tls/tls_misc.c, tls/tls_server.c.
Added smtpd_tls_protocols parameter to complement
- smtp_tls_protocols.
+ smtp_tls_protocols. Victor Duchovni.
20060517
The smtp_tls_policy_maps table now implements parent domain
matching for destinations that are bare domains (without
enclosin [] or optional :port suffix). This allows one to
- set TLS policy for a domain and all sub-domains.
+ set TLS policy for a domain and all sub-domains. Victor
+ Duchovni.
20060519
The same parameter can bind to different variables in
different daemons, ignore the variable name when eliminating
- duplicates in extract.awk.
+ duplicates in extract.awk. Victor Duchovni.
20060523
Improved handling of smtp_tls_protocols and smtpd_tls_protocols,
names now processed via name_mask(3) and canonicalized prior
to use in the SMTP/LMTP client TLS session lookup key. Also
- simplifies the corresponding code in the TLS driver.
+ simplifies the corresponding code in the TLS driver. Victor
+ Duchovni.
20060524
20060601
Fixed default value of LMTP TLS client certificate parameters,
- using the SMTP values as a default was wrong.
+ using the SMTP values as a default was wrong. Victor Duchovni.
20060603
settings. We need to add the transport name to the TLS
session lookup key so that sessions verified with one set
of trusted roots are not inadvertantly considered verified
- for another.
+ for another. Victor Duchovni.
20060604
20060606
Portability: Some systems no longer support the traditional
- "sort +0 -2 +3".
+ "sort +0 -2 +3". Victor Duchovni.
20060607
20060612
Changed smtp security level parsing and level->name conversion
- to use name_code(3).
+ to use name_code(3). Victor Duchovni.
Implemented new smtp_tls_security_level parameter, to replace
the unnecessarily complex smtp_use_tls, smtp_enforce_tls
and smtp_tls_enforce_peername parameters. The main.cf
security level settings are now consistent with the new
- policy table.
+ policy table. Victor Duchovni.
The smtp_sasl_tls_verified_security_options feature is not
yet complete, added #ifdef SNAPSHOT and changed documentation
- to delay introduction until Postfix 2.4.
+ to delay introduction until Postfix 2.4. Victor Duchovni.
20060614
personality of the unified SMTP/LMTP client.
Allow mandatory TLS encryption with LMTP over UNIX-domain
- sockets.
+ sockets. Victor Duchovni.
Safety: improved code to avoid I/O on connections after the
- TLS handshake fails.
+ TLS handshake fails. Victor Duchovni.
20060615
The qshape.pl script was updated for the pointer records
that were introduced to support message content modification
- by Milter applications.
+ by Milter applications. Victor Duchovni.
20060620
The levels are "high", "medium" (or better), "low" (or
better), "export" (or better) and "null". The underlying
definitions of these levels are configurable, but users are
- strongly encouraged to not change those definitions.
+ strongly encouraged to not change those definitions. Victor
+ Duchovni.
20060626
smtpd/smtpd_check.c.
Safety: the SMTP/LMTP client now defers delivery when a
- SASL password exists but the server does not offer SASL
- authentication. Mail could be rejected otherwise. This
- may become an issue now that Postfix retries delivery in
- plaintext after an opportunistic TLS handshake fails. Specify
- "smtp_sasl_auth_enforce = no" to deliver mail anyway.
+ SASL password exists, but the server does not offer SASL
+ authentication. Mail could be rejected otherwise. This may
+ become an issue now that Postfix retries delivery in plaintext
+ after an opportunistic TLS handshake fails. Specify
+ "smtp_sasl_auth_enforce = no" to deliver mail anyway. File:
+ smtp/smtp_proto.c. See workaround 20060711 for sender-dependent
+ SASL passwords.
20060709
as "encrypt", after logging a warning. Files: smtpd/smtpd.c,
tls/tls_level.c, smtp/smtp_session.c.
- Compatibility: don't send the first body line to Milter
- applications. This also broke domain key etc. signatures
+ Compatibility: don't send the first (blank) body line to
+ Milter applications. This broke domain key etc. signatures
when verified by non-Postfix MTAs. File: milter/milter8.c.
-Wish list:
+20060710
- The usage of TLScontext->cache_type is unclear. It specifies
- a TLS session cache type (smtpd, smtp, or lmtp), but it is
- sometimes used as an indicator that TLS session caching is
- unavailable. In reality, that decision is made by not
- registering call-back functions for cache maintenance.
+ Cleanup: more consistency between smtpd(8) and smtp(8) TLS
+ configuration interfaces: smtpd_tls_mandatory_exclude_ciphers,
+ smtpd_tls_mandatory_ciphers, smtpd_tls_mandatory_protocols.
+ By Victor. Files:smtpd/smtpd.c.
- Postfix TLS library code should copy any strings that it
- receives from the application, instead of passing them
- around as pointers. TLScontext->cache_type is a case in
- point.
+ Cleanup: to support domainkey signing of bounces and
+ Postmaster notices, enable content inspection of Postfix-
+ generated mail with the new internal_mail_filter_classes
+ feature. This is disabled by default, because it is not
+ yet safe enough. Files: global/int_filt.[hc] and everything
+ that calls post_mail_fopen*().
- Are transport:nexthop null fields the same as in the case
- of default_transport etc. parameters?
+20060711
- Introduce structured API for tls_server_mumble() just like
- with smtp(8): this eliminates ever-growing lists of arguments.
+ Cleanup: smtpd_tls_mumble -> smtpd_tls_mandatory_mumble,
+ and finer control over the Postfix SMTP server TLS ciphers,
+ all this for consistency with the same functionality in the
+ Postfix SMTP client. Victor Duchovni.
- Don't lose bits when converting st_dev into maildir file
- name. It's 64 bits on Linux. Found with the BEAM source
- code analyzer. Is this really a problem, or are they just
- using 64 bits for upwards compatibility with LP64 systems?
+ Compatibility: Sendmail's milter client handles whitespace
+ after the header label and ":" in an interesting manner.
+ It eats one space (not tab). File: milter/milter8.c.
- Do or don't introduce unknown_reverse_client_reject_code.
+ Workaround: if sender-depedendent SASL passwords are enabled,
+ don't defer delivery when a SASL password exists but the
+ server doesn't announce SASL support. File: smtp/smtp_proto.c.
- In Milter events, mail_addr/rcpt_addr should be externalized
- as they are in Sendmail. Likewise, addresses in add/delete
- requests should be internalized before updating the queue
- file.
-
- Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
- UNIX).
-
- Tempfail when a Milter application wants content access,
- while it is configured in an SMTP server that runs before
- the smtpd_proxy filter.
-
- The sendmail command should not return non-std exit status
- after fatal error in some internal library routine.
-
- Log DSN original recipient when rejecting mail.
-
- Keep whitespace between label and ":"?
-
- Make the map case folding/locking options configurable, if
- not at run-time then at least at compile time so we get
- consistent behavior across applications.
-
- Investigate what it would take to eliminate oqmgr, and to
- make the old behavior configurable in a unified queue
- manager. This would shave another 2.7 KLOC from the source
- footprint.
-
- Document the case folding strategy for match_list like
- features.
-
- Eliminate the (incoming,deferred)->active rename operation.
-
- Softbounce fallback-to-ISP for SOHO users. This requires
- playing with the soft_error test in the smtp_trouble.c
- module, and avoiding delivery to backup MX hosts.
-
- select -> kqueue, epoll, /dev/poll, poll() ...
-
- In the SMTP server, set a "pipelining detected" flag at the
- start of a session and at protocol synchronization points,
- so that reject_unauth_pipelining can be specified in any
- access rule.
-
- Centralize main.cf parameter input so that defaults work
- consistently. What about parameter names that are prefixed
- with mail delivery transport names?
-
- Fix default time unit handling so that we can have a default
- bounce lifetime of $maximal_queue_lifetime, without causing
- panics when a non-default maximal_queue_lifetime setting
- includes no time unit.
-
- After the 20051222 ISASCII paranoia, lowercase() lowercases
- ASCII text only.
-
- Privacy: remove local command/pathname details from remote
- delivery status reports, and log them via local msg_warn().
-
- Remove defer(8) and trace(8) references and man pages. These
- are services not program names.
-
- Is it safe to cache a connection after it has been used for
- more than some number of address verification probes?
-
- Try to recognize that Resent- headers appear in blocks,
- newest block first. But don't break on incorrect header
- block organization.
-
- Hard limits on cache sizes (anvil, specifically).
-
- Laptop friendliness: make the qmgr remember when the next
- deferred queue scan needs to be done, and have the pickup
- server stat() the maildrop directory before searching it.
-
- Low: replace_sender/replace_recipient actions in access
- maps?
-
- Low: configurable order of local(8) delivery methods.
-
- Med: local and remote source port and IP address for smtpd
- policy hook.
-
- Med: smtp_connect_timeout_budget (default: 3x smtp_connect_timeout)
- to limit the total time spent trying to connect.
-
- Med: transform IPv4-in-IPv6 address literals to IPv4 form
- when comparing against local IP addresses?
-
- Med: transform IPv4-in-IPv6 address literals to IPv4 form
- when eliminating MX mailer loops?
-
- Med: Postfix requires [] around IPv6 address information
- in match lists such as mynetworks, debug_peer_list etc.,
- but the [] must not be specified in access(5) maps. Other
- places don't care. For now, this gotcha is documented in
- IPV6_README and in postconf(5) with each feature that may
- use IPv6 address information. The general recommendation
- is not to use [] unless absolutely necessary.
-
- Med: the partial address matching of IPv6 addresses in
- access(5) maps is a bit lame: it repeatedly truncates the
- last ":octetpair" from the printable address representation
- until a match is found or until truncation is no longer
- possible. Since one or more ":" are usually omitted from
- the printable IPv6 address representation, this does not
- really try all the possibilities that one might expect to
- be tried. For now, this gotcha is documented in access(5).
-
- Med: the TLS certificate verification depth parameters never
- worked.
-
- Low: reject HELO with any domain name or IP address that
- this MTA is the final destination for.
-
- Low: should the Delivered-To: test in local(8) be configurable?
-
- Low: make mail_addr_find() lookup configurable.
-
- Low: update events.c so that 1-second timer requests do not
- suffer from rounding errors. This is needed for 1-second
- SMTP session caching time limits. A 1-second interval would
- become arbitrarily short when an event is scheduled just
- before the current second rolls over.
-
- Low: configurable internal/system locking method.
-
- Low: add INSTALL section for pre-existing Postfix systems.
-
- Low: add INSTALL section for pre-existing RPM Postfixes.
-
- Low: disallow smtpd_recipient_limit < 100 (the RFC minimum).
-
- Low: noise filter: allow smtp(8) to retry immediately if
- all MXes return a quick ECONNRESET or 4xx reply during the
- initial handshake. Retry once? How many times?
-
- Low: make post-install a "postfix-only script" so it can
- take data from the environment instead of main.cf.
-
- Low: randomize deferred mail backoff.
-
- Med: separate ulimit for delivery to command?
-
- Med: option to open queue file early, after MAIL FROM. This
- would allow correlation of rejected RCPT TO requests with
- accepted requests for the same mail transaction.
-
- Med: silly queue file bit so that the queue manager doesn't
- skip files when fast flush is requested while a queue scan
- is in progress. The bit is set by the flush server and is
- reset when the mail is deferred, so that it survives queue
- manager restart. It's not clear, however, how one would
- unthrottle disabled transports or queues.
-
- Med: postsuper -r should do something with recipients in
- bounce logfiles, to make sure the sender will be notified.
- To be perfectly safe, no process other than the queue manager
- should move a queue file away from the active queue.
-
- This could involve tagging a queue file, and use up another
- permission bit.
-
- Low: postsuper re-run after renaming files, but only a
- limited number of times.
-
- Low: smtp-source may block when sending large test messages.
-
- Med: make qmgr recipient bounce/defer activity asynchronous
- or add a multi-recipient operation that reduces overhead.
- One possibility is to pass delivery requests to a retry(8)
- delivery agent which is error(8) in disguise, and which
- calls defer_append() instead of bounce_append().
-
- Med: find a way to log the sender address when MAIL FROM
- is rejected due to lack of disk space.
-
- Low: revise other local delivery agent duplicate filters.
-
- Low: all table lookups should consistently use internalized
- (unquoted) or externalized (quoted) forms as lookup keys.
- smtpd, qmgr, local, etc. use unquoted address forms as keys.
- cleanup uses quoted forms.
-
- Low: have a configurable list of errno values for mailbox
- or maildir delivery that result in deferral rather than
- bouncing mail.
-
- Low: after reorganizing configuration parameters, add flags
- to all parameters whose value can be read from file.
-
- Medium: need in-process caching for map lookups. LDAP servers
- seem to need this in particular. Need a way to expire cached
- results that are too old.
-
- Low: generic showq protocol, to allow for more intelligent
- processing than just mailq. Maybe marry this with postsuper.
-
- Low: default domain for appending to unqualified recipients,
- so that unqualified names can be delivered locally.
-
- Low: The $process_id_directory setting is not used anywhere
- in Postfix. Problem reported by Michael Smith, texas.net.
- This should be documented, or better, the code should warn
- about attempts to set read-only parameters.
-
- Low: postconf -e edits parameters that postconf won't list.
-
- Low: while converting 8bit text to quoted-printable, perhaps
- use =46rom to avoid having to produce >From when delivering
- to mailbox.
+ Cleanup: format of cleanup milter reject messages. File:
+ cleanup_milter.c.
- virtual_mailbox_path expression like forward_path, so that
- people can specify prefix and suffix.
+ Bugfix: file/memory leak if a transfer of multiple milters
+ from smtpd to cleanup broke in the middle. Found by Coverity.
+ File: milter/milter.c.
recipient address. If a recipient probe succeeds, then Postfix accepts mail for
the recipient address.
+By default, address verification results are not saved. To avoid probing the
+same address repeatedly, you can store the result in a persistent database as
+described later.
+
/etc/postfix/main.cf:
smtpd_recipient_restrictions =
permit_mynetworks
# =============================================================
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
+ -o disable_mime_output_conversion=yes
* This runs up to 10 content filters in parallel. Instead of a limit of 10
concurrent processes, use whatever process limit is feasible for your
real client name IP address. See smtp(8) and XFORWARD_README for more
information.
+ * With "-o disable_mime_output_conversion=yes", the scan delivery agent will
+ not convert 8BITMIME mail to quoted-printable form while delivering to the
+ content filter, as that would invalidate domainkeys and other digital
+ signatures. This workaround is needed because some SMTP-based content
+ filters don't announce 8BITMIME support, even though they can handle it
+ just fine.
+
A\bAd\bdv\bva\ban\bnc\bce\bed\bd c\bco\bon\bnt\bte\ben\bnt\bt f\bfi\bil\blt\bte\ber\br:\b: r\bru\bun\bnn\bni\bin\bng\bg t\bth\bhe\be c\bco\bon\bnt\bte\ben\bnt\bt f\bfi\bil\blt\bte\ber\br
The content filter can be set up with the Postfix spawn service, which is the
The reason for adding Milter support to Postfix is that there exists a large
collection of applications, not only to block unwanted mail, but also to verify
authenticity (examples: SenderID+SPF and Domain keys) or to digitally sign mail
-(example: Domain keys). Having yet another MTA-specific version of all that
+(example: Domain keys). Having yet another Postfix-specific version of all that
software is a poor use of human and system resources.
Postfix 2.3 implements all the requests of Sendmail version 8 Milter protocols
up to version 4, except one: message body replacement. See, however, the
-limitations section at the end of this document.
+workarounds and limitations sections at the end of this document.
This document provides information on the following topics:
Connect to the specified TCP port on the specified local or remote
host. The host and port can be specified in numeric or symbolic form.
- Note: Postfix syntax differs from Milter syntax which has the form
+ NOTE: Postfix syntax differs from Milter syntax which has the form
i\bin\bne\bet\bt:\b:port@\b@host.
N\bNo\bon\bn-\b-S\bSM\bMT\bTP\bP M\bMi\bil\blt\bte\ber\br a\bap\bpp\bpl\bli\bic\bca\bat\bti\bio\bon\bns\bs
W\bWo\bor\brk\bka\bar\bro\bou\bun\bnd\bds\bs
+Content filters may break domain key etc. signatures. If you use an SMTP-based
+filter as described in FILTER_README, then you should add a line to master.cf
+with "disable_mime_output_conversion = yes", as described in the advanced
+content filter example.
+
Sendmail Milter applications were originally developed for the Sendmail version
8 MTA, which has a different architecture than Postfix. The result is that some
Milter applications make assumptions that aren't true in a Postfix environment.
+ * Some Milter applications use the "{if_addr}" macro to recognize local mail;
+ this macro does not exist in Postfix. Workaround: use the "{client_addr}"
+ macro instead.
+
* Some Milter applications log a warning that looks like this:
sid-filter[36540]: WARNING: sendmail symbol 'i' not available
X-SenderID: Sendmail Sender-ID Filter vx.y.z host.example.com <unknown-
msgid>
- This happens because the Milter application expects that the queue ID is
+ This happens because some Milter applications expect that the queue ID is
known before the MTA accepts the MAIL FROM (sender) command. Postfix, on
- the other hand, does not create a queue file until after Postfix accepts
- the first valid RCPT TO (recipient) command. This queue file name must be
- globally unique across multiple queue directories, so it cannot be chosen
- until the file is actually created.
+ the other hand, does not choose a queue file name until after it accepts
+ the first valid RCPT TO (recipient) command. Postfix queue file names must
+ be unique across multiple directories, so the name can't be chosen before
+ the file is created. If multiple messages were to use the same queue ID
+ simultaneously, mail would be lost.
To work around the ugly message header from Milter applications, we add a
little code to the Milter source to look up the queue ID after Postfix
o Look up the mlfi_eom() function and add code near the top shown as b\bbo\bol\bld\bd
text below:
- sic = (Context) smfi_getpriv(ctx);
- assert(sic != NULL);
+ dfc = cc->cctx_msg;
+ assert(dfc != NULL);
- /\b/*\b*
- *\b**\b* D\bDe\bet\bte\ber\brm\bmi\bin\bne\be t\bth\bhe\be j\bjo\bob\bb I\bID\bD f\bfo\bor\br l\blo\bog\bgg\bgi\bin\bng\bg.\b.
- *\b*/\b/
- i\bif\bf (\b(s\bsi\bic\bc-\b->\b>c\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b==\b= 0\b0 |\b||\b| s\bst\btr\brc\bcm\bmp\bp(\b(s\bsi\bic\bc-\b->\b>c\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd,\b, M\bMS\bSG\bGI\bID\bDU\bUN\bNK\bKN\bNO\bOW\bWN\bN)\b) =\b==\b= 0\b0)\b) {\b{
+ /\b/*\b* D\bDe\bet\bte\ber\brm\bmi\bin\bne\be t\bth\bhe\be j\bjo\bob\bb I\bID\bD f\bfo\bor\br l\blo\bog\bgg\bgi\bin\bng\bg.\b. *\b*/\b/
+ i\bif\bf (\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b==\b= 0\b0 |\b||\b| s\bst\btr\brc\bcm\bmp\bp(\b(d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd,\b, J\bJO\bOB\bBI\bID\bDU\bUN\bNK\bKN\bNO\bOW\bWN\bN)\b) =\b==\b= 0\b0)\b)
+ {\b{
c\bch\bha\bar\br *\b*j\bjo\bob\bbi\bid\bd =\b= s\bsm\bmf\bfi\bi_\b_g\bge\bet\bts\bsy\bym\bmv\bva\bal\bl(\b(c\bct\btx\bx,\b, "\b"i\bi"\b")\b);\b;
i\bif\bf (\b(j\bjo\bob\bbi\bid\bd !\b!=\b= 0\b0)\b)
- s\bsi\bic\bc-\b->\b>c\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b= j\bjo\bob\bbi\bid\bd;\b;
+ d\bdf\bfc\bc-\b->\b>m\bmc\bct\btx\bx_\b_j\bjo\bob\bbi\bid\bd =\b= j\bjo\bob\bbi\bid\bd;\b;
}\b}
- This does not remove the WARNING message, however.
+ /* get hostname; used in the X header and in new MIME boundaries */
+
+ NOTES:
+
+ o Different mail filters use slightly different names for variables. If
+ the above code does not compile, look for the code at the start of the
+ mlfi_eoh() routine.
+
+ o This fixes only the ugly message header, but not the WARNING message.
+ Fortunately, dk-filter logs that message only once.
With some Milter applications we can fix both the WARNING and the "unknown-
msgid" by postponing the call of mlfi_eoh() (or whatever routine logs the
By default, TLS is disabled in the Postfix SMTP server, so no difference to
plain Postfix is visible. Explicitly switch it on with
-"smtpd_tls_security_level = may" (Postfix 2.3 and later) or
-"smtpd_use_tls = yes" (obsolete but still supported).
+"smtpd_tls_security_level = may" (Postfix 2.3 and later) or "smtpd_use_tls =
+yes" (obsolete but still supported).
Example:
The description below is for Postfix 2.3; for Postfix < 2.3 the
smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an explicit
-OpenSSL cipherlist.
+OpenSSL cipherlist. The obsolete setting applies even when TLS encryption is
+not enforced. Use of this control on public MX hosts is strongly discouraged.
+
+With mandatory TLS encryption, the Postfix SMTP server will by default only use
+SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. This is
+controlled by the smtpd_tls_mandatory_protocols configuration parameter.
The Postfix SMTP server supports 5 distinct cipher security levels as specified
-by the smtpd_tls_ciphers configuration parameter. The default value is "export"
-which is the only one appropriate for public MX hosts. On private MX hosts or
-MSAs one can further restrict the OpenSSL cipherlist selection.
+by the smtpd_tls_mandatory_ciphers configuration parameter, which determines
+the cipher grade with mandatory TLS encryption. The default value is "medium"
+which is essentially 128-bit encryption or better. With opportunistic TLS
+encryption, the minimum accepted cipher grade is always "export".
By default anonymous ciphers are allowed, and automatically disabled when
client certificates are requested. If clients are expected to always verify the
server certificate you may want to exclude anonymous ciphers by setting
-"smtpd_tls_exclude_ciphers = aNULL". One can't force a client to check the
-server certificate, so excluding anonymous ciphers is generally unnecessary.
+"smtpd_tls_mandatory_exclude_ciphers = aNULL". One can't force a client to
+check the server certificate, so excluding anonymous ciphers is generally
+unnecessary.
For a server that is not a public Internet MX host, Postfix 2.3 supports
configurations with no server certificates that use o\bon\bnl\bly\by the anonymous ciphers.
This is enabled by explicitly setting "smtpd_tls_cert_file = none" and not
specifying an smtpd_tls_dcert_file.
-Example: (MSA that requires TLS with reasonably secure ciphers)
+Example: (MSA that requires TLS with high grade ciphers)
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
- smtpd_tls_ciphers = medium
- smtpd_tls_exclude_ciphers = aNULL, MD5
+ smtpd_tls_mandatory_ciphers = high
+ smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_use_tls = yes" and "smtp_enforce_tls = no". For LMTP use the
-corresponding "lmtp" parameters.
+corresponding "lmtp_" parameters.
With opportunistic TLS, mail delivery continues even if the server certificate
is untrusted or bears the wrong name. Starting with Postfix 2.3, when the TLS
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = no". For
-LMTP use the corresponding lmtp_ parameters.
+LMTP use the corresponding "lmtp_" parameters.
Despite the potential for eliminating passive eavesdropping attacks, mandatory
TLS encryption is not viable as a default security level for mail delivery to
With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes".
-For LMTP use the corresponding lmtp_ parameters.
+For LMTP use the corresponding "lmtp_" parameters.
If the server certificate chain is trusted (see smtp_tls_CAfile and
smtp_tls_CApath), any DNS names in the SubjectAlternativeName certificate
default (backwards compatible) empty value, the appropriate configuration
settings are "smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes"
with additional settings to harden peer certificate verification against forged
-DNS data. For LMTP, use the corresponding lmtp_ parameters.
+DNS data. For LMTP, use the corresponding "lmtp_" parameters.
If the server certificate chain is trusted (see smtp_tls_CAfile and
smtp_tls_CApath), any DNS names in the SubjectAlternativeName certificate
MAY
Opportunistic TLS. This has less precedence than a more specific result
(including "NONE") from the alternate host or next-hop lookup key, and
- has less precedence than the more specific global
- "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername = yes".
+ has less precedence than the more specific global "smtp_enforce_tls =
+ yes" or "smtp_tls_enforce_peername = yes".
MUST_NOPEERMATCH
Mandatory TLS encryption. This overrides a less secure "NONE" or a less
specific "MAY" lookup result from the alternate host or next-hop lookup
to configure ciphers on a per-destination basis.
By default anonymous ciphers are allowed, and automatically disabled when
-server certificates are verified. If you want to disable even at the "encrypt"
-security level, set "smtp_tls_mandatory_exclude_ciphers = aNULL", to disable
-anonymous ciphers even with opportunistic TLS, set
+server certificates are verified. If you want to disable anonymous ciphers even
+at the "encrypt" security level, set "smtp_tls_mandatory_exclude_ciphers =
+aNULL"; and to disable anonymous ciphers even with opportunistic TLS, set
"smtp_tls_exclude_ciphers = aNULL". There is generally no need to take these
measures. Anonymous ciphers save bandwidth and TLS session cache space, if
certificates are ignored, there is little point in requesting them.
-The stable Postfix release is called postfix-2.2.x where 2=major
+The stable Postfix release is called postfix-2.3.x where 2=major
release number, 3=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
[Feature 20060709] TLS security levels ("none", "may", "encrypt")
in the Postfix SMTP server. You specify the security level with the
smtpd_tls_security_level parameter. This overrides the multiple
-smtpd_use_tls and smtpd_enforce_tls parameters. When a value of
-"verify" or "secure" is specified, the Postfix SMTP server logs a
-warning and uses "encrypt" instead.
+smtpd_use_tls and smtpd_enforce_tls parameters. When one of the
+unimplemented "verify" or "secure" levels is specified, the Postfix
+SMTP server logs a warning and uses "encrypt" instead.
[Feature 20060123] A new per-site TLS policy mechanism for the
Postfix SMTP client that supports the new TLS security levels,
"recipient unknown". Postfix recognizes enhanced status codes in
remote server replies, generates enhanced status codes while handling
email, and reports enhanced status codes in non-delivery notifications.
-This improves the user interaction with mail clients that translate
+This improves the user experience with mail clients that translate
enhanced status codes into text in the user's own language.
You can, but don't have to, specify RFC 3463 enhanced status codes
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.2.
+# Postfix version 2.3.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.2.
+# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.2.
+# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# regexp_table(5) or pcre_table(5). For a description of the
# TCP client/server table lookup protocol, see tcp_table(5).
# This feature is not available up to and including Postfix
-# version 2.2.
+# version 2.3.
#
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.2.
+# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.2.
+# Postfix version 2.3.
#
# Each lookup operation uses the entire recipient address
# once. Thus, some.domain.hierarchy is not looked up via
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
-# Postfix version 2.2.
+# Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
rejects mail for the recipient address. If a recipient probe
succeeds, then Postfix accepts mail for the recipient address. </p>
+<p> By default, address verification results are not saved. To avoid
+probing the same address repeatedly, you can store the result in a
+<a href="#caching">persistent database</a> as described later. </p>
+
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
# =============================================================
scan unix - - n - 10 smtp
-o <a href="postconf.5.html#smtp_send_xforward_command">smtp_send_xforward_command</a>=yes
+ -o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes
</pre>
</blockquote>
the real client name IP address. See <a href="smtp.8.html">smtp(8)</a> and <a href="XFORWARD_README.html">XFORWARD_README</a>
for more information. </p>
+<li> <p> With "-o <a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>=yes", the scan
+delivery agent will not convert 8BITMIME mail to quoted-printable
+form while delivering to the content filter, as that would invalidate
+domainkeys and other digital signatures. This workaround is needed
+because some SMTP-based content filters don't announce 8BITMIME
+support, even though they can handle it just fine. </p>
+
</ul>
<h3>Advanced content filter: running the content filter</h3>
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
or to digitally sign mail (example: <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
-Having yet another MTA-specific version of all that software is a
-poor use of human and system resources. </p>
+Having yet another Postfix-specific version of all that software
+is a poor use of human and system resources. </p>
<p> Postfix 2.3 implements all the requests of Sendmail version 8
Milter protocols up to version 4, except one: message body replacement.
-See, however, the <a href="#limitations">limitations</a> section
-at the end of this document. </p>
+See, however, the <a href="#workarounds">workarounds</a> and <a
+href="#limitations">limitations</a> sections at the end of this
+document. </p>
<p> This document provides information on the following topics: </p>
host. The host and port can be specified in numeric or symbolic
form.</p>
-<p> Note: Postfix syntax differs from Milter syntax which has the
+<p> NOTE: Postfix syntax differs from Milter syntax which has the
form <b>inet:</b><i>port</i><b>@</b><i>host</i>. </p> </dd>
</dl>
<h2><a name="workarounds">Workarounds</a></h2>
+<p> Content filters may break domain key etc. signatures. If you
+use an SMTP-based filter as described in <a href="FILTER_README.html">FILTER_README</a>, then you
+should add a line to <a href="master.5.html">master.cf</a> with "<a href="postconf.5.html#disable_mime_output_conversion">disable_mime_output_conversion</a>
+= yes", as described in the <a
+href="FILTER_README.html#advanced_filter">advanced content filter</a>
+example. </p>
+
<p> Sendmail Milter applications were originally developed for the
Sendmail version 8 MTA, which has a different architecture than
Postfix. The result is that some Milter applications make assumptions
<ul>
+<li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
+to recognize local mail; this macro does not exist in Postfix.
+Workaround: use the "<tt>{client_addr}</tt>" macro instead. </p>
+
<li> <p> Some Milter applications log a warning that looks like
this: </p>
</pre>
</blockquote>
-<p> This happens because the Milter application expects that the
+<p> This happens because some Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
-(sender) command. Postfix, on the other hand, does not create a
-queue file until <i>after</i> Postfix accepts the first valid RCPT
-TO (recipient) command. This queue file name must be globally unique
-across multiple queue directories, so it cannot be chosen until the
-file is actually created. </p>
+(sender) command. Postfix, on the other hand, does not choose a
+queue file name until <i>after</i> it accepts the first valid RCPT
+TO (recipient) command. Postfix queue file names must be unique
+across multiple directories, so the name can't be chosen before the
+file is created. If multiple messages were to use the same queue
+ID <i>simultaneously</i>, mail would be lost. </p>
<p> To work around the ugly message header from Milter applications,
we add a little code to the Milter source to look up the queue ID
<blockquote>
<pre>
-sic = (Context) smfi_getpriv(ctx);
-assert(sic != NULL);
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
<b>
-/*
-** Determine the job ID for logging.
-*/
-if (sic->ctx_jobid == 0 || strcmp(sic->ctx_jobid, MSGIDUNKNOWN) == 0) {
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
char *jobid = smfi_getsymval(ctx, "i");
if (jobid != 0)
- sic->ctx_jobid = jobid;
+ dfc->mctx_jobid = jobid;
}</b>
+
+/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
-<p> This does not remove the WARNING message, however. </p>
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look for the code
+at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+
+<li> <p> This fixes only the ugly message header, but not the WARNING
+message. Fortunately, dk-filter logs that message only once. </p>
+
+</ul>
<p> With some Milter applications we can fix both the WARNING and
the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly sets
-"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
+"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
<p> By default, TLS is disabled in the Postfix SMTP server, so no
difference to plain Postfix is visible. Explicitly switch it on
-with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may" (Postfix 2.3 and
-later) or "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes" (obsolete but still
+with "<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may" (Postfix 2.3 and
+later) or "<a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> = yes" (obsolete but still
supported). </p>
<p> Example: </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
-"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" (Postfix 2.3 and
-later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" (obsolete but still
+"<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" (Postfix 2.3 and
+later) or "<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes" (obsolete but still
supported). According to <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
<p> It is strictly discouraged to use this mode from <a href="postconf.5.html">main.cf</a>. If
you want to support this service, enable a special port in <a href="master.5.html">master.cf</a>
-and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>
= yes" as an <a href="smtpd.8.html">smtpd(8)</a> command
+and specify "-o <a href="postconf.5.html#smtpd_tls_wrappermode">smtpd_tls_wrappermode</a>
= yes" as an <a href="smtpd.8.html">smtpd(8)</a> command
line option. Port 465 (smtps) was once chosen for this feature.
</p>
<p> When TLS is <a href="#server_enforce">enforced</a> you may also decide
to REQUIRE a remote SMTP client certificate for all TLS connections,
-by setting "<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes". This feature implies
-"<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". When TLS is not enforced,
-"<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes" is ignored and a warning is
+by setting "<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes". This feature implies
+"<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". When TLS is not enforced,
+"<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> = yes" is ignored and a warning is
logged. </p>
<p> Example: </p>
<p> Sending AUTH data over an unencrypted channel poses a security
risk. When TLS layer encryption is required
-("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" or the obsolete
-"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes"), the Postfix SMTP server will
+("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt" or the obsolete
+"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = yes"), the Postfix SMTP server will
announce and accept AUTH only after the TLS layer has been activated
with STARTTLS. When TLS layer encryption is optional
-("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may" or the obsolete
-"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = no"), it may however still be useful
+("<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = may" or the obsolete
+"<a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> = no"), it may however still be useful
to only offer AUTH when TLS is active. To maintain compatibility
with non-TLS clients, the default is to accept AUTH without encryption.
In order to change this behavior, set
-"<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
+"<a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> = yes". </p>
<p> Example: </p>
<h3><a name="server_cipher">Server-side cipher controls</a> </h3>
<p> The description below is for Postfix 2.3; for Postfix < 2.3 the
-smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an
-explicit OpenSSL cipherlist. </p>
+<a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> parameter specifies the acceptable ciphers as an
+explicit OpenSSL cipherlist. The obsolete setting applies even when TLS
+encryption is not enforced. Use of this control on public MX hosts is
+strongly discouraged. </p>
+
+<p> With mandatory TLS encryption, the Postfix SMTP server will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. This is controlled by the <a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
+configuration parameter. </p>
<p> The Postfix SMTP server supports 5 distinct cipher security levels
-as specified by the <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> configuration parameter. The
-default value is "export" which is the only one appropriate for public
-MX hosts. On private MX hosts or MSAs one can further restrict the
-OpenSSL cipherlist selection. </p>
+as specified by the <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> configuration parameter,
+which determines the cipher grade with mandatory TLS encryption. The
+default value is "medium" which is essentially 128-bit encryption or better.
+With opportunistic TLS encryption, the minimum accepted cipher grade is
+always "export". </p>
<p> By default anonymous ciphers are allowed, and automatically disabled
when client certificates are requested. If clients are expected to always
verify the server certificate you may want to exclude anonymous ciphers
-by setting "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". One can't
-force a client to check the server certificate, so excluding anonymous
-ciphers is generally unnecessary. </p>
+by setting "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL".
+One can't force a client to check the server certificate, so excluding
+anonymous ciphers is generally unnecessary. </p>
<p> For a server that is not a public Internet MX host, Postfix 2.3
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
-enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none"
+enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none"
and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
-<p> Example: (MSA that requires TLS with reasonably secure ciphers) </p>
+<p> Example: (MSA that requires TLS with high grade ciphers) </p>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = /etc/postfix/cert.pem
<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> = /etc/postfix/key.pem
- <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> = medium
- <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL, MD5
+ <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> = high
+ <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL, MD5
# Postfix 2.3 and later
<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> = encrypt
# Obsolete, but still supported
<p> At the "none" TLS security level, TLS encryption is
disabled. This is the default security level. With Postfix 2.3 and later,
-it can be configured explicitly by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none". </p>
+it can be configured explicitly by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = none". </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> is set to
its default (backwards compatible) empty value, the appropriate configuration
-settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = no" and "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = no".
+settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = no" and "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = no".
With either approach, TLS is not used even if supported by the server.
For LMTP, use the corresponding "lmtp_" parameters. </p>
The SMTP transaction is encrypted if the STARTTLS ESMTP feature
is supported by the server. Otherwise, messages are sent in the clear.
With Postfix 2.3 and later, opportunistic TLS can be configured by
-setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may".
+setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = may".
<p> Since sending in the clear is acceptable, demanding stronger
than default TLS security merely reduces inter-operability. For
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> is
set to its default (backwards compatible) empty value, the appropriate
-configuration settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes" and
-"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = no".
-For LMTP use the corresponding "lmtp" parameters. </p>
+configuration settings are "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes" and
+"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = no".
+For LMTP use the corresponding "lmtp_" parameters. </p>
<p> With opportunistic TLS, mail delivery continues even if the
server certificate is untrusted or bears the wrong name. Starting
the STARTTLS ESMTP feature is supported by the server. If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
-"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt". Even though TLS
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
certificate is untrusted or bears the wrong name. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
is set to its default (backwards compatible) empty value, the
-appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes"
-and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no". For LMTP use the corresponding
-<i>lmtp_</i> parameters. </p>
+appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes"
+and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no". For LMTP use the corresponding
+"lmtp_" parameters. </p>
<p> Despite the potential for eliminating passive eavesdropping attacks,
mandatory TLS encryption is not viable as a default security level for
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
server certificate verification can be configured by setting
-"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify". The
+"<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = verify". The
<a href="postconf.5.html#smtp_tls_verify_cert_match">smtp_tls_verify_cert_match</a> parameter can override the default
"hostname" certificate name matching strategy. Fine-tuning the
matching strategy is generally only appropriate for <a
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
is set to its default (backwards compatible) empty value, the
-appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
-"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes". For LMTP use the corresponding
-<i>lmtp_</i> parameters. </p>
+appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
+"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes". For LMTP use the corresponding
+"lmtp_" parameters. </p>
<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>
and <a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>), any DNS names in the SubjectAlternativeName
<i>secure-channel</i> TLS sessions where DNS forgery resistant server
certificate verification succeeds. If no suitable servers are found, the
message will be deferred. With Postfix 2.3 and later, secure-channels
-can be configured by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure".
+can be configured by setting "<a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> = secure".
The <a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> parameter can override the default
"nexthop, dot-nexthop" certificate match strategy. </p>
<p> With Postfix 2.2 and earlier, or when <a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a>
is set to its default (backwards compatible) empty value, the
-appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes"
-and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" with additional settings to
+appropriate configuration settings are "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes"
+and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" with additional settings to
<a href="#client_tls_harden">harden</a> peer certificate verification
-against forged DNS data. For LMTP, use the corresponding <i>lmtp_</i>
+against forged DNS data. For LMTP, use the corresponding "lmtp_"
parameters. </p>
<p> If the server certificate chain is trusted (see <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> and
for the obsolete "MUST" keyword in the same way as for the "verify"
level in the new policy. </p>
-<p> With Postfix < 2.3, the obsolete smtp_tls_cipherlist parameter
+<p> With Postfix < 2.3, the obsolete <a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> parameter
is also applied for opportunistic TLS sessions, and should be used with
care, or not at all. Setting cipherlist restrictions that are incompatible
with a remote SMTP server render that server unreachable, TLS handshakes
<dt> MAY </dt> <dd> Opportunistic TLS. This has less precedence than
a more specific result (including "NONE") from the alternate host or
next-hop lookup key, and has less precedence than the more specific global
-"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes". </dd>
+"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" or "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes". </dd>
<dt> MUST_NOPEERMATCH </dt> <dd> Mandatory TLS encryption. This
overrides a less secure "NONE" or a less specific "MAY" lookup result
<li> <p> When neither the remote SMTP server hostname nor the
next-hop destination are found in the <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> table, the
policy is based on <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> and
-<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. Note: "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
-"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" imply "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes". </p>
+<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>. Note: "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and
+"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" imply "<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> = yes". </p>
<li> <p> When both hostname and next-hop destination lookups produce
a result, the more specific per-site policy (NONE, MUST, etc)
<li> <p> After the per-site policy lookups are combined, the result
generally overrides the global policy. The exception is the less
specific "MAY" per-site policy, which is overruled by the more
-specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" with server certificate
+specific global "<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" with server certificate
verification as specified with the <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
parameter. </p>
verification. </p>
<li> <p> Disallow CNAME hostname overrides. In <a href="postconf.5.html">main.cf</a>, specify
-"<a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> = no". This prevents false hostname
+"<a href="postconf.5.html#smtp_cname_overrides_servername">smtp_cname_overrides_servername</a> = no". This prevents false hostname
information in DNS CNAME records from changing the server hostname
that Postfix uses for TLS policy lookup and server certificate
verification. This feature requires Postfix 2.2.9 or later. The
ciphers on a per-destination basis. </p>
<p> By default anonymous ciphers are allowed, and automatically
-disabled when server certificates are verified. If you
-want to disable even at the "encrypt" security level, set
-"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL",
-to disable anonymous ciphers even with opportunistic TLS, set
-"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". There is generally no
-need to take these measures. Anonymous ciphers save bandwidth and TLS
-session cache space, if certificates are ignored, there is little point
-in requesting them. </p>
+disabled when server certificates are verified. If you want to
+disable anonymous ciphers even at the "encrypt" security level, set
+"<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> = aNULL"; and to
+disable anonymous ciphers even with opportunistic TLS, set
+"<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> = aNULL". There is generally
+no need to take these measures. Anonymous ciphers save bandwidth
+and TLS session cache space, if certificates are ignored, there is
+little point in requesting them. </p>
<p> Example: </p>
cache databases. Such a protocol cannot be run across fifos. </p>
<li> <p> <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>: the MUST_NOPEERMATCH per-site policy
-cannot override the global "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" setting.
+cannot override the global "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes" setting.
</p>
<li> <p> <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a>: a combined (NONE + MAY) lookup result
for (hostname and next-hop destination) produces counter-intuitive
results for different <a href="postconf.5.html">main.cf</a> settings. TLS is enabled with
-"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no", but it is disabled when both
-"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes".
+"<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = no", but it is disabled when both
+"<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> = yes" and "<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> = yes".
</p>
</ul>
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.2.
+ Postfix version 2.3.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire
The time limit for sending or receiving information
over an internal communication channel.
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
The mail system name that is displayed in Received:
headers, in the SMTP greeting banner, and in
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.2.
+ Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.2.
+ Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
<p>
Specify, for example, "<a href="postconf.5.html#best_mx_transport">best_mx_transport</a> = local" to pass the mail
-from the SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You can specify
+from the Postfix SMTP client to the <a href="local.8.html">local(8)</a> delivery agent. You
+can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the <a href="master.5.html">master.cf</a> file. See the <a href="transport.5.html">transport(5)</a> manual page
for the syntax and meaning of "transport" or "transport:nexthop".
<p>
A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
at the default value and instead use explicit IP addresses in
-the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the SMTP client's
+the <a href="master.5.html">master.cf</a> SMTP server definitions. This preserves the Postfix
+SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a
single IPv4 and/or IPV6 address is primarily useful with virtual
</p>
+</DD>
+
+<DT><b><a name="internal_mail_filter_classes">internal_mail_filter_classes</a>
+(default: empty)</b></DT><DD>
+
+<p> What categories of Postfix-generated mail are subject to
+before-queue content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a>
+and <a href="postconf.5.html#body_checks">body_checks</a>. Specify zero or more of the following, separated
+by whitespace or comma. </p>
+
+<dl>
+
+<dt> <b> bounce </b> </dt> <dd> Inspect the content of delivery
+status notifications. </dd>
+
+<dt> <b> notify </b> </dt> <dd> Inspect the content of postmaster
+notifications by the <a href="smtp.8.html">smtp(8)</a> and <a href="smtpd.8.html">smtpd(8)</a> processes. </dd>
+
+</dl>
+
+<p> NOTE: It's generally not safe to enable content inspection of
+Postfix-generated email messages. The user is warned. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
</DD>
<DT><b><a name="invalid_hostname_reject_code">invalid_hostname_reject_code</a>
not, but it does not use the result from table lookup. </p>
<p>
-If this parameter is non-empty (the default), then the Postfix SMTP server
-will reject mail for unknown local users.
+If this parameter is non-empty (the default), then the Postfix SMTP
+server will reject mail for unknown local users.
</p>
<p>
(default: empty)</b></DT><DD>
<p>
-An optional numerical network address that the SMTP client should
-bind to when making an IPv4 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
</p>
<p>
(default: empty)</b></DT><DD>
<p>
-An optional numerical network address that the SMTP client should
-bind to when making an IPv6 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
</p>
<p>
-When no connection can be made within the deadline, the SMTP client
+When no connection can be made within the deadline, the Postfix
+SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
<p>
The SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $<a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a>
-seconds the SMTP client terminates the transfer.
+seconds the Postfix SMTP client terminates the transfer.
</p>
<p>
<p> Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
-etc.) that the SMTP client will ignore in the EHLO response from a
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See <a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> for details. The
table is not indexed by hostname for consistency with
<a href="postconf.5.html#smtpd_discard_ehlo_keyword_address_maps">smtpd_discard_ehlo_keyword_address_maps</a>. </p>
(default: empty)</b></DT><DD>
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
-auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server. </p>
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
(default: dns)</b></DT><DD>
<p>
-What mechanisms when the SMTP client uses to look up a host's IP
+What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
</p>
<DT><b><a name="smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a>
(default: yes)</b></DT><DD>
-<p> Defer mail delivery when an SMTP server does not support SASL
-authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> contains SASL
-login/password information for that server. </p>
+<p> If sender-dependent SASL passwords are turned off, defer mail
+delivery when an SMTP server does not support SASL authentication,
+while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> contains SASL login/password information
+for that server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
(default: no)</b></DT><DD>
<p>
-Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
-response announces XFORWARD support.
+Send the non-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
</p>
<p>
(default: no)</b></DT><DD>
<p>
-Enable sender-dependent authentication in the SMTP client; this is
+Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials. </p>
(default: empty)</b></DT><DD>
<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
-cipher list. As this feature applies to all security levels, it is easy
+cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
<DT><b><a name="smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>
(default: yes)</b></DT><DD>
-<p> When TLS encryption is enforced, require that the remote SMTP
+<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of <a href="http://www.faqs.org/rfcs/rfc2487.html">RFC 2487</a> the requirements for hostname checking
for MTA clients are not specified. </p>
<DT><b><a name="smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
(default: empty)</b></DT><DD>
-<p> List of ciphers or cipher types to exclude from the SMTP client cipher
-list at all security levels. This is not an OpenSSL cipherlist, it is
+<p> List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
<DT><b><a name="smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a>
(default: medium)</b></DT><DD>
-<p> The minimum SMTP client TLS cipher grade that is strong enough to
-be used with the "encrypt" security level and higher. The default
-value "medium" is suitable for most destinations with which you may
-want to enforce TLS, and is beyond the reach of today's crypt-analytic
-methods. See <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure
-ciphers on a per-destination basis. </p>
+<p> The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption. The default value "medium" is suitable
+for most destinations with which you may want to enforce TLS, and
+is beyond the reach of today's crypt-analytic methods. See
+<a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> for information on how to configure ciphers
+on a per-destination basis. </p>
<p> The following cipher grades are supported: </p>
<DT><b><a name="smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
-<p> List of ciphers or cipher types to exclude from the SMTP client
-cipher list at the mandatory TLS security levels: "encrypt", "verify"
-and "secure". See <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> for syntax details. When
-both "exclude" parameters are defined, the combined list of ciphers is
-excluded (provided the TLS security level is "encrypt" or higher). </p>
+<p> Additional list of ciphers or cipher types to exclude from the
+SMTP client cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with <a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>
+(see there for syntax details). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
<DT><b><a name="smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a>
(default: SSLv3, TLSv1)</b></DT><DD>
-<p> List of TLS protocol versions that are secure enough to be used
-with
the "encrypt" security level and higher. In <a href="postconf.5.html">main.cf</a> the values
+<p> List of TLS protocols that the Postfix SMTP client will use
+with
mandatory TLS encryption. In <a href="postconf.5.html">main.cf</a> the values
are separated by whitespace, commas or colons. In the policy table
(see <a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a>) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names,
<DT><b><a name="smtpd_peername_lookup">smtpd_peername_lookup</a>
(default: yes)</b></DT><DD>
-<p> Attempt to look up the SMTP client hostname, and verify that
+<p> Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
<p>This feature is available with Postfix version 2.2. It is not used with
-Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> instead. </p>
-
-
-</DD>
-
-<DT><b><a name="smtpd_tls_ciphers">smtpd_tls_ciphers</a>
-(default: export)</b></DT><DD>
-
-<p> The minimum acceptable SMTP server TLS cipher grade. It is easy to
-create inter-operability problems by choosing a non-default cipher grade.
-Do not use a stronger than default minimum cipher grade for MX hosts on
-the public Internet. Clients that begin the TLS handshake, but are unable
-to agree on a common cipher, may not be able to send any email to the
-SMTP server. Using a restricted cipher list may be more appropriate for a
-dedicated MSA or an internal mailhub, where one can exert some control over
-the TLS software and settings of the connecting clients. Configurations
-with no certificates are also not likely to inter-operate with most
-clients, see the notes for "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>". </p>
-
-<p> The following cipher grades are supported: </p>
-
-<dl>
-<dt><b>export</b></dt>
-<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
-This is the most appropriate setting for public MX hosts. The underlying
-cipherlist is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration
-parameter, which you are strongly encouraged to not change. The default
-value of <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
-
-<dt><b>low</b></dt>
-<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> configuration
-parameter, which you are strongly encouraged to not change. The default
-value of <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
-
-<dt><b>medium</b></dt>
-<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration
-parameter, which you are strongly encouraged to not change. The default
-value of <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
-
-<dt><b>high</b></dt>
-<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> configuration
-parameter, which you are strongly encouraged to not change. The default
-value of <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers, set
-"<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". </dd>
-
-<dt><b>null</b></dt>
-<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
-without encryption. This setting is only appropriate in the rare
-case that all clients are prepared to use NULL ciphers (not normally
-enabled in TLS clients). The underlying cipherlist is specified via the
-<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly
-encouraged to not change. The default value of <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a>
-excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
-data integrity without encryption or authentication). </dd>
-
-</dl>
-
-<p> This feature is available in Postfix 2.3 and later. </p>
+Postfix 2.3 and later; use <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> instead. </p>
</DD>
<p> Your actual source for entropy may differ. Some systems have
/dev/random; on other system you may consider using the "Entropy
-Gathering Daemon EGD", available at <a href="http://www.lothar.com/tech/crypto/">http://www.lothar.com/tech/crypto/</a>.
+Gathering Daemon EGD", available at <a href="http://egd.sourceforge.net/">http://egd.sourceforge.net/</a>
</p>
<p> Example: </p>
(default: empty)</b></DT><DD>
<p> List of ciphers or cipher types to exclude from the SMTP server
-cipher list. This is not an OpenSSL cipherlist; it is a simple list
-separated by whitespace and/or commas. The elements are a single
-cipher, or one or more "+" separated cipher properties, in which
-case only ciphers matching <b>all</b> the properties are excluded. </p>
+cipher list at all TLS security levels. Excluding valid ciphers
+can create interoperability problems. DO NOT exclude ciphers unless it
+is essential to do so. This is not an OpenSSL cipherlist; it is a simple
+list separated by whitespace and/or commas. The elements are a single
+cipher, or one or more "+" separated cipher properties, in which case
+only ciphers matching <b>all</b> the properties are excluded. </p>
<p> Examples (some of these will cause problems): </p>
</DD>
-<DT><b><a name="smtpd_tls_protocols">smtpd_tls_protocols</a>
+<DT><b><a name="smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>
+(default: medium)</b></DT><DD>
+
+<p> The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory
+TLS encryption. Cipher types listed in <a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
+or <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> are excluded from the base definition
+of the selected cipher grade. With opportunistic TLS encryption,
+the "export" grade is used unconditionally with exclusions specified
+only via <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>. </p>
+
+<p> The following cipher grades are supported: </p>
+
+<dl>
+<dt><b>export</b></dt>
+<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
+This is the most appropriate setting for public MX hosts, and is always
+used with opportunistic TLS encryption. The underlying cipherlist
+is specified via the <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> configuration parameter,
+which you are strongly encouraged to not change. The default value
+of <a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> includes anonymous ciphers, but these are
+automatically filtered out if the server is configured to ask for
+client certificates. If you must always exclude anonymous ciphers,
+set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> = aNULL". To exclude anonymous ciphers
+only when TLS is enforced, set "<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> =
+aNULL". </dd>
+
+<dt><b>low</b></dt>
+<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
+underlying cipherlist is specified via the <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a>
+configuration parameter, which you are strongly encouraged to
+not change. The default value of <a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> includes
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </dd>
+
+<dt><b>medium</b></dt>
+<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
+are essentially the 128-bit or stronger ciphers. This is the default
+minimum strength for mandatory TLS encryption. MSAs that enforce
+TLS and have clients that do not support any "MEDIUM" or "HIGH"
+grade ciphers, may need to configure a weaker ("low" or "export")
+minimum cipher grade. The underlying cipherlist is specified via the
+<a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> configuration parameter, which you are strongly
+encouraged to not change. The default value of <a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a>
+includes anonymous ciphers, but these are automatically filtered out if
+the server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </dd>
+
+<dt><b>high</b></dt>
+<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
+underlying cipherlist is specified via the <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a>
+configuration parameter, which you are strongly encouraged to
+not change. The default value of <a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> includes
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> = aNULL". </dd>
+
+<dt><b>null</b></dt>
+<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
+without encryption. This setting is only appropriate in the rare
+case that all clients are prepared to use NULL ciphers (not normally
+enabled in TLS clients). The underlying cipherlist is specified via the
+<a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> configuration parameter, which you are strongly
+encouraged to not change. The default value of <a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a>
+excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
+data integrity without encryption or authentication). </dd>
+
+</dl>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a>
(default: empty)</b></DT><DD>
-<p> The list of TLS protocols supported by the Postfix SMTP server.
-If the list is empty, the server supports all available TLS protocol
-versions. A non-empty value is a list of protocol names separated
-by whitespace, commas or colons. The supported protocol names are
-"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
+<p> Additional list of ciphers or cipher types to exclude from the
+SMTP server cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with <a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>
+(see there for syntax details). </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
-<p> DO NOT set this to a non-default value on an Internet MX host,
-as this may cause inter-operability problems. If you restrict the
-protocol list on an Internet MX host, you may lose mail. </p>
+
+</DD>
+
+<DT><b><a name="smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>
+(default: SSLv3, TLSv1)</b></DT><DD>
+
+<p> The TLS protocols accepted by the Postfix SMTP server with
+mandatory TLS encryption. With opportunistic TLS encryption, all
+protocols are always accepted. If the list is empty, the server
+supports all available TLS protocol versions. A non-empty value
+is a list of protocol names separated by whitespace, commas or
+colons. The supported protocol names are "SSLv2", "SSLv3" and
+"TLSv1", and are not case sensitive. </p>
<p> Example: </p>
<pre>
-<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> = SSLv3, TLSv1
+<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> = SSLv3, TLSv1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
<DT><b><a name="smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>
(default: no)</b></DT><DD>
-<p> When TLS encryption is enforced, require a remote SMTP client
+<p> With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> = yes". </p>
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>
+<p> This feature is available in Postfix 2.3 and later. </p>
+
</DD>
(default: ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
-defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+defines the meaning of the "export" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
(default: !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
-the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+the meaning of the "high" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
strongly encouraged to not change this setting. </p>
(default: !EXPORT:ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
-the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+the meaning of the "low" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are
strongly encouraged to not change this setting. </p>
(default: !EXPORT:!LOW:ALL:+RC4:@STRENGTH)</b></DT><DD>
<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
-defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>,
+defines the meaning of the "medium" setting in <a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>,
<a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and <a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
-setting in
<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
+setting in
smtpd_mandatory_tls_ciphers, <a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> and
<a href="postconf.5.html#lmtp_tls_mandatory_ciphers">lmtp_tls_mandatory_ciphers</a>. You are strongly encouraged to not
change this setting. </p>
<a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. For a description of the
TCP client/server table lookup protocol, see <a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>.
This feature is not available up to and including Postfix
- version 2.2.
+ version 2.3.
Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.2.
+ Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
Lookup tables, indexed by the remote SMTP server
address, with case insensitive lists of EHLO key-
words (pipelining, starttls, auth, etc.) that the
- SMTP client will ignore in the EHLO response from a
- remote SMTP server.
+ Postfix SMTP client will ignore in the EHLO
+ response from a remote SMTP server.
<b><a href="postconf.5.html#smtp_discard_ehlo_keywords">smtp_discard_ehlo_keywords</a> (empty)</b>
A case insensitive list of EHLO keywords (pipelin-
- ing, starttls, auth, etc.) that the SMTP client
- will ignore in the EHLO response from a remote SMTP
- server.
+ ing, starttls, auth, etc.) that the Postfix SMTP
+ client will ignore in the EHLO response from a
+ remote SMTP server.
<b><a href="postconf.5.html#smtp_generic_maps">smtp_generic_maps</a> (empty)</b>
Optional lookup tables that perform address rewrit-
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a> (yes)</b>
- Defer mail delivery when an SMTP server does not
- support SASL authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_pass</a>-
- <a href="postconf.5.html#smtp_sasl_password_maps">word_maps</a> contains SASL login/password information
+ If sender-dependent SASL passwords are turned off,
+ defer mail delivery when an SMTP server does not
+ support SASL authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_pass</a>-
+ <a href="postconf.5.html#smtp_sasl_password_maps">word_maps</a> contains SASL login/password information
for that server.
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
- Enable sender-dependent authentication in the SMTP
- client; this is available only with SASL authenti-
- cation, and disables SMTP connection caching to
- ensure that mail from different senders will use
- the appropriate credentials.
+ Enable sender-dependent authentication in the Post-
+ fix SMTP client; this is available only with SASL
+ authentication, and disables SMTP connection
+ caching to ensure that mail from different senders
+ will use the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
- Implementation-specific information that is passed
- through to the SASL plug-in implementation that is
+ Implementation-specific information that is passed
+ through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client
+ The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
+ Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
The default SMTP TLS security level for the Postfix
- SMTP client; when a non-empty value is specified,
- this overrides the obsolete parameters
+ SMTP client; when a non-empty value is specified,
+ this overrides the obsolete parameters
<a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>, <a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and
<a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
+ Time limit for Postfix SMTP client write and read
+ operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP client
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
+ Directory with PEM format certificate authority
+ certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
+ File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum SMTP client TLS cipher grade that is
- strong enough to be used with the "encrypt" secu-
- rity level and higher.
+ The minimum TLS cipher grade that the Postfix SMTP
+ client will use with mandatory TLS encryption.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
- SMTP client cipher list at all security levels.
+ Postfix SMTP client cipher list at all TLS security
+ levels.
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
- List of ciphers or cipher types to exclude from the
- SMTP client cipher list at the mandatory TLS secu-
- rity levels: "encrypt", "verify" and "secure".
+ Additional list of ciphers or cipher types to
+ exclude from the SMTP client cipher list at manda-
+ tory TLS security levels.
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
+ File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
+ File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
+ File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
+ Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
+ Log the hostname of a remote SMTP server that
+ offers STARTTLS, when TLS is not already enabled
for that server.
- <b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client
- TLS security policy by next-hop destination; when a
- non-empty value is specified, this overrides the
- obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
-
- <b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
- List of TLS protocol versions that are secure
- enough to be used with the "encrypt" security level
- and higher.
-
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
The verification depth for remote SMTP server cer-
tificates.
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- When TLS encryption is enforced, require that the
+ With mandatory TLS encryption, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
TLS usage policy by next-hop destination and by
remote SMTP server hostname.
+ <b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
+ Obsolete Postfix < 2.3 control for the Postfix SMTP
+ client TLS cipher list.
+
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
- The LMTP client time limit for sending the LHLO
+ The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
+ Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
+ of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or
+ Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
- The Internet protocols Postfix will attempt to use
+ The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
- The default TCP port that the Postfix LMTP client
+ The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the SMTP
- client should bind to when making an IPv4 connec-
- tion.
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
+ IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the SMTP
- client should bind to when making an IPv6 connec-
- tion.
+ An optional numerical network address that the
+ Postfix SMTP client should bind to when making an
+ IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the SMTP client uses to look
- up a host's IP address.
+ What mechanisms when the Postfix SMTP client uses
+ to look up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
- <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
- Opportunistic TLS: announce STARTTLS support to
- SMTP clients, but do not require that clients use
- TLS encryption.
-
- <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
- Mandatory TLS: announce STARTTLS support to SMTP
- clients, and require that clients use TLS encryp-
- tion.
+ <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
+ The SMTP TLS security level for the Postfix SMTP
+ server; when a non-empty value is specified, this
+ overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
+ <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
<b><a href="postconf.5.html#smtpd_sasl_tls_security_options">smtpd_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtpd_sasl_security_options">smtpd_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtpd_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP server uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP server uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtpd_starttls_timeout">smtpd_starttls_timeout</a> (300s)</b>
- The time limit for Postfix SMTP server write and
- read operations during TLS startup and shutdown
+ The time limit for Postfix SMTP server write and
+ read operations during TLS startup and shutdown
handshake procedures.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP server
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP server
certificate.
<b><a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP server
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP server
certificate.
<b><a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a> (no)</b>
- Ask a remote SMTP client for a client certificate.
+ Ask a remote SMTP client for a client certificate.
<b><a href="postconf.5.html#smtpd_tls_auth_only">smtpd_tls_auth_only</a> (no)</b>
When TLS encryption is optional in the Postfix SMTP
- server, do not announce or accept SASL authentica-
+ server, do not announce or accept SASL authentica-
tion over unencrypted connections.
<b><a href="postconf.5.html#smtpd_tls_ccert_verifydepth">smtpd_tls_ccert_verifydepth</a> (5)</b>
- The verification depth for remote SMTP client cer-
+ The verification depth for remote SMTP client cer-
tificates.
<b><a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP server RSA certificate
+ File with the Postfix SMTP server RSA certificate
in PEM format.
- <b><a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a> (export)</b>
- The minimum acceptable SMTP server TLS cipher
- grade.
-
<b><a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
- SMTP server cipher list.
+ SMTP server cipher list at all TLS security levels.
<b><a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP server DSA certificate
+ File with the Postfix SMTP server DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a> (empty)</b>
- File with DH parameters that the Postfix SMTP
+ File with DH parameters that the Postfix SMTP
server should use with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a> (empty)</b>
- File with DH parameters that the Postfix SMTP
+ File with DH parameters that the Postfix SMTP
server should use with EDH ciphers.
<b><a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
- File with the Postfix SMTP server DSA private key
+ File with the Postfix SMTP server DSA private key
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
- File with the Postfix SMTP server RSA private key
+ File with the Postfix SMTP server RSA private key
in PEM format.
<b><a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP server logging of
+ Enable additional Postfix SMTP server logging of
TLS activity.
- <b><a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a> (empty)</b>
- The list of TLS protocols supported by the Postfix
- SMTP server.
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a> (medium)</b>
+ The minimum TLS cipher grade that the Postfix SMTP
+ server will use with mandatory TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_mandatory_exclude_ciphers</a> (empty)</b>
+ Additional list of ciphers or cipher types to
+ exclude from the SMTP server cipher list at manda-
+ tory TLS security levels.
+
+ <b><a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
+ The TLS protocols accepted by the Postfix SMTP
+ server with mandatory TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_received_header">smtpd_tls_received_header</a> (no)</b>
Request that the Postfix SMTP server produces
CommonName.
<b><a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a> (no)</b>
- When TLS encryption is enforced, require a remote
+ With mandatory TLS encryption, require a remote
SMTP client certificate in order to allow TLS con-
nections to proceed.
server in order to seed its internal pseudo random
number generator (PRNG).
- Available in Postfix version 2.3 and later:
-
- <b><a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a> (empty)</b>
- The SMTP TLS security level for the Postfix SMTP
- server; when a non-empty value is specified, this
- overrides the obsolete parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and
- <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
-
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
<b>(!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)</b>
The OpenSSL cipherlist for "HIGH" grade ciphers.
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
+ The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
+ The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
+<b>OBSOLETE STARTTLS CONTROLS</b>
+ The following configuration parameters exist for compati-
+ bility with Postfix versions before 2.3. Support for these
+ will be removed in a future release.
+
+ <b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
+ Opportunistic TLS: announce STARTTLS support to
+ SMTP clients, but do not require that clients use
+ TLS encryption.
+
+ <b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
+ Mandatory TLS: announce STARTTLS support to SMTP
+ clients, and require that clients use TLS encryp-
+ tion.
+
+ <b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
+ Obsolete Postfix < 2.3 control for the Postfix SMTP
+ server TLS cipher list.
+
<b>VERP SUPPORT CONTROLS</b>
With VERP style delivery, each recipient of a message
receives a customized copy of the message with his/her own
mail delivery problems that are caused by policy,
resource, software or protocol errors.
+ <b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
+ What categories of Postfix-generated mail are sub-
+ ject to before-queue content inspection by
+ <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>, <a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
+
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the
postmaster.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
- Attempt to look up the SMTP client hostname, and
- verify that the name matches the client IP address.
+ Attempt to look up the Postfix SMTP client host-
+ name, and verify that the name matches the client
+ IP address.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> ser-
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.2.
+ Postfix version 2.3.
Each lookup operation uses the entire recipient address
once. Thus, <i>some.domain.hierarchy</i> is not looked up via
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
- Postfix version 2.2.
+ Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire client
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
the Postfix SMTP client returns such mail as undeliverable.
.PP
Specify, for example, "best_mx_transport = local" to pass the mail
-from the SMTP client to the \fBlocal\fR(8) delivery agent. You can specify
+from the Postfix SMTP client to the \fBlocal\fR(8) delivery agent. You
+can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the master.cf file. See the \fBtransport\fR(5) manual page
for the syntax and meaning of "transport" or "transport:nexthop".
.PP
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value and instead use explicit IP addresses in
-the master.cf SMTP server definitions. This preserves the SMTP client's
+the master.cf SMTP server definitions. This preserves the Postfix
+SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IPv4 and/or IPV6 address is primarily useful with virtual
.PP
Warning: with concurrency of 1, one bad message can be enough to
block all mail to a site.
+.SH internal_mail_filter_classes (default: empty)
+What categories of Postfix-generated mail are subject to
+before-queue content inspection by non_smtpd_milters, header_checks
+and body_checks. Specify zero or more of the following, separated
+by whitespace or comma.
+.IP "\fB bounce \fR"
+Inspect the content of delivery
+status notifications.
+.IP "\fB notify \fR"
+Inspect the content of postmaster
+notifications by the \fBsmtp\fR(8) and \fBsmtpd\fR(8) processes.
+.PP
+NOTE: It's generally not safe to enable content inspection of
+Postfix-generated email messages. The user is warned.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH invalid_hostname_reject_code (default: 501)
The numerical Postfix SMTP server response code when the client
HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname
lists: Postfix needs to know only if a lookup string is found or
not, but it does not use the result from table lookup.
.PP
-If this parameter is non-empty (the default), then the Postfix SMTP server
-will reject mail for unknown local users.
+If this parameter is non-empty (the default), then the Postfix SMTP
+server will reject mail for unknown local users.
.PP
To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty).
the word "ESMTP" appears in the server greeting banner (example:
220 spike.porcupine.org ESMTP Postfix).
.SH smtp_bind_address (default: empty)
-An optional numerical network address that the SMTP client should
-bind to when making an IPv4 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
.PP
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
Note 2: address information may be enclosed inside [],
but this form is not recommended here.
.SH smtp_bind_address6 (default: empty)
-An optional numerical network address that the SMTP client should
-bind to when making an IPv6 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
.PP
This feature is available in Postfix 2.2 and later.
.PP
The SMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).
.PP
-When no connection can be made within the deadline, the SMTP client
+When no connection can be made within the deadline, the Postfix
+SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
.SH smtp_data_xfer_timeout (default: 180s)
The SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $smtp_data_xfer_timeout
-seconds the SMTP client terminates the transfer.
+seconds the Postfix SMTP client terminates the transfer.
.PP
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH smtp_discard_ehlo_keyword_address_maps (default: empty)
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
-etc.) that the SMTP client will ignore in the EHLO response from a
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See smtp_discard_ehlo_keywords for details. The
table is not indexed by hostname for consistency with
smtpd_discard_ehlo_keyword_address_maps.
This feature is available in Postfix 2.2 and later.
.SH smtp_discard_ehlo_keywords (default: empty)
A case insensitive list of EHLO keywords (pipelining, starttls,
-auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server.
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server.
.PP
This feature is available in Postfix 2.2 and later.
.PP
Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is s (seconds).
.SH smtp_host_lookup (default: dns)
-What mechanisms when the SMTP client uses to look up a host's IP
+What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
.PP
Specify one of the following:
.ad
.ft R
.SH smtp_sasl_auth_enforce (default: yes)
-Defer mail delivery when an SMTP server does not support SASL
-authentication, while smtp_sasl_password_maps contains SASL
-login/password information for that server.
+If sender-dependent SASL passwords are turned off, defer mail
+delivery when an SMTP server does not support SASL authentication,
+while smtp_sasl_password_maps contains SASL login/password information
+for that server.
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_sasl_mechanism_filter (default: empty)
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_send_xforward_command (default: no)
-Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
-response announces XFORWARD support.
+Send the non-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
.PP
This allows an "smtp" delivery agent, used for injecting mail into
a content filter, to forward the name, address, protocol and HELO
.PP
This feature is available in Postfix 2.1 and later.
.SH smtp_sender_dependent_authentication (default: no)
-Enable sender-dependent authentication in the SMTP client; this is
+Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials.
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_cipherlist (default: empty)
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
-cipher list. As this feature applies to all security levels, it is easy
+cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_enforce_peername (default: yes)
-When TLS encryption is enforced, require that the remote SMTP
+With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of RFC 2487 the requirements for hostname checking
for MTA clients are not specified.
This feature is available in Postfix 2.2 and later. With
Postfix 2.3 and later use smtp_tls_security_level instead.
.SH smtp_tls_exclude_ciphers (default: empty)
-List of ciphers or cipher types to exclude from the SMTP client cipher
-list at all security levels. This is not an OpenSSL cipherlist, it is
+List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching \fBall\fR the properties are excluded.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtp_tls_mandatory_ciphers (default: medium)
-The minimum SMTP client TLS cipher grade that is strong enough to
-be used with the "encrypt" security level and higher. The default
-value "medium" is suitable for most destinations with which you may
-want to enforce TLS, and is beyond the reach of today's crypt-analytic
-methods. See smtp_tls_policy_maps for information on how to configure
-ciphers on a per-destination basis.
+The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption. The default value "medium" is suitable
+for most destinations with which you may want to enforce TLS, and
+is beyond the reach of today's crypt-analytic methods. See
+smtp_tls_policy_maps for information on how to configure ciphers
+on a per-destination basis.
.PP
The following cipher grades are supported:
.IP "\fBexport\fR"
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_mandatory_exclude_ciphers (default: empty)
-List of ciphers or cipher types to exclude from the SMTP client
-cipher list at the mandatory TLS security levels: "encrypt", "verify"
-and "secure". See smtp_tls_exclude_ciphers for syntax details. When
-both "exclude" parameters are defined, the combined list of ciphers is
-excluded (provided the TLS security level is "encrypt" or higher).
+Additional list of ciphers or cipher types to exclude from the
+SMTP client cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with smtp_tls_exclude_ciphers
+(see there for syntax details).
.PP
This feature is available in Postfix 2.3 and later.
.SH smtp_tls_mandatory_protocols (default: SSLv3, TLSv1)
-List of TLS protocol versions that are secure enough to be used
-with the "encrypt" security level and higher. In main.cf the values
+List of TLS protocols that the Postfix SMTP client will use
+with mandatory TLS encryption. In main.cf the values
are separated by whitespace, commas or colons. In the policy table
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names,
The lookup key to be used in SMTP \fBaccess\fR(5) tables instead of the
null sender address.
.SH smtpd_peername_lookup (default: yes)
-Attempt to look up the SMTP client hostname, and verify that
+Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
\fBNote:\fR do not use "" quotes around the parameter value.
.PP
This feature is available with Postfix version 2.2. It is not used with
-Postfix 2.3 and later; use smtpd_tls_ciphers instead.
-.SH smtpd_tls_ciphers (default: export)
-The minimum acceptable SMTP server TLS cipher grade. It is easy to
-create inter-operability problems by choosing a non-default cipher grade.
-Do not use a stronger than default minimum cipher grade for MX hosts on
-the public Internet. Clients that begin the TLS handshake, but are unable
-to agree on a common cipher, may not be able to send any email to the
-SMTP server. Using a restricted cipher list may be more appropriate for a
-dedicated MSA or an internal mailhub, where one can exert some control over
-the TLS software and settings of the connecting clients. Configurations
-with no certificates are also not likely to inter-operate with most
-clients, see the notes for "smtpd_tls_cert_file".
-.PP
-The following cipher grades are supported:
-.IP "\fBexport\fR"
-Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
-This is the most appropriate setting for public MX hosts. The underlying
-cipherlist is specified via the tls_export_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_export_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "smtpd_tls_exclude_ciphers = aNULL".
-.IP "\fBlow\fR"
-Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the tls_low_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_low_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "smtpd_tls_exclude_ciphers = aNULL".
-.IP "\fBmedium\fR"
-Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the tls_medium_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_medium_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "smtpd_tls_exclude_ciphers = aNULL".
-.IP "\fBhigh\fR"
-Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the tls_high_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_high_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers, set
-"smtpd_tls_exclude_ciphers = aNULL".
-.IP "\fBnull\fR"
-Enable only the "NULL" OpenSSL ciphers, these provide authentication
-without encryption. This setting is only appropriate in the rare
-case that all clients are prepared to use NULL ciphers (not normally
-enabled in TLS clients). The underlying cipherlist is specified via the
-tls_null_cipherlist configuration parameter, which you are strongly
-encouraged to not change. The default value of tls_null_cipherlist
-excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
-data integrity without encryption or authentication).
-.PP
-This feature is available in Postfix 2.3 and later.
+Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead.
.SH smtpd_tls_dcert_file (default: empty)
File with the Postfix SMTP server DSA certificate in PEM format.
This file may also contain the server private key.
.PP
Your actual source for entropy may differ. Some systems have
/dev/random; on other system you may consider using the "Entropy
-Gathering Daemon EGD", available at http://www.lothar.com/tech/crypto/.
+Gathering Daemon EGD", available at http://egd.sourceforge.net/
.PP
Example:
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_exclude_ciphers (default: empty)
List of ciphers or cipher types to exclude from the SMTP server
-cipher list. This is not an OpenSSL cipherlist; it is a simple list
-separated by whitespace and/or commas. The elements are a single
-cipher, or one or more "+" separated cipher properties, in which
-case only ciphers matching \fBall\fR the properties are excluded.
+cipher list at all TLS security levels. Excluding valid ciphers
+can create interoperability problems. DO NOT exclude ciphers unless it
+is essential to do so. This is not an OpenSSL cipherlist; it is a simple
+list separated by whitespace and/or commas. The elements are a single
+cipher, or one or more "+" separated cipher properties, in which case
+only ciphers matching \fBall\fR the properties are excluded.
.PP
Examples (some of these will cause problems):
.PP
loglevel 4 is strongly discouraged.
.PP
This feature is available in Postfix 2.2 and later.
-.SH smtpd_tls_protocols (default: empty)
-The list of TLS protocols supported by the Postfix SMTP server.
-If the list is empty, the server supports all available TLS protocol
-versions. A non-empty value is a list of protocol names separated
-by whitespace, commas or colons. The supported protocol names are
-"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive.
+.SH smtpd_tls_mandatory_ciphers (default: medium)
+The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory
+TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
+or smtpd_tls_exclude_ciphers are excluded from the base definition
+of the selected cipher grade. With opportunistic TLS encryption,
+the "export" grade is used unconditionally with exclusions specified
+only via smtpd_tls_exclude_ciphers.
.PP
-DO NOT set this to a non-default value on an Internet MX host,
-as this may cause inter-operability problems. If you restrict the
-protocol list on an Internet MX host, you may lose mail.
+The following cipher grades are supported:
+.IP "\fBexport\fR"
+Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
+This is the most appropriate setting for public MX hosts, and is always
+used with opportunistic TLS encryption. The underlying cipherlist
+is specified via the tls_export_cipherlist configuration parameter,
+which you are strongly encouraged to not change. The default value
+of tls_export_cipherlist includes anonymous ciphers, but these are
+automatically filtered out if the server is configured to ask for
+client certificates. If you must always exclude anonymous ciphers,
+set "smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers
+only when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers =
+aNULL".
+.IP "\fBlow\fR"
+Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
+underlying cipherlist is specified via the tls_low_cipherlist
+configuration parameter, which you are strongly encouraged to
+not change. The default value of tls_low_cipherlist includes
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"smtpd_tls_mandatory_exclude_ciphers = aNULL".
+.IP "\fBmedium\fR"
+Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
+are essentially the 128-bit or stronger ciphers. This is the default
+minimum strength for mandatory TLS encryption. MSAs that enforce
+TLS and have clients that do not support any "MEDIUM" or "HIGH"
+grade ciphers, may need to configure a weaker ("low" or "export")
+minimum cipher grade. The underlying cipherlist is specified via the
+tls_medium_cipherlist configuration parameter, which you are strongly
+encouraged to not change. The default value of tls_medium_cipherlist
+includes anonymous ciphers, but these are automatically filtered out if
+the server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"smtpd_tls_mandatory_exclude_ciphers = aNULL".
+.IP "\fBhigh\fR"
+Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
+underlying cipherlist is specified via the tls_high_cipherlist
+configuration parameter, which you are strongly encouraged to
+not change. The default value of tls_high_cipherlist includes
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"smtpd_tls_mandatory_exclude_ciphers = aNULL".
+.IP "\fBnull\fR"
+Enable only the "NULL" OpenSSL ciphers, these provide authentication
+without encryption. This setting is only appropriate in the rare
+case that all clients are prepared to use NULL ciphers (not normally
+enabled in TLS clients). The underlying cipherlist is specified via the
+tls_null_cipherlist configuration parameter, which you are strongly
+encouraged to not change. The default value of tls_null_cipherlist
+excludes anonymous ciphers (OpenSSL 0.9.8 has NULL ciphers that offer
+data integrity without encryption or authentication).
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_mandatory_exclude_ciphers (default: empty)
+Additional list of ciphers or cipher types to exclude from the
+SMTP server cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
+(see there for syntax details).
+.PP
+This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_mandatory_protocols (default: SSLv3, TLSv1)
+The TLS protocols accepted by the Postfix SMTP server with
+mandatory TLS encryption. With opportunistic TLS encryption, all
+protocols are always accepted. If the list is empty, the server
+supports all available TLS protocol versions. A non-empty value
+is a list of protocol names separated by whitespace, commas or
+colons. The supported protocol names are "SSLv2", "SSLv3" and
+"TLSv1", and are not case sensitive.
.PP
Example:
.PP
.nf
.na
.ft C
-smtpd_tls_protocols = SSLv3, TLSv1
+smtpd_tls_mandatory_protocols = SSLv3, TLSv1
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_tls_req_ccert (default: no)
-When TLS encryption is enforced, require a remote SMTP client
+With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "smtpd_tls_ask_ccert = yes".
.PP
Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH smtpd_tls_session_cache_database (default: empty)
Name of the file containing the optional Postfix SMTP server
TLS session cache. Specify a database type that supports enumeration,
This feature is available in Postfix 2.2 and later.
.SH tls_export_cipherlist (default: ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
-defines the meaning of the "export" setting in smtpd_tls_ciphers,
+defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
This feature is available in Postfix 2.3 and later.
.SH tls_high_cipherlist (default: !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
-the meaning of the "high" setting in smtpd_tls_ciphers,
+the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_low_cipherlist (default: !EXPORT:ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
-the meaning of the "low" setting in smtpd_tls_ciphers,
+the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
.SH tls_medium_cipherlist (default: !EXPORT:!LOW:ALL:+RC4:@STRENGTH)
The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
-defines the meaning of the "medium" setting in smtpd_tls_ciphers,
+defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
.SH tls_null_cipherlist (default: !aNULL:eNULL+kRSA)
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
-setting in smtpd_tls_ciphers, smtp_tls_mandatory_ciphers and
+setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and
lmtp_tls_mandatory_ciphers. You are strongly encouraged to not
change this setting.
.PP
expression lookup table syntax, see \fBregexp_table\fR(5) or
\fBpcre_table\fR(5). For a description of the TCP client/server
table lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each pattern is a regular expression that is applied to the entire
address being looked up. Thus, \fIuser@domain\fR mail addresses are not
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire recipient address once. Thus,
\fIsome.domain.hierarchy\fR is not looked up via its parent domains,
This section describes how the table lookups change when lookups
are directed to a TCP-based server. For a description of the TCP
client/server lookup protocol, see \fBtcp_table\fR(5).
-This feature is not available up to and including Postfix version 2.2.
+This feature is not available up to and including Postfix version 2.3.
Each lookup operation uses the entire address once. Thus,
\fIuser@domain\fR mail addresses are not broken up into their
.IP "\fBipc_timeout (3600s)\fR"
The time limit for sending or receiving information over an internal
communication channel.
+.IP "\fBinternal_mail_filter_classes (empty)\fR"
+What categories of Postfix-generated mail are subject to
+before-queue content inspection by non_smtpd_milters, header_checks
+and body_checks.
.IP "\fBmail_name (Postfix)\fR"
The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
.IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
-etc.) that the SMTP client will ignore in the EHLO response from a
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server.
.IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
A case insensitive list of EHLO keywords (pipelining, starttls,
-auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server.
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server.
.IP "\fBsmtp_generic_maps (empty)\fR"
Optional lookup tables that perform address rewriting in the
SMTP client, typically to transform a locally valid address into
.fi
Available in Postfix version 2.1 and later:
.IP "\fBsmtp_send_xforward_command (no)\fR"
-Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
-response announces XFORWARD support.
+Send the non-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
.SH "SASL AUTHENTICATION CONTROLS"
.na
.nf
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
-Defer mail delivery when an SMTP server does not support SASL
-authentication, while smtp_sasl_password_maps contains SASL
-login/password information for that server.
+If sender-dependent SASL passwords are turned off, defer mail
+delivery when an SMTP server does not support SASL authentication,
+while smtp_sasl_password_maps contains SASL login/password information
+for that server.
.IP "\fBsmtp_sender_dependent_authentication (no)\fR"
-Enable sender-dependent authentication in the SMTP client; this is
+Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials.
.IP "\fBsmtp_tls_cert_file (empty)\fR"
File with the Postfix SMTP client RSA certificate in PEM format.
.IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
-The minimum SMTP client TLS cipher grade that is strong enough to
-be used with the "encrypt" security level and higher.
+The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption.
.IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
-List of ciphers or cipher types to exclude from the SMTP client cipher
-list at all security levels.
+List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels.
.IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
-List of ciphers or cipher types to exclude from the SMTP client
-cipher list at the mandatory TLS security levels: "encrypt", "verify"
-and "secure".
+Additional list of ciphers or cipher types to exclude from the
+SMTP client cipher list at mandatory TLS security levels.
.IP "\fBsmtp_tls_dcert_file (empty)\fR"
File with the Postfix SMTP client DSA certificate in PEM format.
.IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
.IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
Log the hostname of a remote SMTP server that offers STARTTLS,
when TLS is not already enabled for that server.
-.IP "\fBsmtp_tls_policy_maps (empty)\fR"
-Optional lookup tables with the Postfix SMTP client TLS security
-policy by next-hop destination; when a non-empty value is specified,
-this overrides the obsolete smtp_tls_per_site parameter.
-.IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
-List of TLS protocol versions that are secure enough to be used
-with the "encrypt" security level and higher.
.IP "\fBsmtp_tls_scert_verifydepth (5)\fR"
The verification depth for remote SMTP server certificates.
.IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
.IP "\fBsmtp_tls_enforce_peername (yes)\fR"
-When TLS encryption is enforced, require that the remote SMTP
+With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate.
.IP "\fBsmtp_tls_per_site (empty)\fR"
Optional lookup tables with the Postfix SMTP client TLS usage
policy by next-hop destination and by remote SMTP server hostname.
+.IP "\fBsmtp_tls_cipherlist (empty)\fR"
+Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+cipher list.
.SH "RESOURCE AND RATE CONTROLS"
.na
.nf
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
errors.
+.IP "\fBinternal_mail_filter_classes (empty)\fR"
+What categories of Postfix-generated mail are subject to
+before-queue content inspection by non_smtpd_milters, header_checks
+and body_checks.
.IP "\fBnotify_classes (resource, software)\fR"
The list of error classes that are reported to the postmaster.
.SH "MISCELLANEOUS CONTROLS"
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.IP "\fBsmtp_bind_address (empty)\fR"
-An optional numerical network address that the SMTP client should
-bind to when making an IPv4 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
.IP "\fBsmtp_bind_address6 (empty)\fR"
-An optional numerical network address that the SMTP client should
-bind to when making an IPv6 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
.IP "\fBsmtp_helo_name ($myhostname)\fR"
The hostname to send in the SMTP EHLO or HELO command.
.IP "\fBlmtp_lhlo_name ($myhostname)\fR"
The hostname to send in the LMTP LHLO command.
.IP "\fBsmtp_host_lookup (dns)\fR"
-What mechanisms when the SMTP client uses to look up a host's IP
+What mechanisms when the Postfix SMTP client uses to look up a host's IP
address.
.IP "\fBsmtp_randomize_addresses (yes)\fR"
Randomize the order of equal-preference MX host addresses.
.fi
Detailed information about STARTTLS configuration may be
found in the TLS_README document.
-.IP "\fBsmtpd_use_tls (no)\fR"
-Opportunistic TLS: announce STARTTLS support to SMTP clients,
-but do not require that clients use TLS encryption.
-.IP "\fBsmtpd_enforce_tls (no)\fR"
-Mandatory TLS: announce STARTTLS support to SMTP clients,
-and require that clients use TLS encryption.
+.IP "\fBsmtpd_tls_security_level (empty)\fR"
+The SMTP TLS security level for the Postfix SMTP server; when
+a non-empty value is specified, this overrides the obsolete parameters
+smtpd_use_tls and smtpd_enforce_tls.
.IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
The SASL authentication security options that the Postfix SMTP
server uses for TLS encrypted SMTP sessions.
The verification depth for remote SMTP client certificates.
.IP "\fBsmtpd_tls_cert_file (empty)\fR"
File with the Postfix SMTP server RSA certificate in PEM format.
-.IP "\fBsmtpd_tls_ciphers (export)\fR"
-The minimum acceptable SMTP server TLS cipher grade.
.IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR"
List of ciphers or cipher types to exclude from the SMTP server
-cipher list.
+cipher list at all TLS security levels.
.IP "\fBsmtpd_tls_dcert_file (empty)\fR"
File with the Postfix SMTP server DSA certificate in PEM format.
.IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
File with the Postfix SMTP server RSA private key in PEM format.
.IP "\fBsmtpd_tls_loglevel (0)\fR"
Enable additional Postfix SMTP server logging of TLS activity.
-.IP "\fBsmtpd_tls_protocols (empty)\fR"
-The list of TLS protocols supported by the Postfix SMTP server.
+.IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
+The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory
+TLS encryption.
+.IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
+Additional list of ciphers or cipher types to exclude from the
+SMTP server cipher list at mandatory TLS security levels.
+.IP "\fBsmtpd_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
+The TLS protocols accepted by the Postfix SMTP server with
+mandatory TLS encryption.
.IP "\fBsmtpd_tls_received_header (no)\fR"
Request that the Postfix SMTP server produces Received: message
headers that include information about the protocol and cipher used,
as well as the client CommonName and client certificate issuer
CommonName.
.IP "\fBsmtpd_tls_req_ccert (no)\fR"
-When TLS encryption is enforced, require a remote SMTP client
+With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed.
.IP "\fBsmtpd_tls_session_cache_database (empty)\fR"
Name of the file containing the optional Postfix SMTP server
The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
process requests from the \fBtlsmgr\fR(8) server in order to seed its
internal pseudo random number generator (PRNG).
-.PP
-Available in Postfix version 2.3 and later:
-.IP "\fBsmtpd_tls_security_level (empty)\fR"
-The SMTP TLS security level for the Postfix SMTP server; when
-a non-empty value is specified, this overrides the obsolete parameters
-smtpd_use_tls and smtpd_enforce_tls.
.IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
The OpenSSL cipherlist for "HIGH" grade ciphers.
.IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
.IP "\fBtls_null_cipherlist (!aNULL:eNULL+kRSA)\fR"
The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption.
+.SH "OBSOLETE STARTTLS CONTROLS"
+.na
+.nf
+.ad
+.fi
+The following configuration parameters exist for compatibility
+with Postfix versions before 2.3. Support for these will
+be removed in a future release.
+.IP "\fBsmtpd_use_tls (no)\fR"
+Opportunistic TLS: announce STARTTLS support to SMTP clients,
+but do not require that clients use TLS encryption.
+.IP "\fBsmtpd_enforce_tls (no)\fR"
+Mandatory TLS: announce STARTTLS support to SMTP clients,
+and require that clients use TLS encryption.
+.IP "\fBsmtpd_tls_cipherlist (empty)\fR"
+Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
+cipher list.
.SH "VERP SUPPORT CONTROLS"
.na
.nf
The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or protocol
errors.
+.IP "\fBinternal_mail_filter_classes (empty)\fR"
+What categories of Postfix-generated mail are subject to
+before-queue content inspection by non_smtpd_milters, header_checks
+and body_checks.
.IP "\fBnotify_classes (resource, software)\fR"
The list of error classes that are reported to the postmaster.
.IP "\fBsoft_bounce (no)\fR"
.PP
Available in Postfix version 2.3 and later:
.IP "\fBsmtpd_peername_lookup (yes)\fR"
-Attempt to look up the SMTP client hostname, and verify that
+Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address.
.PP
The per SMTP client connection count and request rate limits are
s;\bhopcount_limit\b;<a href="postconf.5.html#hopcount_limit">$&</a>;g;
s;\bhtml_direc[-</bB>]*\n*[ <bB>]*tory\b;<a href="postconf.5.html#html_directory">$&</a>;g;
s;\bignore_mx_lookup_error\b;<a href="postconf.5.html#ignore_mx_lookup_error">$&</a>;g;
+ s;\binternal_mail_filter_classes\b;<a href="postconf.5.html#internal_mail_filter_classes">$&</a>;g;
s;\bimport_environment\b;<a href="postconf.5.html#import_environment">$&</a>;g;
s;\bin_flow_delay\b;<a href="postconf.5.html#in_flow_delay">$&</a>;g;
s;\binet_inter[-</bB>]*\n*[ <bB>]*faces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;
s;\bsmtp_tls_cert_file\b;<a href="postconf.5.html#smtp_tls_cert_file">$&</a>;g;
s;\bsmtp_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtp_tls_mandatory_ciphers">$&</a>;g;
+ s;\bsmtp_tls_cipherlist\b;<a href="postconf.5.html#smtp_tls_cipherlist">$&</a>;g;
s;\bsmtp_tls_exclude_ciphers\b;<a href="postconf.5.html#smtp_tls_exclude_ciphers">$&</a>;g;
s;\bsmtp_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">$&</a>;g;
s;\bsmtp_tls_dcert_file\b;<a href="postconf.5.html#smtp_tls_dcert_file">$&</a>;g;
s;\bsmtpd_tls_auth_only\b;<a href="postconf.5.html#smtpd_tls_auth_only">$&</a>;g;
s;\bsmtpd_tls_ccert_verifydepth\b;<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">$&</a>;g;
s;\bsmtpd_tls_cert_file\b;<a href="postconf.5.html#smtpd_tls_cert_file">$&</a>;g;
- s;\bsmtpd_tls_ciphers\b;<a href="postconf.5.html#smtpd_tls_ciphers">$&</a>;g;
+ s;\bsmtpd_tls_cipherlist\b;<a href="postconf.5.html#smtpd_tls_cipherlist">$&</a>;g;
s;\bsmtpd_tls_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_exclude_ciphers">$&</a>;g;
+ s;\bsmtpd_tls_mandatory_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">$&</a>;g;
+ s;\bsmtpd_tls_mandatory_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">$&</a>;g;
s;\bsmtpd_tls_dcert_file\b;<a href="postconf.5.html#smtpd_tls_dcert_file">$&</a>;g;
s;\bsmtpd_tls_dh1024_param_file\b;<a href="postconf.5.html#smtpd_tls_dh1024_param_file">$&</a>;g;
s;\bsmtpd_tls_dh512_param_file\b;<a href="postconf.5.html#smtpd_tls_dh512_param_file">$&</a>;g;
s;\bsmtpd_tls_key_file\b;<a href="postconf.5.html#smtpd_tls_key_file">$&</a>;g;
s;\bsmtpd_tls_security_level\b;<a href="postconf.5.html#smtpd_tls_security_level">$&</a>;g;
s;\bsmtpd_tls_loglevel\b;<a href="postconf.5.html#smtpd_tls_loglevel">$&</a>;g;
- s;\bsmtpd_tls_protocols\b;<a href="postconf.5.html#smtpd_tls_protocols">$&</a>;g;
+ s;\bsmtpd_tls_mandatory_protocols\b;<a href="postconf.5.html#smtpd_tls_mandatory_protocols">$&</a>;g;
s;\bsmtpd_tls_received_header\b;<a href="postconf.5.html#smtpd_tls_received_header">$&</a>;g;
s;\bsmtpd_tls_req_ccert\b;<a href="postconf.5.html#smtpd_tls_req_ccert">$&</a>;g;
s;\bsmtpd_tls_session_cache_database\b;<a href="postconf.5.html#smtpd_tls_session_cache_database">$&</a>;g;
rejects mail for the recipient address. If a recipient probe
succeeds, then Postfix accepts mail for the recipient address. </p>
+<p> By default, address verification results are not saved. To avoid
+probing the same address repeatedly, you can store the result in a
+<a href="#caching">persistent database</a> as described later. </p>
+
<blockquote>
<pre>
/etc/postfix/main.cf:
# =============================================================
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
+ -o disable_mime_output_conversion=yes
</pre>
</blockquote>
the real client name IP address. See smtp(8) and XFORWARD_README
for more information. </p>
+<li> <p> With "-o disable_mime_output_conversion=yes", the scan
+delivery agent will not convert 8BITMIME mail to quoted-printable
+form while delivering to the content filter, as that would invalidate
+domainkeys and other digital signatures. This workaround is needed
+because some SMTP-based content filters don't announce 8BITMIME
+support, even though they can handle it just fine. </p>
+
</ul>
<h3>Advanced content filter: running the content filter</h3>
<a href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>)
or to digitally sign mail (example: <a
href="http://sourceforge.net/projects/dk-milter/">Domain keys</a>).
-Having yet another MTA-specific version of all that software is a
-poor use of human and system resources. </p>
+Having yet another Postfix-specific version of all that software
+is a poor use of human and system resources. </p>
<p> Postfix 2.3 implements all the requests of Sendmail version 8
Milter protocols up to version 4, except one: message body replacement.
-See, however, the <a href="#limitations">limitations</a> section
-at the end of this document. </p>
+See, however, the <a href="#workarounds">workarounds</a> and <a
+href="#limitations">limitations</a> sections at the end of this
+document. </p>
<p> This document provides information on the following topics: </p>
host. The host and port can be specified in numeric or symbolic
form.</p>
-<p> Note: Postfix syntax differs from Milter syntax which has the
+<p> NOTE: Postfix syntax differs from Milter syntax which has the
form <b>inet:</b><i>port</i><b>@</b><i>host</i>. </p> </dd>
</dl>
<h2><a name="workarounds">Workarounds</a></h2>
+<p> Content filters may break domain key etc. signatures. If you
+use an SMTP-based filter as described in FILTER_README, then you
+should add a line to master.cf with "disable_mime_output_conversion
+= yes", as described in the <a
+href="FILTER_README.html#advanced_filter">advanced content filter</a>
+example. </p>
+
<p> Sendmail Milter applications were originally developed for the
Sendmail version 8 MTA, which has a different architecture than
Postfix. The result is that some Milter applications make assumptions
<ul>
+<li> <p> Some Milter applications use the "<tt>{if_addr}</tt>" macro
+to recognize local mail; this macro does not exist in Postfix.
+Workaround: use the "<tt>{client_addr}</tt>" macro instead. </p>
+
<li> <p> Some Milter applications log a warning that looks like
this: </p>
</pre>
</blockquote>
-<p> This happens because the Milter application expects that the
+<p> This happens because some Milter applications expect that the
queue ID is known <i>before</i> the MTA accepts the MAIL FROM
-(sender) command. Postfix, on the other hand, does not create a
-queue file until <i>after</i> Postfix accepts the first valid RCPT
-TO (recipient) command. This queue file name must be globally unique
-across multiple queue directories, so it cannot be chosen until the
-file is actually created. </p>
+(sender) command. Postfix, on the other hand, does not choose a
+queue file name until <i>after</i> it accepts the first valid RCPT
+TO (recipient) command. Postfix queue file names must be unique
+across multiple directories, so the name can't be chosen before the
+file is created. If multiple messages were to use the same queue
+ID <i>simultaneously</i>, mail would be lost. </p>
<p> To work around the ugly message header from Milter applications,
we add a little code to the Milter source to look up the queue ID
<blockquote>
<pre>
-sic = (Context) smfi_getpriv(ctx);
-assert(sic != NULL);
+dfc = cc->cctx_msg;
+assert(dfc != NULL);
<b>
-/*
-** Determine the job ID for logging.
-*/
-if (sic->ctx_jobid == 0 || strcmp(sic->ctx_jobid, MSGIDUNKNOWN) == 0) {
+/* Determine the job ID for logging. */
+if (dfc->mctx_jobid == 0 || strcmp(dfc->mctx_jobid, JOBIDUNKNOWN) == 0) {
char *jobid = smfi_getsymval(ctx, "i");
if (jobid != 0)
- sic->ctx_jobid = jobid;
+ dfc->mctx_jobid = jobid;
}</b>
+
+/* get hostname; used in the X header and in new MIME boundaries */
</pre>
</blockquote>
-<p> This does not remove the WARNING message, however. </p>
+<p> NOTES: </p>
+
+<ul>
+
+<li> <p> Different mail filters use slightly different names for
+variables. If the above code does not compile, look for the code
+at the start of the <tt>mlfi_eoh()</tt> routine. </p>
+
+<li> <p> This fixes only the ugly message header, but not the WARNING
+message. Fortunately, dk-filter logs that message only once. </p>
+
+</ul>
<p> With some Milter applications we can fix both the WARNING and
the "unknown-msgid" by postponing the call of <tt>mlfi_eoh()</tt>
be unable to receive email from most TLS enabled clients. To avoid
accidental configurations with no certificates, Postfix 2.3 enables
certificate-less operation only when the administrator explicitly sets
-"smtpd_tls_cert_file = none". This ensures that new Postfix
+"smtpd_tls_cert_file = none". This ensures that new Postfix
configurations will not accidentally run with no certificates. </p>
<p> Both RSA and DSA certificates are supported. Typically you will
<p> By default, TLS is disabled in the Postfix SMTP server, so no
difference to plain Postfix is visible. Explicitly switch it on
-with "smtpd_tls_security_level = may" (Postfix 2.3 and
-later) or "smtpd_use_tls = yes" (obsolete but still
+with "smtpd_tls_security_level = may" (Postfix 2.3 and
+later) or "smtpd_use_tls = yes" (obsolete but still
supported). </p>
<p> Example: </p>
<p> <a name="server_enforce">You can ENFORCE the use of TLS</a>,
so that the Postfix SMTP server announces STARTTLS and accepts no
mail without TLS encryption, by setting
-"smtpd_tls_security_level = encrypt" (Postfix 2.3 and
-later) or "smtpd_enforce_tls = yes" (obsolete but still
+"smtpd_tls_security_level = encrypt" (Postfix 2.3 and
+later) or "smtpd_enforce_tls = yes" (obsolete but still
supported). According to RFC 2487 this MUST NOT be applied in case
of a publicly-referenced Postfix SMTP server. This option is off
by default and should only seldom be used. </p>
<p> It is strictly discouraged to use this mode from main.cf. If
you want to support this service, enable a special port in master.cf
-and specify "-o smtpd_tls_wrappermode = yes" as an smtpd(8) command
+and specify "-o smtpd_tls_wrappermode = yes" as an smtpd(8) command
line option. Port 465 (smtps) was once chosen for this feature.
</p>
<p> When TLS is <a href="#server_enforce">enforced</a> you may also decide
to REQUIRE a remote SMTP client certificate for all TLS connections,
-by setting "smtpd_tls_req_ccert = yes". This feature implies
-"smtpd_tls_ask_ccert = yes". When TLS is not enforced,
-"smtpd_tls_req_ccert = yes" is ignored and a warning is
+by setting "smtpd_tls_req_ccert = yes". This feature implies
+"smtpd_tls_ask_ccert = yes". When TLS is not enforced,
+"smtpd_tls_req_ccert = yes" is ignored and a warning is
logged. </p>
<p> Example: </p>
<p> Sending AUTH data over an unencrypted channel poses a security
risk. When TLS layer encryption is required
-("smtpd_tls_security_level = encrypt" or the obsolete
-"smtpd_enforce_tls = yes"), the Postfix SMTP server will
+("smtpd_tls_security_level = encrypt" or the obsolete
+"smtpd_enforce_tls = yes"), the Postfix SMTP server will
announce and accept AUTH only after the TLS layer has been activated
with STARTTLS. When TLS layer encryption is optional
-("smtpd_tls_security_level = may" or the obsolete
-"smtpd_enforce_tls = no"), it may however still be useful
+("smtpd_tls_security_level = may" or the obsolete
+"smtpd_enforce_tls = no"), it may however still be useful
to only offer AUTH when TLS is active. To maintain compatibility
with non-TLS clients, the default is to accept AUTH without encryption.
In order to change this behavior, set
-"smtpd_tls_auth_only = yes". </p>
+"smtpd_tls_auth_only = yes". </p>
<p> Example: </p>
<p> The description below is for Postfix 2.3; for Postfix < 2.3 the
smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an
-explicit OpenSSL cipherlist. </p>
+explicit OpenSSL cipherlist. The obsolete setting applies even when TLS
+encryption is not enforced. Use of this control on public MX hosts is
+strongly discouraged. </p>
+
+<p> With mandatory TLS encryption, the Postfix SMTP server will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. This is controlled by the smtpd_tls_mandatory_protocols
+configuration parameter. </p>
<p> The Postfix SMTP server supports 5 distinct cipher security levels
-as specified by the smtpd_tls_ciphers configuration parameter. The
-default value is "export" which is the only one appropriate for public
-MX hosts. On private MX hosts or MSAs one can further restrict the
-OpenSSL cipherlist selection. </p>
+as specified by the smtpd_tls_mandatory_ciphers configuration parameter,
+which determines the cipher grade with mandatory TLS encryption. The
+default value is "medium" which is essentially 128-bit encryption or better.
+With opportunistic TLS encryption, the minimum accepted cipher grade is
+always "export". </p>
<p> By default anonymous ciphers are allowed, and automatically disabled
when client certificates are requested. If clients are expected to always
verify the server certificate you may want to exclude anonymous ciphers
-by setting "smtpd_tls_exclude_ciphers = aNULL". One can't
-force a client to check the server certificate, so excluding anonymous
-ciphers is generally unnecessary. </p>
+by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL".
+One can't force a client to check the server certificate, so excluding
+anonymous ciphers is generally unnecessary. </p>
<p> For a server that is not a public Internet MX host, Postfix 2.3
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
-enabled by explicitly setting "smtpd_tls_cert_file = none"
+enabled by explicitly setting "smtpd_tls_cert_file = none"
and not specifying an smtpd_tls_dcert_file. </p>
-<p> Example: (MSA that requires TLS with reasonably secure ciphers) </p>
+<p> Example: (MSA that requires TLS with high grade ciphers) </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
- smtpd_tls_ciphers = medium
- smtpd_tls_exclude_ciphers = aNULL, MD5
+ smtpd_tls_mandatory_ciphers = high
+ smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Postfix 2.3 and later
smtpd_tls_security_level = encrypt
# Obsolete, but still supported
<p> At the "none" TLS security level, TLS encryption is
disabled. This is the default security level. With Postfix 2.3 and later,
-it can be configured explicitly by setting "smtp_tls_security_level = none". </p>
+it can be configured explicitly by setting "smtp_tls_security_level = none". </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to
its default (backwards compatible) empty value, the appropriate configuration
-settings are "smtp_use_tls = no" and "smtp_enforce_tls = no".
+settings are "smtp_use_tls = no" and "smtp_enforce_tls = no".
With either approach, TLS is not used even if supported by the server.
For LMTP, use the corresponding "lmtp_" parameters. </p>
The SMTP transaction is encrypted if the STARTTLS ESMTP feature
is supported by the server. Otherwise, messages are sent in the clear.
With Postfix 2.3 and later, opportunistic TLS can be configured by
-setting "smtp_tls_security_level = may".
+setting "smtp_tls_security_level = may".
<p> Since sending in the clear is acceptable, demanding stronger
than default TLS security merely reduces inter-operability. For
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level is
set to its default (backwards compatible) empty value, the appropriate
-configuration settings are "smtp_use_tls = yes" and
-"smtp_enforce_tls = no".
-For LMTP use the corresponding "lmtp" parameters. </p>
+configuration settings are "smtp_use_tls = yes" and
+"smtp_enforce_tls = no".
+For LMTP use the corresponding "lmtp_" parameters. </p>
<p> With opportunistic TLS, mail delivery continues even if the
server certificate is untrusted or bears the wrong name. Starting
the STARTTLS ESMTP feature is supported by the server. If no suitable
servers are found, the message will be deferred. With Postfix 2.3
and later, mandatory TLS encryption can be configured by setting
-"smtp_tls_security_level = encrypt". Even though TLS
+"smtp_tls_security_level = encrypt". Even though TLS
encryption is always used, mail delivery continues if the server
certificate is untrusted or bears the wrong name. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
is set to its default (backwards compatible) empty value, the
-appropriate configuration settings are "smtp_enforce_tls = yes"
-and "smtp_tls_enforce_peername = no". For LMTP use the corresponding
-<i>lmtp_</i> parameters. </p>
+appropriate configuration settings are "smtp_enforce_tls = yes"
+and "smtp_tls_enforce_peername = no". For LMTP use the corresponding
+"lmtp_" parameters. </p>
<p> Despite the potential for eliminating passive eavesdropping attacks,
mandatory TLS encryption is not viable as a default security level for
expired or revoked, and signed by a trusted certificate authority)
and if the server certificate name matches a known pattern. Mandatory
server certificate verification can be configured by setting
-"smtp_tls_security_level = verify". The
+"smtp_tls_security_level = verify". The
smtp_tls_verify_cert_match parameter can override the default
"hostname" certificate name matching strategy. Fine-tuning the
matching strategy is generally only appropriate for <a
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
is set to its default (backwards compatible) empty value, the
-appropriate configuration settings are "smtp_enforce_tls = yes" and
-"smtp_tls_enforce_peername = yes". For LMTP use the corresponding
-<i>lmtp_</i> parameters. </p>
+appropriate configuration settings are "smtp_enforce_tls = yes" and
+"smtp_tls_enforce_peername = yes". For LMTP use the corresponding
+"lmtp_" parameters. </p>
<p> If the server certificate chain is trusted (see smtp_tls_CAfile
and smtp_tls_CApath), any DNS names in the SubjectAlternativeName
<i>secure-channel</i> TLS sessions where DNS forgery resistant server
certificate verification succeeds. If no suitable servers are found, the
message will be deferred. With Postfix 2.3 and later, secure-channels
-can be configured by setting "smtp_tls_security_level = secure".
+can be configured by setting "smtp_tls_security_level = secure".
The smtp_tls_secure_cert_match parameter can override the default
"nexthop, dot-nexthop" certificate match strategy. </p>
<p> With Postfix 2.2 and earlier, or when smtp_tls_security_level
is set to its default (backwards compatible) empty value, the
-appropriate configuration settings are "smtp_enforce_tls = yes"
-and "smtp_tls_enforce_peername = yes" with additional settings to
+appropriate configuration settings are "smtp_enforce_tls = yes"
+and "smtp_tls_enforce_peername = yes" with additional settings to
<a href="#client_tls_harden">harden</a> peer certificate verification
-against forged DNS data. For LMTP, use the corresponding <i>lmtp_</i>
+against forged DNS data. For LMTP, use the corresponding "lmtp_"
parameters. </p>
<p> If the server certificate chain is trusted (see smtp_tls_CAfile and
<dt> MAY </dt> <dd> Opportunistic TLS. This has less precedence than
a more specific result (including "NONE") from the alternate host or
next-hop lookup key, and has less precedence than the more specific global
-"smtp_enforce_tls = yes" or "smtp_tls_enforce_peername = yes". </dd>
+"smtp_enforce_tls = yes" or "smtp_tls_enforce_peername = yes". </dd>
<dt> MUST_NOPEERMATCH </dt> <dd> Mandatory TLS encryption. This
overrides a less secure "NONE" or a less specific "MAY" lookup result
<li> <p> When neither the remote SMTP server hostname nor the
next-hop destination are found in the smtp_tls_per_site table, the
policy is based on smtp_use_tls, smtp_enforce_tls and
-smtp_tls_enforce_peername. Note: "smtp_enforce_tls = yes" and
-"smtp_tls_enforce_peername = yes" imply "smtp_use_tls = yes". </p>
+smtp_tls_enforce_peername. Note: "smtp_enforce_tls = yes" and
+"smtp_tls_enforce_peername = yes" imply "smtp_use_tls = yes". </p>
<li> <p> When both hostname and next-hop destination lookups produce
a result, the more specific per-site policy (NONE, MUST, etc)
<li> <p> After the per-site policy lookups are combined, the result
generally overrides the global policy. The exception is the less
specific "MAY" per-site policy, which is overruled by the more
-specific global "smtp_enforce_tls = yes" with server certificate
+specific global "smtp_enforce_tls = yes" with server certificate
verification as specified with the smtp_tls_enforce_peername
parameter. </p>
verification. </p>
<li> <p> Disallow CNAME hostname overrides. In main.cf, specify
-"smtp_cname_overrides_servername = no". This prevents false hostname
+"smtp_cname_overrides_servername = no". This prevents false hostname
information in DNS CNAME records from changing the server hostname
that Postfix uses for TLS policy lookup and server certificate
verification. This feature requires Postfix 2.2.9 or later. The
ciphers on a per-destination basis. </p>
<p> By default anonymous ciphers are allowed, and automatically
-disabled when server certificates are verified. If you
-want to disable even at the "encrypt" security level, set
-"smtp_tls_mandatory_exclude_ciphers = aNULL",
-to disable anonymous ciphers even with opportunistic TLS, set
-"smtp_tls_exclude_ciphers = aNULL". There is generally no
-need to take these measures. Anonymous ciphers save bandwidth and TLS
-session cache space, if certificates are ignored, there is little point
-in requesting them. </p>
+disabled when server certificates are verified. If you want to
+disable anonymous ciphers even at the "encrypt" security level, set
+"smtp_tls_mandatory_exclude_ciphers = aNULL"; and to
+disable anonymous ciphers even with opportunistic TLS, set
+"smtp_tls_exclude_ciphers = aNULL". There is generally
+no need to take these measures. Anonymous ciphers save bandwidth
+and TLS session cache space, if certificates are ignored, there is
+little point in requesting them. </p>
<p> Example: </p>
cache databases. Such a protocol cannot be run across fifos. </p>
<li> <p> smtp_tls_per_site: the MUST_NOPEERMATCH per-site policy
-cannot override the global "smtp_tls_enforce_peername = yes" setting.
+cannot override the global "smtp_tls_enforce_peername = yes" setting.
</p>
<li> <p> smtp_tls_per_site: a combined (NONE + MAY) lookup result
for (hostname and next-hop destination) produces counter-intuitive
results for different main.cf settings. TLS is enabled with
-"smtp_tls_enforce_peername = no", but it is disabled when both
-"smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes".
+"smtp_tls_enforce_peername = no", but it is disabled when both
+"smtp_enforce_tls = yes" and "smtp_tls_enforce_peername = yes".
</p>
</ul>
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire client
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
<p>
Specify, for example, "best_mx_transport = local" to pass the mail
-from the SMTP client to the local(8) delivery agent. You can specify
+from the Postfix SMTP client to the local(8) delivery agent. You
+can specify
any message delivery "transport" or "transport:nexthop" that is
defined in the master.cf file. See the transport(5) manual page
for the syntax and meaning of "transport" or "transport:nexthop".
<p>
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value and instead use explicit IP addresses in
-the master.cf SMTP server definitions. This preserves the SMTP client's
+the master.cf SMTP server definitions. This preserves the Postfix
+SMTP client's
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IPv4 and/or IPV6 address is primarily useful with virtual
not, but it does not use the result from table lookup. </p>
<p>
-If this parameter is non-empty (the default), then the Postfix SMTP server
-will reject mail for unknown local users.
+If this parameter is non-empty (the default), then the Postfix SMTP
+server will reject mail for unknown local users.
</p>
<p>
%PARAM smtp_bind_address
<p>
-An optional numerical network address that the SMTP client should
-bind to when making an IPv4 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv4 connection.
</p>
<p>
%PARAM smtp_bind_address6
<p>
-An optional numerical network address that the SMTP client should
-bind to when making an IPv6 connection.
+An optional numerical network address that the Postfix SMTP client
+should bind to when making an IPv6 connection.
</p>
<p> This feature is available in Postfix 2.2 and later. </p>
</p>
<p>
-When no connection can be made within the deadline, the SMTP client
+When no connection can be made within the deadline, the Postfix
+SMTP client
tries the next address on the mail exchanger list. Specify 0 to
disable the time limit (i.e. use whatever timeout is implemented by
the operating system).
<p>
The SMTP client time limit for sending the SMTP message content.
When the connection makes no progress for more than $smtp_data_xfer_timeout
-seconds the SMTP client terminates the transfer.
+seconds the Postfix SMTP client terminates the transfer.
</p>
<p>
%PARAM smtp_host_lookup dns
<p>
-What mechanisms when the SMTP client uses to look up a host's IP
+What mechanisms when the Postfix SMTP client uses to look up a host's IP
address. This parameter is ignored when DNS lookups are disabled.
</p>
%PARAM smtp_send_xforward_command no
<p>
-Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
-response announces XFORWARD support.
+Send the non-standard XFORWARD command when the Postfix SMTP server
+EHLO response announces XFORWARD support.
</p>
<p>
%PARAM smtp_discard_ehlo_keywords
<p> A case insensitive list of EHLO keywords (pipelining, starttls,
-auth, etc.) that the SMTP client will ignore in the EHLO response
-from a remote SMTP server. </p>
+auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+response from a remote SMTP server. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> Lookup tables, indexed by the remote SMTP server address, with
case insensitive lists of EHLO keywords (pipelining, starttls, auth,
-etc.) that the SMTP client will ignore in the EHLO response from a
+etc.) that the Postfix SMTP client will ignore in the EHLO response from a
remote SMTP server. See smtp_discard_ehlo_keywords for details. The
table is not indexed by hostname for consistency with
smtpd_discard_ehlo_keyword_address_maps. </p>
%PARAM smtpd_tls_req_ccert no
-<p> When TLS encryption is enforced, require a remote SMTP client
+<p> With mandatory TLS encryption, require a remote SMTP client
certificate in order to allow TLS connections to proceed. This
option implies "smtpd_tls_ask_ccert = yes". </p>
<p> <b>Note:</b> do not use "" quotes around the parameter value. </p>
<p>This feature is available with Postfix version 2.2. It is not used with
-Postfix 2.3 and later; use smtpd_tls_ciphers instead. </p>
+Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. </p>
%PARAM smtpd_tls_dh1024_param_file
<p> Your actual source for entropy may differ. Some systems have
/dev/random; on other system you may consider using the "Entropy
-Gathering Daemon EGD", available at http://www.lothar.com/tech/crypto/.
+Gathering Daemon EGD", available at http://egd.sourceforge.net/
</p>
<p> Example: </p>
%PARAM smtp_tls_enforce_peername yes
-<p> When TLS encryption is enforced, require that the remote SMTP
+<p> With mandatory TLS encryption, require that the remote SMTP
server hostname matches the information in the remote SMTP server
certificate. As of RFC 2487 the requirements for hostname checking
for MTA clients are not specified. </p>
%PARAM smtp_tls_cipherlist
<p> Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
-cipher list. As this feature applies to all security levels, it is easy
+cipher list. As this feature applies to all TLS security levels, it is easy
to create inter-operability problems by choosing a non-default cipher
list. Do not use a non-default TLS cipher list on hosts that deliver email
to the public Internet: you will be unable to send email to servers that
%PARAM smtpd_peername_lookup yes
-<p> Attempt to look up the SMTP client hostname, and verify that
+<p> Attempt to look up the Postfix SMTP client hostname, and verify that
the name matches the client IP address. A client name is set to
"unknown" when it cannot be looked up or verified, or when name
lookup is disabled. Turning off name lookup reduces delays due to
%PARAM smtp_sender_dependent_authentication no
<p>
-Enable sender-dependent authentication in the SMTP client; this is
+Enable sender-dependent authentication in the Postfix SMTP client; this is
available only with SASL authentication, and disables SMTP connection
caching to ensure that mail from different senders will use the
appropriate credentials. </p>
%PARAM smtp_tls_mandatory_protocols SSLv3, TLSv1
-<p> List of TLS protocol versions that are secure enough to be used
-with the "encrypt" security level and higher. In main.cf the values
+<p> List of TLS protocols that the Postfix SMTP client will use
+with mandatory TLS encryption. In main.cf the values
are separated by whitespace, commas or colons. In the policy table
(see smtp_tls_policy_maps) the only valid separator is colon. An
empty value means allow all protocols. The valid protocol names,
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM smtpd_tls_protocols
+%PARAM smtpd_tls_mandatory_protocols SSLv3, TLSv1
-<p> The list of TLS protocols supported by the Postfix SMTP server.
-If the list is empty, the server supports all available TLS protocol
-versions. A non-empty value is a list of protocol names separated
-by whitespace, commas or colons. The supported protocol names are
-"SSLv2", "SSLv3" and "TLSv1", and are not case sensitive. </p>
-
-<p> DO NOT set this to a non-default value on an Internet MX host,
-as this may cause inter-operability problems. If you restrict the
-protocol list on an Internet MX host, you may lose mail. </p>
+<p> The TLS protocols accepted by the Postfix SMTP server with
+mandatory TLS encryption. With opportunistic TLS encryption, all
+protocols are always accepted. If the list is empty, the server
+supports all available TLS protocol versions. A non-empty value
+is a list of protocol names separated by whitespace, commas or
+colons. The supported protocol names are "SSLv2", "SSLv3" and
+"TLSv1", and are not case sensitive. </p>
<p> Example: </p>
<pre>
-smtpd_tls_protocols = SSLv3, TLSv1
+smtpd_tls_mandatory_protocols = SSLv3, TLSv1
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
-%PARAM smtpd_tls_ciphers export
+%PARAM smtpd_tls_mandatory_ciphers medium
-<p> The minimum acceptable SMTP server TLS cipher grade. It is easy to
-create inter-operability problems by choosing a non-default cipher grade.
-Do not use a stronger than default minimum cipher grade for MX hosts on
-the public Internet. Clients that begin the TLS handshake, but are unable
-to agree on a common cipher, may not be able to send any email to the
-SMTP server. Using a restricted cipher list may be more appropriate for a
-dedicated MSA or an internal mailhub, where one can exert some control over
-the TLS software and settings of the connecting clients. Configurations
-with no certificates are also not likely to inter-operate with most
-clients, see the notes for "smtpd_tls_cert_file". </p>
+<p> The minimum TLS cipher grade that the Postfix SMTP server will
+use with mandatory
+TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
+or smtpd_tls_exclude_ciphers are excluded from the base definition
+of the selected cipher grade. With opportunistic TLS encryption,
+the "export" grade is used unconditionally with exclusions specified
+only via smtpd_tls_exclude_ciphers. </p>
<p> The following cipher grades are supported: </p>
<dl>
<dt><b>export</b></dt>
<dd> Enable the mainstream "EXPORT" grade or better OpenSSL ciphers.
-This is the most appropriate setting for public MX hosts. The underlying
-cipherlist is specified via the tls_export_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_export_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
+This is the most appropriate setting for public MX hosts, and is always
+used with opportunistic TLS encryption. The underlying cipherlist
+is specified via the tls_export_cipherlist configuration parameter,
+which you are strongly encouraged to not change. The default value
+of tls_export_cipherlist includes anonymous ciphers, but these are
+automatically filtered out if the server is configured to ask for
client certificates. If you must always exclude anonymous ciphers,
-set "smtpd_tls_exclude_ciphers = aNULL". </dd>
+set "smtpd_tls_exclude_ciphers = aNULL". To exclude anonymous ciphers
+only when TLS is enforced, set "smtpd_tls_mandatory_exclude_ciphers =
+aNULL". </dd>
<dt><b>low</b></dt>
-<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the tls_low_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_low_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "smtpd_tls_exclude_ciphers = aNULL". </dd>
+<dd> Enable the mainstream "LOW" grade or better OpenSSL ciphers. The
+underlying cipherlist is specified via the tls_low_cipherlist
+configuration parameter, which you are strongly encouraged to
+not change. The default value of tls_low_cipherlist includes
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dt><b>medium</b></dt>
-<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the tls_medium_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_medium_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers,
-set "smtpd_tls_exclude_ciphers = aNULL". </dd>
+<dd> Enable the mainstream "MEDIUM" grade or better OpenSSL ciphers. These
+are essentially the 128-bit or stronger ciphers. This is the default
+minimum strength for mandatory TLS encryption. MSAs that enforce
+TLS and have clients that do not support any "MEDIUM" or "HIGH"
+grade ciphers, may need to configure a weaker ("low" or "export")
+minimum cipher grade. The underlying cipherlist is specified via the
+tls_medium_cipherlist configuration parameter, which you are strongly
+encouraged to not change. The default value of tls_medium_cipherlist
+includes anonymous ciphers, but these are automatically filtered out if
+the server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dt><b>high</b></dt>
-<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. This
-setting is only appropriate for internal mail servers. The underlying
-cipherlist is specified via the tls_high_cipherlist configuration
-parameter, which you are strongly encouraged to not change. The default
-value of tls_high_cipherlist includes anonymous ciphers, but these
-are automatically filtered out if the server is configured to ask for
-client certificates. If you must always exclude anonymous ciphers, set
-"smtpd_tls_exclude_ciphers = aNULL". </dd>
+<dd> Enable only the mainstream "HIGH" grade OpenSSL ciphers. The
+underlying cipherlist is specified via the tls_high_cipherlist
+configuration parameter, which you are strongly encouraged to
+not change. The default value of tls_high_cipherlist includes
+anonymous ciphers, but these are automatically filtered out if the
+server is configured to ask for client certificates. If you must
+always exclude anonymous ciphers, set "smtpd_tls_exclude_ciphers =
+aNULL". To exclude anonymous ciphers only when TLS is enforced, set
+"smtpd_tls_mandatory_exclude_ciphers = aNULL". </dd>
<dt><b>null</b></dt>
<dd> Enable only the "NULL" OpenSSL ciphers, these provide authentication
%PARAM smtpd_tls_exclude_ciphers
<p> List of ciphers or cipher types to exclude from the SMTP server
-cipher list. This is not an OpenSSL cipherlist; it is a simple list
-separated by whitespace and/or commas. The elements are a single
-cipher, or one or more "+" separated cipher properties, in which
-case only ciphers matching <b>all</b> the properties are excluded. </p>
+cipher list at all TLS security levels. Excluding valid ciphers
+can create interoperability problems. DO NOT exclude ciphers unless it
+is essential to do so. This is not an OpenSSL cipherlist; it is a simple
+list separated by whitespace and/or commas. The elements are a single
+cipher, or one or more "+" separated cipher properties, in which case
+only ciphers matching <b>all</b> the properties are excluded. </p>
<p> Examples (some of these will cause problems): </p>
<p> This feature is available in Postfix 2.3 and later. </p>
+%PARAM smtpd_tls_mandatory_exclude_ciphers
+
+<p> Additional list of ciphers or cipher types to exclude from the
+SMTP server cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with smtpd_tls_exclude_ciphers
+(see there for syntax details). </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
%PARAM smtp_tls_mandatory_ciphers medium
-<p> The minimum SMTP client TLS cipher grade that is strong enough to
-be used with the "encrypt" security level and higher. The default
-value "medium" is suitable for most destinations with which you may
-want to enforce TLS, and is beyond the reach of today's crypt-analytic
-methods. See smtp_tls_policy_maps for information on how to configure
-ciphers on a per-destination basis. </p>
+<p> The minimum TLS cipher grade that the Postfix SMTP client will
+use with
+mandatory TLS encryption. The default value "medium" is suitable
+for most destinations with which you may want to enforce TLS, and
+is beyond the reach of today's crypt-analytic methods. See
+smtp_tls_policy_maps for information on how to configure ciphers
+on a per-destination basis. </p>
<p> The following cipher grades are supported: </p>
%PARAM smtp_tls_exclude_ciphers
-<p> List of ciphers or cipher types to exclude from the SMTP client cipher
-list at all security levels. This is not an OpenSSL cipherlist, it is
+<p> List of ciphers or cipher types to exclude from the Postfix
+SMTP client cipher
+list at all TLS security levels. This is not an OpenSSL cipherlist, it is
a simple list separated by whitespace and/or commas. The elements are a
single cipher, or one or more "+" separated cipher properties, in which
case only ciphers matching <b>all</b> the properties are excluded. </p>
%PARAM smtp_tls_mandatory_exclude_ciphers
-<p> List of ciphers or cipher types to exclude from the SMTP client
-cipher list at the mandatory TLS security levels: "encrypt", "verify"
-and "secure". See smtp_tls_exclude_ciphers for syntax details. When
-both "exclude" parameters are defined, the combined list of ciphers is
-excluded (provided the TLS security level is "encrypt" or higher). </p>
+<p> Additional list of ciphers or cipher types to exclude from the
+SMTP client cipher list at mandatory TLS security levels. This list
+works in addition to the exclusions listed with smtp_tls_exclude_ciphers
+(see there for syntax details). </p>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM tls_high_cipherlist !EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "HIGH" grade ciphers. This defines
-the meaning of the "high" setting in smtpd_tls_ciphers,
+the meaning of the "high" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting. </p>
%PARAM tls_medium_cipherlist !EXPORT:!LOW:ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. This
-defines the meaning of the "medium" setting in smtpd_tls_ciphers,
+defines the meaning of the "medium" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the default cipherlist for mandatory TLS encryption in the TLS
client (with anonymous ciphers disabled when verifying server
%PARAM tls_low_cipherlist !EXPORT:ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "LOW" or higher grade ciphers. This defines
-the meaning of the "low" setting in smtpd_tls_ciphers,
+the meaning of the "low" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. You are
strongly encouraged to not change this setting. </p>
%PARAM tls_export_cipherlist ALL:+RC4:@STRENGTH
<p> The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. This
-defines the meaning of the "export" setting in smtpd_tls_ciphers,
+defines the meaning of the "export" setting in smtpd_tls_mandatory_ciphers,
smtp_tls_mandatory_ciphers and lmtp_tls_mandatory_ciphers. This is
the cipherlist for the opportunistic ("may") TLS client security
level and is the default cipherlist for the SMTP server. You are
<p> The OpenSSL cipherlist for "NULL" grade ciphers that provide
authentication without encryption. This defines the meaning of the "null"
-setting in smtpd_tls_ciphers, smtp_tls_mandatory_ciphers and
+setting in smtpd_mandatory_tls_ciphers, smtp_tls_mandatory_ciphers and
lmtp_tls_mandatory_ciphers. You are strongly encouraged to not
change this setting. </p>
%PARAM smtp_sasl_auth_enforce yes
-<p> Defer mail delivery when an SMTP server does not support SASL
-authentication, while smtp_sasl_password_maps contains SASL
-login/password information for that server. </p>
+<p> If sender-dependent SASL passwords are turned off, defer mail
+delivery when an SMTP server does not support SASL authentication,
+while smtp_sasl_password_maps contains SASL login/password information
+for that server. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
<p> Note 3: when invoked via "sendmail -bs", Postfix will never
offer STARTTLS due to insufficient privileges to access the server
private key. This is intended behavior.</p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+%PARAM internal_mail_filter_classes
+
+<p> What categories of Postfix-generated mail are subject to
+before-queue content inspection by non_smtpd_milters, header_checks
+and body_checks. Specify zero or more of the following, separated
+by whitespace or comma. </p>
+
+<dl>
+
+<dt> <b> bounce </b> </dt> <dd> Inspect the content of delivery
+status notifications. </dd>
+
+<dt> <b> notify </b> </dt> <dd> Inspect the content of postmaster
+notifications by the smtp(8) and smtpd(8) processes. </dd>
+
+</dl>
+
+<p> NOTE: It's generally not safe to enable content inspection of
+Postfix-generated email messages. The user is warned. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
# expression lookup table syntax, see \fBregexp_table\fR(5) or
# \fBpcre_table\fR(5). For a description of the TCP client/server
# table lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each pattern is a regular expression that is applied to the entire
# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire recipient address once. Thus,
# \fIsome.domain.hierarchy\fR is not looked up via its parent domains,
# This section describes how the table lookups change when lookups
# are directed to a TCP-based server. For a description of the TCP
# client/server lookup protocol, see \fBtcp_table\fR(5).
-# This feature is not available up to and including Postfix version 2.2.
+# This feature is not available up to and including Postfix version 2.3.
#
# Each lookup operation uses the entire address once. Thus,
# \fIuser@domain\fR mail addresses are not broken up into their
/* .IP "\fBipc_timeout (3600s)\fR"
/* The time limit for sending or receiving information over an internal
/* communication channel.
+/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
+/* What categories of Postfix-generated mail are subject to
+/* before-queue content inspection by non_smtpd_milters, header_checks
+/* and body_checks.
/* .IP "\fBmail_name (Postfix)\fR"
/* The mail system name that is displayed in Received: headers, in
/* the SMTP greeting banner, and in bounced mail.
postmaster = var_2bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
*/
else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
postmaster = var_bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
count = -1;
} else {
verp_sender(verp_buf, verp_delims, recipient, rcpt->address);
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, STR(verp_buf),
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
postmaster = var_bounce_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
if (bounce_header(bounce, bounce_info, postmaster,
} else {
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_2bounce_rcpt,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
bounce_status = 0;
} else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
*/
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_bounce_rcpt,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
if (bounce_header(bounce, bounce_info, var_bounce_rcpt,
* a new queue file.
*/
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
count = -1;
postmaster = var_delay_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
*/
else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, recipient,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
postmaster = var_delay_rcpt;
if ((bounce = post_mail_fopen_nowait(mail_addr_double_bounce(),
postmaster,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_BOUNCE,
NULL_TRACE_FLAGS,
new_id)) != 0) {
count = -1;
int defer_delay; /* deferred delivery */
#endif
MILTERS *milters; /* mail filters */
+ const char *client_name; /* real or ersatz client */
+ const char *client_addr; /* real or ersatz client */
} CLEANUP_STATE;
/*
/* cleanup_milter_apply - apply Milter reponse, non-zero if rejecting */
-static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *resp)
+static const char *cleanup_milter_apply(CLEANUP_STATE *state, const char *event,
+ const char *resp)
{
const char *myname = "cleanup_milter_apply";
const char *action;
default:
msg_panic("%s: unexpected mail filter reply: %s", myname, resp);
}
- vstring_sprintf(state->temp1, "%s: %s;", state->queue_id, action);
+ vstring_sprintf(state->temp1, "%s: %s: %s from %s[%s]: %s;",
+ state->queue_id, action, event, state->client_name,
+ state->client_addr, text);
if (state->sender)
vstring_sprintf_append(state->temp1, " from=<%s>", state->sender);
if (state->recip)
vstring_sprintf_append(state->temp1, " proto=%s", attr);
if ((attr = nvtable_find(state->attr, MAIL_ATTR_LOG_HELO_NAME)) != 0)
vstring_sprintf_append(state->temp1, " helo=<%s>", attr);
- vstring_sprintf_append(state->temp1, ": %s", text);
msg_info("%s", vstring_str(state->temp1));
return (ret);
*/
if ((resp = milter_message(milters, state->handle->stream,
state->data_offset)) != 0)
- cleanup_milter_apply(state, resp);
+ cleanup_milter_apply(state, "END-OF-MESSAGE", resp);
if (msg_verbose)
msg_info("leave %s", myname);
}
const char *addr)
{
const char *resp;
- const char *client_name;
- const char *client_addr;
const char *proto_attr;
const char *client_port;
int client_af;
*/
#define NO_CLIENT_PORT "0"
- client_name = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_NAME);
- client_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_ADDR);
+ state->client_name = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_NAME);
+ state->client_addr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_ADDR);
+
client_port = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_PORT);
proto_attr = nvtable_find(state->attr, MAIL_ATTR_ACT_CLIENT_AF);
- if (client_name == 0 || client_addr == 0 || proto_attr == 0
+ if (state->client_name == 0 || state->client_addr == 0 || proto_attr == 0
|| !alldig(proto_attr)) {
- client_name = "localhost";
- client_addr = "127.0.0.1";
+ state->client_name = "localhost";
+ state->client_addr = "127.0.0.1";
client_af = AF_INET;
} else
client_af = atoi(proto_attr);
/*
* Emulate SMTP events.
*/
- if ((resp = milter_conn_event(milters, client_name, client_addr,
+ if ((resp = milter_conn_event(milters, state->client_name, state->client_addr,
client_port, client_af)) != 0) {
- cleanup_milter_apply(state, resp);
+ cleanup_milter_apply(state, "CONNECT", resp);
return;
}
#define PRETEND_ESMTP 1
if (CLEANUP_MILTER_OK(state)) {
if ((helo = nvtable_find(state->attr, MAIL_ATTR_ACT_HELO_NAME)) == 0)
- helo = client_name;
+ helo = state->client_name;
if ((resp = milter_helo_event(milters, helo, PRETEND_ESMTP)) != 0) {
- cleanup_milter_apply(state, resp);
+ cleanup_milter_apply(state, "EHLO", resp);
return;
}
}
argv[0] = addr;
argv[1] = 0;
if ((resp = milter_mail_event(milters, argv)) != 0) {
- cleanup_milter_apply(state, resp);
+ cleanup_milter_apply(state, "MAIL", resp);
return;
}
}
argv[0] = addr;
argv[1] = 0;
if ((resp = milter_rcpt_event(milters, argv)) != 0
- && cleanup_milter_apply(state, resp) != 0) {
+ && cleanup_milter_apply(state, "RCPT", resp) != 0) {
msg_warn("%s: milter configuration error: can't reject recipient "
"in non-smtpd(8) submission", state->queue_id);
msg_warn("%s: deferring delivery of this message", state->queue_id);
const char *resp;
if ((resp = milter_data_event(milters)) != 0)
- cleanup_milter_apply(state, resp);
+ cleanup_milter_apply(state, "DATA", resp);
}
#ifdef TEST
state->dsn_orcpt = 0;
state->verp_delims = 0;
state->milters = 0;
+ state->client_name = 0;
+ state->client_addr = 0;
return (state);
}
SHELL = /bin/sh
SRCS = abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
canon_addr.c cfg_parser.c cleanup_strerror.c cleanup_strflags.c \
- clnt_stream.c debug_peer.c debug_process.c defer.c db_common.c \
- deliver_completed.c deliver_flock.c deliver_pass.c deliver_request.c \
- dict_ldap.c dict_mysql.c dict_pgsql.c dict_proxy.c domain_list.c \
- dot_lockfile.c dot_lockfile_as.c ext_prop.c file_id.c flush_clnt.c \
- header_opts.c header_token.c input_transp.c \
- is_header.c log_adhoc.c mail_addr.c mail_addr_crunch.c \
- mail_addr_find.c mail_addr_map.c mail_command_client.c \
- mail_command_server.c mail_conf.c mail_conf_bool.c mail_conf_int.c \
- mail_conf_raw.c mail_conf_str.c mail_conf_time.c mail_connect.c \
- mail_copy.c mail_date.c mail_dict.c mail_error.c mail_flush.c \
- mail_open_ok.c mail_params.c mail_pathname.c mail_queue.c \
- mail_run.c mail_scan_dir.c mail_stream.c mail_task.c mail_trigger.c \
- maps.c mark_corrupt.c match_parent_style.c mbox_conf.c \
- mbox_open.c mime_state.c mkmap_db.c mkmap_dbm.c mkmap_open.c \
- mynetworks.c mypwd.c namadr_list.c off_cvt.c opened.c \
- own_inet_addr.c pipe_command.c post_mail.c quote_821_local.c \
- quote_822_local.c rec_streamlf.c rec_type.c recipient_list.c \
- record.c remove.c resolve_clnt.c resolve_local.c rewrite_clnt.c \
+ clnt_stream.c conv_time.c db_common.c debug_peer.c debug_process.c \
+ defer.c deliver_completed.c deliver_flock.c deliver_pass.c \
+ deliver_request.c dict_ldap.c dict_mysql.c dict_pgsql.c \
+ dict_proxy.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
+ dsb_scan.c dsn.c dsn_buf.c dsn_mask.c dsn_print.c dsn_util.c \
+ ehlo_mask.c ext_prop.c file_id.c flush_clnt.c header_opts.c \
+ header_token.c input_transp.c int_filt.c is_header.c log_adhoc.c \
+ mail_addr.c mail_addr_crunch.c mail_addr_find.c mail_addr_map.c \
+ mail_command_client.c mail_command_server.c mail_conf.c \
+ mail_conf_bool.c mail_conf_int.c mail_conf_long.c mail_conf_raw.c \
+ mail_conf_str.c mail_conf_time.c mail_connect.c mail_copy.c \
+ mail_date.c mail_dict.c mail_error.c mail_flush.c mail_open_ok.c \
+ mail_params.c mail_pathname.c mail_queue.c mail_run.c \
+ mail_scan_dir.c mail_stream.c mail_task.c mail_trigger.c maps.c \
+ mark_corrupt.c match_parent_style.c mbox_conf.c mbox_open.c \
+ mime_state.c mkmap_cdb.c mkmap_db.c mkmap_dbm.c mkmap_open.c \
+ mkmap_sdbm.c msg_stats_print.c msg_stats_scan.c mynetworks.c \
+ mypwd.c namadr_list.c off_cvt.c opened.c own_inet_addr.c \
+ pipe_command.c post_mail.c quote_821_local.c quote_822_local.c \
+ rcpt_buf.c rcpt_print.c rec_attr_map.c rec_streamlf.c rec_type.c \
+ recipient_list.c record.c remove.c resolve_clnt.c resolve_local.c \
+ rewrite_clnt.c scache_clnt.c scache_multi.c scache_single.c \
sent.c smtp_stream.c split_addr.c string_list.c strip_addr.c \
sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
- tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c verify.c \
- verify_clnt.c verp_sender.c xtext.c scache_single.c \
- scache_clnt.c scache_multi.c user_acl.c mkmap_cdb.c mkmap_sdbm.c \
- ehlo_mask.c \
- wildcard_inet_addr.c valid_mailhost_addr.c dsn_util.c dsn_mask.c \
- rec_attr_map.c dsn.c dsn_buf.c rcpt_buf.c rcpt_print.c dsn_print.c \
- dsb_scan.c mail_conf_long.c msg_stats_print.c msg_stats_scan.c \
- conv_time.c
+ tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
+ user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
+ verp_sender.c wildcard_inet_addr.c xtext.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
- clnt_stream.o debug_peer.o debug_process.o defer.o db_common.o \
- deliver_completed.o deliver_flock.o deliver_pass.o deliver_request.o \
- dict_ldap.o dict_mysql.o dict_pgsql.o dict_proxy.o domain_list.o \
- dot_lockfile.o dot_lockfile_as.o ext_prop.o file_id.o flush_clnt.o \
- header_opts.o header_token.o input_transp.o \
- is_header.o log_adhoc.o mail_addr.o mail_addr_crunch.o \
- mail_addr_find.o mail_addr_map.o mail_command_client.o \
- mail_command_server.o mail_conf.o mail_conf_bool.o mail_conf_int.o \
- mail_conf_raw.o mail_conf_str.o mail_conf_time.o mail_connect.o \
- mail_copy.o mail_date.o mail_dict.o mail_error.o mail_flush.o \
- mail_open_ok.o mail_params.o mail_pathname.o mail_queue.o \
- mail_run.o mail_scan_dir.o mail_stream.o mail_task.o mail_trigger.o \
- maps.o mark_corrupt.o match_parent_style.o mbox_conf.o \
- mbox_open.o mime_state.o mkmap_db.o mkmap_dbm.o mkmap_open.o \
- mynetworks.o mypwd.o namadr_list.o off_cvt.o opened.o \
- own_inet_addr.o pipe_command.o post_mail.o quote_821_local.o \
- quote_822_local.o rec_streamlf.o rec_type.o recipient_list.o \
- record.o remove.o resolve_clnt.o resolve_local.o rewrite_clnt.o \
+ clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
+ defer.o deliver_completed.o deliver_flock.o deliver_pass.o \
+ deliver_request.o dict_ldap.o dict_mysql.o dict_pgsql.o \
+ dict_proxy.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
+ dsb_scan.o dsn.o dsn_buf.o dsn_mask.o dsn_print.o dsn_util.o \
+ ehlo_mask.o ext_prop.o file_id.o flush_clnt.o header_opts.o \
+ header_token.o input_transp.o int_filt.o is_header.o log_adhoc.o \
+ mail_addr.o mail_addr_crunch.o mail_addr_find.o mail_addr_map.o \
+ mail_command_client.o mail_command_server.o mail_conf.o \
+ mail_conf_bool.o mail_conf_int.o mail_conf_long.o mail_conf_raw.o \
+ mail_conf_str.o mail_conf_time.o mail_connect.o mail_copy.o \
+ mail_date.o mail_dict.o mail_error.o mail_flush.o mail_open_ok.o \
+ mail_params.o mail_pathname.o mail_queue.o mail_run.o \
+ mail_scan_dir.o mail_stream.o mail_task.o mail_trigger.o maps.o \
+ mark_corrupt.o match_parent_style.o mbox_conf.o mbox_open.o \
+ mime_state.o mkmap_cdb.o mkmap_db.o mkmap_dbm.o mkmap_open.o \
+ mkmap_sdbm.o msg_stats_print.o msg_stats_scan.o mynetworks.o \
+ mypwd.o namadr_list.o off_cvt.o opened.o own_inet_addr.o \
+ pipe_command.o post_mail.o quote_821_local.o quote_822_local.o \
+ rcpt_buf.o rcpt_print.o rec_attr_map.o rec_streamlf.o rec_type.o \
+ recipient_list.o record.o remove.o resolve_clnt.o resolve_local.o \
+ rewrite_clnt.o scache_clnt.o scache_multi.o scache_single.o \
sent.o smtp_stream.o split_addr.o string_list.o strip_addr.o \
sys_exits.o timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
- tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o verify.o \
- verify_clnt.o verp_sender.o xtext.o scache_single.o \
- scache_clnt.o scache_multi.o user_acl.o mkmap_cdb.o mkmap_sdbm.o \
- ehlo_mask.o \
- wildcard_inet_addr.o valid_mailhost_addr.o dsn_util.o dsn_mask.o \
- rec_attr_map.o dsn.o dsn_buf.o rcpt_buf.o rcpt_print.o dsn_print.o \
- dsb_scan.o mail_conf_long.o msg_stats_print.o msg_stats_scan.o \
- conv_time.o
+ tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
+ user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
+ verp_sender.o wildcard_inet_addr.o xtext.o
HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
- debug_peer.h debug_process.h defer.h deliver_completed.h \
- deliver_flock.h deliver_pass.h deliver_request.h dict_ldap.h \
- dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h dot_lockfile.h \
- dot_lockfile_as.h ext_prop.h file_id.h flush_clnt.h header_opts.h \
- header_token.h input_transp.h is_header.h \
- lex_822.h log_adhoc.h mail_addr.h mail_addr_crunch.h \
- mail_addr_find.h mail_addr_map.h mail_conf.h mail_copy.h \
- mail_date.h mail_dict.h mail_error.h mail_flush.h mail_open_ok.h \
- mail_params.h mail_proto.h mail_queue.h mail_run.h mail_scan_dir.h \
- mail_stream.h mail_task.h mail_version.h maps.h mark_corrupt.h \
- match_parent_style.h mbox_conf.h mbox_open.h mime_state.h \
- mkmap.h mynetworks.h mypwd.h namadr_list.h off_cvt.h opened.h \
- own_inet_addr.h pipe_command.h post_mail.h qmgr_user.h \
- qmqp_proto.h quote_821_local.h quote_822_local.h quote_flags.h \
- rec_streamlf.h rec_type.h recipient_list.h record.h resolve_clnt.h \
- resolve_local.h rewrite_clnt.h sent.h smtp_stream.h split_addr.h \
+ conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
+ deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \
+ dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h \
+ dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \
+ dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \
+ file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \
+ int_filt.h is_header.h lex_822.h log_adhoc.h mail_addr.h \
+ mail_addr_crunch.h mail_addr_find.h mail_addr_map.h mail_conf.h \
+ mail_copy.h mail_date.h mail_dict.h mail_error.h mail_flush.h \
+ mail_open_ok.h mail_params.h mail_proto.h mail_queue.h mail_run.h \
+ mail_scan_dir.h mail_stream.h mail_task.h mail_version.h maps.h \
+ mark_corrupt.h match_parent_style.h mbox_conf.h mbox_open.h \
+ mime_state.h mkmap.h msg_stats.h mynetworks.h mypwd.h namadr_list.h \
+ off_cvt.h opened.h own_inet_addr.h pipe_command.h post_mail.h \
+ qmgr_user.h qmqp_proto.h quote_821_local.h quote_822_local.h \
+ quote_flags.h rcpt_buf.h rcpt_print.h rec_attr_map.h rec_streamlf.h \
+ rec_type.h recipient_list.h record.h resolve_clnt.h resolve_local.h \
+ rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \
string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
- trace.h verify.h verify_clnt.h verp_sender.h \
- xtext.h scache.h user_acl.h ehlo_mask.h db_common.h \
- wildcard_inet_addr.h valid_mailhost_addr.h dsn_util.h dsn_mask.h \
- rec_attr_map.h dsn.h dsn_buf.h rcpt_buf.h rcpt_print.h dsn_print.h \
- dsb_scan.h msg_stats.h conv_time.h
+ trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
+ verp_sender.h wildcard_inet_addr.h xtext.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
input_transp.o: input_transp.c
input_transp.o: input_transp.h
input_transp.o: mail_params.h
+int_filt.o: ../../include/name_mask.h
+int_filt.o: ../../include/sys_defs.h
+int_filt.o: ../../include/vbuf.h
+int_filt.o: ../../include/vstring.h
+int_filt.o: int_filt.c
+int_filt.o: int_filt.h
+int_filt.o: mail_params.h
is_header.o: ../../include/sys_defs.h
is_header.o: is_header.c
is_header.o: is_header.h
/*++
/* NAME
-/* exp_prop 3
+/* ext_prop 3
/* SUMMARY
/* address extension propagation control
/* SYNOPSIS
-/* #include <exp_prop.h>
+/* #include <ext_prop.h>
/*
/* int ext_prop_mask(param_name, pattern)
/* const char *param_name;
/* const char *pattern;
/* DESCRIPTION
-/* This module controld address extension propagation.
+/* This module controls address extension propagation.
/*
/* ext_prop_mask() takes a comma-separated list of names and
/* computes the corresponding mask. The following names are
-#ifndef _EXT_PROP_INCLUDED_
-#define _EXT_PROP_INCLUDED_
+#ifndef _INPUT_TRANSP_INCLUDED_
+#define _INPUT_TRANSP_INCLUDED_
/*++
/* NAME
-/* ext_prop 3h
+/* input_transp 3h
/* SUMMARY
-/* address extension propagation control
+/* receive transparency control
/* SYNOPSIS
-/* #include <ext_prop.h>
+/* #include <input_transp.h>
/* DESCRIPTION
/* .nf
--- /dev/null
+/*++
+/* NAME
+/* int_filt 3
+/* SUMMARY
+/* internal mail filter control
+/* SYNOPSIS
+/* #include <int_filt.h>
+/*
+/* int int_filt_flags(class)
+/* int class;
+/* DESCRIPTION
+/* int_filt_flags() determines the appropriate mail filtering
+/* flags for the cleanup server, depending on the setting of
+/* the internal_mail_filter_classes configuration parameter.
+/*
+/* Specify one of the following:
+/* .IP INT_FILT_NONE
+/* Mail that must be excluded from inspection (address probes, etc.).
+/* .IP INT_FILT_NOTIFY
+/* Postmaster notifications from the smtpd(8) and smtp(8)
+/* protocol adapters.
+/* .IP INT_FILT_BOUNCE
+/* Delivery status notifications from the bounce(8) server.
+/* DIAGNOSTICS
+/* Fatal: invalid mail category name.
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+/* System library. */
+
+#include <sys_defs.h>
+
+/* Utility library. */
+
+#include <name_mask.h>
+#include <msg.h>
+
+/* Global library. */
+
+#include <mail_params.h>
+#include <cleanup_user.h>
+#include <int_filt.h>
+
+/* int_filt_flags - map mail class to submission flags */
+
+int int_filt_flags(int class)
+{
+ static NAME_MASK table[] = {
+ "notify", INT_FILT_NOTIFY,
+ "bounce", INT_FILT_BOUNCE,
+ 0,
+ };
+ int filtered_classes = 0;
+
+ if (class && *var_int_filt_classes) {
+ filtered_classes =
+ name_mask(VAR_INT_FILT_CLASSES, table, var_int_filt_classes);
+ if (filtered_classes == 0)
+ msg_warn("%s: bad input: %s", VAR_INT_FILT_CLASSES,
+ var_int_filt_classes);
+ if (filtered_classes & class)
+ return (CLEANUP_FLAG_FILTER | CLEANUP_FLAG_MILTER);
+ }
+ return (0);
+}
--- /dev/null
+#ifndef _INT_FILT_INCLUDED_
+#define _INT_FILT_INCLUDED_
+
+/*++
+/* NAME
+/* int_filt 3h
+/* SUMMARY
+/* internal mail classification
+/* SYNOPSIS
+/* #include <int_filt.h>
+/* DESCRIPTION
+/* .nf
+
+ /*
+ * External interface.
+ */
+#define INT_FILT_NONE (0)
+#define INT_FILT_NOTIFY (1<<1)
+#define INT_FILT_BOUNCE (1<<2)
+
+extern int int_filt_flags(int);
+
+/* LICENSE
+/* .ad
+/* .fi
+/* The Secure Mailer license must be distributed with this software.
+/* AUTHOR(S)
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
+/*--*/
+
+#endif
/* int var_verify_neg_cache;
/* int var_oldlog_compat;
/* int var_delay_max_res;
+/* char *var_int_filt_classes;
/*
/* void mail_params_init()
/*
int var_verify_neg_cache;
int var_oldlog_compat;
int var_delay_max_res;
+char *var_int_filt_classes;
const char null_format_string[1] = "";
VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
VAR_VERIFY_SERVICE, DEF_VERIFY_SERVICE, &var_verify_service, 1, 0,
VAR_TRACE_SERVICE, DEF_TRACE_SERVICE, &var_trace_service, 1, 0,
+ VAR_INT_FILT_CLASSES, DEF_INT_FILT_CLASSES, &var_int_filt_classes, 0, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
#define DEF_SMTPD_TLS_CA_PATH ""
extern char *var_smtpd_tls_CApath;
-#define VAR_SMTPD_TLS_PROTO "smtpd_tls_protocols"
-#define DEF_SMTPD_TLS_PROTO ""
-extern char *var_smtpd_tls_protocols;
+#define VAR_SMTPD_TLS_MAND_PROTO "smtpd_tls_mandatory_protocols"
+#define DEF_SMTPD_TLS_MAND_PROTO "SSLv3, TLSv1"
+extern char *var_smtpd_tls_mand_proto;
-#define VAR_SMTPD_TLS_CIPHERS "smtpd_tls_ciphers"
-#define DEF_SMTPD_TLS_CIPHERS "export"
-extern char *var_smtpd_tls_ciphers;
+#define VAR_SMTPD_TLS_MAND_CIPH "smtpd_tls_mandatory_ciphers"
+#define DEF_SMTPD_TLS_MAND_CIPH "medium"
+extern char *var_smtpd_tls_mand_ciph;
#define VAR_SMTPD_TLS_EXCL_CIPH "smtpd_tls_exclude_ciphers"
#define DEF_SMTPD_TLS_EXCL_CIPH ""
extern char *var_smtpd_tls_excl_ciph;
+#define VAR_SMTPD_TLS_MAND_EXCL "smtpd_tls_mandatory_exclude_ciphers"
+#define DEF_SMTPD_TLS_MAND_EXCL ""
+extern char *var_smtpd_tls_mand_excl;
+
#define VAR_SMTPD_TLS_512_FILE "smtpd_tls_dh512_param_file"
#define DEF_SMTPD_TLS_512_FILE ""
extern char *var_smtpd_tls_dh512_param_file;
#define DEF_LMTP_TLS_CA_PATH ""
extern char *var_smtp_tls_CApath;
-#define VAR_SMTP_TLS_CIPHERS "smtp_tls_mandatory_ciphers"
-#define DEF_SMTP_TLS_CIPHERS "medium"
-#define VAR_LMTP_TLS_CIPHERS "lmtp_tls_mandatory_ciphers"
-#define DEF_LMTP_TLS_CIPHERS "medium"
-extern char *var_smtp_tls_ciphers;
+#define VAR_SMTP_TLS_MAND_CIPH "smtp_tls_mandatory_ciphers"
+#define DEF_SMTP_TLS_MAND_CIPH "medium"
+#define VAR_LMTP_TLS_MAND_CIPH "lmtp_tls_mandatory_ciphers"
+#define DEF_LMTP_TLS_MAND_CIPH "medium"
+extern char *var_smtp_tls_mand_ciph;
#define VAR_SMTP_TLS_EXCL_CIPH "smtp_tls_exclude_ciphers"
#define DEF_SMTP_TLS_EXCL_CIPH ""
#define DEF_MILT_V "$" VAR_MAIL_NAME " $" VAR_MAIL_VERSION
extern char *var_milt_v;
+ /*
+ * What internal mail do we inspect/stamp/etc.? This is not yet safe enough
+ * to enable world-wide.
+ */
+#define VAR_INT_FILT_CLASSES "internal_mail_filter_classes"
+#define DEF_INT_FILT_CLASSES ""
+extern char *var_int_filt_classes;
+
/* LICENSE
/* .ad
/* .fi
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20060709"
-#define MAIL_VERSION_NUMBER "2.3-RC9"
+#define MAIL_RELEASE_DATE "20060711"
+#define MAIL_VERSION_NUMBER "2.3.0"
+
+#ifdef SNAPSHOT
+# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
+#else
+# define MAIL_VERSION_DATE ""
+#endif
+
+#ifdef NONPROD
+# define MAIL_VERSION_PROD "-nonprod"
+#else
+# define MAIL_VERSION_PROD ""
+#endif
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER
+#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER MAIL_VERSION_DATE MAIL_VERSION_PROD
extern char *var_mail_version;
/* SYNOPSIS
/* #include <post_mail.h>
/*
-/* VSTREAM *post_mail_fopen(sender, recipient, cleanup_flags, trace_flags,
+/* VSTREAM *post_mail_fopen(sender, recipient, filter_class, trace_flags,
/* queue_id)
/* const char *sender;
/* const char *recipient;
-/* int cleanup_flags;
+/* int filter_class;
/* int trace_flags;
/* VSTRING *queue_id;
/*
/* VSTREAM *post_mail_fopen_nowait(sender, recipient,
-/* cleanup_flags, trace_flags, queue_id)
+/* filter_class, trace_flags, queue_id)
/* const char *sender;
/* const char *recipient;
-/* int cleanup_flags;
+/* int filter_class;
/* int trace_flags;
/* VSTRING *queue_id;
/*
/* void post_mail_fopen_async(sender, recipient,
-/* cleanup_flags, trace_flags,
+/* filter_class, trace_flags,
/* queue_id, notify, context)
/* const char *sender;
/* const char *recipient;
-/* int cleanup_flags;
+/* int filter_class;
/* int trace_flags;
/* VSTRING *queue_id;
/* void (*notify)(VSTREAM *stream, char *context);
/* .IP recipient
/* The recipient envelope address. It is up to the application
/* to produce To: headers.
-/* .IP cleanup_flags
-/* The binary OR of zero or more of the options defined in
-/* \fB<cleanup_user.h>\fR.
+/* .IP filter_class
+/* The internal mail filtering class, as defined in
+/* \fB<int_filt.h>\fR. Depending on the setting of the
+/* internal_mail_filter_classes parameter the message will or
+/* won't be subject to content inspection.
/* .IP trace_flags
/* Message tracing flags as specified in \fB<deliver_request.h>\fR.
/* .IP queue_id
typedef struct {
char *sender;
char *recipient;
- int cleanup_flags;
+ int filter_class;
int trace_flags;
POST_MAIL_NOTIFY notify;
void *context;
static void post_mail_init(VSTREAM *stream, const char *sender,
const char *recipient,
- int cleanup_flags, int trace_flags,
+ int filter_class, int trace_flags,
VSTRING *queue_id)
{
VSTRING *id = queue_id ? queue_id : vstring_alloc(100);
struct timeval now;
const char *date;
+ int cleanup_flags =
+ int_filt_flags(filter_class) | CLEANUP_FLAG_MASK_INTERNAL;
GETTIMEOFDAY(&now);
date = mail_date(now.tv_sec);
/* post_mail_fopen - prepare for posting a message */
VSTREAM *post_mail_fopen(const char *sender, const char *recipient,
- int cleanup_flags, int trace_flags,
+ int filter_class, int trace_flags,
VSTRING *queue_id)
{
VSTREAM *stream;
stream = mail_connect_wait(MAIL_CLASS_PUBLIC, var_cleanup_service);
- post_mail_init(stream, sender, recipient, cleanup_flags, trace_flags,
+ post_mail_init(stream, sender, recipient, filter_class, trace_flags,
queue_id);
return (stream);
}
/* post_mail_fopen_nowait - prepare for posting a message */
VSTREAM *post_mail_fopen_nowait(const char *sender, const char *recipient,
- int cleanup_flags, int trace_flags,
+ int filter_class, int trace_flags,
VSTRING *queue_id)
{
VSTREAM *stream;
if ((stream = mail_connect(MAIL_CLASS_PUBLIC, var_cleanup_service,
BLOCKING)) != 0)
- post_mail_init(stream, sender, recipient, cleanup_flags, trace_flags,
+ post_mail_init(stream, sender, recipient, filter_class, trace_flags,
queue_id);
return (stream);
}
event_cancel_timer(post_mail_open_event, context);
event_disable_readwrite(vstream_fileno(state->stream));
post_mail_init(state->stream, state->sender,
- state->recipient, state->cleanup_flags,
+ state->recipient, state->filter_class,
state->trace_flags, state->queue_id);
myfree(state->sender);
myfree(state->recipient);
/* post_mail_fopen_async - prepare for posting a message */
void post_mail_fopen_async(const char *sender, const char *recipient,
- int cleanup_flags, int trace_flags,
+ int filter_class, int trace_flags,
VSTRING *queue_id,
void (*notify) (VSTREAM *, void *),
void *context)
state = (POST_MAIL_STATE *) mymalloc(sizeof(*state));
state->sender = mystrdup(sender);
state->recipient = mystrdup(recipient);
- state->cleanup_flags = cleanup_flags;
+ state->filter_class = filter_class;
state->trace_flags = trace_flags;
state->notify = notify;
state->context = context;
* Global library.
*/
#include <cleanup_user.h>
+#include <int_filt.h>
/*
* External interface.
return (0);
}
if (head == 0) {
- head = milter;
+ /* Coverity: milter_free() depends on milters->milter_list. */
+ milters->milter_list = head = milter;
} else {
tail->next = milter;
}
tail = milter;
}
- milters->milter_list = head;
(void) attr_print(stream, ATTR_FLAG_NONE,
ATTR_TYPE_INT, MAIL_ATTR_STATUS, 0,
* expose the first header to mail filter applications, otherwise the
* dk-filter signature will be inserted at the wrong position. It should
* precede the headers that it signs.
+ *
+ * XXX Sendmail compatibility. It eats the first space (not tab) after the
+ * header label and ":".
*/
if (msg_ctx->first_header) {
msg_ctx->first_header = 0;
if (*cp != ':')
msg_panic("%s: header label not followed by ':'", myname);
*cp++ = 0;
- /* XXX Following matches mime_state.c */
- while (*cp == ' ' || *cp == '\t')
+ /* XXX Sendmail 8.13.6 eats one space (not tab) after colon. */
+ if (*cp == ' ')
cp++;
#ifdef SMFIP_NOHREPL
skip_reply = ((milter->ev_mask & SMFIP_NOHREPL) != 0);
VAR_LMTP_TLS_DKEY_FILE, DEF_LMTP_TLS_DKEY_FILE, &var_smtp_tls_dkey_file, 0, 0,
VAR_LMTP_TLS_CA_FILE, DEF_LMTP_TLS_CA_FILE, &var_smtp_tls_CAfile, 0, 0,
VAR_LMTP_TLS_CA_PATH, DEF_LMTP_TLS_CA_PATH, &var_smtp_tls_CApath, 0, 0,
- VAR_LMTP_TLS_CIPHERS, DEF_LMTP_TLS_CIPHERS, &var_smtp_tls_ciphers, 1, 0,
+ VAR_LMTP_TLS_MAND_CIPH, DEF_LMTP_TLS_MAND_CIPH, &var_smtp_tls_mand_ciph, 1, 0,
VAR_LMTP_TLS_EXCL_CIPH, DEF_LMTP_TLS_EXCL_CIPH, &var_smtp_tls_excl_ciph, 0, 0,
VAR_LMTP_TLS_MAND_EXCL, DEF_LMTP_TLS_MAND_EXCL, &var_smtp_tls_mand_excl, 0, 0,
VAR_TLS_HIGH_CLIST, DEF_TLS_HIGH_CLIST, &var_tls_high_clist, 1, 0,
/* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
/* Lookup tables, indexed by the remote SMTP server address, with
/* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
-/* etc.) that the SMTP client will ignore in the EHLO response from a
+/* etc.) that the Postfix SMTP client will ignore in the EHLO response from a
/* remote SMTP server.
/* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
/* A case insensitive list of EHLO keywords (pipelining, starttls,
-/* auth, etc.) that the SMTP client will ignore in the EHLO response
-/* from a remote SMTP server.
+/* auth, etc.) that the Postfix SMTP client will ignore in the EHLO
+/* response from a remote SMTP server.
/* .IP "\fBsmtp_generic_maps (empty)\fR"
/* Optional lookup tables that perform address rewriting in the
/* SMTP client, typically to transform a locally valid address into
/* .fi
/* Available in Postfix version 2.1 and later:
/* .IP "\fBsmtp_send_xforward_command (no)\fR"
-/* Send the non-standard XFORWARD command when the Postfix SMTP server EHLO
-/* response announces XFORWARD support.
+/* Send the non-standard XFORWARD command when the Postfix SMTP server
+/* EHLO response announces XFORWARD support.
/* SASL AUTHENTICATION CONTROLS
/* .ad
/* .fi
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
-/* Defer mail delivery when an SMTP server does not support SASL
-/* authentication, while smtp_sasl_password_maps contains SASL
-/* login/password information for that server.
+/* If sender-dependent SASL passwords are turned off, defer mail
+/* delivery when an SMTP server does not support SASL authentication,
+/* while smtp_sasl_password_maps contains SASL login/password information
+/* for that server.
/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
-/* Enable sender-dependent authentication in the SMTP client; this is
+/* Enable sender-dependent authentication in the Postfix SMTP client; this is
/* available only with SASL authentication, and disables SMTP connection
/* caching to ensure that mail from different senders will use the
/* appropriate credentials.
/* .IP "\fBsmtp_tls_cert_file (empty)\fR"
/* File with the Postfix SMTP client RSA certificate in PEM format.
/* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
-/* The minimum SMTP client TLS cipher grade that is strong enough to
-/* be used with the "encrypt" security level and higher.
+/* The minimum TLS cipher grade that the Postfix SMTP client will
+/* use with
+/* mandatory TLS encryption.
/* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
-/* List of ciphers or cipher types to exclude from the SMTP client cipher
-/* list at all security levels.
+/* List of ciphers or cipher types to exclude from the Postfix
+/* SMTP client cipher
+/* list at all TLS security levels.
/* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
-/* List of ciphers or cipher types to exclude from the SMTP client
-/* cipher list at the mandatory TLS security levels: "encrypt", "verify"
-/* and "secure".
+/* Additional list of ciphers or cipher types to exclude from the
+/* SMTP client cipher list at mandatory TLS security levels.
/* .IP "\fBsmtp_tls_dcert_file (empty)\fR"
/* File with the Postfix SMTP client DSA certificate in PEM format.
/* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
/* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
/* Log the hostname of a remote SMTP server that offers STARTTLS,
/* when TLS is not already enabled for that server.
-/* .IP "\fBsmtp_tls_policy_maps (empty)\fR"
-/* Optional lookup tables with the Postfix SMTP client TLS security
-/* policy by next-hop destination; when a non-empty value is specified,
-/* this overrides the obsolete smtp_tls_per_site parameter.
-/* .IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
-/* List of TLS protocol versions that are secure enough to be used
-/* with the "encrypt" security level and higher.
/* .IP "\fBsmtp_tls_scert_verifydepth (5)\fR"
/* The verification depth for remote SMTP server certificates.
/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
/* Enforcement mode: require that remote SMTP servers use TLS
/* encryption, and never send mail in the clear.
/* .IP "\fBsmtp_tls_enforce_peername (yes)\fR"
-/* When TLS encryption is enforced, require that the remote SMTP
+/* With mandatory TLS encryption, require that the remote SMTP
/* server hostname matches the information in the remote SMTP server
/* certificate.
/* .IP "\fBsmtp_tls_per_site (empty)\fR"
/* Optional lookup tables with the Postfix SMTP client TLS usage
/* policy by next-hop destination and by remote SMTP server hostname.
+/* .IP "\fBsmtp_tls_cipherlist (empty)\fR"
+/* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+/* cipher list.
/* RESOURCE AND RATE CONTROLS
/* .ad
/* .fi
/* The recipient of postmaster notifications about mail delivery
/* problems that are caused by policy, resource, software or protocol
/* errors.
+/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
+/* What categories of Postfix-generated mail are subject to
+/* before-queue content inspection by non_smtpd_milters, header_checks
+/* and body_checks.
/* .IP "\fBnotify_classes (resource, software)\fR"
/* The list of error classes that are reported to the postmaster.
/* MISCELLANEOUS CONTROLS
/* The network interface addresses that this mail system receives mail
/* on by way of a proxy or network address translation unit.
/* .IP "\fBsmtp_bind_address (empty)\fR"
-/* An optional numerical network address that the SMTP client should
-/* bind to when making an IPv4 connection.
+/* An optional numerical network address that the Postfix SMTP client
+/* should bind to when making an IPv4 connection.
/* .IP "\fBsmtp_bind_address6 (empty)\fR"
-/* An optional numerical network address that the SMTP client should
-/* bind to when making an IPv6 connection.
+/* An optional numerical network address that the Postfix SMTP client
+/* should bind to when making an IPv6 connection.
/* .IP "\fBsmtp_helo_name ($myhostname)\fR"
/* The hostname to send in the SMTP EHLO or HELO command.
/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
/* The hostname to send in the LMTP LHLO command.
/* .IP "\fBsmtp_host_lookup (dns)\fR"
-/* What mechanisms when the SMTP client uses to look up a host's IP
+/* What mechanisms when the Postfix SMTP client uses to look up a host's IP
/* address.
/* .IP "\fBsmtp_randomize_addresses (yes)\fR"
/* Randomize the order of equal-preference MX host addresses.
char *var_smtp_tls_CAfile;
char *var_smtp_tls_CApath;
char *var_smtp_tls_cert_file;
-char *var_smtp_tls_ciphers;
+char *var_smtp_tls_mand_ciph;
char *var_smtp_tls_excl_ciph;
char *var_smtp_tls_mand_excl;
char *var_smtp_tls_dcert_file;
static void pre_init(char *unused_name, char **unused_argv)
{
+ int use_tls;
/*
* Turn on per-peer debugging.
VAR_SMTP_SASL_ENABLE);
#endif
+ if (*var_smtp_tls_level)
+ use_tls = tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE;
+ else
+ use_tls = var_smtp_enforce_tls || var_smtp_use_tls;
+
/*
* Initialize the TLS data before entering the chroot jail
*/
- if (tls_level_lookup(var_smtp_tls_level) > TLS_LEV_NONE ||
- var_smtp_use_tls || var_smtp_enforce_tls ||
- var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
+ if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
#ifdef USE_TLS
tls_client_init_props props;
notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_NOTIFY,
NULL_TRACE_FLAGS, NO_QUEUE_ID);
if (notice == 0) {
msg_warn("postmaster notify: %m");
VAR_SMTP_TLS_DKEY_FILE, DEF_SMTP_TLS_DKEY_FILE, &var_smtp_tls_dkey_file, 0, 0,
VAR_SMTP_TLS_CA_FILE, DEF_SMTP_TLS_CA_FILE, &var_smtp_tls_CAfile, 0, 0,
VAR_SMTP_TLS_CA_PATH, DEF_SMTP_TLS_CA_PATH, &var_smtp_tls_CApath, 0, 0,
- VAR_SMTP_TLS_CIPHERS, DEF_SMTP_TLS_CIPHERS, &var_smtp_tls_ciphers, 1, 0,
+ VAR_SMTP_TLS_MAND_CIPH, DEF_SMTP_TLS_MAND_CIPH, &var_smtp_tls_mand_ciph, 1, 0,
VAR_SMTP_TLS_EXCL_CIPH, DEF_SMTP_TLS_EXCL_CIPH, &var_smtp_tls_excl_ciph, 0, 0,
VAR_SMTP_TLS_MAND_EXCL, DEF_SMTP_TLS_MAND_EXCL, &var_smtp_tls_mand_excl, 0, 0,
VAR_TLS_HIGH_CLIST, DEF_TLS_HIGH_CLIST, &var_tls_high_clist, 1, 0,
return (smtp_sasl_helo_login(state));
else if (var_smtp_sasl_enable
&& *var_smtp_sasl_passwd
+ && !var_smtp_sender_auth
&& var_smtp_sasl_enforce
&& smtp_sasl_passwd_lookup(session) != 0)
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
case TLS_LEV_ENCRYPT:
also_exclude = "eNULL";
if (cipher_level == TLS_CIPHER_NONE)
- cipher_level = tls_cipher_level(var_smtp_tls_ciphers);
+ cipher_level = tls_cipher_level(var_smtp_tls_mand_ciph);
mand_exclude = var_smtp_tls_mand_excl;
break;
case TLS_LEV_SECURE:
also_exclude = "aNULL";
if (cipher_level == TLS_CIPHER_NONE)
- cipher_level = tls_cipher_level(var_smtp_tls_ciphers);
+ cipher_level = tls_cipher_level(var_smtp_tls_mand_ciph);
mand_exclude = var_smtp_tls_mand_excl;
break;
}
also_exclude, TLS_END_EXCLUDE);
if (cipherlist == 0) {
msg_warn("unknown '%s' value '%s' ignored, using 'medium'",
- lmtp ? VAR_LMTP_TLS_CIPHERS : VAR_SMTP_TLS_CIPHERS,
- var_smtp_tls_ciphers);
+ lmtp ? VAR_LMTP_TLS_MAND_CIPH : VAR_SMTP_TLS_MAND_CIPH,
+ var_smtp_tls_mand_ciph);
cipherlist = tls_cipher_list(TLS_CIPHER_MEDIUM, exclude, mand_exclude,
also_exclude, TLS_END_EXCLUDE);
if (cipherlist == 0)
/* .fi
/* Detailed information about STARTTLS configuration may be
/* found in the TLS_README document.
-/* .IP "\fBsmtpd_use_tls (no)\fR"
-/* Opportunistic TLS: announce STARTTLS support to SMTP clients,
-/* but do not require that clients use TLS encryption.
-/* .IP "\fBsmtpd_enforce_tls (no)\fR"
-/* Mandatory TLS: announce STARTTLS support to SMTP clients,
-/* and require that clients use TLS encryption.
+/* .IP "\fBsmtpd_tls_security_level (empty)\fR"
+/* The SMTP TLS security level for the Postfix SMTP server; when
+/* a non-empty value is specified, this overrides the obsolete parameters
+/* smtpd_use_tls and smtpd_enforce_tls.
/* .IP "\fBsmtpd_sasl_tls_security_options ($smtpd_sasl_security_options)\fR"
/* The SASL authentication security options that the Postfix SMTP
/* server uses for TLS encrypted SMTP sessions.
/* The verification depth for remote SMTP client certificates.
/* .IP "\fBsmtpd_tls_cert_file (empty)\fR"
/* File with the Postfix SMTP server RSA certificate in PEM format.
-/* .IP "\fBsmtpd_tls_ciphers (export)\fR"
-/* The minimum acceptable SMTP server TLS cipher grade.
/* .IP "\fBsmtpd_tls_exclude_ciphers (empty)\fR"
/* List of ciphers or cipher types to exclude from the SMTP server
-/* cipher list.
+/* cipher list at all TLS security levels.
/* .IP "\fBsmtpd_tls_dcert_file (empty)\fR"
/* File with the Postfix SMTP server DSA certificate in PEM format.
/* .IP "\fBsmtpd_tls_dh1024_param_file (empty)\fR"
/* File with the Postfix SMTP server RSA private key in PEM format.
/* .IP "\fBsmtpd_tls_loglevel (0)\fR"
/* Enable additional Postfix SMTP server logging of TLS activity.
-/* .IP "\fBsmtpd_tls_protocols (empty)\fR"
-/* The list of TLS protocols supported by the Postfix SMTP server.
+/* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
+/* The minimum TLS cipher grade that the Postfix SMTP server will
+/* use with mandatory
+/* TLS encryption.
+/* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
+/* Additional list of ciphers or cipher types to exclude from the
+/* SMTP server cipher list at mandatory TLS security levels.
+/* .IP "\fBsmtpd_tls_mandatory_protocols (SSLv3, TLSv1)\fR"
+/* The TLS protocols accepted by the Postfix SMTP server with
+/* mandatory TLS encryption.
/* .IP "\fBsmtpd_tls_received_header (no)\fR"
/* Request that the Postfix SMTP server produces Received: message
/* headers that include information about the protocol and cipher used,
/* as well as the client CommonName and client certificate issuer
/* CommonName.
/* .IP "\fBsmtpd_tls_req_ccert (no)\fR"
-/* When TLS encryption is enforced, require a remote SMTP client
+/* With mandatory TLS encryption, require a remote SMTP client
/* certificate in order to allow TLS connections to proceed.
/* .IP "\fBsmtpd_tls_session_cache_database (empty)\fR"
/* Name of the file containing the optional Postfix SMTP server
/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
/* process requests from the \fBtlsmgr\fR(8) server in order to seed its
/* internal pseudo random number generator (PRNG).
-/* .PP
-/* Available in Postfix version 2.3 and later:
-/* .IP "\fBsmtpd_tls_security_level (empty)\fR"
-/* The SMTP TLS security level for the Postfix SMTP server; when
-/* a non-empty value is specified, this overrides the obsolete parameters
-/* smtpd_use_tls and smtpd_enforce_tls.
/* .IP "\fBtls_high_cipherlist (!EXPORT:!LOW:!MEDIUM:ALL:+RC4:@STRENGTH)\fR"
/* The OpenSSL cipherlist for "HIGH" grade ciphers.
/* .IP "\fBtls_medium_cipherlist (!EXPORT:!LOW:ALL:+RC4:@STRENGTH)\fR"
/* .IP "\fBtls_null_cipherlist (!aNULL:eNULL+kRSA)\fR"
/* The OpenSSL cipherlist for "NULL" grade ciphers that provide
/* authentication without encryption.
+/* OBSOLETE STARTTLS CONTROLS
+/* .ad
+/* .fi
+/* The following configuration parameters exist for compatibility
+/* with Postfix versions before 2.3. Support for these will
+/* be removed in a future release.
+/* .IP "\fBsmtpd_use_tls (no)\fR"
+/* Opportunistic TLS: announce STARTTLS support to SMTP clients,
+/* but do not require that clients use TLS encryption.
+/* .IP "\fBsmtpd_enforce_tls (no)\fR"
+/* Mandatory TLS: announce STARTTLS support to SMTP clients,
+/* and require that clients use TLS encryption.
+/* .IP "\fBsmtpd_tls_cipherlist (empty)\fR"
+/* Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
+/* cipher list.
/* VERP SUPPORT CONTROLS
/* .ad
/* .fi
/* The recipient of postmaster notifications about mail delivery
/* problems that are caused by policy, resource, software or protocol
/* errors.
+/* .IP "\fBinternal_mail_filter_classes (empty)\fR"
+/* What categories of Postfix-generated mail are subject to
+/* before-queue content inspection by non_smtpd_milters, header_checks
+/* and body_checks.
/* .IP "\fBnotify_classes (resource, software)\fR"
/* The list of error classes that are reported to the postmaster.
/* .IP "\fBsoft_bounce (no)\fR"
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBsmtpd_peername_lookup (yes)\fR"
-/* Attempt to look up the SMTP client hostname, and verify that
+/* Attempt to look up the Postfix SMTP client hostname, and verify that
/* the name matches the client IP address.
/* .PP
/* The per SMTP client connection count and request rate limits are
bool var_smtpd_tls_auth_only;
int var_smtpd_tls_ccert_vd;
char *var_smtpd_tls_cert_file;
-char *var_smtpd_tls_ciphers;
+char *var_smtpd_tls_mand_ciph;
char *var_smtpd_tls_excl_ciph;
+char *var_smtpd_tls_mand_excl;
char *var_smtpd_tls_dcert_file;
char *var_smtpd_tls_dh1024_param_file;
char *var_smtpd_tls_dh512_param_file;
char *var_smtpd_tls_dkey_file;
char *var_smtpd_tls_key_file;
int var_smtpd_tls_loglevel;
-char *var_smtpd_tls_protocols;
+char *var_smtpd_tls_mand_proto;
bool var_smtpd_tls_received_header;
bool var_smtpd_tls_req_ccert;
int var_smtpd_tls_scache_timeout;
props.CApath = var_smtpd_tls_CApath;
props.dh1024_param_file = var_smtpd_tls_dh1024_param_file;
props.dh512_param_file = var_smtpd_tls_dh512_param_file;
- props.protocols = *var_smtpd_tls_protocols ?
- tls_protocol_mask(VAR_SMTPD_TLS_PROTO,
- var_smtpd_tls_protocols) : 0;
+ props.protocols = enforce_tls && *var_smtpd_tls_mand_proto ?
+ tls_protocol_mask(VAR_SMTPD_TLS_MAND_PROTO,
+ var_smtpd_tls_mand_proto) : 0;
props.ask_ccert = var_smtpd_tls_ask_ccert;
/*
msg_warn("Can't require client certs unless TLS is required");
props.cipherlist =
- tls_cipher_list(tls_cipher_level(var_smtpd_tls_ciphers),
+ tls_cipher_list(enforce_tls ?
+ tls_cipher_level(var_smtpd_tls_mand_ciph) :
+ TLS_CIPHER_EXPORT,
var_smtpd_tls_excl_ciph,
havecert ? "" : "aRSA aDSS",
wantcert ? "aNULL" : "",
+ enforce_tls ? var_smtpd_tls_mand_excl :
+ TLS_END_EXCLUDE,
TLS_END_EXCLUDE);
+
if (props.cipherlist == 0) {
msg_warn("unknown '%s' value '%s' ignored, using 'export'",
- VAR_SMTPD_TLS_CIPHERS, var_smtpd_tls_ciphers);
+ VAR_SMTPD_TLS_MAND_CIPH, var_smtpd_tls_mand_ciph);
props.cipherlist =
tls_cipher_list(TLS_CIPHER_EXPORT,
var_smtpd_tls_excl_ciph,
havecert ? "" : "aRSA aDSS",
wantcert ? "aNULL" : "",
+ enforce_tls ? var_smtpd_tls_mand_excl :
+ TLS_END_EXCLUDE,
TLS_END_EXCLUDE);
}
if (havecert || oknocert)
VAR_SMTPD_TLS_DKEY_FILE, DEF_SMTPD_TLS_DKEY_FILE, &var_smtpd_tls_dkey_file, 0, 0,
VAR_SMTPD_TLS_CA_FILE, DEF_SMTPD_TLS_CA_FILE, &var_smtpd_tls_CAfile, 0, 0,
VAR_SMTPD_TLS_CA_PATH, DEF_SMTPD_TLS_CA_PATH, &var_smtpd_tls_CApath, 0, 0,
- VAR_SMTPD_TLS_CIPHERS, DEF_SMTPD_TLS_CIPHERS, &var_smtpd_tls_ciphers, 1, 0,
+ VAR_SMTPD_TLS_MAND_CIPH, DEF_SMTPD_TLS_MAND_CIPH, &var_smtpd_tls_mand_ciph, 1, 0,
VAR_SMTPD_TLS_EXCL_CIPH, DEF_SMTPD_TLS_EXCL_CIPH, &var_smtpd_tls_excl_ciph, 0, 0,
+ VAR_SMTPD_TLS_MAND_EXCL, DEF_SMTPD_TLS_MAND_EXCL, &var_smtpd_tls_mand_excl, 0, 0,
VAR_TLS_HIGH_CLIST, DEF_TLS_HIGH_CLIST, &var_tls_high_clist, 1, 0,
VAR_TLS_MEDIUM_CLIST, DEF_TLS_MEDIUM_CLIST, &var_tls_medium_clist, 1, 0,
VAR_TLS_LOW_CLIST, DEF_TLS_LOW_CLIST, &var_tls_low_clist, 1, 0,
VAR_TLS_EXPORT_CLIST, DEF_TLS_EXPORT_CLIST, &var_tls_export_clist, 1, 0,
VAR_TLS_NULL_CLIST, DEF_TLS_NULL_CLIST, &var_tls_null_clist, 1, 0,
- VAR_SMTPD_TLS_PROTO, DEF_SMTPD_TLS_PROTO, &var_smtpd_tls_protocols, 0, 0,
+ VAR_SMTPD_TLS_MAND_PROTO, DEF_SMTPD_TLS_MAND_PROTO, &var_smtpd_tls_mand_proto, 0, 0,
VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0,
VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0,
#endif
notice = post_mail_fopen_nowait(mail_addr_double_bounce(),
var_error_rcpt,
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_NOTIFY,
NULL_TRACE_FLAGS, NO_QUEUE_ID);
if (notice == 0) {
msg_warn("postmaster notify: %m");
STR(addr), addr_status, now, updated);
post_mail_fopen_async(strcmp(var_verify_sender, "<>") == 0 ?
"" : var_verify_sender, STR(addr),
- CLEANUP_FLAG_MASK_INTERNAL,
+ INT_FILT_NONE,
DEL_REQ_FLAG_MTA_VRFY,
(VSTRING *) 0,
verify_post_mail_action,
projects / thirdparty / postfix.git / commitdiff
