could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
+
+20190331
+
+ Documentation: tlsext_padding is not a tls_ssl_options
+ feature. File: proto/postconf.proto.
+
+20190401
+
+ Portability: added "#undef sun" to util/unix_dgram_connect.c.
+
+20190403
+
+ Bugfix (introduced: Postfix 2.3): a censoring filter broke
+ multiline Milter responses for header/body events. Problem
+ report by Andreas Thienemann. Files: util/printable.c,
+ util/stringops.h, smtpd/smtpd.c
+
+ Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit =
+ 0" no longer meant 'unlimited'. Problem report by Luc Pardon.
+ File: smtp/smtp_addr.c.
+
+20190615
+
+ Documentation: updated the BUGS section in the smtp(8) manpage
+ about TLS connection reuse. File: smtp/smtp.c.
+
+ Workaround for implementations that hang Postfix while
+ shutting down a TLS session, until Postfix times out. With
+ "tls_fast_shutdown_enable = yes" (the default), Postfix no
+ longer waits for the TLS peer to respond to a TLS 'close'
+ request. This is recommended with TLSv1.0 and later. Files:
+ global/mail_params.h, tls/tls_session.c, and documentation.
+
+20190621
+
+ Bugfix (introduced: Postfix 3.0): the code to reset Postfix
+ SMTP server command counts was not called after a HaProxy
+ handshake failure, causing stale numbers to be reported.
+ The command counts are now reset in the function that reports
+ the counts. File: smtpd/smtpd.c.
If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3
before proceeding.
+TLS Workaround for Postfix 3.4.6, 3.3.5, 3.2.10 and 3.1.13
+-----------------------------------------------------------
+
+This release introduces a workaround for implementations that hang
+Postfix while shutting down a TLS session, until Postfix times out.
+With "tls_fast_shutdown_enable = yes" (the default), Postfix no
+longer waits for a remote TLS peer to respond to a TLS 'close'
+request. This behavior is recommended with TLSv1.0 and later. Specify
+"tls_fast_shutdown_enable = no" to get historical Postfix behavior.
+
License change
---------------
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
-# On Linux, this does works correctly only with interfaces specified
+# On Linux, this works correctly only with interfaces specified
# with the "ifconfig" command.
#
# Specify "mynetworks_style = class" when Postfix should "trust" SMTP
ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
- SMTP and LMTP connection caching does not work with TLS. The necessary
- support for TLS object passivation and re-activation does not exist
- without closing the session, which defeats the purpose.
+ SMTP and LMTP connection reuse for TLS (without closing the SMTP or
+ LMTP connection) is not supported before Postfix 3.4.
SMTP and LMTP connection caching assumes that SASL credentials are
valid for all destinations that map onto the same IP address and TCP
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="tls_fast_shutdown_enable">tls_fast_shutdown_enable</a>
+(default: yes)</b></DT><DD>
+
+<p> A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later. </p>
+
+<p> This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10,
+and 3.1.13. </p>
+
+
</DD>
<DT><b><a name="tls_high_cipherlist">tls_high_cipherlist</a>
<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
-<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix ≥ 3.4. See
-SSL_CTX_set_options(3).</dd>
-
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
ter is notified of bounces, protocol problems, and of other trouble.
<b>BUGS</b>
- SMTP and LMTP connection caching does not work with TLS. The necessary
- support for TLS object passivation and re-activation does not exist
- without closing the session, which defeats the purpose.
+ SMTP and LMTP connection reuse for TLS (without closing the SMTP or
+ LMTP connection) is not supported before Postfix 3.4.
SMTP and LMTP connection caching assumes that SASL credentials are
valid for all destinations that map onto the same IP address and TCP
Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
clients via the TLS Server Name Indication (SNI) extension to
the appropriate keys and certificate chains.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
usage policy by next-hop destination and by remote TLS server
hostname.
+ Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+
+ <b><a href="postconf.5.html#tls_fast_shutdown_enable">tls_fast_shutdown_enable</a> (yes)</b>
+ A workaround for implementations that hang Postfix while shuting
+ down a TLS session, until Postfix times out.
+
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
These parameters are supported for compatibility with <a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy
parameters.
encouraged to not change this setting.
.PP
This feature is available in Postfix 2.3 and later.
+.SH tls_fast_shutdown_enable (default: yes)
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later.
+.PP
+This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10,
+and 3.1.13.
.SH tls_high_cipherlist (default: see "postconf \-d" output)
The OpenSSL cipherlist for "high" grade ciphers. This defines
the meaning of the "high" setting in smtpd_tls_ciphers,
.IP "\fBPRIORITIZE_CHACHA\fR"
Postfix >= 3.4. See SSL_CTX_\fBset_options\fR(3).
.br
-.IP "\fBTLSEXT_PADDING\fR"
-Postfix >= 3.4. See
-SSL_CTX_\fBset_options\fR(3).
-.br
.br
.PP
This feature is available in Postfix 2.11 and later.
.SH BUGS
.ad
.fi
-SMTP and LMTP connection caching does not work with TLS. The necessary
-support for TLS object passivation and re\-activation does not
-exist without closing the session, which defeats the purpose.
+SMTP and LMTP connection reuse for TLS (without closing the
+SMTP or LMTP connection) is not supported before Postfix 3.4.
SMTP and LMTP connection caching assumes that SASL credentials
are valid for all destinations that map onto the same IP
.IP "\fBsmtp_tls_servername (empty)\fR"
Optional name to send to the remote SMTP server in the TLS Server
Name Indication (SNI) extension.
+.PP
+Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
Optional lookup tables that map names received from remote SMTP
clients via the TLS Server Name Indication (SNI) extension to the
appropriate keys and certificate chains.
+.PP
+Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
usage policy by next\-hop destination and by remote TLS server
hostname.
+.PP
+Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+.IP "\fBtls_fast_shutdown_enable (yes)\fR"
+A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out.
.SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
.na
.nf
s;\btls_ssl_options\b;<a href="postconf.5.html#tls_ssl_options">$&</a>;g;
s;\btls_dane_digest_agility\b;<a href="postconf.5.html#tls_dane_digest_agility">$&</a>;g;
s;\btls_dane_trust_anchor_digest_enable\b;<a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">$&</a>;g;
+ s;\btls_fast_shutdown_enable\b;<a href="postconf.5.html#tls_fast_shutdown_enable">$&</a>;g;
s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
s;\breset_owner_alias\b;<a href="postconf.5.html#reset_owner_alias">$&</a>;g;
<dt><b>PRIORITIZE_CHACHA</b></dt> <dd>Postfix ≥ 3.4. See SSL_CTX_set_options(3).</dd>
-<dt><b>TLSEXT_PADDING</b></dt> <dd>Postfix ≥ 3.4. See
-SSL_CTX_set_options(3).</dd>
-
</dl>
<p> This feature is available in Postfix 2.11 and later. </p>
<p> This feature is available in Postfix 3.0 and later. </p>
+%PARAM tls_fast_shutdown_enable yes
+
+<p> A workaround for implementations that hang Postfix while shuting
+down a TLS session, until Postfix times out. With this enabled,
+Postfix will not wait for the remote TLS peer to respond to a TLS
+'close' notification. This behavior is recommended for TLSv1.0 and
+later. </p>
+
+<p> This feature was introduced with Postfix 3.4.6, 3.3.5, 3.2.10,
+and 3.1.13. </p>
+
%PARAM default_delivery_status_filter
<p> Optional filter to replace the delivery status code or explanatory
#define DEF_TLS_DANE_DIGESTS "sha512 sha256"
extern char *var_tls_dane_digests;
+ /*
+ * The default is backwards-incompatible.
+ */
+#define VAR_TLS_FAST_SHUTDOWN "tls_fast_shutdown"
+#define DEF_TLS_FAST_SHUTDOWN 1
+extern bool var_tls_fast_shutdown;
+
/*
* Sendmail-style mail filter support.
*/
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190330"
-#define MAIL_VERSION_NUMBER "3.4.5"
+#define MAIL_RELEASE_DATE "20190629"
+#define MAIL_VERSION_NUMBER "3.4.6"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
/* the postmaster is notified of bounces, protocol problems, and of
/* other trouble.
/* BUGS
-/* SMTP and LMTP connection caching does not work with TLS. The necessary
-/* support for TLS object passivation and re-activation does not
-/* exist without closing the session, which defeats the purpose.
+/* SMTP and LMTP connection reuse for TLS (without closing the
+/* SMTP or LMTP connection) is not supported before Postfix 3.4.
/*
/* SMTP and LMTP connection caching assumes that SASL credentials
/* are valid for all destinations that map onto the same IP
/* .IP "\fBsmtp_tls_servername (empty)\fR"
/* Optional name to send to the remote SMTP server in the TLS Server
/* Name Indication (SNI) extension.
+/* .PP
+/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
if (var_smtp_rand_addr)
addr_list = dns_rr_shuffle(addr_list);
addr_list = dns_rr_sort(addr_list, SMTP_COMPARE_ADDR(misc_flags));
- if (var_smtp_balance_inet_proto)
+ if (var_smtp_mxaddr_limit > 0 && var_smtp_balance_inet_proto)
addr_list = smtp_balance_inet_proto(addr_list, misc_flags,
var_smtp_mxaddr_limit);
}
/* The following changes the order of equal-preference hosts. */
if (inet_proto_info()->ai_family_list[1] != 0)
addr_list = dns_rr_sort(addr_list, SMTP_COMPARE_ADDR(misc_flags));
- if (var_smtp_balance_inet_proto)
+ if (var_smtp_mxaddr_limit > 0 && var_smtp_balance_inet_proto)
addr_list = smtp_balance_inet_proto(addr_list, misc_flags,
var_smtp_mxaddr_limit);
}
/* Optional lookup tables that map names received from remote SMTP
/* clients via the TLS Server Name Indication (SNI) extension to the
/* appropriate keys and certificate chains.
+/* .PP
+/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
int saved_err;
const CLEANUP_STAT_DETAIL *detail;
+#define IS_SMTP_REJECT(s) \
+ (((s)[0] == '4' || (s)[0] == '5') \
+ && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \
+ && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-'))
+
if (state->err == CLEANUP_STAT_OK
&& SMTPD_STAND_ALONE(state) == 0
&& (err = smtpd_check_eod(state)) != 0) {
if (state->err == 0) {
why = vstring_alloc(10);
state->err = mail_stream_finish(state->dest, why);
- printable(STR(why), ' ');
+ if (IS_SMTP_REJECT(STR(why)))
+ printable_except(STR(why), ' ', "\r\n");
+ else
+ printable(STR(why), ' ');
} else
mail_stream_cleanup(state->dest);
state->dest = 0;
*
* See also: qmqpd.c
*/
-#define IS_SMTP_REJECT(s) \
- (((s)[0] == '4' || (s)[0] == '5') \
- && ISDIGIT((s)[1]) && ISDIGIT((s)[2]) \
- && ((s)[3] == '\0' || (s)[3] == ' ' || (s)[3] == '-'))
-
if (state->err == CLEANUP_STAT_OK) {
state->error_count = 0;
state->error_mask = 0;
case 0:
- /*
- * Reset the per-command counters.
- */
- for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
- cmdp->success_count = cmdp->total_count = 0;
- if (cmdp->name == 0)
- break;
- }
-
/*
* In TLS wrapper mode, turn on TLS using code that is shared with
* the STARTTLS command. This code does not return when the handshake
break;
}
+ /*
+ * Reset the per-command counters.
+ */
+ for (cmdp = smtpd_cmd_table; /* see below */ ; cmdp++) {
+ cmdp->success_count = cmdp->total_count = 0;
+ if (cmdp->name == 0)
+ break;
+ }
+
/*
* Log total numbers, so that logfile analyzers will see something even
* if the above loop produced no output. When no commands were received
tls_session.o: ../../include/argv.h
tls_session.o: ../../include/check_arg.h
tls_session.o: ../../include/dns.h
+tls_session.o: ../../include/mail_params.h
tls_session.o: ../../include/msg.h
tls_session.o: ../../include/myaddrinfo.h
tls_session.o: ../../include/mymalloc.h
/* char *var_tls_mgr_service;
/* char *var_tls_tkt_cipher;
/* char *var_openssl_path;
+/* char *var_tls_server_sni_maps;
+/* bool var_tls_fast_shutdown;
/*
/* TLS_APPL_STATE *tls_alloc_app_context(ssl_ctx, log_mask)
/* SSL_CTX *ssl_ctx;
char *var_tls_tkt_cipher;
char *var_openssl_path;
char *var_tls_server_sni_maps;
+bool var_tls_fast_shutdown;
static MAPS *tls_server_sni_maps;
VAR_TLS_BC_PKEY_FPRINT, DEF_TLS_BC_PKEY_FPRINT, &var_tls_bc_pkey_fprint,
VAR_TLS_PREEMPT_CLIST, DEF_TLS_PREEMPT_CLIST, &var_tls_preempt_clist,
VAR_TLS_MULTI_WILDCARD, DEF_TLS_MULTI_WILDCARD, &var_tls_multi_wildcard,
+ VAR_TLS_FAST_SHUTDOWN, DEF_TLS_FAST_SHUTDOWN, &var_tls_fast_shutdown,
0,
};
static int init_done;
#include <msg.h>
#include <mymalloc.h>
+/* Global library. */
+
+#include <mail_params.h>
+
/* TLS library. */
#define TLS_INTERNAL
msg_panic("%s: stream has no active TLS context", myname);
/*
+ * According to RFC 2246 (TLS 1.0), there is no requirement to wait for
+ * the peer's close-notify. If the application protocol provides
+ * sufficient session termination signaling, then there's no need to
+ * duplicate that at the TLS close-notify layer.
+ *
+ * https://tools.ietf.org/html/rfc2246#section-7.2.1
+ * https://tools.ietf.org/html/rfc4346#section-7.2.1
+ * https://tools.ietf.org/html/rfc5246#section-7.2.1
+ *
+ * Specify 'tls_fast_shutdown = no' to enable the historical behavior
+ * described below.
+ *
* Perform SSL_shutdown() twice, as the first attempt will send out the
* shutdown alert but it will not wait for the peer's shutdown alert.
* Therefore, when we are the first party to send the alert, we must call
*/
if (!failure) {
retval = tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
- if (retval == 0)
+ if (!var_tls_fast_shutdown && retval == 0)
tls_bio_shutdown(vstream_fileno(stream), timeout, TLScontext);
}
tls_free_context(TLScontext);
/* Optional lookup tables with the Postfix \fBtlsproxy\fR(8) client TLS
/* usage policy by next-hop destination and by remote TLS server
/* hostname.
+/* .PP
+/* Introduced with Postfix 3.4.6, 3.3.5, 3.2.10, and 3.1.13:
+/* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
+/* A workaround for implementations that hang Postfix while shuting
+/* down a TLS session, until Postfix times out.
/* OBSOLETE STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
/* char *printable(buffer, replacement)
/* char *buffer;
/* int replacement;
+/*
+/* char *printable_except(buffer, replacement, except)
+/* char *buffer;
+/* int replacement;
+/* const char *except;
/* DESCRIPTION
/* printable() replaces non-printable characters
/* in its input with the given replacement.
/* .IP replacement
/* Replacement value for characters in \fIbuffer\fR that do not
/* pass the ASCII isprint(3) test or that are not valid UTF8.
+/* .IP except
+/* Null-terminated sequence of non-replaced ASCII characters.
/* LICENSE
/* .ad
/* .fi
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
/* System library. */
#include "sys_defs.h"
#include <ctype.h>
+#include <string.h>
/* Utility library. */
int util_utf8_enable = 0;
+/* printable - binary compatibility */
+
+#undef printable
+
+char *printable(char *, int);
+
char *printable(char *string, int replacement)
+{
+ return (printable_except(string, replacement, (char *) 0));
+}
+
+/* printable_except - pass through printable or other preserved characters */
+
+char *printable_except(char *string, int replacement, const char *except)
{
unsigned char *cp;
int ch;
*/
cp = (unsigned char *) string;
while ((ch = *cp) != 0) {
- if (ISASCII(ch) && ISPRINT(ch)) {
+ if (ISASCII(ch) && (ISPRINT(ch) || (except && strchr(except, ch)))) {
/* ok */
} else if (util_utf8_enable && ch >= 194 && ch <= 254
&& cp[1] >= 128 && cp[1] < 192) {
* External interface.
*/
extern int util_utf8_enable;
-extern char *printable(char *, int);
+extern char *printable_except(char *, int, const char *);
extern char *neuter(char *, const char *, int);
extern char *lowercase(char *);
extern char *casefoldx(int, VSTRING *, const char *, ssize_t);
extern char *mystrtokq(char **, const char *, const char *);
extern char *translit(char *, const char *, const char *);
+#define printable(string, replacement) \
+ printable_except((string), (replacement), (char *) 0)
+
#ifndef HAVE_BASENAME
#define basename postfix_basename
extern char *basename(const char *);
int unix_dgram_connect(const char *path, int block_mode)
{
const char myname[] = "unix_dgram_connect";
+#undef sun
struct sockaddr_un sun;
ssize_t path_len;
int sock;
projects / thirdparty / postfix.git / commitdiff
