup
results and lookup requests. Examples:
+ name class/type value
*.one.example IN CNAME *.other.example
*.other.example IN A 10.0.0.1
*.other.example IN TLSA ..certificate info...
- Reported first in the context of TLSA record lookups.
- Files: util/valid_hostname.[hc], dns/dns_lookup.c.
+ Such syntax is blesed in RFC 1034 section 4.3.3.
+
+ This problem was reported first in the context of TLSA
+ record lookups. Files: util/valid_hostname.[hc],
+ dns/dns_lookup.c.
+
+20230831
+
+ Documentation: clarify the scope of local_recipient_maps.
+ Files: proto/LOCAL_RECIPIENT_README.html, proto/postconf.proto.
+
+ Documentation loose ends. Files: HISTORY, dns/dns_lookup.c.
+
+20230901
+
+ Feature: enforce_mime_input_conversion (default: no) to
+ convert content that claims to be 8-bit into quoted-printable,
+ before header_checks, body_checks, Milters, and before
+ after-queue content filters. The typical use case is an MTA
+ that applies this conversion before signing outbound messages,
+ so that the signatures will remain valid when a message is
+ later delivered to an MTA that does not announce 8BITMIME
+ support, or when a message line exceeds the SMTP length
+ limit. Files: global/mail_params.c, cleanup/cleanup_message.c,
+ cleanup/cleanup.c, cleanup/cleanup_init.c, proto/postconf.proto,
+ mantools/postlink.
matches $mydestination, $inet_interfaces or $proxy_interfaces. If a local
username or address is not listed in $local_recipient_maps, then the Postfix
SMTP server will reject the address with "User unknown in local recipient
-table".
+table". Other Postfix interfaces may still accept an "unknown" recipient.
The default setting, shown below, assumes that you use the default Postfix
local(8) delivery agent for local delivery, where recipients are either UNIX
license of their choice. Those who are more comfortable with the
IPL can continue with that license.
+Major changes with snapshot 20230901
+====================================
+
+New parameter enforce_mime_input_conversion (default: no) to convert
+content that claims to be 8-bit into quoted-printable, before
+header_checks, body_checks, Milters, and before after-queue content
+filters. This feature does not affect messages that are sent into
+smtpd_proxy_filter.
+
+The typical use case is an MTA that applies this conversion before
+signing outbound messages, so that the signatures will remain valid
+when a message is later handled by an MTA that does not announce
+8BITMIME support, or when a message line exceeds the SMTP length
+limit.
+
Major changes with snapshot 20230807
====================================
postfix-install should mention makedefs.out.
+ Update DKIM examples for signing with the benefits of forced
+ MIME converison with "enforce_mime_input_conversion = yes"
+
Deprecate permit_mx_backup. It is fundamentally incompatible
with recipient address validation. There is no way to fix that:
reject_unverified_recipient requires that the domain is reachable,
local when its domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>. If a local username or address is not listed in
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>, then the Postfix SMTP server will reject
-the address with "User unknown in local recipient table". </p>
+the address with "User unknown in local recipient table". Other
+Postfix interfaces may still accept an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the
default Postfix <a href="local.8.html">local(8)</a> delivery agent for local delivery, where
The email address form that will be used in non-debug logging
(info, warning, etc.).
+ Available in Postfix 3.9 and later:
+
+ <b><a href="postconf.5.html#enforce_mime_input_conversion">enforce_mime_input_conversion</a> (no)</b>
+ Convert content that claims to be 8-bit into quoted-printable,
+ before <a href="postconf.5.html#header_checks">header_checks</a>, <a href="postconf.5.html#body_checks">body_checks</a>, Milters, and before
+ after-queue content filters.
+
<b>FILES</b>
/etc/postfix/canonical*, canonical mapping table
/etc/postfix/virtual*, virtual mapping table
<p> This feature is available in Postfix 3.6 and later. </p>
+</DD>
+
+<DT><b><a name="enforce_mime_input_conversion">enforce_mime_input_conversion</a>
+(default: no)</b></DT><DD>
+
+<p> Convert content that claims to be 8-bit into quoted-printable,
+before <a href="postconf.5.html#header_checks">header_checks</a>, <a href="postconf.5.html#body_checks">body_checks</a>, Milters, and before after-queue
+content filters. This feature does not affect messages that are
+sent into <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>. </p>
+
+<p> The typical use case is an MTA that applies this conversion
+before signing outbound messages, so that the signatures will remain
+valid when a message is later delivered to an MTA that does not
+announce 8BITMIME support, or when a message line exceeds the SMTP
+length limit. </p>
+
+<p> This feature is available in Postfix ≥ 3.9. </p>
+
+
</DD>
<DT><b><a name="error_notice_recipient">error_notice_recipient</a>
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
-server will reject mail for unknown local users.
-</p>
+server will reject mail for unknown local users. Other Postfix
+interfaces may still accept an "unknown" recipient. </p>
<p>
To turn off local recipient checking in the Postfix SMTP server,
.br
.PP
This feature is available in Postfix 3.6 and later.
+.SH enforce_mime_input_conversion (default: no)
+Convert content that claims to be 8\-bit into quoted\-printable,
+before header_checks, body_checks, Milters, and before after\-queue
+content filters. This feature does not affect messages that are
+sent into smtpd_proxy_filter.
+.PP
+The typical use case is an MTA that applies this conversion
+before signing outbound messages, so that the signatures will remain
+valid when a message is later delivered to an MTA that does not
+announce 8BITMIME support, or when a message line exceeds the SMTP
+length limit.
+.PP
+This feature is available in Postfix >= 3.9.
.SH error_notice_recipient (default: postmaster)
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
until a match is found.
.PP
If this parameter is non\-empty (the default), then the Postfix SMTP
-server will reject mail for unknown local users.
+server will reject mail for unknown local users. Other Postfix
+interfaces may still accept an "unknown" recipient.
.PP
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
.IP "\fBinfo_log_address_format (external)\fR"
The email address form that will be used in non\-debug logging
(info, warning, etc.).
+.PP
+Available in Postfix 3.9 and later:
+.IP "\fBenforce_mime_input_conversion (no)\fR"
+Convert content that claims to be 8\-bit into quoted\-printable,
+before header_checks, body_checks, Milters, and before after\-queue
+content filters.
.SH "FILES"
.na
.nf
s;\bdisable_dns_lookups\b;<a href="postconf.5.html#disable_dns_lookups">$&</a>;g;
s;\bdisable_mime_input_processing\b;<a href="postconf.5.html#disable_mime_input_processing">$&</a>;g;
s;\bdisable_mime_output_conversion\b;<a href="postconf.5.html#disable_mime_output_conversion">$&</a>;g;
+ s;\benforce_mime_input_conversion\b;<a href="postconf.5.html#enforce_mime_input_conversion">$&</a>;g;
s;\bdisable_verp_bounces\b;<a href="postconf.5.html#disable_verp_bounces">$&</a>;g;
s;\bdisable_vrfy_command\b;<a href="postconf.5.html#disable_vrfy_command">$&</a>;g;
s;\bdont_remove\b;<a href="postconf.5.html#dont_remove">$&</a>;g;
local when its domain matches $mydestination, $inet_interfaces or
$proxy_interfaces. If a local username or address is not listed in
$local_recipient_maps, then the Postfix SMTP server will reject
-the address with "User unknown in local recipient table". </p>
+the address with "User unknown in local recipient table". Other
+Postfix interfaces may still accept an "unknown" recipient. </p>
<p> The default setting, shown below, assumes that you use the
default Postfix local(8) delivery agent for local delivery, where
<p>
If this parameter is non-empty (the default), then the Postfix SMTP
-server will reject mail for unknown local users.
-</p>
+server will reject mail for unknown local users. Other Postfix
+interfaces may still accept an "unknown" recipient. </p>
<p>
To turn off local recipient checking in the Postfix SMTP server,
<p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6,
3.6.10, and 3.5.20. </p>
+
+%PARAM enforce_mime_input_conversion no
+
+<p> Convert content that claims to be 8-bit into quoted-printable,
+before header_checks, body_checks, Milters, and before after-queue
+content filters. This feature does not affect messages that are
+sent into smtpd_proxy_filter. </p>
+
+<p> The typical use case is an MTA that applies this conversion
+before signing outbound messages, so that the signatures will remain
+valid when a message is later delivered to an MTA that does not
+announce 8BITMIME support, or when a message line exceeds the SMTP
+length limit. </p>
+
+<p> This feature is available in Postfix ≥ 3.9. </p>
reported by Serg File smtp smtp h
smtp lmtp_params c smtp smtp c smtp smtp_params c
plaintext Problem reported by Serg File smtp smtp h
+ cleanup cleanup c cleanup cleanup_init c proto postconf proto
/* .IP "\fBinfo_log_address_format (external)\fR"
/* The email address form that will be used in non-debug logging
/* (info, warning, etc.).
+/* .PP
+/* Available in Postfix 3.9 and later:
+/* .IP "\fBenforce_mime_input_conversion (no)\fR"
+/* Convert content that claims to be 8-bit into quoted-printable,
+/* before header_checks, body_checks, Milters, and before after-queue
+/* content filters.
/* FILES
/* /etc/postfix/canonical*, canonical mapping table
/* /etc/postfix/virtual*, virtual mapping table
int var_always_add_hdrs; /* always add missing headers */
int var_virt_addrlen_limit; /* stop exponential growth */
char *var_hfrom_format; /* header_from_format */
+int var_enforce_mime_iconv; /* enforce mime downgrade on input */
const CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
VAR_AUTO_8BIT_ENC_HDR, DEF_AUTO_8BIT_ENC_HDR, &var_auto_8bit_enc_hdr,
VAR_ALWAYS_ADD_HDRS, DEF_ALWAYS_ADD_HDRS, &var_always_add_hdrs,
+ VAR_ENFORCE_MIME_ICONV, DEF_ENFORCE_MIME_ICONV, &var_enforce_mime_iconv,
0,
};
*/
mime_options = 0;
if (var_disable_mime_input) {
+ if (var_enforce_mime_iconv)
+ msg_fatal("do not specify both %s=yes and %s=yes",
+ VAR_DISABLE_MIME_INPUT, VAR_ENFORCE_MIME_ICONV);
mime_options |= MIME_OPT_DISABLE_MIME;
} else {
/* Turn off content checks if bouncing or forwarding mail. */
|| *var_nesthdr_checks)
mime_options |= MIME_OPT_REPORT_NESTING;
}
+ if (var_enforce_mime_iconv)
+ mime_options |= MIME_OPT_DOWNGRADE;
}
state->mime_state = mime_state_alloc(mime_options,
cleanup_header_callback,
/* an invalid name is reported as a DNS_INVAL result, while
/* malformed replies are reported as transient errors.
/*
+/* Note: in dns_lookup*() results and queries, a name may start
+/* with a "*" label, which is valid according to RFC 1034
+/* section 4.3.3. Such a name will not pass valid_hostname()
+/* checks in the rest of Postfix, because it is not a valid
+/* host or domain name.
+/*
/* dns_get_h_errno() returns the last error. This deprecates
/* usage of the global h_errno variable. We should not rely
/* on that being updated.
#define DEF_DISABLE_MIME_OCONV 0
extern bool var_disable_mime_oconv;
+#define VAR_ENFORCE_MIME_ICONV "enforce_mime_input_conversion"
+#define DEF_ENFORCE_MIME_ICONV 0
+extern bool var_enforce_mime_iconv;
+
#define VAR_STRICT_8BITMIME "strict_8bitmime"
#define DEF_STRICT_8BITMIME 0
extern bool var_strict_8bitmime;
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20230821"
+#define MAIL_RELEASE_DATE "20230901"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
projects / thirdparty / postfix.git / commitdiff
