20230523
- Cleanup: use TLS_CLIENT_PARAMS to pass the OpensSSL 'init'
+ Cleanup: use TLS_CLIENT_PARAMS to pass the OpenSSL 'init'
configuration settings. These are global, i.e. apply to all
client TLS contexts, and they do not belong in tls_client_init()
or tls_client_start() calls. The tlsproxy(8) server uses
and tls_config_name configuration parameters. Files:
smtp/smtp.c, smtpd/smtpd.c, tls/tls_client.c, tls/tls.h,
tls/tls_server.c, tlsproxy/tlsproxy.c,
+
+20230526
+
+ Documentation: clarified address class descriptions; added
+ the availability of back-ported OpenSSL INI file support
+ in stable releases. Files: proto/ADDRESS_CLASS_README.html,
+ proto/postconf.proto smtp/smtp.c, smtpd/smtpd.c,
+ tlsproxy/tlsproxy.c.
+
+ Security: in the Postfix SMTP daemon, improved pipelining
+ detection and reporting; and detect illegal command pipelining
+ before the server greeting. File: smtpd/smtpd.c.
+
+20230529
+
+ Cleanup: error handling for OpenSSL INI file support. Viktor
+ Dukhovni. Files: proto/postconf.proto, tls/tls_misc.c.
An address class is defined by three items.
- * The list of domains that are a member of that address class: for example,
- all local domains, or all relay domains.
+ * The list of domains that are a member of that address class.
- * The default delivery transport for that address class. For example, the
- local, virtual or relay delivery transport (delivery transports are defined
- in master.cf). This helps to keep Postfix configurations simple, by
- avoiding the need for explicit routing information in transport maps.
+ Examples: all local domains, or all relay domains.
- * The list of valid recipient addresses for that address class. The Postfix
- SMTP server rejects invalid recipients with "User unknown in <name of
- address class here> table". This helps to keep the Postfix queue free of
- undeliverable MAILER-DAEMON messages.
+ * The default delivery transport for domains in that address class.
+
+ Examples: local_transport or relay_transport (these point to services
+ defined in master.cf).
+
+ Benefit: this avoids the need for explicit routing information in transport
+ maps.
+
+ * The list of valid recipient addresses for that address class.
+
+ Benefit: the Postfix SMTP server rejects an invalid recipient with "User
+ unknown in <name of address class> table", and avoids sending a MAILER-
+ DAEMON message with backscatter spam.
W\bWh\bha\bat\bt a\bad\bdd\bdr\bre\bes\bss\bs c\bcl\bla\bas\bss\bse\bes\bs d\bdo\boe\bes\bs P\bPo\bos\bst\btf\bfi\bix\bx i\bim\bmp\bpl\ble\bem\bme\ben\bnt\bt?\b?
also includes mail for user@[ipaddress] when the IP address is listed with
the inet_interfaces or proxy_interfaces parameters.
- * Valid recipient addresses are listed with the local_recipient_maps
- parameter, as described in LOCAL_RECIPIENT_README. The Postfix SMTP server
- rejects invalid recipients with "User unknown in local recipient table". If
- the local_recipient_maps parameter value is empty, then the Postfix SMTP
- server accepts any address in the local domain class.
+ * Valid recipient addresses for those domains are listed with the
+ local_recipient_maps parameter, as described in LOCAL_RECIPIENT_README. The
+ Postfix SMTP server rejects invalid recipients with "User unknown in local
+ recipient table". If the local_recipient_maps parameter value is empty,
+ then the Postfix SMTP server accepts any address in the local domain class.
* The mail delivery transport is specified with the local_transport
parameter. The default value is l\blo\boc\bca\bal\bl:\b:$\b$m\bmy\byh\bho\bos\bst\btn\bna\bam\bme\be for delivery with the
The virtual alias domain class.
* Purpose: hosted domains where each recipient address is aliased to an
- address in a different domain, for example, a local UNIX system account or
- a remote address. A virtual alias example is given in the VIRTUAL_README
- file.
+ address in a different domain class, for example, a local UNIX system
+ account or a remote address. A virtual alias example is given in the
+ VIRTUAL_README file.
* Domain names are listed in virtual_alias_domains. The default value is
$virtual_alias_maps for Postfix 1.1 compatibility.
- * Valid recipient addresses are listed with the virtual_alias_maps parameter.
- The Postfix SMTP server rejects invalid recipients with "User unknown in
- virtual alias table". The default value is $virtual_maps for Postfix 1.1
- compatibility.
+ * Valid recipient addresses for those domains are listed with the
+ virtual_alias_maps parameter. The Postfix SMTP server rejects invalid
+ recipients with "User unknown in virtual alias table". The default value is
+ $virtual_maps for Postfix 1.1 compatibility.
+
+ Note: for historical reasons, virtual_alias_maps apply to recipients in
+ all domain classes, not only the virtual alias domain class.
- * There is no mail delivery transport parameter. Every address must be
- aliased to an address in some other domain.
+ * There is no configurable mail delivery transport. Every address must be
+ aliased to an address in some other domain class.
The virtual mailbox domain class.
* Domain names are listed with the virtual_mailbox_domains parameter. The
default value is $virtual_mailbox_maps for Postfix 1.1 compatibility.
- * Valid recipient addresses are listed with the virtual_mailbox_maps
- parameter. The Postfix SMTP server rejects invalid recipients with "User
- unknown in virtual mailbox table". If this parameter value is empty, the
- Postfix SMTP server accepts all recipients for domains listed in
- $virtual_mailbox_domains.
+ * Valid recipient addresses for those domains are listed with the
+ virtual_mailbox_maps parameter. The Postfix SMTP server rejects invalid
+ recipients with "User unknown in virtual mailbox table". If this parameter
+ value is empty, the Postfix SMTP server accepts all recipients for domains
+ listed in $virtual_mailbox_domains.
* The mail delivery transport is specified with the virtual_transport
parameter. The default value is v\bvi\bir\brt\btu\bua\bal\bl for delivery with the virtual(8)
* Domain names are listed with the relay_domains parameter.
- * Valid recipient addresses are listed with the relay_recipient_maps
- parameter. The Postfix SMTP server rejects invalid recipients with "User
- unknown in relay recipient table". If this parameter value is empty, the
- Postfix SMTP server accepts all recipients for domains listed with the
- relay_domains parameter.
+ * Valid recipient addresses for those domains are listed with the
+ relay_recipient_maps parameter. The Postfix SMTP server rejects invalid
+ recipients with "User unknown in relay recipient table". If this parameter
+ value is empty, the Postfix SMTP server accepts all recipients for domains
+ listed with the relay_domains parameter.
* The mail delivery transport is specified with the relay_transport
parameter. The default value is r\bre\bel\bla\bay\by which is a clone of the smtp(8)
<ul>
<li> <p> The list of domains that are a member of that address
-class: for example, all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
+class. </p>
+
+<p> Examples: all <a href="ADDRESS_CLASS_README.html#local_domain_class">local domains</a>, or all <a href="ADDRESS_CLASS_README.html#relay_domain_class">relay domains</a>. </p>
+
+<li> <p> The default delivery transport for domains in that address
+class. </p>
+
+<p> Examples: <a href="postconf.5.html#local_transport">local_transport</a> or <a href="postconf.5.html#relay_transport">relay_transport</a> (these point
+to services defined in <a href="master.5.html">master.cf</a>). </p>
-<li> <p> The default delivery transport for that address class. For
-example, the local,
-virtual or relay delivery transport (delivery transports are defined
-in <a href="master.5.html">master.cf</a>). This helps to keep Postfix configurations simple,
-by avoiding the need for explicit routing information in transport
-maps. </p>
+<p> Benefit: this avoids the need for explicit routing information
+in transport maps. </p>
<li> <p> The list of valid recipient addresses for that address
-class. The Postfix SMTP server rejects invalid recipients with
-"User unknown in <name of address class here> table". This
-helps to keep the Postfix queue free of undeliverable MAILER-DAEMON
-messages. </p>
+class. </p>
+
+<p> Benefit: the Postfix SMTP server rejects an invalid recipient
+with "User unknown in <name of address class> table", and
+avoids sending a MAILER-DAEMON message with backscatter spam. </p>
</ul>
when the IP address is listed with the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameters. </p>
-<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
-parameter, as described in <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>. The Postfix SMTP
-server rejects invalid recipients with "User unknown in local
-recipient table". If the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter value is
-empty, then the Postfix SMTP server accepts any address in the
-<a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class. </p>
+<li> <p> Valid recipient addresses for those domains are
+listed with the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> parameter, as described in
+<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>. The Postfix SMTP server rejects invalid recipients
+with "User unknown in local recipient table". If the <a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a>
+parameter value is empty, then the Postfix SMTP server accepts any
+
address in the <a href="ADDRESS_CLASS_README.html#local_domain_class">local domain</a> class. </p>
<li> <p> The mail delivery transport is specified with the
<a href="postconf.5.html#local_transport">local_transport</a> parameter. The default value is <b><a href="local.8.html">local</a>:$<a href="postconf.5.html#myhostname">myhostname</a></b>
<ul>
<li> <p> Purpose: <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each recipient address is
-aliased to an address in a different domain, for example, a local
-UNIX system account or a remote address. A
+aliased to an address in a different domain class, for example, a
+local UNIX system account or a remote address. A
<a href="VIRTUAL_README.html#virtual_alias">virtual alias example</a> is given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
<li> <p> Domain names are listed in <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>. The
default value is $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> for Postfix 1.1 compatibility.
</p>
-<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
-parameter. The Postfix SMTP server rejects invalid recipients with
-"User unknown in virtual alias table". The default value is
-$<a href="postconf.5.html#virtual_maps">virtual_maps</a> for Postfix 1.1 compatibility. </p>
+<li> <p> Valid recipient addresses for those domains are listed with the
+<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> parameter. The Postfix SMTP server rejects invalid
+recipients with "User unknown in virtual alias table". The default
+
value is $<a href="postconf.5.html#virtual_maps">virtual_maps</a> for Postfix 1.1 compatibility. </p>
-<li> <p> There is no mail delivery transport parameter. Every
-address must be aliased to an address in some other domain. </p>
+<blockquote ><p> Note: for historical reasons, <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>
+apply to recipients in all domain classes, not only the virtual
+alias domain class. </p> </blockquote>
+
+<li> <p> There is no configurable mail delivery transport. Every
+address must be aliased to an address in some other domain class. </p>
</ul>
<li> <p> Purpose: final delivery for <a href="VIRTUAL_README.html#canonical">hosted domains</a> where each
recipient address can have its own mailbox, and where users do not
-need to have a UNIX system account.
A <a href="VIRTUAL_README.html#virtual_mailbox">virtual mailbox example</a> is
+need to have a UNIX system account. A <a href="VIRTUAL_README.html#virtual_mailbox">virtual mailbox example</a> is
given in the <a href="VIRTUAL_README.html">VIRTUAL_README</a> file. </p>
<li> <p> Domain names are listed with the <a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>
parameter. The default value is $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> for Postfix
1.1 compatibility. </p>
-<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
-parameter. The Postfix SMTP server rejects invalid recipients with
-"User unknown in virtual mailbox table". If this parameter value
-is empty, the Postfix SMTP server accepts all recipients for domains
-listed in $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>. </p>
+<li> <p> Valid recipient addresses for those domains are listed
+with the <a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> parameter. The Postfix SMTP server
+rejects invalid recipients with "User unknown in virtual mailbox
+table". If this parameter value is empty, the Postfix SMTP server
+accepts all recipients for domains listed in $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
+</p>
<li> <p> The mail delivery transport is specified with the
<a href="postconf.5.html#virtual_transport">virtual_transport</a> parameter. The default value is <b>virtual</b>
<li> <p> Domain names are listed with the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter.
</p>
-<li> <p> Valid recipient addresses are listed with the <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a>
-parameter. The Postfix SMTP server rejects invalid recipients with
-"User unknown in relay recipient table". If this parameter value
-is empty, the Postfix SMTP server accepts all recipients for domains
-listed with the <a href="postconf.5.html#relay_domains">relay_domains</a> parameter. </p>
+<li> <p> Valid recipient addresses for those domains are listed
+with the <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> parameter. The Postfix SMTP server
+rejects invalid recipients with "User unknown in relay recipient
+table". If this parameter value is empty, the Postfix SMTP server
+accepts all recipients for domains listed with the <a href="postconf.5.html#relay_domains">relay_domains</a>
+parameter. </p>
<li> <p> The mail delivery transport is specified with the
<a href="postconf.5.html#relay_transport">relay_transport</a> parameter. The default value is <b>relay</b> which
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
- Available in Postfix version 3.9 and later:
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
<b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
Optional configuration file with baseline OpenSSL settings.
</dl>
-<p> Failures in processing of the built-in default configuration
-file, are silently ignored with OpenSSL prior to 1.1.1b. With later
-OpenSSL releases, any errors in loading either the default or custom
-configuration file are detected by Postfix, and cause TLS support to
-be disabled. </p>
+<p> Failures in processing of the built-in default configuration file,
+are silently ignored. Any errors in loading a non-default configuration
+file are detected by Postfix, and cause TLS support to be disabled.
+</p>
<p> The OpenSSL configuration file format is not documented here,
beyond giving two examples. <p>
</pre>
</blockquote>
-<p> This feature is available in Postfix ≥ 3.9. </p>
+<p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20. </p>
</DD>
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
- Available in Postfix version 3.9 and later:
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
<b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
Optional configuration file with baseline OpenSSL settings.
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
- Available in Postfix version 3.9 and later:
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
<b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
Optional configuration file with baseline OpenSSL settings.
(FFDHE) key exchange groups supported by the Postfix SMTP client
and server.
- Available in Postfix version 3.9 and later:
+ Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
<b><a href="postconf.5.html#tls_config_file">tls_config_file</a> (default)</b>
Optional configuration file with baseline OpenSSL settings.
.br
.br
.PP
-Failures in processing of the built\-in default configuration
-file, are silently ignored with OpenSSL prior to 1.1.1b. With later
-OpenSSL releases, any errors in loading either the default or custom
-configuration file are detected by Postfix, and cause TLS support to
-be disabled.
+Failures in processing of the built\-in default configuration file,
+are silently ignored. Any errors in loading a non\-default configuration
+file are detected by Postfix, and cause TLS support to be disabled.
.PP
The OpenSSL configuration file format is not documented here,
beyond giving two examples.
.ft R
.in -4
.PP
-This feature is available in Postfix >= 3.9.
+This feature is available in Postfix >= 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20.
.SH tls_config_name (default: empty)
The application name passed by Postfix to OpenSSL library
initialization functions. This name is used to select the desired
(FFDHE) key exchange groups supported by the Postfix SMTP client and
server.
.PP
-Available in Postfix version 3.9 and later:
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
.IP "\fBtls_config_file (default)\fR"
Optional configuration file with baseline OpenSSL settings.
.IP "\fBtls_config_name (empty)\fR"
(FFDHE) key exchange groups supported by the Postfix SMTP client and
server.
.PP
-Available in Postfix version 3.9 and later:
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
.IP "\fBtls_config_file (default)\fR"
Optional configuration file with baseline OpenSSL settings.
.IP "\fBtls_config_name (empty)\fR"
(FFDHE) key exchange groups supported by the Postfix SMTP client and
server.
.PP
-Available in Postfix version 3.9 and later:
+Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
.IP "\fBtls_config_file (default)\fR"
Optional configuration file with baseline OpenSSL settings.
.IP "\fBtls_config_name (empty)\fR"
<ul>
<li> <p> The list of domains that are a member of that address
-class: for example, all local domains, or all relay domains. </p>
+class. </p>
+
+<p> Examples: all local domains, or all relay domains. </p>
+
+<li> <p> The default delivery transport for domains in that address
+class. </p>
+
+<p> Examples: local_transport or relay_transport (these point
+to services defined in master.cf). </p>
-<li> <p> The default delivery transport for that address class. For
-example, the local,
-virtual or relay delivery transport (delivery transports are defined
-in master.cf). This helps to keep Postfix configurations simple,
-by avoiding the need for explicit routing information in transport
-maps. </p>
+<p> Benefit: this avoids the need for explicit routing information
+in transport maps. </p>
<li> <p> The list of valid recipient addresses for that address
-class. The Postfix SMTP server rejects invalid recipients with
-"User unknown in <name of address class here> table". This
-helps to keep the Postfix queue free of undeliverable MAILER-DAEMON
-messages. </p>
+class. </p>
+
+<p> Benefit: the Postfix SMTP server rejects an invalid recipient
+with "User unknown in <name of address class> table", and
+avoids sending a MAILER-DAEMON message with backscatter spam. </p>
</ul>
when the IP address is listed with the inet_interfaces or
proxy_interfaces parameters. </p>
-<li> <p> Valid recipient addresses are listed with the local_recipient_maps
-parameter, as described in LOCAL_RECIPIENT_README. The Postfix SMTP
-server rejects invalid recipients with "User unknown in local
-recipient table". If the local_recipient_maps parameter value is
-empty, then the Postfix SMTP server accepts any address in the
-local domain class. </p>
+<li> <p> Valid recipient addresses for those domains are
+listed with the local_recipient_maps parameter, as described in
+LOCAL_RECIPIENT_README. The Postfix SMTP server rejects invalid recipients
+with "User unknown in local recipient table". If the local_recipient_maps
+parameter value is empty, then the Postfix SMTP server accepts any
+address in the local domain class. </p>
<li> <p> The mail delivery transport is specified with the
local_transport parameter. The default value is <b>local:$myhostname</b>
<ul>
<li> <p> Purpose: hosted domains where each recipient address is
-aliased to an address in a different domain, for example, a local
-UNIX system account or a remote address. A
+aliased to an address in a different domain class, for example, a
+local UNIX system account or a remote address. A
virtual alias example is given in the VIRTUAL_README file. </p>
<li> <p> Domain names are listed in virtual_alias_domains. The
default value is $virtual_alias_maps for Postfix 1.1 compatibility.
</p>
-<li> <p> Valid recipient addresses are listed with the virtual_alias_maps
-parameter. The Postfix SMTP server rejects invalid recipients with
-"User unknown in virtual alias table". The default value is
-$virtual_maps for Postfix 1.1 compatibility. </p>
+<li> <p> Valid recipient addresses for those domains are listed with the
+virtual_alias_maps parameter. The Postfix SMTP server rejects invalid
+recipients with "User unknown in virtual alias table". The default
+value is $virtual_maps for Postfix 1.1 compatibility. </p>
-<li> <p> There is no mail delivery transport parameter. Every
-address must be aliased to an address in some other domain. </p>
+<blockquote ><p> Note: for historical reasons, virtual_alias_maps
+apply to recipients in all domain classes, not only the virtual
+alias domain class. </p> </blockquote>
+
+<li> <p> There is no configurable mail delivery transport. Every
+address must be aliased to an address in some other domain class. </p>
</ul>
<li> <p> Purpose: final delivery for hosted domains where each
recipient address can have its own mailbox, and where users do not
-need to have a UNIX system account. A virtual mailbox example is
+need to have a UNIX system account. A virtual mailbox example is
given in the VIRTUAL_README file. </p>
<li> <p> Domain names are listed with the virtual_mailbox_domains
parameter. The default value is $virtual_mailbox_maps for Postfix
1.1 compatibility. </p>
-<li> <p> Valid recipient addresses are listed with the virtual_mailbox_maps
-parameter. The Postfix SMTP server rejects invalid recipients with
-"User unknown in virtual mailbox table". If this parameter value
-is empty, the Postfix SMTP server accepts all recipients for domains
-listed in $virtual_mailbox_domains. </p>
+<li> <p> Valid recipient addresses for those domains are listed
+with the virtual_mailbox_maps parameter. The Postfix SMTP server
+rejects invalid recipients with "User unknown in virtual mailbox
+table". If this parameter value is empty, the Postfix SMTP server
+accepts all recipients for domains listed in $virtual_mailbox_domains.
+</p>
<li> <p> The mail delivery transport is specified with the
virtual_transport parameter. The default value is <b>virtual</b>
<li> <p> Domain names are listed with the relay_domains parameter.
</p>
-<li> <p> Valid recipient addresses are listed with the relay_recipient_maps
-parameter. The Postfix SMTP server rejects invalid recipients with
-"User unknown in relay recipient table". If this parameter value
-is empty, the Postfix SMTP server accepts all recipients for domains
-listed with the relay_domains parameter. </p>
+<li> <p> Valid recipient addresses for those domains are listed
+with the relay_recipient_maps parameter. The Postfix SMTP server
+rejects invalid recipients with "User unknown in relay recipient
+table". If this parameter value is empty, the Postfix SMTP server
+accepts all recipients for domains listed with the relay_domains
+parameter. </p>
<li> <p> The mail delivery transport is specified with the
relay_transport parameter. The default value is <b>relay</b> which
</dl>
-<p> Failures in processing of the built-in default configuration
-file, are silently ignored with OpenSSL prior to 1.1.1b. With later
-OpenSSL releases, any errors in loading either the default or custom
-configuration file are detected by Postfix, and cause TLS support to
-be disabled. </p>
+<p> Failures in processing of the built-in default configuration file,
+are silently ignored. Any errors in loading a non-default configuration
+file are detected by Postfix, and cause TLS support to be disabled.
+</p>
<p> The OpenSSL configuration file format is not documented here,
beyond giving two examples. <p>
</pre>
</blockquote>
-<p> This feature is available in Postfix ≥ 3.9. </p>
+<p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6,
+3.6.10, and 3.5.20. </p>
Fix by Viktor Dukhovni Files tls tls h tls tls_dane c
Discovered by Benny Pedersen File postscreen postscreen c
proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c
- proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c
src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c
src global mail_params h src smtp smtp c
attacks Fix by Viktor Dukhovni Files tls tls h tls_client c
arguments Files src dns dns h src dns dns_rr_eq_sa c
only a subset of all arguments Files src dns dns h
global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c
- global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c
tls tls_proxy_client_scan c tls tls_proxy h tlsproxy tlsproxy c
smtp smtp c smtpd smtpd c tls tls_misc c
- smtp smtp c smtpd smtpd c tls tls_misc c
proto proto SASL_README html proto SQLITE_README html
proto postconf proto global mail_params h smtp smtp c
smtpd smtpd c tls tls_misc c tls tls_proxy_client_misc c
tls tls_proxy h tlsproxy tlsproxy c
postfix postfix c postlog postlog c
- postfix postfix c postlog postlog c
util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c
util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c
File smtp smtp h
proto proto ADDRESS_REWRITING_README html
proto postconf proto proto ADDRESS_REWRITING_README html
cleanup cleanup c local local c smtpd smtpd c
- cleanup cleanup c local local c smtpd smtpd c
- cleanup cleanup c local local c smtpd smtpd c
postfix postfix c
aliasing Files proto aliases proto virtual postfix postfix c
proto proto aliases proto virtual proto ADDRESS_REWRITING_README html
posttls finger posttls finger c smtp smtp c smtp smtp_proto c
tls tls_client c tls tls h tls tls_misc c
tls tls_proxy h tls tls_server c tlsproxy tlsproxy c
+ Cleanup removed some the the instances Files
+ clients Files posttls finger posttls finger c smtp smtp c
+ smtp smtp c smtp smtp_proto c tls tls_client c tls tls h
+ smtp smtp c smtpd smtpd c tls tls_client c tls tls h
+ smtp smtp_proto c tls tls h tls tls_proxy_client_misc c
+ tls tls_server c tlsproxy tlsproxy c
+ tlsproxy tlsproxy c
+ proto postconf proto smtp smtp c smtpd smtpd c
+ pipelining before the server greeting File smtpd smtpd c
+ before the server greeting File smtpd smtpd c
postfix_settings postfix_settings
postfix_ssl_settings postfix_ssl_settings
baseline_postfix_settings baseline_postfix_settings
+ The and match and literally Without the the
+ The matches literally Without the the would
refactored
Fumiyasu
SATOH
+INI
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20230524"
+#define MAIL_RELEASE_DATE "20230529"
#define MAIL_VERSION_NUMBER "3.9"
#ifdef SNAPSHOT
/* (FFDHE) key exchange groups supported by the Postfix SMTP client and
/* server.
/* .PP
-/* Available in Postfix version 3.9 and later:
+/* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
/* .IP "\fBtls_config_file (default)\fR"
/* Optional configuration file with baseline OpenSSL settings.
/* .IP "\fBtls_config_name (empty)\fR"
/* (FFDHE) key exchange groups supported by the Postfix SMTP client and
/* server.
/* .PP
-/* Available in Postfix version 3.9 and later:
+/* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
/* .IP "\fBtls_config_file (default)\fR"
/* Optional configuration file with baseline OpenSSL settings.
/* .IP "\fBtls_config_name (empty)\fR"
static STRING_LIST *smtpd_noop_cmds;
static STRING_LIST *smtpd_forbid_cmds;
+/* smtpd_flag_ill_pipelining - flag pipelining protocol violation */
+
+static int smtpd_flag_ill_pipelining(SMTPD_STATE *state)
+{
+
+ /*
+ * This code will not return after I/O error, timeout, or EOF. VSTREAM
+ * exceptions must be enabled in advance with smtp_stream_setup().
+ */
+ if (vstream_peek(state->client) == 0
+ && peekfd(vstream_fileno(state->client)) > 0)
+ (void) vstream_ungetc(state->client, smtp_fgetc(state->client));
+ if (vstream_peek(state->client) > 0) {
+ if (state->expand_buf == 0)
+ state->expand_buf = vstring_alloc(100);
+ escape(state->expand_buf, vstream_peek_data(state->client),
+ vstream_peek(state->client) < 100 ?
+ vstream_peek(state->client) : 100);
+ msg_info("improper command pipelining after %s from %s: %s",
+ state->where, state->namaddr, STR(state->expand_buf));
+ state->flags |= SMTPD_FLAG_ILL_PIPELINING;
+ return (1);
+ }
+ return (0);
+}
+
/* smtpd_proto - talk the SMTP protocol */
static void smtpd_proto(SMTPD_STATE *state)
}
#endif
+ /*
+ * If the client spoke before the server sends the initial greeting,
+ * raise a flag and log the content of the protocol violation. This
+ * check MUST NOT apply to TLS wrappermode connections.
+ */
+ if (SMTPD_STAND_ALONE(state) == 0
+ && vstream_context(state->client) == 0 /* not postscreen */
+ && (state->flags & SMTPD_FLAG_ILL_PIPELINING) == 0)
+ (void) smtpd_flag_ill_pipelining(state);
+
/*
* XXX The client connection count/rate control must be consistent in
* its use of client address information in connect and disconnect
if (SMTPD_STAND_ALONE(state) == 0
&& (strcasecmp(state->protocol, MAIL_PROTO_ESMTP) != 0
|| (cmdp->flags & SMTPD_CMD_FLAG_LAST))
- && (state->flags & SMTPD_FLAG_ILL_PIPELINING) == 0
- && (vstream_peek(state->client) > 0
- || peekfd(vstream_fileno(state->client)) > 0)) {
- if (state->expand_buf == 0)
- state->expand_buf = vstring_alloc(100);
- escape(state->expand_buf, vstream_peek_data(state->client),
- vstream_peek(state->client) < 100 ?
- vstream_peek(state->client) : 100);
- msg_info("improper command pipelining after %s from %s: %s",
- cmdp->name, state->namaddr, STR(state->expand_buf));
- state->flags |= SMTPD_FLAG_ILL_PIPELINING;
- }
+ && (state->flags & SMTPD_FLAG_ILL_PIPELINING) == 0)
+ (void) smtpd_flag_ill_pipelining(state);
if (cmdp->action(state, argc, argv) != 0)
state->error_count++;
else
int tls_library_init(void)
{
- OPENSSL_INIT_SETTINGS *init_settings = 0;
+ OPENSSL_INIT_SETTINGS *init_settings;
char *conf_name = *var_tls_cnf_name ? var_tls_cnf_name : 0;
char *conf_file = 0;
unsigned long init_opts = 0;
"disabling TLS support");
return (0);
}
+
+#define TLS_LIB_INIT_RETURN(x) \
+ do { OPENSSL_INIT_free(init_settings); return (x); } while(0)
+
#if OPENSSL_VERSION_NUMBER < 0x1010102fL
/*
if (strcmp(var_tls_cnf_file, "default") != 0) {
msg_warn("non-default %s = %s requires OpenSSL 1.1.1b or later, "
"disabling TLS support", VAR_TLS_CNF_FILE, var_tls_cnf_file);
- return (0);
+ TLS_LIB_INIT_RETURN(0);
}
#else
{
- unsigned long init_flags = 0;
+ unsigned long file_flags = 0;
/*-
* OpenSSL 1.1.1b or later:
- * We can now choose a non-default or configuration file, or
+ * We can now use a non-default configuration file, or
* use none at all. We can also request strict error
* reporting.
*/
- if (strcmp(var_tls_cnf_file, "default") == 0) {
- conf_file = 0;
- /* The default global config file is optional */
- init_flags |= CONF_MFLAGS_IGNORE_MISSING_FILE;
- } else if (strcmp(var_tls_cnf_file, "none") == 0) {
+ if (strcmp(var_tls_cnf_file, "none") == 0) {
init_opts |= OPENSSL_INIT_NO_LOAD_CONFIG;
+ } else if (strcmp(var_tls_cnf_file, "default") == 0) {
+
+ /*
+ * The default global config file is optional. With "default"
+ * initialization we don't insist on a match for the requested
+ * application name, allowing fallback to the default application
+ * name, even when a non-default application name is specified.
+ * Errors in loading the default configuration are ignored.
+ */
+ conf_file = 0;
+ file_flags |= CONF_MFLAGS_IGNORE_MISSING_FILE;
+ file_flags |= CONF_MFLAGS_DEFAULT_SECTION;
+ file_flags |= CONF_MFLAGS_IGNORE_RETURN_CODES | CONF_MFLAGS_SILENT;
} else if (*var_tls_cnf_file == '/') {
+
+ /*
+ * A custom config file must be present, error reporting is
+ * strict and the configuration section for the requested
+ * application name does not fall back to "openssl_conf" when
+ * missing.
+ */
conf_file = var_tls_cnf_file;
} else {
msg_warn("non-default %s = %s is not an absolute pathname, "
"disabling TLS support", VAR_TLS_CNF_FILE, var_tls_cnf_file);
- return (0);
+ TLS_LIB_INIT_RETURN(0);
}
- /*
- * By not including CONF_MFLAGS_IGNORE_RETURN_CODES, we get strict
- * error reporting. We don't insist on a match for the requested
- * application name, allowing fallback to the default application
- * name, even when a non-default application name is specified by
- * always setting the CONF_MFLAGS_DEFAULT_SECTION bit.
- */
- init_flags |= CONF_MFLAGS_DEFAULT_SECTION;
- OPENSSL_INIT_set_config_file_flags(init_settings, init_flags);
+ OPENSSL_INIT_set_config_file_flags(init_settings, file_flags);
}
#endif
msg_warn("error initializing the OpenSSL library, "
"disabling TLS support");
tls_print_errors();
- return (0);
+ TLS_LIB_INIT_RETURN(0);
}
- return (1);
+ TLS_LIB_INIT_RETURN(1);
}
/* tls_pre_jail_init - Load TLS related pre-jail tables */
/* (FFDHE) key exchange groups supported by the Postfix SMTP client and
/* server.
/* .PP
-/* Available in Postfix version 3.9 and later:
+/* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
/* .IP "\fBtls_config_file (default)\fR"
/* Optional configuration file with baseline OpenSSL settings.
/* .IP "\fBtls_config_name (empty)\fR"
projects / thirdparty / postfix.git / commitdiff
