Feature: support for the RFC 8689 "TLS-Required: no" message
header. This limits the Postfix SMTP client TLS security
- level to "smtp_tls_security = may", which does not authenticate
+ level to "smtp_tls_security = may", which does not verify
remote SMTP server TLS certificates, and which allows falling
back to plaintext. This is needed for the delivery of
messages such as TLSRPT summaries, which should be sent
Debug: verbose logging for the tlsrpt_wrapper functions.
File: tls/tlsrpt_wrapper.c.
+
+20250201
+
+ Cleanup: simplified the code in cleanup_envelope_test.c.
+
+ Feature: configuration parameter "tls_required_enable
+ (default: yes) to control support for the "TLS-Required:
+ no" message header. Files: global/mail_params.[hc],
+ bounce/bounce.c, bounce/bounce_notify_util.c, cleanup/cleanup.c,
+ cleanup/cleanup_message.c, smtp/smtp.c, smtp/smtp_connect.c,
+ mantools/postlink.
+
+20250202
+
+ Documentation: edited for clarity. Files: pipe/pipe.c,
+ proto/postconf.proto.
+
+ Debug logging: cleanup/cleanup_api.c. tls/tlsrpt_wrapper.c.
+ proto/TLSRPT_README.html.
+
+ Postfix 3.10 code freeze.
report those summaries via email to the specified address. Instead of mailto:,
a policy may specify an https: destination.
-The high-level diagram below shows how TLS handshake success and failure events
-from Postfix are collected and processed into daily summary reports.
+The diagram below shows how Postfix TLS handshake success and failure events
+are collected and processed into daily summary reports.
Postfix SMTP and TLSRPT client TLSRPT collector, Email or HTTP
TLS client engines -> library (linked -> fetcher, and -> delivery
specified address. Instead of <tt>mailto:</tt>, a policy may specify an
<tt>https:</tt> destination. </p>
-<p> The high-level diagram below shows how TLS handshake success
-and failure events from Postfix are collected and processed into
-daily summary reports. </p>
+<p> The diagram below shows how Postfix TLS handshake success and
+failure events are collected and processed into daily summary
+reports. </p>
<blockquote>
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
+ Available in Postfix 3.10 and later:
+
+ <b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
+ Enable support for the "TLS-Required: no" message header,
+ defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
+
<b><a name="files">FILES</a></b>
/var/spool/postfix/bounce/* non-delivery records
/var/spool/postfix/defer/* non-delivery records
<a href="https://tools.ietf.org/html/rfc3463">RFC 3463</a> (Enhanced Status Codes)
<a href="https://tools.ietf.org/html/rfc3464">RFC 3464</a> (Delivery status notifications)
<a href="https://tools.ietf.org/html/rfc5322">RFC 5322</a> (Internet Message Format)
+ <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required: message header)
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
+<b><a name="tls_support">TLS SUPPORT</a></b>
+ Available in Postfix version 3.10 and later:
+
+ <b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
+ Enable support for the "TLS-Required: no" message header,
+ defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
+
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging delay values.
<b><a href="postconf.5.html#delay_warning_time">delay_warning_time</a> (0h)</b>
- The time after which the sender receives a copy of the message
+ The time after which the sender receives a copy of the message
headers of mail that is still queued.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to come from,
+ The domain name that locally-posted mail appears to come from,
and that locally posted mail is delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
- Safety net to keep mail queued that would otherwise be returned
+ Safety net to keep mail queued that would otherwise be returned
to the sender.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#enable_original_recipient">enable_original_recipient</a> (yes)</b>
- Enable support for the original recipient address after an
- address is rewritten to a different address (for example with
+ Enable support for the original recipient address after an
+ address is rewritten to a different address (for example with
aliasing or with canonical mapping).
Available in Postfix 3.3 and later:
Available in Postfix 3.5 and later:
<b><a href="postconf.5.html#info_log_address_format">info_log_address_format</a> (external)</b>
- The email address form that will be used in non-debug logging
+ The email address form that will be used in non-debug logging
(info, warning, etc.).
Available in Postfix 3.9 and later:
<b><a href="postconf.5.html#force_mime_input_conversion">force_mime_input_conversion</a> (no)</b>
- Convert body content that claims to be 8-bit into quoted-print-
- able, before <a href="postconf.5.html#header_checks">header_checks</a>, <a href="postconf.5.html#body_checks">body_checks</a>, Milters, and before
+ Convert body content that claims to be 8-bit into quoted-print-
+ able, before <a href="postconf.5.html#header_checks">header_checks</a>, <a href="postconf.5.html#body_checks">body_checks</a>, Milters, and before
after-queue content filters.
<b><a name="files">FILES</a></b>
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
+ Available in Postfix 3.10 and later:
+
+ <b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
+ Enable support for the "TLS-Required: no" message header,
+ defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
+
<b><a name="files">FILES</a></b>
/var/spool/postfix/bounce/* non-delivery records
/var/spool/postfix/defer/* non-delivery records
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
+ <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required message header)
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
+ Available in Postfix version 3.10 and later:
+
<b><a href="postconf.5.html#smtp_tlsrpt_enable">smtp_tlsrpt_enable</a> (no)</b>
Enable support for <a href="https://tools.ietf.org/html/rfc8460">RFC 8460</a> TLSRPT notifications.
reuse a previously-negotiated TLS session (there is no new
information to report).
+ <b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
+ Enable support for the "TLS-Required: no" message header,
+ defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
+
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a name="smtputf8_controls">SMTPUTF8 CONTROLS</a></b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a nexthop destina-
- tion, remote client or server name or network address matches a
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of nexthop destination, remote client or server
- name or network address patterns that, if matched, cause the
- verbose logging level to increase by the amount specified in
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The local network interface addresses that this mail system
+ The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The remote network interface addresses that this mail system
- receives mail on by way of a proxy or network address transla-
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay destinations that will be used when an
- SMTP destination is not found, or when delivery fails due to a
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
- Defer delivery when the Postfix SMTP client cannot apply the
+ Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b><a name="see_also">SEE ALSO</a></b>
as an argument by itself:
<i>Right</i>: command -f $sender -- $recipient
+
NOTE: DO NOT put quotes around the command, $sender, or $recipi-
ent.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
The maximal number of digits after the decimal point when log-
- ging sub-second delay values.
+ ging delay values.
<b><a href="postconf.5.html#export_environment">export_environment</a> (see 'postconf -d' output)</b>
The list of environment variables that a Postfix process will
<p> This feature is available in Postfix 2.2 and later. </p>
+</DD>
+
+<DT><b><a name="tls_required_enable">tls_required_enable</a>
+(default: yes)</b></DT><DD>
+
+<p> Enable support for the "TLS-Required: no" message header, defined
+in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>. By adding this header to a message, a sender requests
+no enforcement of TLS policy. This limits the Postfix SMTP client
+TLS security level to "may", that is, do not verify remote SMTP
+server certificates, and fall back to plaintext if TLS is unavailable.
+If a message contains a "TLS-Required: no" header, then Postfix
+will add that header to a delivery status notification for that
+message. </p>
+
+<p> This feature is available in Postfix ≥ 3.10. </p>
+
+
</DD>
<DT><b><a name="tls_server_sni_maps">tls_server_sni_maps</a>
<a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
<a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
<a href="https://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
+ <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a> (TLS-Required message header)
<b><a name="diagnostics">DIAGNOSTICS</a></b>
Problems and transactions are logged to <b>syslogd</b>(8) or <a href="postlogd.8.html"><b>postlogd</b>(8)</a>.
Request that remote SMTP servers send an <a href="https://tools.ietf.org/html/rfc7250">RFC7250</a> raw public key
instead of an X.509 certificate.
+ Available in Postfix version 3.10 and later:
+
<b><a href="postconf.5.html#smtp_tlsrpt_enable">smtp_tlsrpt_enable</a> (no)</b>
Enable support for <a href="https://tools.ietf.org/html/rfc8460">RFC 8460</a> TLSRPT notifications.
reuse a previously-negotiated TLS session (there is no new
information to report).
+ <b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
+ Enable support for the "TLS-Required: no" message header,
+ defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
+
<b><a name="obsolete_starttls_controls">OBSOLETE STARTTLS CONTROLS</a></b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b><a name="resource_and_rate_controls">RESOURCE AND RATE CONTROLS</a></b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 - 3.6:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
Available in Postfix version 3.7 and later:
<b><a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per plaintext or TLS read or write call, to a com-
- bined time limit for sending a complete SMTP request and for
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per plaintext or TLS read or write call, to a com-
+ bined time limit for sending a complete SMTP request and for
receiving a complete SMTP response.
<b><a href="postconf.5.html#smtp_min_data_rate">smtp_min_data_rate</a> (500)</b>
- The minimum plaintext data transfer rate in bytes/second for
+ The minimum plaintext data transfer rate in bytes/second for
DATA requests, when deadlines are enabled with
<a href="postconf.5.html#smtp_per_request_deadline">smtp_per_request_deadline</a>.
<b><a href="postconf.5.html#transport_destination_concurrency_limit">transport_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
+ A
transport-specific override for the <a href="postconf.5.html#default_destination_concurrency_limit">default_destination_con</a>-
<a href="postconf.5.html#default_destination_concurrency_limit">currency_limit</a> parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a href="postconf.5.html#transport_destination_recipient_limit">transport_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b><a name="smtputf8_controls">SMTPUTF8 CONTROLS</a></b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="https://tools.ietf.org/html/rfc6531">RFC 6531</a>, <a href="https://tools.ietf.org/html/rfc6532">RFC 6532</a>, and <a href="https://tools.ietf.org/html/rfc6533">RFC 6533</a>.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b><a name="trouble_shooting_controls">TROUBLE SHOOTING CONTROLS</a></b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a nexthop destina-
- tion, remote client or server name or network address matches a
+ The increment in verbose logging level when a nexthop destina-
+ tion, remote client or server name or network address matches a
pattern given with the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of nexthop destination, remote client or server
- name or network address patterns that, if matched, cause the
- verbose logging level to increase by the amount specified in
+ Optional list of nexthop destination, remote client or server
+ name or network address patterns that, if matched, cause the
+ verbose logging level to increase by the amount specified in
$<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b><a name="miscellaneous_controls">MISCELLANEOUS CONTROLS</a></b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The local network interface addresses that this mail system
+ The local network interface addresses that this mail system
receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (see 'postconf -d' output)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The remote network interface addresses that this mail system
- receives mail on by way of a proxy or network address transla-
+ The remote network interface addresses that this mail system
+ receives mail on by way of a proxy or network address transla-
tion unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay destinations that will be used when an
- SMTP destination is not found, or when delivery fails due to a
+ Optional list of relay destinations that will be used when an
+ SMTP destination is not found, or when delivery fails due to a
non-permanent error.
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
Available in Postfix 3.7 and later:
<b><a href="postconf.5.html#smtp_bind_address_enforce">smtp_bind_address_enforce</a> (no)</b>
- Defer delivery when the Postfix SMTP client cannot apply the
+ Defer delivery when the Postfix SMTP client cannot apply the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> or <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> setting.
<b><a name="see_also">SEE ALSO</a></b>
<b><a href="postconf.5.html#header_from_format">header_from_format</a> (standard)</b>
The format of the Postfix-generated <b>From:</b> header.
+ Available in Postfix 3.10 and later:
+
+ <b><a href="postconf.5.html#tls_required_enable">tls_required_enable</a> (yes)</b>
+ Enable support for the "TLS-Required: no" message header,
+ defined in <a href="https://tools.ietf.org/html/rfc8689">RFC 8689</a>.
+
<b><a name="files">FILES</a></b>
/var/spool/postfix/bounce/* non-delivery records
/var/spool/postfix/defer/* non-delivery records
gives timeout errors.
.PP
This feature is available in Postfix 2.2 and later.
+.SH tls_required_enable (default: yes)
+Enable support for the "TLS\-Required: no" message header, defined
+in RFC 8689. By adding this header to a message, a sender requests
+no enforcement of TLS policy. This limits the Postfix SMTP client
+TLS security level to "may", that is, do not verify remote SMTP
+server certificates, and fall back to plaintext if TLS is unavailable.
+If a message contains a "TLS\-Required: no" header, then Postfix
+will add that header to a delivery status notification for that
+message.
+.PP
+This feature is available in Postfix >= 3.10.
.SH tls_server_sni_maps (default: empty)
Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the
Available in Postfix 3.7 and later:
.IP "\fBheader_from_format (standard)\fR"
The format of the Postfix\-generated \fBFrom:\fR header.
+.PP
+Available in Postfix 3.10 and later:
+.IP "\fBtls_required_enable (yes)\fR"
+Enable support for the "TLS\-Required: no" message header, defined
+in RFC 8689.
.SH "FILES"
.na
.nf
RFC 3463 (Enhanced Status Codes)
RFC 3464 (Delivery status notifications)
RFC 5322 (Internet Message Format)
+RFC 8689 (TLS\-Required: message header)
.SH DIAGNOSTICS
.ad
.fi
Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
when converting UTF\-8 domain names to/from the ASCII form that is
used for DNS lookups.
+.SH "TLS SUPPORT"
+.na
+.nf
+.ad
+.fi
+Available in Postfix version 3.10 and later:
+.IP "\fBtls_required_enable (yes)\fR"
+Enable support for the "TLS\-Required: no" message header, defined
+in RFC 8689.
.SH "MISCELLANEOUS CONTROLS"
.na
.nf
.nf
\fIRight\fR: command \-f $sender \-\- $recipient
.fi
+.IP
NOTE: DO NOT put quotes around the command, $sender, or $recipient.
.IP
This feature is available as of Postfix 2.3.
request before it is terminated by a built\-in watchdog timer.
.IP "\fBdelay_logging_resolution_limit (2)\fR"
The maximal number of digits after the decimal point when logging
-sub\-second delay values.
+delay values.
.IP "\fBexport_environment (see 'postconf -d' output)\fR"
The list of environment variables that a Postfix process will export
to non\-Postfix processes.
RFC 6531 (Internationalized SMTP)
RFC 6533 (Internationalized Delivery Status Notifications)
RFC 7672 (SMTP security via opportunistic DANE TLS)
+RFC 8689 (TLS\-Required message header)
.SH DIAGNOSTICS
.ad
.fi
.IP "\fBsmtp_tls_enable_rpk (no)\fR"
Request that remote SMTP servers send an RFC7250 raw public key
instead of an X.509 certificate.
-.PP Available in Postfix version 3.10 and later:
+.PP
+Available in Postfix version 3.10 and later:
.IP "\fBsmtp_tlsrpt_enable (no)\fR"
Enable support for RFC 8460 TLSRPT notifications.
.IP "\fBsmtp_tlsrpt_socket_name (empty)\fR"
Do not report the TLSRPT status for TLS protocol handshakes
that reuse a previously\-negotiated TLS session (there is no new
information to report).
+.IP "\fBtls_required_enable (yes)\fR"
+Enable support for the "TLS\-Required: no" message header, defined
+in RFC 8689.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
s;\ballow_srv_lookup_fallback\b;<a href="postconf.5.html#allow_srv_lookup_fallback">$&</a>;g;
s;\bignore_srv_lookup_error\b;<a href="postconf.5.html#ignore_srv_lookup_error">$&</a>;g;
+ s;\btls_required_enable\b;<a href="postconf.5.html#tls_required_enable">$&</a>;g;
s;\bfull_name_encoding_charset\b;<a href="postconf.5.html#full_name_encoding_charset">$&</a>;g;
# Service-defined parameters...
specified address. Instead of <tt>mailto:</tt>, a policy may specify an
<tt>https:</tt> destination. </p>
-<p> The high-level diagram below shows how TLS handshake success
-and failure events from Postfix are collected and processed into
-daily summary reports. </p>
+<p> The diagram below shows how Postfix TLS handshake success and
+failure events are collected and processed into daily summary
+reports. </p>
<blockquote>
including the netstring encapsulation. </p>
<p> This feature is available in Postfix ≥ 3.10. </p>
+
+%PARAM tls_required_enable yes
+
+<p> Enable support for the "TLS-Required: no" message header, defined
+in RFC 8689. By adding this header to a message, a sender requests
+no enforcement of TLS policy. This limits the Postfix SMTP client
+TLS security level to "may", that is, do not verify remote SMTP
+server certificates, and fall back to plaintext if TLS is unavailable.
+If a message contains a "TLS-Required: no" header, then Postfix
+will add that header to a delivery status notification for that
+message. </p>
+
+<p> This feature is available in Postfix ≥ 3.10. </p>
qmgr qmgr_deliver c qmgr qmgr_message c qmqpd qmqpd c
smtp smtp_proto c smtpd smtpd c verify verify c
operations Files cleanup cleanup h cleanup cleanup_message c
+ proto postconf proto pipe pipe c
TINYCDB
getdata
XXXSENDOPTS
+xtra
/* Available in Postfix 3.7 and later:
/* .IP "\fBheader_from_format (standard)\fR"
/* The format of the Postfix-generated \fBFrom:\fR header.
+/* .PP
+/* Available in Postfix 3.10 and later:
+/* .IP "\fBtls_required_enable (yes)\fR"
+/* Enable support for the "TLS-Required: no" message header, defined
+/* in RFC 8689.
/* FILES
/* /var/spool/postfix/bounce/* non-delivery records
/* /var/spool/postfix/defer/* non-delivery records
post_mail_fprintf(bounce, "In-Reply-To: %s", STR(bounce_info->orig_msgid));
}
+ /*
+ * Trade confidentiality against availability.
+ */
+ if (var_tls_required_enable
+ && (bounce_info->sendopts & SOPT_REQUIRETLS_HEADER) != 0)
+ post_mail_fprintf(bounce, "TLS-Required: no");
+
/*
* Auto-Submitted header, as per RFC 3834.
*/
/* RFC 3463 (Enhanced Status Codes)
/* RFC 3464 (Delivery status notifications)
/* RFC 5322 (Internet Message Format)
+/* RFC 8689 (TLS-Required: message header)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8).
/* Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
/* when converting UTF-8 domain names to/from the ASCII form that is
/* used for DNS lookups.
+/* TLS SUPPORT
+/* .ad
+/* .fi
+/* Available in Postfix version 3.10 and later:
+/* .IP "\fBtls_required_enable (yes)\fR"
+/* Enable support for the "TLS-Required: no" message header, defined
+/* in RFC 8689.
/* MISCELLANEOUS CONTROLS
/* .ad
/* .fi
* definition.
*/
if (msg_verbose)
- msg_info("cleanup flags = %s", cleanup_strflags(flags));
+ msg_info("client flags = %s", cleanup_strflags(flags));
if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) {
state->err_mask = CLEANUP_STAT_MASK_INCOMPLETE;
} else {
if (state->flags & CLEANUP_FLAG_SMTPUTF8)
state->sendopts |= SMTPUTF8_FLAG_REQUESTED;
/* TODO(wietse) REQUIRETLS. */
+ if (msg_verbose)
+ msg_info("server flags = %s", cleanup_strflags(state->flags));
}
/* cleanup_flush - finish queue file */
#include <sys_defs.h>
#include <string.h>
#include <stdlib.h>
-#include <stdio.h> /* ssscanf() */
#include <ctype.h>
/*
/*
* Global library.
*/
-#include <been_here.h>
#include <record.h>
#include <rec_type.h>
#include <cleanup_user.h>
* Process the test SIZE record payload, clear some bits from the
* sendopts field, and write an all-zeroes preliminary SIZE record.
*/
- VSTRING *output_stream_buf = vstring_alloc(100);
-
- if ((state->dst = vstream_memopen(output_stream_buf, O_WRONLY)) == 0) {
- msg_warn("vstream_memopen(output_stream_buf, O_WRONLY): %m");
+ if ((state->dst = vstream_fopen("/dev/null", O_WRONLY, 0)) == 0) {
+ msg_warn("vstream_fopen(\"/dev/null\", O_WRONLY, 0): %m");
return (FAIL);
}
cleanup_envelope(state, REC_TYPE_SIZE, vstring_str(input_buf),
}
vstring_free(input_buf);
input_buf = 0;
-
- /*
- * Overwrite the SIZE record with an updated version that includes the
- * modified sendopts field.
- */
- cleanup_final(state);
- if (state->errs != CLEANUP_STAT_OK) {
- msg_warn("cleanup_final: got: '%s', want: '%s'",
- cleanup_strerror(state->errs),
- cleanup_strerror(CLEANUP_STAT_OK));
- return (FAIL);
- }
(void) vstream_fclose(state->dst);
state->dst = 0;
/*
- * Read the final SIZE record content. This normally happens in the queue
- * manager, and in the pickup daemon after a message is re-queued.
+ * Compare the updated state against the expected content. We expect that
+ * the fields for xtra_offset, data_offset, rcpt_count, qmgr_opts, and
+ * cont_length, are consistent with the saved CLEANUP_STATE, and we
+ * expect to see a specific value for the sendopts field that was
+ * assigned in cleanup_envelope().
*/
- VSTREAM *fp;
-
- if ((fp = vstream_memopen(output_stream_buf, O_RDONLY)) == 0) {
- msg_warn("vstream_memopen(output_stream_buf, O_RDONLY): %m");
- return (FAIL);
- }
- VSTRING *got_size_payload = vstring_alloc(VSTRING_LEN(output_stream_buf));
- int got_rec_type;
-
- if ((got_rec_type = rec_get(fp, got_size_payload, 0)) != REC_TYPE_SIZE) {
- msg_warn("rec_get: got: %s, want: %s",
- rec_type_name(got_rec_type), rec_type_name(REC_TYPE_SIZE));
- return (FAIL);
- }
- (void) vstream_fclose(fp);
- vstring_free(output_stream_buf);
-
- /*
- * Compare the stored SIZE record content against the expected content.
- * We expect that the fields for data_size, data_offset, rcpt_count,
- * qmgr_opts, and cont_length, are consistent with the saved
- * CLEANUP_STATE, and we expect to see a specific value for the sendopts
- * field that was made by cleanup_envelope().
- */
- int got_conv;
- long data_size, data_offset, cont_length;
- int rcpt_count, qmgr_opts, sendopts;
-
- if ((got_conv = sscanf(vstring_str(got_size_payload), "%ld %ld %d %d %ld %d",
- &data_size, &data_offset, &rcpt_count, &qmgr_opts,
- &cont_length, &sendopts)) != 6) {
- msg_warn("sscanf SIZE record fields: got: %d, want 6", got_conv);
- return (FAIL);
- }
- if (data_size != saved_state.xtra_offset - saved_state.data_offset) {
- msg_warn("SIZE.data_size: got %ld, want: %ld", (long) data_size,
- (long) (saved_state.xtra_offset - saved_state.data_offset));
+ if (state->xtra_offset != saved_state.xtra_offset) {
+ msg_warn("state->xtra_offset: got %ld, want: %ld",
+ (long) state->xtra_offset, (long) saved_state.xtra_offset);
return (FAIL);
}
- if (data_offset != saved_state.data_offset) {
- msg_warn("SIZE.data_offset: got %ld, want: %ld", (long) data_offset,
- (long) saved_state.data_offset);
+ if (state->data_offset != saved_state.data_offset) {
+ msg_warn("state->data_offset: got %ld, want: %ld",
+ (long) state->data_offset, (long) saved_state.data_offset);
return (FAIL);
}
- if (rcpt_count != saved_state.rcpt_count) {
- msg_warn("SIZE.rcpt_count: got: %d, want: %d", rcpt_count,
- (int) saved_state.rcpt_count);
+ if (state->rcpt_count != saved_state.rcpt_count) {
+ msg_warn("state->rcpt_count: got: %ld, want: %ld",
+ (long) state->rcpt_count, (long) saved_state.rcpt_count);
return (FAIL);
}
- if (qmgr_opts != saved_state.qmgr_opts) {
- msg_warn("SIZE.qmgr_opts: got: %d, want: %d", qmgr_opts,
- saved_state.qmgr_opts);
+ if (state->qmgr_opts != saved_state.qmgr_opts) {
+ msg_warn("state=>qmgr_opts: got: %d, want: %d",
+ state->qmgr_opts, saved_state.qmgr_opts);
return (FAIL);
}
- if (cont_length != saved_state.cont_length) {
- msg_warn("SIZE.cont_length: got %ld, want: %ld", (long) cont_length,
- (long) saved_state.cont_length);
+ if (state->cont_length != saved_state.cont_length) {
+ msg_warn("state->cont_length: got %ld, want: %ld",
+ (long) state->cont_length, (long) saved_state.cont_length);
return (FAIL);
}
- if (sendopts != (SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED)) {
- msg_warn("SIZE.sendopts: got: 0x%x, want: 0x%x",
- sendopts, SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED);
+ if (state->sendopts != (SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED)) {
+ msg_warn("state->sendopts: got: 0x%x, want: 0x%x",
+ state->sendopts, SOPT_FLAG_ALL & ~SOPT_FLAG_DERIVED);
return (FAIL);
}
/*
* Cleanup.
*/
- vstring_free(got_size_payload);
cleanup_state_free(state);
return (PASS);
}
if (state->hop_count == 1)
argv_add(state->auto_hdrs, vstring_str(header_buf), ARGV_END);
}
- if (hdr_opts->type == HDR_TLS_REQUIRED) {
+ if (hdr_opts->type == HDR_TLS_REQUIRED && var_tls_required_enable) {
char *cp = vstring_str(header_buf) + strlen(hdr_opts->name) + 1;
while (ISSPACE(*cp))
/* bool var_long_queue_ids;
/* bool var_daemon_open_fatal;
/* char *var_dsn_filter;
-/* int var_smtputf8_enable
+/* int var_smtputf8_enable;
/* int var_strict_smtputf8;
/* char *var_smtputf8_autoclass;
+/* int var_tls_required_enable;
/* int var_idna2003_compat;
/* char *var_compatibility_level;
/* char *var_drop_hdrs;
int var_smtputf8_enable;
int var_strict_smtputf8;
char *var_smtputf8_autoclass;
+int var_tls_required_enable;
int var_idna2003_compat;
char *var_compatibility_level;
char *var_drop_hdrs;
VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable,
VAR_IDNA2003_COMPAT, DEF_IDNA2003_COMPAT, &var_idna2003_compat,
VAR_RESPECTFUL_LOGGING, DEF_RESPECTFUL_LOGGING, &var_respectful_logging,
+ VAR_TLSREQUIRED_ENABLE, DEF_TLSREQUIRED_ENABLE, &var_tls_required_enable,
0,
};
static const CONFIG_STR_FN_TABLE function_str_defaults[] = {
#define DEF_IDNA2003_COMPAT "no"
extern int var_idna2003_compat;
+ /*
+ * REQUIRETLS support (RFC 8689).
+ */
+#define VAR_TLSREQUIRED_ENABLE "tls_required_enable"
+#define DEF_TLSREQUIRED_ENABLE "yes"
+extern int var_tls_required_enable;
+
/*
* Workaround for future incompatibility. Our implementation of RFC 2308
* negative reply caching relies on the promise that res_query() and
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20250131"
+#define MAIL_RELEASE_DATE "20250202"
#define MAIL_VERSION_NUMBER "3.10"
#ifdef SNAPSHOT
/* .nf
/* \fIRight\fR: command -f $sender -- $recipient
/* .fi
-/* NOTE: DO NOT put quotes around the command, $sender, or $recipient.
+/* .IP
+/* NOTE: DO NOT put quotes around the command, $sender, or $recipient.
/* .IP
/* This feature is available as of Postfix 2.3.
/* .IP "\fBsize\fR=\fIsize_limit\fR (optional)"
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBdelay_logging_resolution_limit (2)\fR"
/* The maximal number of digits after the decimal point when logging
-/* sub-second delay values.
+/* delay values.
/* .IP "\fBexport_environment (see 'postconf -d' output)\fR"
/* The list of environment variables that a Postfix process will export
/* to non-Postfix processes.
/* RFC 6531 (Internationalized SMTP)
/* RFC 6533 (Internationalized Delivery Status Notifications)
/* RFC 7672 (SMTP security via opportunistic DANE TLS)
+/* RFC 8689 (TLS-Required message header)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8)
/* or \fBpostlogd\fR(8).
/* .IP "\fBsmtp_tls_enable_rpk (no)\fR"
/* Request that remote SMTP servers send an RFC7250 raw public key
/* instead of an X.509 certificate.
-/* .PP Available in Postfix version 3.10 and later:
+/* .PP
+/* Available in Postfix version 3.10 and later:
/* .IP "\fBsmtp_tlsrpt_enable (no)\fR"
/* Enable support for RFC 8460 TLSRPT notifications.
/* .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR"
/* Do not report the TLSRPT status for TLS protocol handshakes
/* that reuse a previously-negotiated TLS session (there is no new
/* information to report).
+/* .IP "\fBtls_required_enable (yes)\fR"
+/* Enable support for the "TLS-Required: no" message header, defined
+/* in RFC 8689.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
* the message contains a "TLS-Required: no" header, limit the level to
* TLS_LEV_MAY.
*/
- else if (tls->level > TLS_LEV_NONE
+ else if (var_tls_required_enable && tls->level > TLS_LEV_NONE
&& (state->request->sendopts & SOPT_REQUIRETLS_HEADER)) {
tls->level = TLS_LEV_MAY;
}
cidr_match.o: sys_defs.h
cidr_match.o: vbuf.h
cidr_match.o: vstring.h
+clean_ascii_cntrl_space.o: check_arg.h
+clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
+clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
+clean_ascii_cntrl_space.o: stringops.h
+clean_ascii_cntrl_space.o: sys_defs.h
+clean_ascii_cntrl_space.o: vbuf.h
+clean_ascii_cntrl_space.o: vstream.h
+clean_ascii_cntrl_space.o: vstring.h
clean_env.o: argv.h
clean_env.o: check_arg.h
clean_env.o: clean_env.c
trimblanks.o: trimblanks.c
trimblanks.o: vbuf.h
trimblanks.o: vstring.h
-clean_ascii_cntrl_space.o: check_arg.h
-clean_ascii_cntrl_space.o: stringops.h
-clean_ascii_cntrl_space.o: sys_defs.h
-clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.c
-clean_ascii_cntrl_space.o: clean_ascii_cntrl_space.h
-clean_ascii_cntrl_space.o: vbuf.h
-clean_ascii_cntrl_space.o: vstream.h
-clean_ascii_cntrl_space.o: vstring.h
unescape.o: check_arg.h
unescape.o: stringops.h
unescape.o: sys_defs.h
projects / thirdparty / postfix.git / commitdiff
