-Ttime_t
-Ttlsa_filter
-Tx509_stack_t
+-Tpem_load_state
For servers that are n\bno\bot\bt public Internet MX hosts, Postfix supports
configurations with no certificates. This entails the use of just the anonymous
-TLS ciphers, which are not supported by typical SMTP clients. Since such
-clients will not, as a rule, fall back to plain text after a TLS handshake
-failure, a certificate-less Postfix SMTP server will be unable to receive email
-from most TLS enabled clients. To avoid accidental configurations with no
-certificates, Postfix enables certificate-less operation only when the
-administrator explicitly sets "smtpd_tls_cert_file = none". This ensures that
-new Postfix SMTP server configurations will not accidentally run with no
+TLS ciphers, which are not supported by typical SMTP clients. Since some
+clients may not fall back to plain text after a TLS handshake failure, a
+certificate-less Postfix SMTP server will be unable to receive email from some
+TLS-enabled clients. To avoid accidental configurations with no certificates,
+Postfix enables certificate-less operation only when the administrator
+explicitly sets "smtpd_tls_cert_file = none". This ensures that new Postfix
+SMTP server configurations will not accidentally enable TLS without
certificates.
+Note that server certificates are n\bno\bot\bt optional in TLS 1.3. To run without
+certificates you'd have to disable the TLS 1.3 protocol by including '!TLSv1.3'
+in "smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols". It
+is simpler instead to just configure a certificate chain. Certificate-less
+operation is not recommended.
+
RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. Most sites only
have RSA certificates. You can configure all three at the same time, in which
case the ciphersuite negotiated with the remote SMTP client determines which
any other digest of a CA certificate, but it is expected that SHA256 will
be by far the most common digest for TLSA.
- As a best practice, publish either "3 0 1" or "3 1 1" TLSA associations
- that specify the SHA256 digest of the server certificate public key with
- the alias-expanded hostname of each STARTTLS capable SMTP server. These
- continue to work when a certificate is renewed with the same public/private
- key pair.
+ As a best practice, publish "3 1 1" TLSA associations that specify the
+ SHA256 digest of the server's public key. These continue to work unmodified
+ when a certificate is renewed with the same public/private key pair.
For instructions on how to compute the digest of a certificate or its public
key for use in TLSA records, see the documentation of the
C\bCo\bon\bnf\bfi\big\bgu\bur\bri\bin\bng\bg t\bth\bhe\be s\bse\ber\brv\bve\ber\br c\bce\ber\brt\bti\bif\bfi\bic\bca\bat\bte\be a\ban\bnd\bd k\bke\bey\by f\bfi\bil\ble\bes\bs
+Example: Postfix >= 3.4 all-in-one chain file(s). One or more chain files that
+start with a key that is immediately followed by the corresponding certificate
+and any additional issuer certificates. A single file can hold multiple (key,
+cert, [chain]) sequences, one per algorithm. It is typically simpler to keep
+the chain for each algorithm in its own file. Most users are likely to deploy
+just a single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to
+five chains, one each for RSA, ECDSA, ED25519, ED448 and even the obsolete DSA.
+
+ # Postfix >= 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates. The root CA
+ # cert may also be needed when published as a DANE trust anchor.
+ #
+ smtpd_tls_chain_files =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+
+You can also store the keys separately from their certificates, again provided
+each is listed before the corresponding certificate chain. Storing a key and
+its associated certificate chain in separate files is not recommended, because
+this is prone to race conditions during key rollover, as there is no way to
+update multiple files atomically.
+
+ # Postfix >= 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ smtpd_tls_chain_files =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+
+The below examples show the legacy algorithm-specific configurations for
+Postfix 3.3 and older. With Postfix <= 3.3, even if the key is stored in the
+same file as the certificate, the file is read twice and a (brief) race
+condition still exists during key rollover. While Postfix >= 3.4 avoids the
+race when the key and certificate are in the same file, you should use the new
+"smtpd_tls_chain_files" interface shown above.
+
RSA key and certificate examples:
/etc/postfix/main.cf:
Their ECDSA counterparts (Postfix >= 2.6 + OpenSSL >= 1.0.0):
/etc/postfix/main.cf:
- # Most clients will not be ECDSA capable, so you will likely also need
- # an RSA or DSA certificate and private key.
+ # Some clients will not be ECDSA capable, so you will likely still need
+ # an RSA certificate and private key.
#
smtpd_tls_eccert_file = /etc/postfix/server-ecdsa.pem
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
capable clients:
/etc/postfix/main.cf:
+ # Not recommended: breaks TLS 1.3 and clients that don't support
+ # anonymous cipher suites.
smtpd_tls_cert_file = none
To verify a remote SMTP client certificate, the Postfix SMTP server needs to
For a server that is not a public Internet MX host, Postfix supports
configurations with no server certificates that use o\bon\bnl\bly\by the anonymous ciphers.
This is enabled by explicitly setting "smtpd_tls_cert_file = none" and not
-specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file.
+specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file. Such
+configurations may not interoperate with some clients, and require that TLSv1.3
+be explicitly disabled. Therefore, they are not recommended, it is better and
+simpler to just configure a suitable certificate.
Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3, with high grade
ciphers:
# Legacy syntax:
smtpd_tls_mandatory_protocols = TLSv1
+With Postfix >= 3.4, specify instead a single file that holds the key followed
+by the corresponding certificate and any associated issuing certificates,
+leaving the "smtpd_tls_cert_file" and "smtpd_tls_key_file" and related DSA and
+ECDSA parameters empty.
+
+ /etc/postfix/main.cf:
+ smtpd_tls_chain_files = /etc/postfix/rsachain.pem
+ smtpd_tls_cert_file =
+ smtpd_tls_key_file =
+ ...
+
If you want to take maximal advantage of ciphers that offer forward secrecy see
the Getting started section of FORWARD_SECRECY_README. The full document
conveniently presents all information about Postfix forward secrecy support in
Despite the potential for eliminating passive eavesdropping attacks, mandatory
TLS encryption is not viable as a default security level for mail delivery to
-the public Internet. Most MX hosts do not support TLS at all, and some of those
+the public Internet. Some MX hosts do not support TLS at all, and some of those
that do have broken implementations. On a host that delivers mail to the
Internet, you should not configure mandatory TLS encryption as the default
security level.
Despite the potential for eliminating "man-in-the-middle" and other attacks,
mandatory certificate trust chain and subject name verification is not viable
-as a default Internet mail delivery policy. Most MX hosts do not support TLS at
-all, and a significant portion of TLS enabled MTAs use self-signed
+as a default Internet mail delivery policy. Some MX hosts do not support TLS at
+all, and a significant portion of TLS-enabled MTAs use self-signed
certificates, or certificates that are signed by a private Certification
Authority. On a machine that delivers mail to the Internet, you should not
configure mandatory server certificate verification as a default policy.
Despite the potential for eliminating "man-in-the-middle" and other attacks,
mandatory secure server certificate verification is not viable as a default
-Internet mail delivery policy. Most MX hosts do not support TLS at all, and a
-significant portion of TLS enabled MTAs use self-signed certificates, or
+Internet mail delivery policy. Some MX hosts do not support TLS at all, and a
+significant portion of TLS-enabled MTAs use self-signed certificates, or
certificates that are signed by a private Certification Authority. On a machine
that delivers mail to the Internet, you should not configure secure TLS
verification as a default policy.
# Postfix >= 2.6
smtp_tls_eccert_file =
smtp_tls_eckey_file =
+ # Postfix >= 3.4
+ smtp_tls_chain_files =
The best way to use the default settings is to comment out the above parameters
in main.cf if present.
During TLS startup negotiation the Postfix SMTP client may present a
-certificate to the remote SMTP server. The Netscape client is rather clever
-here and lets the user select between only those certificates that match CA
-certificates offered by the remote SMTP server. As the Postfix SMTP client uses
-the "SSL_connect()" function from the OpenSSL package, this is not possible and
-we have to choose just one certificate. So for now the default is to use _no_
-certificate and key unless one is explicitly specified here.
+certificate to the remote SMTP server. Browsers typically let the user select
+among the certificates that match the CA names indicated by the remote SMTP
+server. The Postfix SMTP client does not yet have a mechanism to select from
+multiple candidate certificates on the fly, and supports a single set of
+certificates (at most one per public key algorithm).
RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. You can
configure all three at the same time, in which case the cipher used determines
accessible without password. Both parts (certificate and private key) may be in
the same file.
+With OpenSSL 1.1.1 and Postfix >= 3.4 it is also possible to configure Ed25519
+and Ed448 certificates. Rather than add two more pairs of key and certificate
+parameters, Postfix 3.4 introduces a new "smtp_tls_chain_files" parameter which
+specifies all the configured certificates at once, and handles files that hold
+both the key and the associated certificates in one pass, thereby avoiding
+potential race conditions during key rollover.
+
To enable remote SMTP servers to verify the Postfix SMTP client certificate,
the issuing CA certificates must be made available to the server. You should
include the required certificates in the client certificate file, the client
certificate first, then the issuing CA(s) (bottom-up order).
Example: the certificate for "client.example.com" was issued by "intermediate
-CA" which itself has a certificate issued by "root CA". Create the client.pem
-file with:
+CA" which itself has a certificate issued by "root CA". As the "root" super-
+user create the client.pem file with:
- % c\bca\bat\bt c\bcl\bli\bie\ben\bnt\bt_\b_c\bce\ber\brt\bt.\b.p\bpe\bem\bm i\bin\bnt\bte\ber\brm\bme\bed\bdi\bia\bat\bte\be_\b_C\bCA\bA.\b.p\bpe\bem\bm >\b> c\bcl\bli\bie\ben\bnt\bt.\b.p\bpe\bem\bm
+ # u\bum\bma\bas\bsk\bk 0\b07\b77\b7
+ # c\bca\bat\bt c\bcl\bli\bie\ben\bnt\bt_\b_k\bke\bey\by.\b.p\bpe\bem\bm c\bcl\bli\bie\ben\bnt\bt_\b_c\bce\ber\brt\bt.\b.p\bpe\bem\bm i\bin\bnt\bte\ber\brm\bme\bed\bdi\bia\bat\bte\be_\b_C\bCA\bA.\b.p\bpe\bem\bm >\b> c\bch\bha\bai\bin\bn.\b.p\bpe\bem\bm
A Postfix SMTP client certificate supplied here must be usable as SSL client
certificate and hence pass the "openssl verify -purpose sslclient ..." test.
A server that trusts the root CA has a local copy of the root CA certificate,
so it is not necessary to include the root CA certificate here. Leaving it out
-of the "client.pem" file reduces the overhead of the TLS exchange.
+of the "chain.pem" file reduces the overhead of the TLS exchange.
If you want the Postfix SMTP client to accept remote SMTP server certificates
issued by these CAs, append the root certificate to $smtp_tls_CAfile or install
it in the $smtp_tls_CApath directory.
+Example: Postfix >= 3.4 all-in-one chain file(s). One or more chain files that
+start with a key that is immediately followed by the corresponding certificate
+and any additional issuer certificates. A single file can hold multiple (key,
+cert, [chain]) sequences, one per algorithm. It is typically simpler to keep
+the chain for each algorithm in its own file. Most users are likely to deploy
+at most a single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up
+five chains, one each for RSA, ECDSA, ED25519, ED448 and even the obsolete DSA.
+
+ # Postfix >= 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates.
+ #
+ smtp_tls_chain_files =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+
+You can also store the keys separately from their certificates, again provided
+each is listed before the corresponding certificate chain. Storing a key and
+its associated certificate chain in separate files is not recommended, because
+this is prone to race conditions during key rollover, as there is no way to
+update multiple files atomically.
+
+ # Postfix >= 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ smtp_tls_chain_files =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+
+The below examples show the legacy algorithm-specific configurations for
+Postfix 3.3 and older. With Postfix <= 3.3, even if the key is stored in the
+same file as the certificate, the file is read twice and a (brief) race
+condition still exists during key rollover. While Postfix >= 3.4 avoids the
+race when the key and certificate are in the same file, you should use the new
+"smtp_tls_chain_files" interface shown above.
+
RSA key and certificate examples:
/etc/postfix/main.cf:
Opportunistic TLS. The optional "ciphers", "exclude" and "protocols"
attributes (available for opportunistic TLS with Postfix >= 2.6) override
the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols"
- configuration parameters.
+ configuration parameters. At this level and higher, the optional
+ "servername" attribute (available with Postfix >= 3.4) overrides the global
+ "smtp_tls_servername" parameter, enabling per-destination configuration of
+ the SNI extension sent to the remote SMTP server.
e\ben\bnc\bcr\bry\byp\bpt\bt
Mandatory encryption. Mail is delivered only if the remote SMTP server
offers STARTTLS and the TLS handshake succeeds. At this level and higher,
The following commands (credits: Viktor Dukhovni) generate and install a 2048-
bit RSA private key and 10-year self-signed certificate for the local Postfix
-system. This requires super-user privileges.
+system. This requires super-user privileges. (By using date-specific filenames
+for the certificate and key files, and updating main.cf with new filenames, a
+potential race condition in which the key and certificate might not match is
+avoided).
# dir="$(postconf -h config_directory)"
# fqdn=$(postconf -h myhostname)
require a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
-supports configurations with no certificates. This entails the
-use of just the anonymous TLS ciphers, which are not supported by
-typical SMTP clients. Since such clients will not, as a rule, fall
-back to plain text after a TLS handshake failure, a certificate-less
-Postfix SMTP server will
-be unable to receive email from most TLS enabled clients. To avoid
-accidental configurations with no certificates, Postfix enables
-certificate-less operation only when the administrator explicitly sets
-"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
-SMTP server configurations will not accidentally run with no
-certificates. </p>
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate-less Postfix SMTP server will be unable
+to receive email from some TLS-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate-less
+operation only when the administrator explicitly sets
+"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates. </p>
+
+<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
+run without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also
+"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not
+recommended. <p>
<p> RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported.
Most sites only have RSA certificates. You can configure all three
a CA certificate, but it is expected that SHA256 will be by far the
most common digest for TLSA. </p>
-<p> As a best practice, publish either "3 0 1" or "3 1 1" TLSA
-associations that specify the SHA256 digest of the server certificate
-public key with the alias-expanded hostname of each STARTTLS capable
-SMTP server. These continue to work when a certificate is renewed
-with the same public/private key pair. </p>
+<p> As a best practice, publish "3 1 1" TLSA associations that specify
+the SHA256 digest of the server's public key. These continue to work
+unmodified when a certificate is renewed with the same public/private
+key pair. </p>
</ul>
<h4> Configuring the server certificate and key files </h4>
+<p> Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more
+chain files that start with a key that is immediately followed by the
+corresponding certificate and any additional issuer certificates. A
+single file can hold multiple <i>(key, cert, [chain])</i> sequences, one
+per algorithm. It is typically simpler to keep the chain for each
+algorithm in its own file. Most users are likely to deploy just a
+single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to
+five chains, one each for RSA, ECDSA, ED25519, ED448 and even the
+obsolete DSA. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates. The root CA
+ # cert may also be needed when published as a DANE trust anchor.
+ #
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+</pre>
+</blockquote>
+
+<p> You can also store the keys separately from their certificates, again
+provided each is listed before the corresponding certificate chain. Storing a
+key and its associated certificate chain in separate files is not recommended,
+because this is prone to race conditions during key rollover, as there is no
+way to update multiple files atomically. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+</pre>
+</blockquote>
+
+<p> The below examples show the legacy algorithm-specific configurations
+for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is
+stored in the same file as the certificate, the file is read twice and a
+(brief) race condition still exists during key rollover. While Postfix
+≥ 3.4 avoids the race when the key and certificate are in the same
+file, you should use the new "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" interface shown
+above. <p>
+
<p> RSA key and certificate examples: </p>
<blockquote>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
- # Most clients will not be ECDSA capable, so you will likely also need
- # an RSA or DSA certificate and private key.
+ # Some clients will not be ECDSA capable, so you will likely still need
+ # an RSA certificate and private key.
#
<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> = /etc/postfix/server-ecdsa.pem
<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> = $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>
<blockquote>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # Not recommended: breaks TLS 1.3 and clients that don't support
+ # anonymous cipher suites.
<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none
</pre>
</blockquote>
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
enabled by explicitly setting "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none"
-and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> or <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p>
+and not specifying an <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> or <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>.
+Such configurations may not interoperate with some clients, and require
+that TLSv1.3 be explicitly disabled. Therefore, they are not
+recommended, it is better and simpler to just configure a suitable
+certificate. </p>
<p> Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
with high grade ciphers: </p>
</pre>
</blockquote>
+<p> With Postfix ≥ 3.4, specify instead a single file that holds the
+key followed by the corresponding certificate and any associated issuing
+certificates, leaving the "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>" and "<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>"
+and related DSA and ECDSA parameters empty. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> = /etc/postfix/rsachain.pem
+ <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> =
+ <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> =
+ ...
+</pre>
+</blockquote>
+
<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
<p> Despite the potential for eliminating passive eavesdropping attacks,
mandatory TLS encryption is not viable as a default security level for
-mail delivery to the public Internet. Most MX hosts do not support TLS at
+mail delivery to the public Internet. Some MX hosts do not support TLS at
all, and some of those that do have broken implementations. On a host
that delivers mail to the Internet, you should not configure mandatory
TLS encryption as the default security level. </p>
<p> Despite the potential for eliminating "man-in-the-middle" and other
attacks, mandatory certificate trust chain and subject name verification
-is not viable as a default Internet mail delivery policy. Most MX hosts
-do not support TLS at all, and a significant portion of TLS enabled
+is not viable as a default Internet mail delivery policy. Some MX hosts
+do not support TLS at all, and a significant portion of TLS-enabled
MTAs use self-signed certificates, or certificates that are signed by
a private Certification Authority. On a machine that delivers mail to
the Internet, you should not configure mandatory server certificate
<p> Despite the potential for eliminating "man-in-the-middle" and other
attacks, mandatory secure server certificate verification is not
-viable as a default Internet mail delivery policy. Most MX hosts
-do not support TLS at all, and a significant portion of TLS enabled
+viable as a default Internet mail delivery policy. Some MX hosts
+do not support TLS at all, and a significant portion of TLS-enabled
MTAs use self-signed certificates, or certificates that are signed
by a private Certification Authority. On a machine that delivers mail
to the Internet, you should not configure secure TLS verification
# Postfix ≥ 2.6
<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> =
<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> =
+ # Postfix ≥ 3.4
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
</pre>
</blockquote>
<p> The best way to use the default settings is to comment out the above
parameters in <a href="postconf.5.html">main.cf</a> if present. </p>
-<p> During TLS startup negotiation the Postfix SMTP client may present
-a certificate to the remote SMTP server. The Netscape client is
-rather clever here and lets the user select between only those
-certificates that match CA certificates offered by the remote SMTP
-server. As the Postfix SMTP client uses the "SSL_connect()" function
-from the OpenSSL package, this is not possible and we have to choose
-just one certificate. So for now the default is to use _no_
-certificate and key unless one is explicitly specified here. </p>
+<p> During TLS startup negotiation the Postfix SMTP client may present a
+certificate to the remote SMTP server. Browsers typically let the user
+select among the certificates that match the CA names indicated by the
+remote SMTP server. The Postfix SMTP client does not yet have a mechanism
+to select from multiple candidate certificates on the fly, and supports a
+single set of certificates (at most one per public key algorithm). </p>
<p> RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported.
You can configure all three at the same time, in which case the
-cipher used determines which certificate is presented. </p>
+cipher used determines which certificate is presented. </p>
<p> It is possible for the Postfix SMTP client to use the same
key/certificate pair as the Postfix SMTP server. If a certificate
password. Both parts (certificate and private key) may be in the
same file. </p>
+<p> With OpenSSL 1.1.1 and Postfix ≥ 3.4 it is also possible to
+configure Ed25519 and Ed448 certificates. Rather than add two more
+pairs of key and certificate parameters, Postfix 3.4 introduces a new
+"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter which specifies all the configured
+certificates at once, and handles files that hold both the key and the
+associated certificates in one pass, thereby avoiding potential race
+conditions during key rollover. </p>
+
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
-Create the client.pem file with: </p>
+As the "root" super-user create the client.pem file with: </p>
<blockquote>
<pre>
-% <b>cat client_cert.pem intermediate_CA.pem > client.pem </b>
+# <b>umask 077</b>
+# <b>cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem </b>
</pre>
</blockquote>
<p> A server that trusts the root CA has a local copy of the root
CA certificate, so it is not necessary to include the root CA
-certificate here. Leaving it out of the "client.pem" file reduces
+certificate here. Leaving it out of the "chain.pem" file reduces
the overhead of the TLS exchange. </p>
<p> If you want the Postfix SMTP client to accept remote SMTP server
certificates issued by these CAs, append the root certificate to
$<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> or install it in the $<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> directory. </p>
+<p> Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more
+chain files that start with a key that is immediately followed by the
+corresponding certificate and any additional issuer certificates. A
+single file can hold multiple <i>(key, cert, [chain])</i> sequences, one
+per algorithm. It is typically simpler to keep the chain for each
+algorithm in its own file. Most users are likely to deploy at most a
+single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up
+five chains, one each for RSA, ECDSA, ED25519, ED448 and even the
+obsolete DSA. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates.
+ #
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+</pre>
+</blockquote>
+
+<p> You can also store the keys separately from their certificates, again
+provided each is listed before the corresponding certificate chain. Storing a
+key and its associated certificate chain in separate files is not recommended,
+because this is prone to race conditions during key rollover, as there is no
+way to update multiple files atomically. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+</pre>
+</blockquote>
+
+<p> The below examples show the legacy algorithm-specific configurations
+for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is
+stored in the same file as the certificate, the file is read twice and a
+(brief) race condition still exists during key rollover. While Postfix
+≥ 3.4 avoids the race when the key and certificate are in the same
+file, you should use the new "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" interface shown
+above. <p>
+
<p> RSA key and certificate examples: </p>
<blockquote>
The optional "ciphers", "exclude" and "protocols" attributes
(available for opportunistic TLS with Postfix ≥ 2.6) override the
"<a href="postconf.5.html#smtp_tls_ciphers">smtp_tls_ciphers</a>", "<a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a>" and "<a href="postconf.5.html#smtp_tls_protocols">smtp_tls_protocols</a>"
-configuration parameters. </dd>
+configuration parameters. At this level and higher, the optional
+"servername" attribute (available with Postfix ≥ 3.4) overrides the
+global "<a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a>" parameter, enabling per-destination
+configuration of the SNI extension sent to the remote SMTP server. </dd>
<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt"> Mandatory encryption</a>.
Mail is delivered only if the remote SMTP server offers STARTTLS
<p> The following commands (credits: Viktor Dukhovni) generate and
install a 2048-bit RSA private key and 10-year self-signed certificate
for the local Postfix system. This requires super-user privileges.
+(By using date-specific filenames for the certificate and key files,
+and updating <a href="postconf.5.html">main.cf</a> with new filenames, a potential race condition
+in which the key and certificate might not match is avoided).
</p>
<blockquote>
<b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b>
Try to make multiple deliveries per TLS-encrypted connection.
+ <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
+ List of one or more PEM files, each holding one or more private
+ keys directly followed by a corresponding certificate chain.
+
+ <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
+ Optional name to send to the remote SMTP server in the TLS
+ Server Name Indication (SNI) extension.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble shoot a Postfix
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble shoot a Postfix
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
<p>
The only reason why the value of 2 is not the default is the way
this parameter affects the delivery of mailing-list mail. In the
-worst case, their delivery can take somewhere between (cost+1/cost)
+worst case, delivery can take somewhere between (cost+1/cost)
and (cost/cost-1) times more than if the preemptive scheduler was
disabled. The default value of 5 turns out to provide reasonable
message response times while making sure the mailing-list deliveries
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="lmtp_tls_chain_files">lmtp_tls_chain_files</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="lmtp_tls_ciphers">lmtp_tls_ciphers</a>
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="lmtp_tls_servername">lmtp_tls_servername</a>
+(default: empty)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="lmtp_tls_session_cache_database">lmtp_tls_session_cache_database</a>
<p>
If you can, avoid shell meta characters because they will force
Postfix to run an expensive shell process. If you're delivering
-via Procmail then running a shell won't make a noticeable difference
+via "procmail" then running a shell won't make a noticeable difference
in the total cost.
</p>
<p>
Optional list of user names that are not subjected to address
-masquerading, even when their address
matches $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>.
+masquerading, even when their address
es match $<a href="postconf.5.html#masquerade_domains">masquerade_domains</a>.
</p>
<p>
<pre>
/etc/postfix/<a href="postconf.5.html">main.cf</a>:
<a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> = <a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,
-
<a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
+ <a href="cidr_table.5.html">cidr</a>:/etc/postfix/postscreen_access.cidr
<a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> = enforce
</pre>
<p>
Display the name of the recipient table in the "User unknown"
-responses. The extra detail makes trouble shooting easier but also
-reveals information that is nobody elses business.
+responses. The extra detail makes troubleshooting easier but also
+reveals information that is nobody else's business.
</p>
<p>
present in the chroot jail if the <a href="smtp.8.html">smtp(8)</a> client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
-$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
+$<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (or, Postfix ≥ 3.4 $<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>). </p>
<p> Specify "<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> = /path/to/system_CA_file" to use
ONLY the system-supplied default Certification Authority certificates.
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client RSA certificate in PEM format.
-This file may also contain the Postfix SMTP client private RSA key,
-and these may be the same as the Postfix SMTP server RSA certificate and key
-file. </p>
+This file may also contain the Postfix SMTP client private RSA key, and
+these may be the same as the Postfix SMTP server RSA certificate and key
+file. With Postfix ≥ 3.4 the preferred way to configure client keys
+and certificates is via the "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
<p> Do not configure client certificates unless you <b>must</b> present
client TLS certificates to one or more servers. Client certificates are
<pre>
<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> =
<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> =
-<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> =
-<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> =
<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> =
<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> =
+# Obsolete DSA parameters
+<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> =
+<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> =
+# Postfix ≥ 3.4 interface
+<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
</pre>
</blockquote>
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
-Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
-root_CA.pem > client.pem". </p>
+As the "root" super-user create the client.pem file with: </p>
+
+<blockquote>
+<pre>
+# <b>umask 077</b>
+# <b>cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem </b>
+</pre>
+</blockquote>
<p> If you also want to verify remote SMTP server certificates issued by
these CAs, you can add the CA certificates to the <a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>, in
which case it is not necessary to have them in the <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>,
-<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p>
+<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>
(obsolete) or <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p>
<p> A certificate supplied here must be usable as an SSL client certificate
and hence pass the "openssl verify -purpose sslclient ..." test. </p>
<p> Example: </p>
<pre>
-<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/client.pem
+<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> = /etc/postfix/chain.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
+</DD>
+
+<DT><b><a name="smtp_tls_chain_files">smtp_tls_chain_files</a>
+(default: empty)</b></DT><DD>
+
+<p> List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm-specific key and certificate file settings. When this
+parameter is non-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non-empty. </p>
+
+<p> With the proliferation of multiple private key algorithms—which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448—it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+
+<p> Each key must appear <b>immediately before</b> the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: <i>key1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p>
+
+<p> Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key. </p>
+
+<p> The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or an configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve. </p>
+
+<p>
+Example (separate files for each key and corresponding certificate chain):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> =
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed25519.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed448.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/rsa.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed25519.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed448.pem:
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/rsa.pem:
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p>
+Example (all keys and certificates in a single file):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/chains.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/chains.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="smtp_tls_cipherlist">smtp_tls_cipherlist</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client DSA certificate in PEM format.
-This file may also contain the Postfix SMTP client private DSA key. </p>
+This file may also contain the Postfix SMTP client private DSA key.
+The DSA algorithm is obsolete and should not be used. </p>
<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
</p>
<p> File with the Postfix SMTP client DSA private key in PEM format.
This file may be combined with the Postfix SMTP client DSA certificate
-file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. </p>
+file specified with $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>. The DSA algorithm is obsolete
+and should not be used. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP client ECDSA certificate in PEM format.
-This file may also contain the Postfix SMTP client ECDSA private key. </p>
+This file may also contain the Postfix SMTP client ECDSA private key.
+With Postfix ≥ 3.4 the preferred way to configure client keys and
+certificates is via the "<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
<p> See the discussion under <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for more details.
</p>
(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD>
<p> File with the Postfix SMTP client ECDSA private key in PEM format.
-This file may be combined with the Postfix SMTP client ECDSA
-certificate file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. </p>
+This file may be combined with the Postfix SMTP client ECDSA certificate
+file specified with $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>. With Postfix ≥ 3.4 the
+preferred way to configure client keys and certificates is via the
+"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
<p> File with the Postfix SMTP client RSA private key in PEM format.
This file may be combined with the Postfix SMTP client RSA certificate
-file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. </p>
+file specified with $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>. With Postfix ≥ 3.4 the
+preferred way to configure client keys and certificates is via the
+"<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
<p> This feature is available in Postfix 2.3 and later. </p>
+</DD>
+
+<DT><b><a name="smtp_tls_servername">smtp_tls_servername</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension. The SNI extension is always on when
+DANE is used to authenticate the server, and in that case the SNI name
+sent is the one required by <a href="http://tools.ietf.org/html/rfc7672">RFC7672</a> and this parameter is ignored. </p>
+
+<p> Some SMTP servers use the received SNI name to select an appropriate
+certificate chain to present to the client. While this may improve
+interoperability with such servers, it may reduce interoperability with
+other servers that choose to abort the connection when they don't have a
+certificate chain configured for the requested name. Such servers
+should select a default certificate chain and continue the handshake,
+but some may not. Therefore, absent DANE, no SNI name is sent by
+default. </p>
+
+<p> The SNI name must be either a valid DNS hostname, or else one of the
+special values <b>hostname</b> or <b>nexthop</b>, which select either the
+remote hostname or the nexthop domain respectively. DNS names for SNI must be
+in A-label (punycode) form. Invalid DNS names log a configuration error
+warning and mail delivery is deferred. </p>
+
+<p> Except when using a <a href="postconf.5.html#relayhost">relayhost</a> to forward all email, the only
+sensible non-empty <a href="postconf.5.html">main.cf</a> setting for this parameter is
+<b>hostname</b>. Other non-empty values are only practical on a
+per-destination basis via the <b>servername</b> attribute of the Postfix
+TLS <a href="TLS_README.html#client_tls_policy">policy table</a>. When
+in doubt, leave this parameter empty, and configure per-destination SNI
+as needed. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="smtp_tls_session_cache_database">smtp_tls_session_cache_database</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server RSA certificate in PEM format.
-This file may also contain the Postfix SMTP server private RSA key. </p>
+This file may also contain the Postfix SMTP server private RSA key.
+With Postfix ≥ 3.4 the preferred way to configure server keys and
+certificates is via the "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
similar software, it will still insist on a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
-2.3 supports configurations with no certificates. This entails the
-use of just the anonymous TLS ciphers, which are not supported by
-typical SMTP clients. Since such clients will not, as a rule, fall
-back to plain text after a TLS handshake failure, the server will
-be unable to receive email from TLS enabled clients. To avoid
-accidental configurations with no certificates, Postfix 2.3 enables
-certificate-less operation only when the administrator explicitly
-sets "<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix
-configurations will not accidentally run with no certificates. </p>
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate-less Postfix SMTP server will be unable
+to receive email from some TLS-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate-less
+operation only when the administrator explicitly sets
+"<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates. </p>
+
+<p> Note that server certificates are not optional in TLS 1.3. To run
+without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>" and perhaps also
+"<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not
+recommended. <p>
<p> Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
<p> If you also want to verify client certificates issued by these
CAs, you can add the CA certificates to the <a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>, in which
-case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> or
-<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
+case it is not necessary to have them in the <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>,
+<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> (obsolete) or <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p>
<p> A certificate supplied here must be usable as an SSL server certificate
and hence pass the "openssl verify -purpose sslserver ..." test. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
+</DD>
+
+<DT><b><a name="smtpd_tls_chain_files">smtpd_tls_chain_files</a>
+(default: empty)</b></DT><DD>
+
+<p> List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm-specific key and certificate file settings. When this
+parameter is non-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non-empty. </p>
+
+<p> With the proliferation of multiple private key algorithms—which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448—it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+
+<p> Each key must appear <b>immediately before</b> the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: <i>key1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p>
+
+<p> Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key. </p>
+
+<p> The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or an configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve. </p>
+
+<p> RSA is still the most widely supported algorithm. Presently (late
+2018), ECDSA support is common, but not yet universal, and Ed25519 and
+Ed448 support is mostly absent. Therefore, an RSA key should generally
+be configured, along with any additional keys for the other algorithms
+when desired. </p>
+
+<p>
+Example (separate files for each key and corresponding certificate chain):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> =
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed25519.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/ed448.pem,
+ ${<a href="postconf.5.html#config_directory">config_directory</a>}/rsa.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed25519.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed448.pem:
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/rsa.pem:
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p>
+Example (all keys and certificates in a single file):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> = ${<a href="postconf.5.html#config_directory">config_directory</a>}/chains.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/chains.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="smtpd_tls_cipherlist">smtpd_tls_cipherlist</a>
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server DSA certificate in PEM format.
-This file may also contain the Postfix SMTP server private DSA key. </p>
+This file may also contain the Postfix SMTP server private DSA key.
+The DSA algorithm is obsolete and should not be used. </p>
<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details.
</p>
<p> File with the Postfix SMTP server DSA private key in PEM format.
This file may be combined with the Postfix SMTP server DSA certificate
-file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. </p>
+file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. The DSA algorithm is obsolete
+and should not be used. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
(default: empty)</b></DT><DD>
<p> File with the Postfix SMTP server ECDSA certificate in PEM format.
-This file may also contain the Postfix SMTP server private ECDSA key. </p>
+This file may also contain the Postfix SMTP server private ECDSA key.
+With Postfix ≥ 3.4 the preferred way to configure server keys and
+certificates is via the "<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
<p> See the discussion under <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for more details. </p>
<p> File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
-file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. </p>
+file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. With Postfix ≥ 3.4 the
+preferred way to configure server keys and certificates is via the
+"<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
<p> File with the Postfix SMTP server RSA private key in PEM format.
This file may be combined with the Postfix SMTP server RSA certificate
-file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. </p>
+file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. With Postfix ≥ 3.4 the
+preferred way to configure server keys and certificates is via the
+"<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
<p> This feature is available in Postfix 2.2 and later. </p>
+</DD>
+
+<DT><b><a name="tls_server_sni_maps">tls_server_sni_maps</a>
+(default: empty)</b></DT><DD>
+
+<p> Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains. This parameter is implemented
+in the Postfix TLS library, and applies to both <a href="smtpd.8.html">smtpd(8)</a> and the SMTP
+server mode of <a href="tlsproxy.8.html">tlsproxy(8)</a>. </p>
+
+<p> The lookup key is either the verbatim SNI domain name or a an
+ancestor domain prefixed with a leading dot. For internationalized
+domains, the lookup key must be in IDNA 2008 A-label form (as
+required in the TLS SNI extension). </p>
+
+<p> The mapping from an SNI domain name to a certificate chain is
+typically indirect. In the input source files for "cdb", "hash",
+"btree" or other tables that are converted to on-disk indexed files
+via <a href="postmap.1.html">postmap(1)</a>, the value specified for each key is a list of
+filenames. When <a href="postmap.1.html">postmap(1)</a> is used with the <b>-F</b> option, the
+generated table stores for each lookup key the base64-encoded
+contents of the associated files. When querying tables via <b>postmap
+-Fq</b>, the table value is decoded from base64, yielding the original
+file content, plus a new line. </p>
+
+<p> With "regexp", "pcre", "inline", "texthash", "static" and similar
+tables that are interpreted at run-time, and don't have a separate
+source format, the table value is again a list files, that are read-in
+when the table is opened. </p>
+
+<p> Thus, for example: </p>
+
+<blockquote>
+<pre>
+$ postmap -Fq "" <a href="DATABASE_README.html#types">static</a>:/etc/postfix/chain.pem | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+</pre>
+</blockquote>
+
+<p> produces the same output as: </p>
+
+<blockquote>
+<pre>
+$ (cat /etc/postfix/chain.pem; echo) | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+</pre>
+</blockquote>
+
+<p> With tables whose content is managed outside of Postfix, such
+as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a
+concatenation of the desired PEM keys and certificate chains, that
+is then further encoded to yield a single-line base64 string.
+Creation of such tables and secure storage are outside the
+responsibility of Postfix. With "socketmap" and "tcp" the data
+would be transmitted in the clear. With LDAP and SQL, you should
+generally use TLS to protect the sensitive data in transit. </p>
+
+<p> Typically there is only private key and its chain of certificates
+starting with the "leaf" certificate corresponding to that key, and
+continuing with the appropriate intermediate issuer CA certificates,
+with each certificate ideally followed by its issuer. Servers
+that have keys and certificates for more than one algorithm (e.g.
+both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519)
+can use multiple chains concatenated together, with the key always
+listed before the corresponding certificates. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="tls_session_ticket_cipher">tls_session_ticket_cipher</a>
(default: $<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client RSA certificate in PEM
-format. See <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for further details. </p>
+format. See <a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
+</DD>
+
+<DT><b><a name="tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>
+(default: $<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>)</b></DT><DD>
+
+<p> Files with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client keys and certificate
+chains in PEM format. See <a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> for further details. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
(default: $<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client DSA certificate in PEM
-format. See <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> for further details. </p>
+format. See <a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> for further details. DSA is obsolete and
+should not be used. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
(default: $<a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client DSA private key in PEM
-format. See <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> for further details. </p>
+format. See <a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> for further details. DSA is obsolete and
+should not be used. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
<DT><b><a name="tlsproxy_client_eccert_file">tlsproxy_client_eccert_file</a>
(default: $<a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a>)</b></DT><DD>
-<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA certificate in
-PEM format. See <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> for further details. </p>
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA certificate in PEM
+format. See <a href="postconf.5.html#smtp_tls_eccert_file">smtp_tls_eccert_file</a> for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
<DT><b><a name="tlsproxy_client_eckey_file">tlsproxy_client_eckey_file</a>
(default: $<a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a>)</b></DT><DD>
-<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA private key in
-PEM format. See <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> for further details. </p>
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client ECDSA private key in PEM
+format. See <a href="postconf.5.html#smtp_tls_eckey_file">smtp_tls_eckey_file</a> for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
(default: $<a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> client RSA private key in PEM
-format. See <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> for further details. </p>
+format. See <a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> for further details. The preferred way to
+configure tlsproxy client keys and certificates is via the
+"<a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA certificate in PEM
format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
-private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. </p>
+private RSA key. See <a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a> for further details. With
+Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
+</DD>
+
+<DT><b><a name="tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>
+(default: $<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>)</b></DT><DD>
+
+<p> Files with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server keys and certificate
+chains in PEM format. See <a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+
</DD>
<DT><b><a name="tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA certificate in PEM
format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
-private DSA key. See <a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details.
-</p>
+private DSA key. DSA is obsolete and should not be used. See
+<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a> for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
(default: $<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server DSA private key in PEM
-format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
-server DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>.
-See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further details. </p>
+format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+DSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>. DSA is
+obsolete and should not be used. See <a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a> for further
+details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
<DT><b><a name="tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b></DT><DD>
-<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in
-PEM format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
-server private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further
-details. </p>
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA certificate in PEM
+format. This file may also contain the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+private ECDSA key. See <a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a> for further details. With
+Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
<DT><b><a name="tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a>
(default: $<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b></DT><DD>
-<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in
-PEM format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
-server ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>.
-See <a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. </p>
+<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server ECDSA private key in PEM
+format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+ECDSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>. See
+<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a> for further details. With Postfix ≥ 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
(default: $<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b></DT><DD>
<p> File with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server RSA private key in PEM
-format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a>
-server RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>.
-See <a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. </p>
+format. This file may be combined with the Postfix <a href="tlsproxy.8.html">tlsproxy(8)</a> server
+RSA certificate file specified with $<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>. See
+<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a> for further details. With Postfix ≥ 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "<a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a>" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
(default: $<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b></DT><DD>
<p> The Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a>
-fails due to an temporary error condition. Specify "defer" to defer
+fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
The hostname lookup methods used for the connection. See the
documentation of <a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> for syntax and semantics.
+ <b>-H</b> <i>chainfiles</i> (default: <i>none</i>)
+ List of files with a sequence PEM-encoded TLS client certificate
+ chains. The list can be built-up incrementally, by specifying
+ the option multiple times, or all at once via a comma or white-
+ space separated list of filenames. Each chain starts with a
+ private key, which is followed immediately by the corresponding
+ certificate, and optionally by additional issuer certificates.
+ Each new key begins a new chain for the corresponding algorithm.
+ This option is mutually exclusive with the below <b>-k</b> and <b>-K</b>
+ options.
+
<b>-k</b> <i>certfile</i> (default: <i>keyfile</i>)
File with PEM-encoded TLS client certificate chain. This
defaults to <i>keyfile</i> if one is specified.
the <b>-m</b> option. By default reconnection is disabled, specify a
positive delay to enable this behavior.
+ <b>-s</b> <i>servername</i>
+ The server name to send with the TLS Server Name Indication
+ (SNI) extension. When the server has DANE TLSA records, this
+ parameter is ignored and the TLSA base domain is used instead.
+ Otherwise, SNI is not used by default, but can be enabled by
+ specifying the desired value with this option.
+
<b>-S</b> Disable SMTP; that is, connect to an LMTP server. The default
port for LMTP over TCP is 24. Alternative ports can specified
by appending "<i>:servicename</i>" or ":<i>portnumber</i>" to the destination
line endings from <CR><LF> into UNIX format (<LF>).
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to trouble shoot a Postfix
+ The <a href="DEBUG_README.html">DEBUG_README</a> file gives examples of how to troubleshoot a Postfix
system.
<b><a href="postconf.5.html#debugger_command">debugger_command</a> (empty)</b>
<b><a href="postconf.5.html#smtp_tls_connection_reuse">smtp_tls_connection_reuse</a> (no)</b>
Try to make multiple deliveries per TLS-encrypted connection.
+ <b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
+ List of one or more PEM files, each holding one or more private
+ keys directly followed by a corresponding certificate chain.
+
+ <b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
+ Optional name to send to the remote SMTP server in the TLS
+ Server Name Indication (SNI) extension.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
The following configuration parameters exist for compatibility with
Postfix versions before 2.3. Support for these will be removed in a
The prioritized list of elliptic curves supported by the Postfix
SMTP client and server.
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a> (empty)</b>
+ List of one or more PEM files, each holding one or more private
+ keys directly followed by a corresponding certificate chain.
+
+ <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b>
+ Optional lookup tables that map names received from remote SMTP
+ clients via the TLS Server Name Indication (SNI) extension to
+ the appropriate keys and certificate chains.
+
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> (no)</b>
- Opportunistic TLS: announce STARTTLS support to remote SMTP
+ Opportunistic TLS: announce STARTTLS support to remote SMTP
clients, but do not require that clients use TLS encryption.
<b><a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a> (no)</b>
and require that clients use TLS encryption.
<b><a href="postconf.5.html#smtpd_tls_cipherlist">smtpd_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
cipher list.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#strict_smtputf8">strict_smtputf8</a> (no)</b>
Enable stricter enforcement of the SMTPUTF8 protocol.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>VERP SUPPORT CONTROLS</b>
- With VERP style delivery, each recipient of a message receives a cus-
- tomized copy of the message with his/her own recipient address encoded
+ With VERP style delivery, each recipient of a message receives a cus-
+ tomized copy of the message with his/her own recipient address encoded
in the envelope sender address. The <a href="VERP_README.html">VERP_README</a> file describes config-
- uration and operation details of Postfix support for variable envelope
- return path addresses. VERP style delivery is requested with the SMTP
- XVERP command or with the "sendmail -V" command-line option and is
+ uration and operation details of Postfix support for variable envelope
+ return path addresses. VERP style delivery is requested with the SMTP
+ XVERP command or with the "sendmail -V" command-line option and is
available in Postfix version 1.1 and later.
<b><a href="postconf.5.html#default_verp_delimiters">default_verp_delimiters</a> (+=)</b>
The two default VERP delimiter characters.
<b><a href="postconf.5.html#verp_delimiter_filter">verp_delimiter_filter</a> (-=+)</b>
- The characters Postfix accepts as VERP delimiter characters on
+ The characters Postfix accepts as VERP delimiter characters on
the Postfix <a href="sendmail.1.html"><b>sendmail</b>(1)</a> command line and in SMTP commands.
Available in Postfix version 1.1 and 2.0:
<b><a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- What remote SMTP clients are allowed to specify the XVERP com-
+ What remote SMTP clients are allowed to specify the XVERP com-
mand.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> ($<a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a>)</b>
- What remote SMTP clients are allowed to specify the XVERP com-
+ What remote SMTP clients are allowed to specify the XVERP com-
mand.
<b>TROUBLE SHOOTING CONTROLS</b>
- The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
- mail system. The methods vary from making the software log a lot of
+ The <a href="DEBUG_README.html">DEBUG_README</a> document describes how to debug parts of the Postfix
+ mail system. The methods vary from making the software log a lot of
detail, to running some daemon processes under control of a call tracer
or debugger.
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
+ The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
+ Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
The list of error classes that are reported to the postmaster.
<b><a href="postconf.5.html#smtpd_reject_footer">smtpd_reject_footer</a> (empty)</b>
- Optional information that is appended after each Postfix SMTP
+ Optional information that is appended after each Postfix SMTP
server 4XX or 5XX response.
<b><a href="postconf.5.html#soft_bounce">soft_bounce</a> (no)</b>
- Safety net to keep mail queued that would otherwise be returned
+ Safety net to keep mail queued that would otherwise be returned
to the sender.
Available in Postfix version 2.1 and later:
Available in Postfix version 2.10 and later:
<b><a href="postconf.5.html#smtpd_log_access_permit_actions">smtpd_log_access_permit_actions</a> (empty)</b>
- Enable logging of the named "permit" actions in SMTP server
- access lists (by default, the SMTP server logs "reject" actions
+ Enable logging of the named "permit" actions in SMTP server
+ access lists (by default, the SMTP server logs "reject" actions
but not "permit" actions).
<b>KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS</b>
- As of Postfix version 2.0, the SMTP server rejects mail for unknown
+ As of Postfix version 2.0, the SMTP server rejects mail for unknown
recipients. This prevents the mail queue from clogging up with undeliv-
- erable MAILER-DAEMON messages. Additional information on this topic is
+ erable MAILER-DAEMON messages. Additional information on this topic is
in the <a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a> and <a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a> documents.
<b><a href="postconf.5.html#show_user_unknown_table_name">show_user_unknown_table_name</a> (yes)</b>
- Display the name of the recipient table in the "User unknown"
+ Display the name of the recipient table in the "User unknown"
responses.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for message headers and
+ Optional address mapping lookup tables for message headers and
envelopes.
<b><a href="postconf.5.html#recipient_canonical_maps">recipient_canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for envelope and header
+ Optional address mapping lookup tables for envelope and header
recipient addresses.
<b><a href="postconf.5.html#sender_canonical_maps">sender_canonical_maps</a> (empty)</b>
- Optional address mapping lookup tables for envelope and header
+ Optional address mapping lookup tables for envelope and header
sender addresses.
Parameters concerning known/unknown local recipients:
<b><a href="postconf.5.html#mydestination">mydestination</a> ($<a href="postconf.5.html#myhostname">myhostname</a>, localhost.$<a href="postconf.5.html#mydomain">mydomain</a>, localhost)</b>
- The
list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
+ The
list of domains that are delivered via the $<a href="postconf.5.html#local_transport">local_transport</a>
mail delivery transport.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail system receives
+ The network interface addresses that this mail system receives
mail on.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The network interface addresses that this mail system receives
+ The network interface addresses that this mail system receives
mail on by way of a proxy or network address translation unit.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname $<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
Lookup tables with all names or addresses of local recipients: a
- recipient
address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
+ recipient
address is local when its domain matches $<a href="postconf.5.html#mydestination">mydestina</a>-
<a href="postconf.5.html#mydestination">tion</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or $<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code when a recipient
- address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
+ address is local, and $<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of
lookup tables that does not match the recipient.
Parameters concerning known/unknown recipients of relay destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> (Postfix</b> ><b>= 3.0: empty, Postfix</b> < <b>3.0: $<a href="postconf.5.html#mydestination">mydestination</a>)</b>
- What destination domains (and subdomains thereof) this system
+ What destination domains (and subdomains thereof) this system
will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in the domains
+ Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
- The numerical Postfix SMTP server reply code when a recipient
- address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
- fies a list of lookup tables that does not match the recipient
+ The numerical Postfix SMTP server reply code when a recipient
+ address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and <a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
address.
- Parameters concerning known/unknown recipients in virtual alias
+ Parameters concerning known/unknown recipients in virtual alias
domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
- Postfix is final destination for the specified list of virtual
- alias domains, that is, domains for which all addresses are
+ Postfix is final destination for the specified list of virtual
+ alias domains, that is, domains for which all addresses are
aliased to addresses in other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
- Optional lookup tables that alias specific mail addresses or
+ Optional lookup tables that alias specific mail addresses or
domains to other local or remote address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
- The Postfix SMTP server reply code when a recipient address
- matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
- fies a list of lookup tables that does not match the recipient
+ The Postfix SMTP server reply code when a recipient address
+ matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> speci-
+ fies a list of lookup tables that does not match the recipient
address.
Parameters concerning known/unknown recipients in virtual mailbox
domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
- Postfix is final destination for the specified list of domains;
- mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery
+ Postfix is final destination for the specified list of domains;
+ mail is delivered via the $<a href="postconf.5.html#virtual_transport">virtual_transport</a> mail delivery
transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
- Optional lookup tables with all valid addresses in the domains
+ Optional lookup tables with all valid addresses in the domains
that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
- The Postfix SMTP server reply code when a recipient address
- matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
+ The Postfix SMTP server reply code when a recipient address
+ matches
$<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>
specifies a list of lookup tables that does not match the recip-
ient address.
control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces of at most
+ Upon input, long lines are chopped up into pieces of at most
this length; upon delivery, long lines are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
tem that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
- The maximal size in bytes of a message, including envelope
+ The maximal size in bytes of a message, including envelope
information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
- The maximal number of recipients that the Postfix SMTP server
+ The maximal number of recipients that the Postfix SMTP server
accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (normal: 300s, overload: 10s)</b>
- The time limit for sending a Postfix SMTP server response and
+ The time limit for sending a Postfix SMTP server response and
for receiving a remote SMTP client request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
- The maximal number of lines in the Postfix SMTP server command
- history before it is flushed upon receipt of EHLO, RSET, or end
+ The maximal number of lines in the Postfix SMTP server command
+ history before it is flushed upon receipt of EHLO, RSET, or end
of DATA.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_peername_lookup">smtpd_peername_lookup</a> (yes)</b>
- Attempt to look up the remote SMTP client hostname, and verify
+ Attempt to look up the remote SMTP client hostname, and verify
that the name matches the client IP address.
The per SMTP client connection count and request rate limits are imple-
- mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
+ mented in co-operation with the <a href="anvil.8.html"><b>anvil</b>(8)</a> service, and are available in
Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
- How many simultaneous connections any client is allowed to make
+ How many simultaneous connections any client is allowed to make
to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
- The maximal number of connection attempts any client is allowed
+ The maximal number of connection attempts any client is allowed
to make to this service per time unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
- The maximal number of message delivery requests that any client
- is allowed to make to this service per time unit, regardless of
+ The maximal number of message delivery requests that any client
+ is allowed to make to this service per time unit, regardless of
whether or not Postfix actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
- The maximal number of recipient addresses that any client is
- allowed to send to this service per time unit, regardless of
+ The maximal number of recipient addresses that any client is
+ allowed to send to this service per time unit, regardless of
whether or not Postfix actually accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
- Clients that are excluded from smtpd_client_*_count/rate_limit
+ Clients that are excluded from smtpd_client_*_count/rate_limit
restrictions.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#smtpd_client_new_tls_session_rate_limit">smtpd_client_new_tls_session_rate_limit</a> (0)</b>
- The maximal number of new (i.e., uncached) TLS sessions that a
+ The maximal number of new (i.e., uncached) TLS sessions that a
remote SMTP client is allowed to negotiate with this service per
time unit.
<b><a href="postconf.5.html#smtpd_per_record_deadline">smtpd_per_record_deadline</a> (normal: no, overload: yes)</b>
Change the behavior of the <a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> and <a href="postconf.5.html#smtpd_starttls_timeout">smtpd_start</a>-
- <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
- system call, to a time limit to send or receive a complete
- record (an SMTP command line, SMTP response line, SMTP message
+ <a href="postconf.5.html#smtpd_starttls_timeout">tls_timeout</a> time limits, from a time limit per read or write
+ system call, to a time limit to send or receive a complete
+ record (an SMTP command line, SMTP response line, SMTP message
content line, or TLS protocol message).
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (0)</b>
- The maximal number of AUTH commands that any client is allowed
- to send to this service per time unit, regardless of whether or
+ The maximal number of AUTH commands that any client is allowed
+ to send to this service per time unit, regardless of whether or
not Postfix actually accepts those commands.
<b>TARPIT CONTROLS</b>
- When a remote SMTP client makes errors, the Postfix SMTP server can
- insert delays before responding. This can help to slow down run-away
- software. The behavior is controlled by an error counter that counts
+ When a remote SMTP client makes errors, the Postfix SMTP server can
+ insert delays before responding. This can help to slow down run-away
+ software. The behavior is controlled by an error counter that counts
the number of errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
- With Postfix version 2.1 and later: the SMTP server response
- delay
after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
- errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
+ With Postfix version 2.1 and later: the SMTP server response
+ delay
after a client has made more than $<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a>
+ errors, and fewer than $<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without
delivering mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
- The number of errors a remote SMTP client is allowed to make
- without delivering mail before the Postfix SMTP server slows
+ The number of errors a remote SMTP client is allowed to make
+ without delivering mail before the Postfix SMTP server slows
down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (normal: 20, overload: 1)</b>
- The maximal number of errors a remote SMTP client is allowed to
+ The maximal number of errors a remote SMTP client is allowed to
make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (normal: 100, overload: 1)</b>
- The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
- remote SMTP client can send before the Postfix SMTP server
+ The number of junk commands (NOOP, VRFY, ETRN or RSET) that a
+ remote SMTP client can send before the Postfix SMTP server
starts to increment the error counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
- The number of recipients that a remote SMTP client can send in
+ The number of recipients that a remote SMTP client can send in
excess of the limit specified with $<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>,
- before the Postfix SMTP server increments the per-session error
+ before the Postfix SMTP server increments the per-session error
count for each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
- As of version 2.1, Postfix can be configured to delegate access policy
- decisions to an external server that runs outside Postfix. See the
+ As of version 2.1, Postfix can be configured to delegate access policy
+ decisions to an external server that runs outside Postfix. See the
file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
- The time after which an idle SMTPD policy service connection is
+ The time after which an idle SMTPD policy service connection is
closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
- The time after which an active SMTPD policy service connection
+ The time after which an active SMTPD policy service connection
is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
- The time limit for connecting to, writing to, or receiving from
+ The time limit for connecting to, writing to, or receiving from
a delegated SMTPD policy server.
Available in Postfix version 3.0 and later:
The default action when an SMTPD policy service request fails.
<b><a href="postconf.5.html#smtpd_policy_service_request_limit">smtpd_policy_service_request_limit</a> (0)</b>
- The maximal number of requests per SMTPD policy service connec-
+ The maximal number of requests per SMTPD policy service connec-
tion, or zero (no limit).
<b><a href="postconf.5.html#smtpd_policy_service_try_limit">smtpd_policy_service_try_limit</a> (2)</b>
- The maximal number of attempts to send an SMTPD policy service
+ The maximal number of attempts to send an SMTPD policy service
request before giving up.
<b><a href="postconf.5.html#smtpd_policy_service_retry_delay">smtpd_policy_service_retry_delay</a> (1s)</b>
- The delay between attempts to resend a failed SMTPD policy ser-
+ The delay between attempts to resend a failed SMTPD policy ser-
vice request.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtpd_policy_service_policy_context">smtpd_policy_service_policy_context</a> (empty)</b>
- Optional information that the Postfix SMTP server specifies in
- the "policy_context" attribute of a policy service request
- (originally, to share the same service endpoint among multiple
+ Optional information that the Postfix SMTP server specifies in
+ the "policy_context" attribute of a policy service request
+ (originally, to share the same service endpoint among multiple
<a href="postconf.5.html#check_policy_service">check_policy_service</a> clients).
<b>ACCESS CONTROLS</b>
- The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
+ The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to all the SMTP
server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
- Wait until the RCPT TO command before evaluating
+ Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> and
$<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until the ETRN command
- before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
+ before evaluating $<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and
$<a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a>.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' output)</b>
- A list of Postfix features where the pattern "example.com" also
- matches subdomains of example.com, instead of requiring an
+ A list of Postfix features where the pattern "example.com" also
+ matches subdomains of example.com, instead of requiring an
explicit ".example.com" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
- Require that a remote SMTP client introduces itself with the
- HELO or EHLO command before sending the MAIL command or other
+ Require that a remote SMTP client introduces itself with the
+ HELO or EHLO command before sending the MAIL command or other
commands that require EHLO negotiation.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (see 'postconf -d' output)</b>
- Optional restrictions that the Postfix SMTP server applies in
- the context of a client RCPT TO command, after
+ Optional restrictions that the Postfix SMTP server applies in
+ the context of a client RCPT TO command, after
<a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a>.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
- Optional restrictions that the Postfix SMTP server applies in
+ Optional restrictions that the Postfix SMTP server applies in
the context of a client ETRN command.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
- Forward mail with sender-specified routing
- (user[@%!]remote[@%!]site) from untrusted clients to destina-
+ Forward mail with sender-specified routing
+ (user[@%!]remote[@%!]site) from untrusted clients to destina-
tions matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restrictions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b><><b>)</b>
- The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
+ The lookup key to be used in SMTP <a href="access.5.html"><b>access</b>(5)</a> tables instead of
the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
- Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
+ Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP access feature to
only domains whose primary MX hosts match the listed networks.
Available in Postfix version 2.0 and later:
applies in the context of the SMTP DATA command.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
- What characters are allowed in $name expansions of RBL reply
+ What characters are allowed in $name expansions of RBL reply
templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
- Request that the Postfix SMTP server rejects mail from unknown
- sender
addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
+ Request that the Postfix SMTP server rejects mail from unknown
+ sender
addresses, even when no explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a>
access restriction is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
- Request that the Postfix SMTP server rejects mail for unknown
- recipient addresses, even when no explicit
+ Request that the Postfix SMTP server rejects mail for unknown
+ recipient addresses, even when no explicit
<a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restriction is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_relay_restrictions">smtpd_relay_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>, <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>,</b>
<b><a href="postconf.5.html#defer_unauth_destination">defer_unauth_destination</a>)</b>
Access restrictions for mail relay control that the Postfix SMTP
- server applies in the context of the RCPT TO command, before
+ server applies in the context of the RCPT TO command, before
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
- Postfix version 2.1 introduces sender and recipient address verifica-
+ Postfix version 2.1 introduces sender and recipient address verifica-
tion. This feature is implemented by sending probe email messages that
are not actually delivered. This feature is requested via the
- <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
- restrictions. The status of verification probes is maintained by the
- <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
- mation about how to configure and operate the Postfix sender/recipient
+ <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
+ restrictions. The status of verification probes is maintained by the
+ <a href="verify.8.html"><b>verify</b>(8)</a> server. See the file <a href="ADDRESS_VERIFICATION_README.html">ADDRESS_VERIFICATION_README</a> for infor-
+ mation about how to configure and operate the Postfix sender/recipient
address verification service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (normal: 3, overload: 1)</b>
fication request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> ($<a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a>)</b>
- The sender address to use in address verification probes; prior
+ The sender address to use in address verification probes; prior
to Postfix 2.5 the default was "postmaster".
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
address is rejected by the <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response when a recipient
- address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
+ The numerical Postfix SMTP server response when a recipient
+ address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> restric-
tion.
Available in Postfix version 2.6 and later:
<b><a href="postconf.5.html#unverified_sender_defer_code">unverified_sender_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a sender
+ The numerical Postfix SMTP server response code when a sender
address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_defer_code">unverified_recipient_defer_code</a> (450)</b>
- The numerical Postfix SMTP server response when a recipient
+ The numerical Postfix SMTP server response when a recipient
address probe fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_sender_reject_reason">unverified_sender_reject_reason</a> (empty)</b>
<a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a>.
<b><a href="postconf.5.html#unverified_sender_tempfail_action">unverified_sender_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a>
fails due to a temporary error condition.
<b><a href="postconf.5.html#unverified_recipient_tempfail_action">unverified_recipient_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipi</a>-
<a href="postconf.5.html#reject_unverified_recipient">ent</a> fails due to a temporary error condition.
Available with Postfix 2.9 and later:
<b><a href="postconf.5.html#address_verify_sender_ttl">address_verify_sender_ttl</a> (0s)</b>
- The time between changes in the time-dependent portion of
+ The time between changes in the time-dependent portion of
address verification probe sender addresses.
<b>ACCESS CONTROL RESPONSES</b>
map "reject" action.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a remote
+ The numerical Postfix SMTP server response code when a remote
SMTP client request is rejected by the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
- The numerical Postfix SMTP server response code when the client
- HELO or EHLO command parameter is rejected by the
+ The numerical Postfix SMTP server response code when the client
+ HELO or EHLO command parameter is rejected by the
<a href="postconf.5.html#reject_invalid_helo_hostname">reject_invalid_helo_hostname</a> restriction.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a remote
- SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
+ The numerical Postfix SMTP server response code when a remote
+ SMTP
client request is blocked by the <a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>, <a href="postconf.5.html#reject_rhsbl_reverse_client">reject_rhsbl_reverse_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a> restriction.
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
- The numerical Postfix SMTP server reply code when a client
- request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
+ The numerical Postfix SMTP server reply code when a client
+ request
is rejected by the <a href="postconf.5.html#reject_non_fqdn_helo_hostname">reject_non_fqdn_helo_hostname</a>,
<a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or <a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#plaintext_reject_code">plaintext_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a request
+ The numerical Postfix SMTP server response code when a request
is rejected by the <b><a href="postconf.5.html#reject_plaintext_session">reject_plaintext_session</a></b> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a remote
+ The numerical Postfix SMTP server response code when a remote
SMTP client request is rejected by the "reject" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
- The numerical Postfix SMTP server response code when a client
- request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
+ The numerical Postfix SMTP server response code when a client
+ request is rejected by the <a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient
restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
a sender or recipient address because its domain is unknown.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when a client
- without valid address <=> name mapping is rejected by the
+ The numerical Postfix SMTP server response code when a client
+ without valid address <=> name mapping is rejected by the
<a href="postconf.5.html#reject_unknown_client_hostname">reject_unknown_client_hostname</a> restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
- The numerical Postfix SMTP server response code when the host-
- name specified with the HELO or EHLO command is rejected by the
+ The numerical Postfix SMTP server response code when the host-
+ name specified with the HELO or EHLO command is rejected by the
<a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_hostname</a> restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
- The default Postfix SMTP server response template for a request
+ The default Postfix SMTP server response template for a request
that is rejected by an RBL-based restriction.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
- The numerical Postfix SMTP server response code when a remote
- SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
+ The numerical Postfix SMTP server response code when a remote
+ SMTP
client request is blocked by the <a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipi</a>-
<a href="postconf.5.html#reject_multi_recipient_bounce">ent_bounce</a> restriction.
<b><a href="postconf.5.html#rbl_reply_maps">rbl_reply_maps</a> (empty)</b>
<b><a href="postconf.5.html#access_map_defer_code">access_map_defer_code</a> (450)</b>
The numerical Postfix SMTP server response code for an <a href="access.5.html"><b>access</b>(5)</a>
- map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
+ map "defer" action, including "<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>" or
"<a href="postconf.5.html#defer_if_reject">defer_if_reject</a>".
<b><a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a> (<a href="postconf.5.html#defer_if_permit">defer_if_permit</a>)</b>
- The Postfix SMTP server's action when a reject-type restriction
+ The Postfix SMTP server's action when a reject-type restriction
fails due to a temporary error condition.
<b><a href="postconf.5.html#unknown_helo_hostname_tempfail_action">unknown_helo_hostname_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
- <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to an temporary error condition.
+ The
Postfix SMTP server's action when <a href="postconf.5.html#reject_unknown_helo_hostname">reject_unknown_helo_host</a>-
+ <a href="postconf.5.html#reject_unknown_helo_hostname">name</a> fails due to a temporary error condition.
<b><a href="postconf.5.html#unknown_address_tempfail_action">unknown_address_tempfail_action</a> ($<a href="postconf.5.html#reject_tempfail_action">reject_tempfail_action</a>)</b>
- The Postfix SMTP server's action when
- <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
+ The Postfix SMTP server's action when
+ <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a>
or <a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a>
fail due to a temporary error condition.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative commands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
- The sender address of postmaster notifications that are gener-
+ The sender address of postmaster notifications that are gener-
ated by the mail system.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#mail_name">mail_name</a> (Postfix)</b>
- The mail system name that is displayed in Received: headers, in
+ The mail system name that is displayed in Received: headers, in
the SMTP greeting banner, and in bounced mail.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
- The UNIX system account that owns the Postfix queue and most
+ The UNIX system account that owns the Postfix queue and most
Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
- The list of "trusted" remote SMTP clients that have more privi-
+ The list of "trusted" remote SMTP clients that have more privi-
leges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The domain name that locally-posted mail appears to come from,
+ The domain name that locally-posted mail appears to come from,
and that locally posted mail is delivered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The location of the Postfix top-level queue directory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
- The set of characters that can separate a user name from its
- extension (example: user+foo), or a .forward file name from its
+ The set of characters that can separate a user name from its
+ extension (example: user+foo), or a .forward file name from its
extension (example: .forward+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
- The text that follows the 220 status code in the SMTP greeting
+ The text that follows the 220 status code in the SMTP greeting
banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
- List of commands that cause the Postfix SMTP server to immedi-
+ List of commands that cause the Postfix SMTP server to immedi-
ately terminate the session with a 221 code.
Available in Postfix version 2.5 and later:
Available in Postfix 3.4 and later:
<b><a href="postconf.5.html#smtpd_reject_footer_maps">smtpd_reject_footer_maps</a> (empty)</b>
- Lookup tables, indexed by the complete Postfix SMTP server 4xx
+ Lookup tables, indexed by the complete Postfix SMTP server 4xx
or 5xx response, with reject footer templates.
<b>SEE ALSO</b>
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a> ($<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>)</b>
+ Files with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server keys and certificate
+ chains in PEM format.
+
+ <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b>
+ Optional lookup tables that map names received from remote SMTP
+ clients via the TLS Server Name Indication (SNI) extension to
+ the appropriate keys and certificate chains.
+
<b>TLS CLIENT CONTROLS</b>
- These parameters are clones of SMTP client settings. They allow
+ These parameters are clones of SMTP client settings. They allow
<a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
- the SMTP client, before dropping privileges, so that the key files can
+ the SMTP client, before dropping privileges, so that the key files can
be kept read-only for root.
Available in Postfix version 3.4 and later:
<b><a href="postconf.5.html#tlsproxy_client_CAfile">tlsproxy_client_CAfile</a> ($<a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a>)</b>
- A file containing CA certificates of root CAs trusted to sign
- either remote TLS server certificates or intermediate CA cer-
+ A file containing CA certificates of root CAs trusted to sign
+ either remote TLS server certificates or intermediate CA cer-
tificates.
<b><a href="postconf.5.html#tlsproxy_client_CApath">tlsproxy_client_CApath</a> ($<a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a>)</b>
- Directory with PEM format Certification Authority certificates
- that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client uses to verify a remote TLS
+ Directory with PEM format Certification Authority certificates
+ that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client uses to verify a remote TLS
server certificate.
+ <b><a href="postconf.5.html#tlsproxy_client_chain_files">tlsproxy_client_chain_files</a> ($<a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a>)</b>
+ Files with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client keys and certificate
+ chains in PEM format.
+
<b><a href="postconf.5.html#tlsproxy_client_cert_file">tlsproxy_client_cert_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client RSA certificate in PEM
format.
# Non-production: needs thorough testing, or major changes are still
# needed before the code stabilizes.
-#CCARGS="$CCARGS -DNONPROD"
+CCARGS="$CCARGS -DNONPROD"
# Workaround: prepend Postfix include files before other include files.
CCARGS="-I. -I../../include $CCARGS"
.IP "\fB\-h \fIhost_lookup\fR (default: \fBdns\fR)"
The hostname lookup methods used for the connection. See the
documentation of smtp_host_lookup for syntax and semantics.
+.IP "\fB\-H \fIchainfiles\fR (default: \fInone\fR)\fR"
+List of files with a sequence PEM\-encoded TLS client certificate
+chains. The list can be built\-up incrementally, by specifying
+the option multiple times, or all at once via a comma or
+whitespace separated list of filenames. Each chain starts with
+a private key, which is followed immediately by the
+corresponding certificate, and optionally by additional issuer
+certificates. Each new key begins a new chain for the
+corresponding algorithm. This option is mutually exclusive with
+the below \fB\-k\fR and \fB\-K\fR options.
.IP "\fB\-k \fIcertfile\fR (default: \fIkeyfile\fR)\fR"
File with PEM\-encoded TLS client certificate chain. This
defaults to \fIkeyfile\fR if one is specified.
is encountered, up to 5 times or as specified with the \fB\-m\fR option.
By default reconnection is disabled, specify a positive delay to
enable this behavior.
+.IP "\fB\-s \fIservername\fR"
+The server name to send with the TLS Server Name Indication (SNI)
+extension. When the server has DANE TLSA records, this parameter
+is ignored and the TLSA base domain is used instead. Otherwise, SNI is
+not used by default, but can be enabled by specifying the desired value
+with this option.
.IP "\fB\-S\fR"
Disable SMTP; that is, connect to an LMTP server. The default port for
LMTP over TCP is 24. Alternative ports can specified by appending
.nf
.ad
.fi
-The DEBUG_README file gives examples of how to trouble shoot a
+The DEBUG_README file gives examples of how to troubleshoot a
Postfix system.
.IP "\fBdebugger_command (empty)\fR"
The external command to execute when a Postfix daemon program is
.PP
The only reason why the value of 2 is not the default is the way
this parameter affects the delivery of mailing\-list mail. In the
-worst case, their delivery can take somewhere between (cost+1/cost)
+worst case, delivery can take somewhere between (cost+1/cost)
and (cost/cost\-1) times more than if the preemptive scheduler was
disabled. The default value of 5 turns out to provide reasonable
message response times while making sure the mailing\-list deliveries
configuration parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_chain_files (default: empty)
+The LMTP\-specific version of the smtp_tls_chain_files configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.4 and later.
.SH lmtp_tls_ciphers (default: medium)
The LMTP\-specific version of the smtp_tls_ciphers configuration
parameter. See there for details.
parameter. See there for details.
.PP
This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_servername (default: empty)
+The LMTP\-specific version of the smtp_tls_servername configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 3.4 and later.
.SH lmtp_tls_session_cache_database (default: empty)
The LMTP\-specific version of the smtp_tls_session_cache_database
configuration parameter. See there for details.
.PP
If you can, avoid shell meta characters because they will force
Postfix to run an expensive shell process. If you're delivering
-via Procmail then running a shell won't make a noticeable difference
+via "procmail" then running a shell won't make a noticeable difference
in the total cost.
.PP
Note: if you use the mailbox_command feature to deliver mail
.ft R
.SH masquerade_exceptions (default: empty)
Optional list of user names that are not subjected to address
-masquerading, even when their address matches $masquerade_domains.
+masquerading, even when their addresses match $masquerade_domains.
.PP
By default, address masquerading makes no exceptions.
.PP
.ft C
/etc/postfix/main.cf:
postscreen_access_list = permit_mynetworks,
- cidr:/etc/postfix/postscreen_access.cidr
+ cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
.fi
.ad
This feature is available in Postfix 3.0 and later.
.SH show_user_unknown_table_name (default: yes)
Display the name of the recipient table in the "User unknown"
-responses. The extra detail makes trouble shooting easier but also
-reveals information that is nobody elses business.
+responses. The extra detail makes troubleshooting easier but also
+reveals information that is nobody else's business.
.PP
This feature is available in Postfix 2.0 and later.
.SH showq_service_name (default: showq)
present in the chroot jail if the \fBsmtp\fR(8) client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
-$smtp_tls_cert_file.
+$smtp_tls_cert_file (or, Postfix >= 3.4 $smtp_tls_chain_files).
.PP
Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
ONLY the system\-supplied default Certification Authority certificates.
This feature is available in Postfix 2.7.
.SH smtp_tls_cert_file (default: empty)
File with the Postfix SMTP client RSA certificate in PEM format.
-This file may also contain the Postfix SMTP client private RSA key,
-and these may be the same as the Postfix SMTP server RSA certificate and key
-file.
+This file may also contain the Postfix SMTP client private RSA key, and
+these may be the same as the Postfix SMTP server RSA certificate and key
+file. With Postfix >= 3.4 the preferred way to configure client keys
+and certificates is via the "smtp_tls_chain_files" parameter.
.PP
Do not configure client certificates unless you \fBmust\fR present
client TLS certificates to one or more servers. Client certificates are
.ft C
smtp_tls_cert_file =
smtp_tls_key_file =
-smtp_tls_dcert_file =
-smtp_tls_dkey_file =
smtp_tls_eccert_file =
smtp_tls_eckey_file =
+# Obsolete DSA parameters
+smtp_tls_dcert_file =
+smtp_tls_dkey_file =
+# Postfix >= 3.4 interface
+smtp_tls_chain_files =
.fi
.ad
.ft R
.PP
Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
-Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
-root_CA.pem > client.pem".
+As the "root" super\-user create the client.pem file with:
+.sp
+.in +4
+.nf
+.na
+.ft C
+# \fBumask 077\fR
+# \fBcat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem \fR
+.fi
+.ad
+.ft R
+.in -4
.PP
If you also want to verify remote SMTP server certificates issued by
these CAs, you can add the CA certificates to the smtp_tls_CAfile, in
which case it is not necessary to have them in the smtp_tls_cert_file,
-smtp_tls_dcert_file or smtp_tls_eccert_file.
+smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file.
.PP
A certificate supplied here must be usable as an SSL client certificate
and hence pass the "openssl verify \-purpose sslclient ..." test.
.nf
.na
.ft C
-smtp_tls_cert_file = /etc/postfix/client.pem
+smtp_tls_cert_file = /etc/postfix/chain.pem
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.2 and later.
+.SH smtp_tls_chain_files (default: empty)
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm\-specific key and certificate file settings. When this
+parameter is non\-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non\-empty.
+.PP
+With the proliferation of multiple private key algorithms-which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448-it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+.PP
+Each key must appear \fBimmediately before\fR the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: \fIkey1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR
+.PP
+Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key.
+.PP
+The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or an configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve.
+.PP
+Example (separate files for each key and corresponding certificate chain):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_tls_chain_files =
+ ${config_directory}/ed25519.pem,
+ ${config_directory}/ed448.pem,
+ ${config_directory}/rsa.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed25519.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed448.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/rsa.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example (all keys and certificates in a single file):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtp_tls_chain_files = ${config_directory}/chains.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/chains.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 3.4 and later.
.SH smtp_tls_cipherlist (default: empty)
Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list. As this feature applies to all TLS security levels, it is easy
.SH smtp_tls_dcert_file (default: empty)
File with the Postfix SMTP client DSA certificate in PEM format.
This file may also contain the Postfix SMTP client private DSA key.
+The DSA algorithm is obsolete and should not be used.
.PP
See the discussion under smtp_tls_cert_file for more details.
.PP
.SH smtp_tls_dkey_file (default: $smtp_tls_dcert_file)
File with the Postfix SMTP client DSA private key in PEM format.
This file may be combined with the Postfix SMTP client DSA certificate
-file specified with $smtp_tls_dcert_file.
+file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete
+and should not be used.
.PP
The private key must be accessible without a pass\-phrase, i.e. it
must not be encrypted. File permissions should grant read\-only
.SH smtp_tls_eccert_file (default: empty)
File with the Postfix SMTP client ECDSA certificate in PEM format.
This file may also contain the Postfix SMTP client ECDSA private key.
+With Postfix >= 3.4 the preferred way to configure client keys and
+certificates is via the "smtp_tls_chain_files" parameter.
.PP
See the discussion under smtp_tls_cert_file for more details.
.PP
compiled and linked with OpenSSL 1.0.0 or later.
.SH smtp_tls_eckey_file (default: $smtp_tls_eccert_file)
File with the Postfix SMTP client ECDSA private key in PEM format.
-This file may be combined with the Postfix SMTP client ECDSA
-certificate file specified with $smtp_tls_eccert_file.
+This file may be combined with the Postfix SMTP client ECDSA certificate
+file specified with $smtp_tls_eccert_file. With Postfix >= 3.4 the
+preferred way to configure client keys and certificates is via the
+"smtp_tls_chain_files" parameter.
.PP
The private key must be accessible without a pass\-phrase, i.e. it
must not be encrypted. File permissions should grant read\-only
.SH smtp_tls_key_file (default: $smtp_tls_cert_file)
File with the Postfix SMTP client RSA private key in PEM format.
This file may be combined with the Postfix SMTP client RSA certificate
-file specified with $smtp_tls_cert_file.
+file specified with $smtp_tls_cert_file. With Postfix >= 3.4 the
+preferred way to configure client keys and certificates is via the
+"smtp_tls_chain_files" parameter.
.PP
The private key must be accessible without a pass\-phrase, i.e. it
must not be encrypted. File permissions should grant read\-only
.ft R
.PP
This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_servername (default: empty)
+Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension. The SNI extension is always on when
+DANE is used to authenticate the server, and in that case the SNI name
+sent is the one required by RFC7672 and this parameter is ignored.
+.PP
+Some SMTP servers use the received SNI name to select an appropriate
+certificate chain to present to the client. While this may improve
+interoperability with such servers, it may reduce interoperability with
+other servers that choose to abort the connection when they don't have a
+certificate chain configured for the requested name. Such servers
+should select a default certificate chain and continue the handshake,
+but some may not. Therefore, absent DANE, no SNI name is sent by
+default.
+.PP
+The SNI name must be either a valid DNS hostname, or else one of the
+special values \fBhostname\fR or \fBnexthop\fR, which select either the
+remote hostname or the nexthop domain respectively. DNS names for SNI must be
+in A\-label (punycode) form. Invalid DNS names log a configuration error
+warning and mail delivery is deferred.
+.PP
+Except when using a relayhost to forward all email, the only
+sensible non\-empty main.cf setting for this parameter is
+\fBhostname\fR. Other non\-empty values are only practical on a
+per\-destination basis via the \fBservername\fR attribute of the Postfix
+TLS policy table. When
+in doubt, leave this parameter empty, and configure per\-destination SNI
+as needed.
+.PP
+This feature is available in Postfix 3.4 and later.
.SH smtp_tls_session_cache_database (default: empty)
Name of the file containing the optional Postfix SMTP client
TLS session cache. Specify a database type that supports enumeration,
.SH smtpd_tls_cert_file (default: empty)
File with the Postfix SMTP server RSA certificate in PEM format.
This file may also contain the Postfix SMTP server private RSA key.
+With Postfix >= 3.4 the preferred way to configure server keys and
+certificates is via the "smtpd_tls_chain_files" parameter.
.PP
Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
similar software, it will still insist on a server certificate.
.PP
For servers that are \fBnot\fR public Internet MX hosts, Postfix
-2.3 supports configurations with no certificates. This entails the
-use of just the anonymous TLS ciphers, which are not supported by
-typical SMTP clients. Since such clients will not, as a rule, fall
-back to plain text after a TLS handshake failure, the server will
-be unable to receive email from TLS enabled clients. To avoid
-accidental configurations with no certificates, Postfix 2.3 enables
-certificate\-less operation only when the administrator explicitly
-sets "smtpd_tls_cert_file = none". This ensures that new Postfix
-configurations will not accidentally run with no certificates.
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate\-less Postfix SMTP server will be unable
+to receive email from some TLS\-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate\-less
+operation only when the administrator explicitly sets
+"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates.
+.PP
+Note that server certificates are not optional in TLS 1.3. To run
+without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also
+"smtpd_tls_mandatory_protocols". It is simpler instead to just
+configure a certificate chain. Certificate\-less operation is not
+recommended.
.PP
Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
.PP
If you also want to verify client certificates issued by these
CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which
-case it is not necessary to have them in the smtpd_tls_cert_file or
-smtpd_tls_dcert_file.
+case it is not necessary to have them in the smtpd_tls_cert_file,
+smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file.
.PP
A certificate supplied here must be usable as an SSL server certificate
and hence pass the "openssl verify \-purpose sslserver ..." test.
.ft R
.PP
This feature is available in Postfix 2.2 and later.
+.SH smtpd_tls_chain_files (default: empty)
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm\-specific key and certificate file settings. When this
+parameter is non\-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non\-empty.
+.PP
+With the proliferation of multiple private key algorithms-which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448-it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+.PP
+Each key must appear \fBimmediately before\fR the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: \fIkey1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR
+.PP
+Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key.
+.PP
+The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or an configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve.
+.PP
+RSA is still the most widely supported algorithm. Presently (late
+2018), ECDSA support is common, but not yet universal, and Ed25519 and
+Ed448 support is mostly absent. Therefore, an RSA key should generally
+be configured, along with any additional keys for the other algorithms
+when desired.
+.PP
+Example (separate files for each key and corresponding certificate chain):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files =
+ ${config_directory}/ed25519.pem,
+ ${config_directory}/ed448.pem,
+ ${config_directory}/rsa.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed25519.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/ed448.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/rsa.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+Example (all keys and certificates in a single file):
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files = ${config_directory}/chains.pem
+.fi
+.ad
+.ft R
+.in -4
+.sp
+.in +4
+.nf
+.na
+.ft C
+/etc/postfix/chains.pem:
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+ \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\-
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ \-\-\-\-\-END PRIVATE KEY\-\-\-\-\-
+ \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ \-\-\-\-\-END CERTIFICATE\-\-\-\-\-
+.fi
+.ad
+.ft R
+.in -4
+.PP
+This feature is available in Postfix 3.4 and later.
.SH smtpd_tls_cipherlist (default: empty)
Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS
cipher list. It is easy to create interoperability problems by choosing
.SH smtpd_tls_dcert_file (default: empty)
File with the Postfix SMTP server DSA certificate in PEM format.
This file may also contain the Postfix SMTP server private DSA key.
+The DSA algorithm is obsolete and should not be used.
.PP
See the discussion under smtpd_tls_cert_file for more details.
.PP
.SH smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file)
File with the Postfix SMTP server DSA private key in PEM format.
This file may be combined with the Postfix SMTP server DSA certificate
-file specified with $smtpd_tls_dcert_file.
+file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete
+and should not be used.
.PP
The private key must be accessible without a pass\-phrase, i.e. it
must not be encrypted. File permissions should grant read\-only
.SH smtpd_tls_eccert_file (default: empty)
File with the Postfix SMTP server ECDSA certificate in PEM format.
This file may also contain the Postfix SMTP server private ECDSA key.
+With Postfix >= 3.4 the preferred way to configure server keys and
+certificates is via the "smtpd_tls_chain_files" parameter.
.PP
See the discussion under smtpd_tls_cert_file for more details.
.PP
.SH smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file)
File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
-file specified with $smtpd_tls_eccert_file.
+file specified with $smtpd_tls_eccert_file. With Postfix >= 3.4 the
+preferred way to configure server keys and certificates is via the
+"smtpd_tls_chain_files" parameter.
.PP
The private key must be accessible without a pass\-phrase, i.e. it
must not be encrypted. File permissions should grant read\-only
.SH smtpd_tls_key_file (default: $smtpd_tls_cert_file)
File with the Postfix SMTP server RSA private key in PEM format.
This file may be combined with the Postfix SMTP server RSA certificate
-file specified with $smtpd_tls_cert_file.
+file specified with $smtpd_tls_cert_file. With Postfix >= 3.4 the
+preferred way to configure server keys and certificates is via the
+"smtpd_tls_chain_files" parameter.
.PP
The private key must be accessible without a pass\-phrase, i.e. it
must not be encrypted. File permissions should grant read\-only
gives timeout errors.
.PP
This feature is available in Postfix 2.2 and later.
+.SH tls_server_sni_maps (default: empty)
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains. This parameter is implemented
+in the Postfix TLS library, and applies to both \fBsmtpd\fR(8) and the SMTP
+server mode of \fBtlsproxy\fR(8).
+.PP
+The lookup key is either the verbatim SNI domain name or a an
+ancestor domain prefixed with a leading dot. For internationalized
+domains, the lookup key must be in IDNA 2008 A\-label form (as
+required in the TLS SNI extension).
+.PP
+The mapping from an SNI domain name to a certificate chain is
+typically indirect. In the input source files for "cdb", "hash",
+"btree" or other tables that are converted to on\-disk indexed files
+via \fBpostmap\fR(1), the value specified for each key is a list of
+filenames. When \fBpostmap\fR(1) is used with the \fB\-F\fR option, the
+generated table stores for each lookup key the base64\-encoded
+contents of the associated files. When querying tables via \fBpostmap
+\-Fq\fR, the table value is decoded from base64, yielding the original
+file content, plus a new line.
+.PP
+With "regexp", "pcre", "inline", "texthash", "static" and similar
+tables that are interpreted at run\-time, and don't have a separate
+source format, the table value is again a list files, that are read\-in
+when the table is opened.
+.PP
+Thus, for example:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ postmap \-Fq "" static:/etc/postfix/chain.pem | openssl dgst \-sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+.fi
+.ad
+.ft R
+.in -4
+.PP
+produces the same output as:
+.sp
+.in +4
+.nf
+.na
+.ft C
+$ (cat /etc/postfix/chain.pem; echo) | openssl dgst \-sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+.fi
+.ad
+.ft R
+.in -4
+.PP
+With tables whose content is managed outside of Postfix, such
+as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a
+concatenation of the desired PEM keys and certificate chains, that
+is then further encoded to yield a single\-line base64 string.
+Creation of such tables and secure storage are outside the
+responsibility of Postfix. With "socketmap" and "tcp" the data
+would be transmitted in the clear. With LDAP and SQL, you should
+generally use TLS to protect the sensitive data in transit.
+.PP
+Typically there is only private key and its chain of certificates
+starting with the "leaf" certificate corresponding to that key, and
+continuing with the appropriate intermediate issuer CA certificates,
+with each certificate ideally followed by its issuer. Servers
+that have keys and certificates for more than one algorithm (e.g.
+both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519)
+can use multiple chains concatenated together, with the key always
+listed before the corresponding certificates.
+.PP
+This feature is available in Postfix 3.4 and later.
.SH tls_session_ticket_cipher (default: Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)
Algorithm used to encrypt RFC5077 TLS session tickets. This
algorithm must use CBC mode, have a 128\-bit block size, and must
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_cert_file (default: $smtp_tls_cert_file)
File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM
-format. See smtp_tls_cert_file for further details.
+format. See smtp_tls_cert_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
+.PP
+This feature is available in Postfix 3.4 and later.
+.SH tlsproxy_client_chain_files (default: $smtp_tls_chain_files)
+Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate
+chains in PEM format. See smtp_tls_chain_files for further details.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_dcert_file (default: $smtp_tls_dcert_file)
File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM
-format. See smtp_tls_dcert_file for further details.
+format. See smtp_tls_dcert_file for further details. DSA is obsolete and
+should not be used.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_dkey_file (default: $smtp_tls_dkey_file)
File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM
-format. See smtp_tls_dkey_file for further details.
+format. See smtp_tls_dkey_file for further details. DSA is obsolete and
+should not be used.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_eccert_file (default: $smtp_tls_eccert_file)
-File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in
-PEM format. See smtp_tls_eccert_file for further details.
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM
+format. See smtp_tls_eccert_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_eckey_file (default: $smtp_tls_eckey_file)
-File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in
-PEM format. See smtp_tls_eckey_file for further details.
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM
+format. See smtp_tls_eckey_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_enforce_tls (default: $smtp_enforce_tls)
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_key_file (default: $smtp_tls_key_file)
File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM
-format. See smtp_tls_key_file for further details.
+format. See smtp_tls_key_file for further details. The preferred way to
+configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter.
.PP
This feature is available in Postfix 3.4 and later.
.SH tlsproxy_client_loglevel (default: $smtp_tls_loglevel)
.SH tlsproxy_tls_cert_file (default: $smtpd_tls_cert_file)
File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM
format. This file may also contain the Postfix \fBtlsproxy\fR(8) server
-private RSA key. See smtpd_tls_cert_file for further details.
+private RSA key. See smtpd_tls_cert_file for further details. With
+Postfix >= 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "tlsproxy_tls_chain_files" parameter.
.PP
This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_tls_chain_files (default: $smtpd_tls_chain_files)
+Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
+chains in PEM format. See smtpd_tls_chain_files for further details.
+.PP
+This feature is available in Postfix 3.4 and later.
.SH tlsproxy_tls_ciphers (default: $smtpd_tls_ciphers)
The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server
will use with opportunistic TLS encryption. See smtpd_tls_ciphers
.SH tlsproxy_tls_dcert_file (default: $smtpd_tls_dcert_file)
File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM
format. This file may also contain the Postfix \fBtlsproxy\fR(8) server
-private DSA key. See smtpd_tls_dcert_file for further details.
+private DSA key. DSA is obsolete and should not be used. See
+smtpd_tls_dcert_file for further details.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_dh1024_param_file (default: $smtpd_tls_dh1024_param_file)
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_dkey_file (default: $smtpd_tls_dkey_file)
File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
-format. This file may be combined with the Postfix \fBtlsproxy\fR(8)
-server DSA certificate file specified with $smtpd_tls_dcert_file.
-See smtpd_tls_dkey_file for further details.
+format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server
+DSA certificate file specified with $smtpd_tls_dcert_file. DSA is
+obsolete and should not be used. See smtpd_tls_dkey_file for further
+details.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_eccert_file (default: $smtpd_tls_eccert_file)
-File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in
-PEM format. This file may also contain the Postfix \fBtlsproxy\fR(8)
-server private ECDSA key. See smtpd_tls_eccert_file for further
-details.
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM
+format. This file may also contain the Postfix \fBtlsproxy\fR(8) server
+private ECDSA key. See smtpd_tls_eccert_file for further details. With
+Postfix >= 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "tlsproxy_tls_chain_files" parameter.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_eckey_file (default: $smtpd_tls_eckey_file)
-File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in
-PEM format. This file may be combined with the Postfix \fBtlsproxy\fR(8)
-server ECDSA certificate file specified with $smtpd_tls_eccert_file.
-See smtpd_tls_eckey_file for further details.
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM
+format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server
+ECDSA certificate file specified with $smtpd_tls_eccert_file. See
+smtpd_tls_eckey_file for further details. With Postfix >= 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "tlsproxy_tls_chain_files" parameter.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_eecdh_grade (default: $smtpd_tls_eecdh_grade)
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_key_file (default: $smtpd_tls_key_file)
File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM
-format. This file may be combined with the Postfix \fBtlsproxy\fR(8)
-server RSA certificate file specified with $smtpd_tls_cert_file.
-See smtpd_tls_key_file for further details.
+format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server
+RSA certificate file specified with $smtpd_tls_cert_file. See
+smtpd_tls_key_file for further details. With Postfix >= 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "tlsproxy_tls_chain_files" parameter.
.PP
This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_loglevel (default: $smtpd_tls_loglevel)
Do not change this unless you have a complete understanding of RFC 5321.
.SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action)
The Postfix SMTP server's action when reject_unknown_helo_hostname
-fails due to an temporary error condition. Specify "defer" to defer
+fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"defer_if_permit" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
Available in Postfix version 3.4 and later:
.IP "\fBsmtp_tls_connection_reuse (no)\fR"
Try to make multiple deliveries per TLS\-encrypted connection.
+.IP "\fBsmtp_tls_chain_files (empty)\fR"
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain.
+.IP "\fBsmtp_tls_servername (empty)\fR"
+Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
The prioritized list of elliptic curves supported by the Postfix
SMTP client and server.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBsmtpd_tls_chain_files (empty)\fR"
+List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain.
+.IP "\fBtls_server_sni_maps (empty)\fR"
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains.
.SH "OBSOLETE STARTTLS CONTROLS"
.na
.nf
fails due to a temporary error condition.
.IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR"
The Postfix SMTP server's action when reject_unknown_helo_hostname
-fails due to an temporary error condition.
+fails due to a temporary error condition.
.IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR"
The Postfix SMTP server's action when reject_unknown_sender_domain
or reject_unknown_recipient_domain fail due to a temporary error
File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
format.
.IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR"
-File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in
-PEM format.
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM
+format.
.IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR"
-File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in
-PEM format.
+File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM
+format.
.IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR"
The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral
elliptic\-curve Diffie\-Hellman (EECDH) key exchange.
Available in Postfix version 2.11 and later:
.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR"
+Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
+chains in PEM format.
+.IP "\fBtls_server_sni_maps (empty)\fR"
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains.
.SH "TLS CLIENT CONTROLS"
.na
.nf
Directory with PEM format Certification Authority certificates
that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS
server certificate.
+.IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR"
+Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate
+chains in PEM format.
.IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR"
File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM
format.
File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM
format.
.IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR"
-File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in
-PEM format.
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM
+format.
.IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR"
-File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in
-PEM format.
+File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM
+format.
.IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR"
The message digest algorithm used to construct remote TLS server
certificate fingerprints.
s;\blmtp_tls_policy_maps\b;<a href="postconf.5.html#lmtp_tls_policy_maps">$&</a>;g;
s;\blmtp_tls_secure_cert_match\b;<a href="postconf.5.html#lmtp_tls_secure_cert_match">$&</a>;g;
s;\blmtp_tls_security_level\b;<a href="postconf.5.html#lmtp_tls_security_level">$&</a>;g;
+ s;\blmtp_tls_servername\b;<a href="postconf.5.html#lmtp_tls_servername">$&</a>;g;
s;\blmtp_tls_fingerprint_cert_match\b;<a href="postconf.5.html#lmtp_tls_fingerprint_cert_match">$&</a>;g;
s;\blmtp_tls_verify_cert_match\b;<a href="postconf.5.html#lmtp_tls_verify_cert_match">$&</a>;g;
s;\blmtp_tls_trust_anchor_file\b;<a href="postconf.5.html#lmtp_tls_trust_anchor_file">$&</a>;g;
s;\blmtp_tls_per_site\b;<a href="postconf.5.html#lmtp_tls_per_site">$&</a>;g;
+ s;\blmtp_tls_chain_files\b;<a href="postconf.5.html#lmtp_tls_chain_files">$&</a>;g;
s;\blmtp_tls_cert_file\b;<a href="postconf.5.html#lmtp_tls_cert_file">$&</a>;g;
s;\blmtp_tls_key_file\b;<a href="postconf.5.html#lmtp_tls_key_file">$&</a>;g;
s;\blmtp_tls_dcert_file\b;<a href="postconf.5.html#lmtp_tls_dcert_file">$&</a>;g;
s;\bsmtp_starttls_timeout\b;<a href="postconf.5.html#smtp_starttls_timeout">$&</a>;g;
s;\bsmtp_tls_CAfile\b;<a href="postconf.5.html#smtp_tls_CAfile">$&</a>;g;
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;
+ s;\bsmtp_tls_chain_files\b;<a href="postconf.5.html#smtp_tls_chain_files">$&</a>;g;
s;\bsmtp_tls_cert_file\b;<a href="postconf.5.html#smtp_tls_cert_file">$&</a>;g;
s;\bsmtp_tls_fingerprint_digest\b;<a href="postconf.5.html#smtp_tls_fingerprint_digest">$&</a>;g;
s;\bsmtp_tls_protocols\b;<a href="postconf.5.html#smtp_tls_protocols">$&</a>;g;
s;\bsmtp_tls_fingerprint_cert_match\b;<a href="postconf.5.html#smtp_tls_fingerprint_cert_match">$&</a>;g;
s;\bsmtp_tls_verify_cert_match\b;<a href="postconf.5.html#smtp_tls_verify_cert_match">$&</a>;g;
s;\bsmtp_tls_secure_cert_match\b;<a href="postconf.5.html#smtp_tls_secure_cert_match">$&</a>;g;
+ s;\bsmtp_tls_servername\b;<a href="postconf.5.html#smtp_tls_servername">$&</a>;g;
s;\bsmtp_tls_trust_anchor_file\b;<a href="postconf.5.html#smtp_tls_trust_anchor_file">$&</a>;g;
s;\bsmtp_tls_scert_verifydepth\b;<a href="postconf.5.html#smtp_tls_scert_verifydepth">$&</a>;g;
s;\bsmtp_tls_secu[-</Bb>]*\n* *[<Bb>]*rity_level\b;<a href="postconf.5.html#smtp_tls_security_level">$&</a>;g;
s;\bsmtpd_tls_ask_ccert\b;<a href="postconf.5.html#smtpd_tls_ask_ccert">$&</a>;g;
s;\bsmtpd_tls_auth_only\b;<a href="postconf.5.html#smtpd_tls_auth_only">$&</a>;g;
s;\bsmtpd_tls_ccert_verify[-</bB>]*\n*[ <bB>]*depth\b;<a href="postconf.5.html#smtpd_tls_ccert_verifydepth">$&</a>;g;
+ s;\bsmtpd_tls_chain_files\b;<a href="postconf.5.html#smtpd_tls_chain_files">$&</a>;g;
s;\bsmtpd_tls_cert_file\b;<a href="postconf.5.html#smtpd_tls_cert_file">$&</a>;g;
s;\bsmtpd_tls_cipherlist\b;<a href="postconf.5.html#smtpd_tls_cipherlist">$&</a>;g;
s;\bsmtpd_tls_exclude_ciphers\b;<a href="postconf.5.html#smtpd_tls_exclude_ciphers">$&</a>;g;
s;\btls_dane_digests\b;<a href="postconf.5.html#tls_dane_digests">$&</a>;g;
s;\btls_wildcard_matches_multiple_labels\b;<a href="postconf.5.html#tls_wildcard_matches_multiple_labels">$&</a>;g;
s;\btls_session_ticket_cipher\b;<a href="postconf.5.html#tls_session_ticket_cipher">$&</a>;g;
+ s;\btls_server_sni_maps\b;<a href="postconf.5.html#tls_server_sni_maps">$&</a>;g;
s;\btls_ssl_options\b;<a href="postconf.5.html#tls_ssl_options">$&</a>;g;
s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
s;\btlsproxy_tls_always_issue_session_ids\b;<a href="postconf.5.html#tlsproxy_tls_always_issue_session_ids">$&</a>;g;
s;\btlsproxy_tls_ask_ccert\b;<a href="postconf.5.html#tlsproxy_tls_ask_ccert">$&</a>;g;
s;\btlsproxy_tls_ccert_verifydepth\b;<a href="postconf.5.html#tlsproxy_tls_ccert_verifydepth">$&</a>;g;
+ s;\btlsproxy_tls_chain_files\b;<a href="postconf.5.html#tlsproxy_tls_chain_files">$&</a>;g;
s;\btlsproxy_tls_cert_file\b;<a href="postconf.5.html#tlsproxy_tls_cert_file">$&</a>;g;
s;\btlsproxy_tls_ciphers\b;<a href="postconf.5.html#tlsproxy_tls_ciphers">$&</a>;g;
s;\btlsproxy_tls_dcert_file\b;<a href="postconf.5.html#tlsproxy_tls_dcert_file">$&</a>;g;
s;\btlsproxy_client_CAfile\b;<a href="postconf.5.html#tlsproxy_client_CAfile">$&</a>;g;
s;\btlsproxy_client_CApath\b;<a href="postconf.5.html#tlsproxy_client_CApath">$&</a>;g;
+ s;\btlsproxy_client_chain_files\b;<a href="postconf.5.html#tlsproxy_client_chain_files">$&</a>;g;
s;\btlsproxy_client_cert_file\b;<a href="postconf.5.html#tlsproxy_client_cert_file">$&</a>;g;
s;\btlsproxy_client_dcert_file\b;<a href="postconf.5.html#tlsproxy_client_dcert_file">$&</a>;g;
s;\btlsproxy_client_dkey_file\b;<a href="postconf.5.html#tlsproxy_client_dkey_file">$&</a>;g;
require a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
-supports configurations with no certificates. This entails the
-use of just the anonymous TLS ciphers, which are not supported by
-typical SMTP clients. Since such clients will not, as a rule, fall
-back to plain text after a TLS handshake failure, a certificate-less
-Postfix SMTP server will
-be unable to receive email from most TLS enabled clients. To avoid
-accidental configurations with no certificates, Postfix enables
-certificate-less operation only when the administrator explicitly sets
-"smtpd_tls_cert_file = none". This ensures that new Postfix
-SMTP server configurations will not accidentally run with no
-certificates. </p>
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate-less Postfix SMTP server will be unable
+to receive email from some TLS-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate-less
+operation only when the administrator explicitly sets
+"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates. </p>
+
+<p> Note that server certificates are <b>not</b> optional in TLS 1.3. To
+run without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also
+"smtpd_tls_mandatory_protocols". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not
+recommended. <p>
<p> RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported.
Most sites only have RSA certificates. You can configure all three
a CA certificate, but it is expected that SHA256 will be by far the
most common digest for TLSA. </p>
-<p> As a best practice, publish either "3 0 1" or "3 1 1" TLSA
-associations that specify the SHA256 digest of the server certificate
-public key with the alias-expanded hostname of each STARTTLS capable
-SMTP server. These continue to work when a certificate is renewed
-with the same public/private key pair. </p>
+<p> As a best practice, publish "3 1 1" TLSA associations that specify
+the SHA256 digest of the server's public key. These continue to work
+unmodified when a certificate is renewed with the same public/private
+key pair. </p>
</ul>
<h4> Configuring the server certificate and key files </h4>
+<p> Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more
+chain files that start with a key that is immediately followed by the
+corresponding certificate and any additional issuer certificates. A
+single file can hold multiple <i>(key, cert, [chain])</i> sequences, one
+per algorithm. It is typically simpler to keep the chain for each
+algorithm in its own file. Most users are likely to deploy just a
+single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to
+five chains, one each for RSA, ECDSA, ED25519, ED448 and even the
+obsolete DSA. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates. The root CA
+ # cert may also be needed when published as a DANE trust anchor.
+ #
+ smtpd_tls_chain_files =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+</pre>
+</blockquote>
+
+<p> You can also store the keys separately from their certificates, again
+provided each is listed before the corresponding certificate chain. Storing a
+key and its associated certificate chain in separate files is not recommended,
+because this is prone to race conditions during key rollover, as there is no
+way to update multiple files atomically. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ smtpd_tls_chain_files =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+</pre>
+</blockquote>
+
+<p> The below examples show the legacy algorithm-specific configurations
+for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is
+stored in the same file as the certificate, the file is read twice and a
+(brief) race condition still exists during key rollover. While Postfix
+≥ 3.4 avoids the race when the key and certificate are in the same
+file, you should use the new "smtpd_tls_chain_files" interface shown
+above. <p>
+
<p> RSA key and certificate examples: </p>
<blockquote>
<blockquote>
<pre>
/etc/postfix/main.cf:
- # Most clients will not be ECDSA capable, so you will likely also need
- # an RSA or DSA certificate and private key.
+ # Some clients will not be ECDSA capable, so you will likely still need
+ # an RSA certificate and private key.
#
smtpd_tls_eccert_file = /etc/postfix/server-ecdsa.pem
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
<blockquote>
<pre>
/etc/postfix/main.cf:
+ # Not recommended: breaks TLS 1.3 and clients that don't support
+ # anonymous cipher suites.
smtpd_tls_cert_file = none
</pre>
</blockquote>
supports configurations with no <a href="#server_cert_key">server
certificates</a> that use <b>only</b> the anonymous ciphers. This is
enabled by explicitly setting "smtpd_tls_cert_file = none"
-and not specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file. </p>
+and not specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file.
+Such configurations may not interoperate with some clients, and require
+that TLSv1.3 be explicitly disabled. Therefore, they are not
+recommended, it is better and simpler to just configure a suitable
+certificate. </p>
<p> Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
with high grade ciphers: </p>
</pre>
</blockquote>
+<p> With Postfix ≥ 3.4, specify instead a single file that holds the
+key followed by the corresponding certificate and any associated issuing
+certificates, leaving the "smtpd_tls_cert_file" and "smtpd_tls_key_file"
+and related DSA and ECDSA parameters empty. </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files = /etc/postfix/rsachain.pem
+ smtpd_tls_cert_file =
+ smtpd_tls_key_file =
+ ...
+</pre>
+</blockquote>
+
<p> If you want to take maximal advantage of ciphers that offer <a
href="FORWARD_SECRECY_README.html#dfn_fs">forward secrecy</a> see
the <a href="FORWARD_SECRECY_README.html#quick-start">Getting
<p> Despite the potential for eliminating passive eavesdropping attacks,
mandatory TLS encryption is not viable as a default security level for
-mail delivery to the public Internet. Most MX hosts do not support TLS at
+mail delivery to the public Internet. Some MX hosts do not support TLS at
all, and some of those that do have broken implementations. On a host
that delivers mail to the Internet, you should not configure mandatory
TLS encryption as the default security level. </p>
<p> Despite the potential for eliminating "man-in-the-middle" and other
attacks, mandatory certificate trust chain and subject name verification
-is not viable as a default Internet mail delivery policy. Most MX hosts
-do not support TLS at all, and a significant portion of TLS enabled
+is not viable as a default Internet mail delivery policy. Some MX hosts
+do not support TLS at all, and a significant portion of TLS-enabled
MTAs use self-signed certificates, or certificates that are signed by
a private Certification Authority. On a machine that delivers mail to
the Internet, you should not configure mandatory server certificate
<p> Despite the potential for eliminating "man-in-the-middle" and other
attacks, mandatory secure server certificate verification is not
-viable as a default Internet mail delivery policy. Most MX hosts
-do not support TLS at all, and a significant portion of TLS enabled
+viable as a default Internet mail delivery policy. Some MX hosts
+do not support TLS at all, and a significant portion of TLS-enabled
MTAs use self-signed certificates, or certificates that are signed
by a private Certification Authority. On a machine that delivers mail
to the Internet, you should not configure secure TLS verification
# Postfix ≥ 2.6
smtp_tls_eccert_file =
smtp_tls_eckey_file =
+ # Postfix ≥ 3.4
+ smtp_tls_chain_files =
</pre>
</blockquote>
<p> The best way to use the default settings is to comment out the above
parameters in main.cf if present. </p>
-<p> During TLS startup negotiation the Postfix SMTP client may present
-a certificate to the remote SMTP server. The Netscape client is
-rather clever here and lets the user select between only those
-certificates that match CA certificates offered by the remote SMTP
-server. As the Postfix SMTP client uses the "SSL_connect()" function
-from the OpenSSL package, this is not possible and we have to choose
-just one certificate. So for now the default is to use _no_
-certificate and key unless one is explicitly specified here. </p>
+<p> During TLS startup negotiation the Postfix SMTP client may present a
+certificate to the remote SMTP server. Browsers typically let the user
+select among the certificates that match the CA names indicated by the
+remote SMTP server. The Postfix SMTP client does not yet have a mechanism
+to select from multiple candidate certificates on the fly, and supports a
+single set of certificates (at most one per public key algorithm). </p>
<p> RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported.
You can configure all three at the same time, in which case the
-cipher used determines which certificate is presented. </p>
+cipher used determines which certificate is presented. </p>
<p> It is possible for the Postfix SMTP client to use the same
key/certificate pair as the Postfix SMTP server. If a certificate
password. Both parts (certificate and private key) may be in the
same file. </p>
+<p> With OpenSSL 1.1.1 and Postfix ≥ 3.4 it is also possible to
+configure Ed25519 and Ed448 certificates. Rather than add two more
+pairs of key and certificate parameters, Postfix 3.4 introduces a new
+"smtp_tls_chain_files" parameter which specifies all the configured
+certificates at once, and handles files that hold both the key and the
+associated certificates in one pass, thereby avoiding potential race
+conditions during key rollover. </p>
+
<p> To enable remote SMTP servers to verify the Postfix SMTP client
certificate, the issuing CA certificates must be made available to the
server. You should include the required certificates in the client
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
-Create the client.pem file with: </p>
+As the "root" super-user create the client.pem file with: </p>
<blockquote>
<pre>
-% <b>cat client_cert.pem intermediate_CA.pem > client.pem </b>
+# <b>umask 077</b>
+# <b>cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem </b>
</pre>
</blockquote>
<p> A server that trusts the root CA has a local copy of the root
CA certificate, so it is not necessary to include the root CA
-certificate here. Leaving it out of the "client.pem" file reduces
+certificate here. Leaving it out of the "chain.pem" file reduces
the overhead of the TLS exchange. </p>
<p> If you want the Postfix SMTP client to accept remote SMTP server
certificates issued by these CAs, append the root certificate to
$smtp_tls_CAfile or install it in the $smtp_tls_CApath directory. </p>
+<p> Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more
+chain files that start with a key that is immediately followed by the
+corresponding certificate and any additional issuer certificates. A
+single file can hold multiple <i>(key, cert, [chain])</i> sequences, one
+per algorithm. It is typically simpler to keep the chain for each
+algorithm in its own file. Most users are likely to deploy at most a
+single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up
+five chains, one each for RSA, ECDSA, ED25519, ED448 and even the
+obsolete DSA. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4. Preferred configuration interface. Each file
+ # starts with the private key, followed by the corresponding
+ # certificate, and any intermediate issuer certificates.
+ #
+ smtp_tls_chain_files =
+ /etc/postfix/rsa.pem,
+ /etc/postfix/ecdsa.pem,
+ /etc/postfix/ed25519.pem,
+ /etc/postfix/ed448.pem
+</pre>
+</blockquote>
+
+<p> You can also store the keys separately from their certificates, again
+provided each is listed before the corresponding certificate chain. Storing a
+key and its associated certificate chain in separate files is not recommended,
+because this is prone to race conditions during key rollover, as there is no
+way to update multiple files atomically. </p>
+
+<blockquote>
+<pre>
+ # Postfix ≥ 3.4.
+ # Storing keys separately from the associated certificates is not
+ # recommended.
+ smtp_tls_chain_files =
+ /etc/postfix/rsakey.pem,
+ /etc/postfix/rsacerts.pem,
+ /etc/postfix/ecdsakey.pem,
+ /etc/postfix/ecdsacerts.pem
+</pre>
+</blockquote>
+
+<p> The below examples show the legacy algorithm-specific configurations
+for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is
+stored in the same file as the certificate, the file is read twice and a
+(brief) race condition still exists during key rollover. While Postfix
+≥ 3.4 avoids the race when the key and certificate are in the same
+file, you should use the new "smtp_tls_chain_files" interface shown
+above. <p>
+
<p> RSA key and certificate examples: </p>
<blockquote>
The optional "ciphers", "exclude" and "protocols" attributes
(available for opportunistic TLS with Postfix ≥ 2.6) override the
"smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols"
-configuration parameters. </dd>
+configuration parameters. At this level and higher, the optional
+"servername" attribute (available with Postfix ≥ 3.4) overrides the
+global "smtp_tls_servername" parameter, enabling per-destination
+configuration of the SNI extension sent to the remote SMTP server. </dd>
<dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt"> Mandatory encryption</a>.
Mail is delivered only if the remote SMTP server offers STARTTLS
<p> The following commands (credits: Viktor Dukhovni) generate and
install a 2048-bit RSA private key and 10-year self-signed certificate
for the local Postfix system. This requires super-user privileges.
+(By using date-specific filenames for the certificate and key files,
+and updating main.cf with new filenames, a potential race condition
+in which the key and certificate might not match is avoided).
</p>
<blockquote>
<p>
The only reason why the value of 2 is not the default is the way
this parameter affects the delivery of mailing-list mail. In the
-worst case, their delivery can take somewhere between (cost+1/cost)
+worst case, delivery can take somewhere between (cost+1/cost)
and (cost/cost-1) times more than if the preemptive scheduler was
disabled. The default value of 5 turns out to provide reasonable
message response times while making sure the mailing-list deliveries
<p>
If you can, avoid shell meta characters because they will force
Postfix to run an expensive shell process. If you're delivering
-via Procmail then running a shell won't make a noticeable difference
+via "procmail" then running a shell won't make a noticeable difference
in the total cost.
</p>
<p>
Optional list of user names that are not subjected to address
-masquerading, even when their address matches $masquerade_domains.
+masquerading, even when their addresses match $masquerade_domains.
</p>
<p>
<p>
Display the name of the recipient table in the "User unknown"
-responses. The extra detail makes trouble shooting easier but also
-reveals information that is nobody elses business.
+responses. The extra detail makes troubleshooting easier but also
+reveals information that is nobody else's business.
</p>
<p>
%PARAM smtpd_tls_cert_file
<p> File with the Postfix SMTP server RSA certificate in PEM format.
-This file may also contain the Postfix SMTP server private RSA key. </p>
+This file may also contain the Postfix SMTP server private RSA key.
+With Postfix ≥ 3.4 the preferred way to configure server keys and
+certificates is via the "smtpd_tls_chain_files" parameter. </p>
<p> Public Internet MX hosts without certificates signed by a "reputable"
CA must generate, and be prepared to present to most clients, a
similar software, it will still insist on a server certificate. </p>
<p> For servers that are <b>not</b> public Internet MX hosts, Postfix
-2.3 supports configurations with no certificates. This entails the
-use of just the anonymous TLS ciphers, which are not supported by
-typical SMTP clients. Since such clients will not, as a rule, fall
-back to plain text after a TLS handshake failure, the server will
-be unable to receive email from TLS enabled clients. To avoid
-accidental configurations with no certificates, Postfix 2.3 enables
-certificate-less operation only when the administrator explicitly
-sets "smtpd_tls_cert_file = none". This ensures that new Postfix
-configurations will not accidentally run with no certificates. </p>
+supports configurations with no certificates. This entails the use of
+just the anonymous TLS ciphers, which are not supported by typical SMTP
+clients. Since some clients may not fall back to plain text after a TLS
+handshake failure, a certificate-less Postfix SMTP server will be unable
+to receive email from some TLS-enabled clients. To avoid accidental
+configurations with no certificates, Postfix enables certificate-less
+operation only when the administrator explicitly sets
+"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server
+configurations will not accidentally enable TLS without certificates. </p>
+
+<p> Note that server certificates are not optional in TLS 1.3. To run
+without certificates you'd have to disable the TLS 1.3 protocol by
+including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also
+"smtpd_tls_mandatory_protocols". It is simpler instead to just
+configure a certificate chain. Certificate-less operation is not
+recommended. <p>
<p> Both RSA and DSA certificates are supported. When both types
are present, the cipher used determines which certificate will be
<p> If you also want to verify client certificates issued by these
CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which
-case it is not necessary to have them in the smtpd_tls_cert_file or
-smtpd_tls_dcert_file. </p>
+case it is not necessary to have them in the smtpd_tls_cert_file,
+smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file. </p>
<p> A certificate supplied here must be usable as an SSL server certificate
and hence pass the "openssl verify -purpose sslserver ..." test. </p>
<p> File with the Postfix SMTP server RSA private key in PEM format.
This file may be combined with the Postfix SMTP server RSA certificate
-file specified with $smtpd_tls_cert_file. </p>
+file specified with $smtpd_tls_cert_file. With Postfix ≥ 3.4 the
+preferred way to configure server keys and certificates is via the
+"smtpd_tls_chain_files" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
%PARAM smtpd_tls_dcert_file
<p> File with the Postfix SMTP server DSA certificate in PEM format.
-This file may also contain the Postfix SMTP server private DSA key. </p>
+This file may also contain the Postfix SMTP server private DSA key.
+The DSA algorithm is obsolete and should not be used. </p>
<p> See the discussion under smtpd_tls_cert_file for more details.
</p>
<p> File with the Postfix SMTP server DSA private key in PEM format.
This file may be combined with the Postfix SMTP server DSA certificate
-file specified with $smtpd_tls_dcert_file. </p>
+file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete
+and should not be used. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
%PARAM smtp_tls_cert_file
<p> File with the Postfix SMTP client RSA certificate in PEM format.
-This file may also contain the Postfix SMTP client private RSA key,
-and these may be the same as the Postfix SMTP server RSA certificate and key
-file. </p>
+This file may also contain the Postfix SMTP client private RSA key, and
+these may be the same as the Postfix SMTP server RSA certificate and key
+file. With Postfix ≥ 3.4 the preferred way to configure client keys
+and certificates is via the "smtp_tls_chain_files" parameter. </p>
<p> Do not configure client certificates unless you <b>must</b> present
client TLS certificates to one or more servers. Client certificates are
<pre>
smtp_tls_cert_file =
smtp_tls_key_file =
-smtp_tls_dcert_file =
-smtp_tls_dkey_file =
smtp_tls_eccert_file =
smtp_tls_eckey_file =
+# Obsolete DSA parameters
+smtp_tls_dcert_file =
+smtp_tls_dkey_file =
+# Postfix ≥ 3.4 interface
+smtp_tls_chain_files =
</pre>
</blockquote>
<p> Example: the certificate for "client.example.com" was issued by
"intermediate CA" which itself has a certificate issued by "root CA".
-Create the client.pem file with "cat client_cert.pem intermediate_CA.pem
-root_CA.pem > client.pem". </p>
+As the "root" super-user create the client.pem file with: </p>
+
+<blockquote>
+<pre>
+# <b>umask 077</b>
+# <b>cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem </b>
+</pre>
+</blockquote>
<p> If you also want to verify remote SMTP server certificates issued by
these CAs, you can add the CA certificates to the smtp_tls_CAfile, in
which case it is not necessary to have them in the smtp_tls_cert_file,
-smtp_tls_dcert_file or smtp_tls_eccert_file. </p>
+smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file. </p>
<p> A certificate supplied here must be usable as an SSL client certificate
and hence pass the "openssl verify -purpose sslclient ..." test. </p>
<p> Example: </p>
<pre>
-smtp_tls_cert_file = /etc/postfix/client.pem
+smtp_tls_cert_file = /etc/postfix/chain.pem
</pre>
<p> This feature is available in Postfix 2.2 and later. </p>
<p> File with the Postfix SMTP client RSA private key in PEM format.
This file may be combined with the Postfix SMTP client RSA certificate
-file specified with $smtp_tls_cert_file. </p>
+file specified with $smtp_tls_cert_file. With Postfix ≥ 3.4 the
+preferred way to configure client keys and certificates is via the
+"smtp_tls_chain_files" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
present in the chroot jail if the smtp(8) client is chrooted. This
file may also be used to augment the client certificate trust chain,
but it is best to include all the required certificates directly in
-$smtp_tls_cert_file. </p>
+$smtp_tls_cert_file (or, Postfix ≥ 3.4 $smtp_tls_chain_files). </p>
<p> Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use
ONLY the system-supplied default Certification Authority certificates.
<p> File with the Postfix SMTP client DSA private key in PEM format.
This file may be combined with the Postfix SMTP client DSA certificate
-file specified with $smtp_tls_dcert_file. </p>
+file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete
+and should not be used. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
%PARAM smtp_tls_dcert_file
<p> File with the Postfix SMTP client DSA certificate in PEM format.
-This file may also contain the Postfix SMTP client private DSA key. </p>
+This file may also contain the Postfix SMTP client private DSA key.
+The DSA algorithm is obsolete and should not be used. </p>
<p> See the discussion under smtp_tls_cert_file for more details.
</p>
%PARAM smtpd_tls_eccert_file
<p> File with the Postfix SMTP server ECDSA certificate in PEM format.
-This file may also contain the Postfix SMTP server private ECDSA key. </p>
+This file may also contain the Postfix SMTP server private ECDSA key.
+With Postfix ≥ 3.4 the preferred way to configure server keys and
+certificates is via the "smtpd_tls_chain_files" parameter. </p>
<p> See the discussion under smtpd_tls_cert_file for more details. </p>
<p> File with the Postfix SMTP server ECDSA private key in PEM format.
This file may be combined with the Postfix SMTP server ECDSA certificate
-file specified with $smtpd_tls_eccert_file. </p>
+file specified with $smtpd_tls_eccert_file. With Postfix ≥ 3.4 the
+preferred way to configure server keys and certificates is via the
+"smtpd_tls_chain_files" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
%PARAM smtp_tls_eccert_file
<p> File with the Postfix SMTP client ECDSA certificate in PEM format.
-This file may also contain the Postfix SMTP client ECDSA private key. </p>
+This file may also contain the Postfix SMTP client ECDSA private key.
+With Postfix ≥ 3.4 the preferred way to configure client keys and
+certificates is via the "smtp_tls_chain_files" parameter. </p>
<p> See the discussion under smtp_tls_cert_file for more details.
</p>
%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file
<p> File with the Postfix SMTP client ECDSA private key in PEM format.
-This file may be combined with the Postfix SMTP client ECDSA
-certificate file specified with $smtp_tls_eccert_file. </p>
+This file may be combined with the Postfix SMTP client ECDSA certificate
+file specified with $smtp_tls_eccert_file. With Postfix ≥ 3.4 the
+preferred way to configure client keys and certificates is via the
+"smtp_tls_chain_files" parameter. </p>
<p> The private key must be accessible without a pass-phrase, i.e. it
must not be encrypted. File permissions should grant read-only
%PARAM unknown_helo_hostname_tempfail_action $reject_tempfail_action
<p> The Postfix SMTP server's action when reject_unknown_helo_hostname
-fails due to an temporary error condition. Specify "defer" to defer
+fails due to a temporary error condition. Specify "defer" to defer
the remote SMTP client request immediately. With the default
"defer_if_permit" action, the Postfix SMTP server continues to look
for opportunities to reject mail, and defers the client request
<pre>
/etc/postfix/main.cf:
postscreen_access_list = permit_mynetworks,
- cidr:/etc/postfix/postscreen_access.cidr
+ cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
</pre>
<p> File with the Postfix tlsproxy(8) server RSA certificate in PEM
format. This file may also contain the Postfix tlsproxy(8) server
-private RSA key. See smtpd_tls_cert_file for further details. </p>
+private RSA key. See smtpd_tls_cert_file for further details. With
+Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "tlsproxy_tls_chain_files" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
<p> File with the Postfix tlsproxy(8) server DSA certificate in PEM
format. This file may also contain the Postfix tlsproxy(8) server
-private DSA key. See smtpd_tls_dcert_file for further details.
-</p>
+private DSA key. DSA is obsolete and should not be used. See
+smtpd_tls_dcert_file for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_dkey_file $smtpd_tls_dkey_file
<p> File with the Postfix tlsproxy(8) server DSA private key in PEM
-format. This file may be combined with the Postfix tlsproxy(8)
-server DSA certificate file specified with $smtpd_tls_dcert_file.
-See smtpd_tls_dkey_file for further details. </p>
+format. This file may be combined with the Postfix tlsproxy(8) server
+DSA certificate file specified with $smtpd_tls_dcert_file. DSA is
+obsolete and should not be used. See smtpd_tls_dkey_file for further
+details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_eccert_file $smtpd_tls_eccert_file
-<p> File with the Postfix tlsproxy(8) server ECDSA certificate in
-PEM format. This file may also contain the Postfix tlsproxy(8)
-server private ECDSA key. See smtpd_tls_eccert_file for further
-details. </p>
+<p> File with the Postfix tlsproxy(8) server ECDSA certificate in PEM
+format. This file may also contain the Postfix tlsproxy(8) server
+private ECDSA key. See smtpd_tls_eccert_file for further details. With
+Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and
+certificates is via the "tlsproxy_tls_chain_files" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_eckey_file $smtpd_tls_eckey_file
-<p> File with the Postfix tlsproxy(8) server ECDSA private key in
-PEM format. This file may be combined with the Postfix tlsproxy(8)
-server ECDSA certificate file specified with $smtpd_tls_eccert_file.
-See smtpd_tls_eckey_file for further details. </p>
+<p> File with the Postfix tlsproxy(8) server ECDSA private key in PEM
+format. This file may be combined with the Postfix tlsproxy(8) server
+ECDSA certificate file specified with $smtpd_tls_eccert_file. See
+smtpd_tls_eckey_file for further details. With Postfix ≥ 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "tlsproxy_tls_chain_files" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_tls_key_file $smtpd_tls_key_file
<p> File with the Postfix tlsproxy(8) server RSA private key in PEM
-format. This file may be combined with the Postfix tlsproxy(8)
-server RSA certificate file specified with $smtpd_tls_cert_file.
-See smtpd_tls_key_file for further details. </p>
+format. This file may be combined with the Postfix tlsproxy(8) server
+RSA certificate file specified with $smtpd_tls_cert_file. See
+smtpd_tls_key_file for further details. With Postfix ≥ 3.4 the
+preferred way to configure tlsproxy server keys and certificates is via
+the "tlsproxy_tls_chain_files" parameter. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
%PARAM tlsproxy_client_cert_file $smtp_tls_cert_file
<p> File with the Postfix tlsproxy(8) client RSA certificate in PEM
-format. See smtp_tls_cert_file for further details. </p>
+format. See smtp_tls_cert_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_key_file $smtp_tls_key_file
<p> File with the Postfix tlsproxy(8) client RSA private key in PEM
-format. See smtp_tls_key_file for further details. </p>
+format. See smtp_tls_key_file for further details. The preferred way to
+configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_dcert_file $smtp_tls_dcert_file
<p> File with the Postfix tlsproxy(8) client DSA certificate in PEM
-format. See smtp_tls_dcert_file for further details. </p>
+format. See smtp_tls_dcert_file for further details. DSA is obsolete and
+should not be used. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_dkey_file $smtp_tls_dkey_file
<p> File with the Postfix tlsproxy(8) client DSA private key in PEM
-format. See smtp_tls_dkey_file for further details. </p>
+format. See smtp_tls_dkey_file for further details. DSA is obsolete and
+should not be used. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_eccert_file $smtp_tls_eccert_file
-<p> File with the Postfix tlsproxy(8) client ECDSA certificate in
-PEM format. See smtp_tls_eccert_file for further details. </p>
+<p> File with the Postfix tlsproxy(8) client ECDSA certificate in PEM
+format. See smtp_tls_eccert_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
%PARAM tlsproxy_client_eckey_file $smtp_tls_eckey_file
-<p> File with the Postfix tlsproxy(8) client ECDSA private key in
-PEM format. See smtp_tls_eckey_file for further details. </p>
+<p> File with the Postfix tlsproxy(8) client ECDSA private key in PEM
+format. See smtp_tls_eckey_file for further details. The preferred way
+to configure tlsproxy client keys and certificates is via the
+"tlsproxy_client_chain_files" parameter. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
See smtp_enforce_tls for further details. </p>
<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM smtpd_tls_chain_files
+
+<p> List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm-specific key and certificate file settings. When this
+parameter is non-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non-empty. </p>
+
+<p> With the proliferation of multiple private key algorithms—which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448—it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+
+<p> Each key must appear <b>immediately before</b> the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: <i>key1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p>
+
+<p> Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key. </p>
+
+<p> The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or an configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve. </p>
+
+<p> RSA is still the most widely supported algorithm. Presently (late
+2018), ECDSA support is common, but not yet universal, and Ed25519 and
+Ed448 support is mostly absent. Therefore, an RSA key should generally
+be configured, along with any additional keys for the other algorithms
+when desired. </p>
+
+<p>
+Example (separate files for each key and corresponding certificate chain):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files =
+ ${config_directory}/ed25519.pem,
+ ${config_directory}/ed448.pem,
+ ${config_directory}/rsa.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed25519.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed448.pem:
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/rsa.pem:
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p>
+Example (all keys and certificates in a single file):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ smtpd_tls_chain_files = ${config_directory}/chains.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/chains.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM smtp_tls_chain_files
+
+<p> List of one or more PEM files, each holding one or more private keys
+directly followed by a corresponding certificate chain. The file names
+are separated by commas and/or whitespace. This parameter obsoletes the
+legacy algorithm-specific key and certificate file settings. When this
+parameter is non-empty, the legacy parameters are ignored, and a warning
+is logged if any are also non-empty. </p>
+
+<p> With the proliferation of multiple private key algorithms—which,
+as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519
+and Ed448—it is increasingly impractical to use separate
+parameters to configure the key and certificate chain for each
+algorithm. Therefore, Postfix now supports storing multiple keys and
+corresponding certificate chains in a single file or in a set of files.
+
+<p> Each key must appear <b>immediately before</b> the corresponding
+certificate, optionally followed by additional issuer certificates that
+complete the certificate chain for that key. When multiple files are
+specified, they are equivalent to a single file that is concatenated
+from those files in the given order. Thus, while a key must always
+precede its certificate and issuer chain, it can be in a separate file,
+so long as that file is listed immediately before the file that holds
+the corresponding certificate chain. Once all the files are
+concatenated, the sequence of PEM objects must be: <i>key1, cert1,
+[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].</i> </p>
+
+<p> Storing the private key in the same file as the corresponding
+certificate is more reliable. With the key and certificate in separate
+files, there is a chance that during key rollover a Postfix process
+might load a private key and certificate from separate files that don't
+match. Various operational errors may even result in a persistent
+broken configuration in which the certificate does not match the private
+key. </p>
+
+<p> The file or files must contain at most one key of each type. If,
+for example, two or more RSA keys and corresponding chains are listed,
+depending on the version of OpenSSL either only the last one will be
+used or an configuration error may be detected. Note that while
+"Ed25519" and "Ed448" are considered separate algorithms, the various
+ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are
+considered as different parameters of a single "ECDSA" algorithm, so it
+is not presently possible to configure keys for more than one ECDSA
+curve. </p>
+
+<p>
+Example (separate files for each key and corresponding certificate chain):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ smtp_tls_chain_files =
+ ${config_directory}/ed25519.pem,
+ ${config_directory}/ed448.pem,
+ ${config_directory}/rsa.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed25519.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/ed448.pem:
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/rsa.pem:
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p>
+Example (all keys and certificates in a single file):
+</p>
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ smtp_tls_chain_files = ${config_directory}/chains.pem
+</pre>
+</blockquote>
+
+<blockquote>
+<pre>
+/etc/postfix/chains.pem:
+ -----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+ ...
+ nC0egv51YPDWxEHom4QA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+ LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+ ...
+ pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+ -----END CERTIFICATE-----
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+ ...
+ ahQkZ3+krcaJvDSMgvu0tDc=
+ -----END PRIVATE KEY-----
+ -----BEGIN CERTIFICATE-----
+ MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+ ...
+ Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+ -----END CERTIFICATE-----
+</pre>
+</blockquote>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM lmtp_tls_chain_files
+
+<p> The LMTP-specific version of the smtp_tls_chain_files configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM tlsproxy_client_chain_files $smtp_tls_chain_files
+
+<p> Files with the Postfix tlsproxy(8) client keys and certificate
+chains in PEM format. See smtp_tls_chain_files for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM tlsproxy_tls_chain_files $smtpd_tls_chain_files
+
+<p> Files with the Postfix tlsproxy(8) server keys and certificate
+chains in PEM format. See smtpd_tls_chain_files for further details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM tls_server_sni_maps
+
+<p> Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains. This parameter is implemented
+in the Postfix TLS library, and applies to both smtpd(8) and the SMTP
+server mode of tlsproxy(8). </p>
+
+<p> The lookup key is either the verbatim SNI domain name or a an
+ancestor domain prefixed with a leading dot. For internationalized
+domains, the lookup key must be in IDNA 2008 A-label form (as
+required in the TLS SNI extension). </p>
+
+<p> The mapping from an SNI domain name to a certificate chain is
+typically indirect. In the input source files for "cdb", "hash",
+"btree" or other tables that are converted to on-disk indexed files
+via postmap(1), the value specified for each key is a list of
+filenames. When postmap(1) is used with the <b>-F</b> option, the
+generated table stores for each lookup key the base64-encoded
+contents of the associated files. When querying tables via <b>postmap
+-Fq</b>, the table value is decoded from base64, yielding the original
+file content, plus a new line. </p>
+
+<p> With "regexp", "pcre", "inline", "texthash", "static" and similar
+tables that are interpreted at run-time, and don't have a separate
+source format, the table value is again a list files, that are read-in
+when the table is opened. </p>
+
+<p> Thus, for example: </p>
+
+<blockquote>
+<pre>
+$ postmap -Fq "" static:/etc/postfix/chain.pem | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+</pre>
+</blockquote>
+
+<p> produces the same output as: </p>
+
+<blockquote>
+<pre>
+$ (cat /etc/postfix/chain.pem; echo) | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+</pre>
+</blockquote>
+
+<p> With tables whose content is managed outside of Postfix, such
+as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a
+concatenation of the desired PEM keys and certificate chains, that
+is then further encoded to yield a single-line base64 string.
+Creation of such tables and secure storage are outside the
+responsibility of Postfix. With "socketmap" and "tcp" the data
+would be transmitted in the clear. With LDAP and SQL, you should
+generally use TLS to protect the sensitive data in transit. </p>
+
+<p> Typically there is only private key and its chain of certificates
+starting with the "leaf" certificate corresponding to that key, and
+continuing with the appropriate intermediate issuer CA certificates,
+with each certificate ideally followed by its issuer. Servers
+that have keys and certificates for more than one algorithm (e.g.
+both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519)
+can use multiple chains concatenated together, with the key always
+listed before the corresponding certificates. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM smtp_tls_servername
+
+<p> Optional name to send to the remote SMTP server in the TLS Server
+Name Indication (SNI) extension. The SNI extension is always on when
+DANE is used to authenticate the server, and in that case the SNI name
+sent is the one required by RFC7672 and this parameter is ignored. </p>
+
+<p> Some SMTP servers use the received SNI name to select an appropriate
+certificate chain to present to the client. While this may improve
+interoperability with such servers, it may reduce interoperability with
+other servers that choose to abort the connection when they don't have a
+certificate chain configured for the requested name. Such servers
+should select a default certificate chain and continue the handshake,
+but some may not. Therefore, absent DANE, no SNI name is sent by
+default. </p>
+
+<p> The SNI name must be either a valid DNS hostname, or else one of the
+special values <b>hostname</b> or <b>nexthop</b>, which select either the
+remote hostname or the nexthop domain respectively. DNS names for SNI must be
+in A-label (punycode) form. Invalid DNS names log a configuration error
+warning and mail delivery is deferred. </p>
+
+<p> Except when using a relayhost to forward all email, the only
+sensible non-empty main.cf setting for this parameter is
+<b>hostname</b>. Other non-empty values are only practical on a
+per-destination basis via the <b>servername</b> attribute of the Postfix
+TLS <a href="TLS_README.html#client_tls_policy">policy table</a>. When
+in doubt, leave this parameter empty, and configure per-destination SNI
+as needed. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
+
+%PARAM lmtp_tls_servername
+
+<p> The LMTP-specific version of the smtp_tls_servername configuration
+parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 3.4 and later. </p>
#ifdef USE_TLS
#include <openssl/opensslv.h> /* OPENSSL_VERSION_NUMBER */
#include <openssl/objects.h> /* SN_* and NID_* macros */
+#if OPENSSL_VERSION_NUMBER < 0x1000200fUL
+#error "OpenSSL releases prior to 1.0.2 are no longer supported"
+#endif
#endif
/*
#define DEF_SMTPD_TLS_CCERT_VD 9
extern int var_smtpd_tls_ccert_vd;
+#define VAR_SMTPD_TLS_CHAIN_FILES "smtpd_tls_chain_files"
+#define DEF_SMTPD_TLS_CHAIN_FILES ""
+extern char *var_smtpd_tls_chain_files;
+
#define VAR_SMTPD_TLS_CERT_FILE "smtpd_tls_cert_file"
#define DEF_SMTPD_TLS_CERT_FILE ""
extern char *var_smtpd_tls_cert_file;
extern char *var_smtpd_tls_dh1024_param_file;
#define VAR_SMTPD_TLS_EECDH "smtpd_tls_eecdh_grade"
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
#define DEF_SMTPD_TLS_EECDH "auto"
-#else
-#define DEF_SMTPD_TLS_EECDH "strong"
-#endif
extern char *var_smtpd_tls_eecdh;
#define VAR_SMTPD_TLS_LOGLEVEL "smtpd_tls_loglevel"
#define DEF_LMTP_TLS_SCERT_VD 9
extern int var_smtp_tls_scert_vd;
+#define VAR_SMTP_TLS_CHAIN_FILES "smtp_tls_chain_files"
+#define DEF_SMTP_TLS_CHAIN_FILES ""
+#define VAR_LMTP_TLS_CHAIN_FILES "lmtp_tls_chain_files"
+#define DEF_LMTP_TLS_CHAIN_FILES ""
+extern char *var_smtp_tls_chain_files;
+
#define VAR_SMTP_TLS_CERT_FILE "smtp_tls_cert_file"
#define DEF_SMTP_TLS_CERT_FILE ""
#define VAR_LMTP_TLS_CERT_FILE "lmtp_tls_cert_file"
#define DEF_LMTP_TLS_FPT_CMATCH ""
extern char *var_smtp_tls_fpt_cmatch;
+#define VAR_SMTP_TLS_SNI "smtp_tls_servername"
+#define DEF_SMTP_TLS_SNI ""
+#define VAR_LMTP_TLS_SNI "lmtp_tls_servername"
+#define DEF_LMTP_TLS_SNI ""
+extern char *var_smtp_tls_sni;
+
#define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply"
#define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0
#define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply"
/*
* TLS cipherlists
*/
-#ifdef USE_TLS
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fUL
-#define PREFER_aNULL "aNULL:-aNULL:"
-#else
-#define PREFER_aNULL ""
-#endif
-#else
-#define PREFER_aNULL ""
-#endif
-
#define VAR_TLS_HIGH_CLIST "tls_high_cipherlist"
-#define DEF_TLS_HIGH_CLIST PREFER_aNULL "HIGH:@STRENGTH"
+#define DEF_TLS_HIGH_CLIST "aNULL:-aNULL:HIGH:@STRENGTH"
extern char *var_tls_high_clist;
#define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist"
-#define DEF_TLS_MEDIUM_CLIST PREFER_aNULL "HIGH:MEDIUM:+RC4:@STRENGTH"
+#define DEF_TLS_MEDIUM_CLIST "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH"
extern char *var_tls_medium_clist;
#define VAR_TLS_LOW_CLIST "tls_low_cipherlist"
-#define DEF_TLS_LOW_CLIST PREFER_aNULL "HIGH:MEDIUM:LOW:+RC4:@STRENGTH"
+#define DEF_TLS_LOW_CLIST "aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH"
extern char *var_tls_low_clist;
#define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist"
-#define DEF_TLS_EXPORT_CLIST PREFER_aNULL "HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH"
+#define DEF_TLS_EXPORT_CLIST "aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH"
extern char *var_tls_export_clist;
#define VAR_TLS_NULL_CLIST "tls_null_cipherlist"
#define DEF_TLS_MULTI_WILDCARD 1
extern bool var_tls_multi_wildcard;
- /* The tweak for CVE-2010-4180 is needed in some versions prior to 1.0.1 */
- /* The tweak for CVE-2005-2969 is needed in some versions prior to 1.0.0 */
-#if defined(USE_TLS) && (OPENSSL_VERSION_NUMBER < 0x1000100fUL)
-#if (OPENSSL_VERSION_NUMBER < 0x1000000fUL)
-#define TLS_BUG_TWEAKS "CVE-2005-2969 CVE-2010-4180"
-#else
-#define TLS_BUG_TWEAKS "CVE-2010-4180"
-#endif
-#else
-#define TLS_BUG_TWEAKS ""
-#endif
-
#define VAR_TLS_BUG_TWEAKS "tls_disable_workarounds"
-#define DEF_TLS_BUG_TWEAKS TLS_BUG_TWEAKS
+#define DEF_TLS_BUG_TWEAKS ""
extern char *var_tls_bug_tweaks;
#define VAR_TLS_SSL_OPTIONS "tls_ssl_options"
#define DEF_TLS_BC_PKEY_FPRINT 0
extern bool var_tls_bc_pkey_fprint;
+#define VAR_TLS_SERVER_SNI_MAPS "tls_server_sni_maps"
+#define DEF_TLS_SERVER_SNI_MAPS ""
+extern char *var_tls_server_sni_maps;
+
/*
* Ordered list of DANE digest algorithms.
*/
#define DEF_TLSP_TLS_CCERT_VD "$" VAR_SMTPD_TLS_CCERT_VD
extern int var_tlsp_tls_ccert_vd;
+#define VAR_TLSP_TLS_CHAIN_FILES "tlsproxy_tls_chain_files"
+#define DEF_TLSP_TLS_CHAIN_FILES "$" VAR_SMTPD_TLS_CHAIN_FILES
+extern char *var_tlsp_tls_chain_files;
+
#define VAR_TLSP_TLS_CERT_FILE "tlsproxy_tls_cert_file"
#define DEF_TLSP_TLS_CERT_FILE "$" VAR_SMTPD_TLS_CERT_FILE
extern char *var_tlsp_tls_cert_file;
#define DEF_TLSP_CLNT_SCERT_VD "$" VAR_SMTP_TLS_SCERT_VD
extern int var_tlsp_clnt_scert_vd;
+#define VAR_TLSP_CLNT_CHAIN_FILES "tlsproxy_client_chain_files"
+#define DEF_TLSP_CLNT_CHAIN_FILES "$" VAR_SMTP_TLS_CHAIN_FILES
+extern char *var_tlsp_clnt_chain_files;
+
#define VAR_TLSP_CLNT_CERT_FILE "tlsproxy_client_cert_file"
#define DEF_TLSP_CLNT_CERT_FILE "$" VAR_SMTP_TLS_CERT_FILE
extern char *var_tlsp_clnt_cert_file;
#define VAR_TLSP_CLNT_USE_TLS "tlsproxy_client_use_tls"
#define DEF_TLSP_CLNT_USE_TLS "$" VAR_SMTP_USE_TLS
-bool var_tlsp_clnt_use_tls;
+bool var_tlsp_clnt_use_tls;
#define VAR_TLSP_CLNT_ENFORCE_TLS "tlsproxy_client_enforce_tls"
#define DEF_TLSP_CLNT_ENFORCE_TLS "$" VAR_SMTP_ENFORCE_TLS
-bool var_tlsp_clnt_enforce_tls;
+bool var_tlsp_clnt_enforce_tls;
#define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_level"
#define DEF_TLSP_CLNT_LEVEL "$" VAR_SMTP_TLS_LEVEL
-char *var_tlsp_clnt_level;
+char *var_tlsp_clnt_level;
#define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site"
#define DEF_TLSP_CLNT_PER_SITE "$" VAR_SMTP_TLS_PER_SITE
-char *var_tlsp_clnt_per_site;
+char *var_tlsp_clnt_per_site;
#define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy"
#define DEF_TLSP_CLNT_POLICY "$" VAR_SMTP_TLS_POLICY
-char *var_tlsp_clnt_policy;
+char *var_tlsp_clnt_policy;
/*
* SMTPD "reject" contact info.
char **map_name;
const char *expansion;
DICT *dict;
+ int rhs_is_file;
+
+ /*
+ * For now, handled at this layer, rather rather than implicitly in
+ * dict_get().
+ */
+ rhs_is_file = flags & DICT_FLAG_SRC_RHS_IS_FILE;
+ flags &= ~DICT_FLAG_SRC_RHS_IS_FILE;
/*
* In case of return without map lookup (empty name or no maps).
maps->error = DICT_ERR_RETRY;
return (0);
}
+ /* Log raw value, prior to base64 decoding */
if (msg_verbose)
msg_info("%s: %s: %s: %s = %s", myname, maps->title,
*map_name, name, expansion);
+ if (rhs_is_file) {
+ VSTRING *unb64;
+ char *err;
+
+ if ((unb64 = dict_file_from_b64(dict, expansion)) == 0) {
+ err = dict_file_get_error(dict);
+ msg_warn("table %s:%s: key %s: %s",
+ dict->type, dict->name, name, err);
+ maps->error = DICT_ERR_RETRY;
+ return (0);
+ }
+ expansion = vstring_str(unb64);
+ }
return (expansion);
} else if ((maps->error = dict->error) != 0) {
msg_warn("%s:%s lookup error for \"%.100s\"",
/* .IP "\fB-h \fIhost_lookup\fR (default: \fBdns\fR)"
/* The hostname lookup methods used for the connection. See the
/* documentation of smtp_host_lookup for syntax and semantics.
+/* .IP "\fB-H \fIchainfiles\fR (default: \fInone\fR)\fR"
+/* List of files with a sequence PEM-encoded TLS client certificate
+/* chains. The list can be built-up incrementally, by specifying
+/* the option multiple times, or all at once via a comma or
+/* whitespace separated list of filenames. Each chain starts with
+/* a private key, which is followed immediately by the
+/* corresponding certificate, and optionally by additional issuer
+/* certificates. Each new key begins a new chain for the
+/* corresponding algorithm. This option is mutually exclusive with
+/* the below \fB-k\fR and \fB-K\fR options.
/* .IP "\fB-k \fIcertfile\fR (default: \fIkeyfile\fR)\fR"
/* File with PEM-encoded TLS client certificate chain. This
/* defaults to \fIkeyfile\fR if one is specified.
/* is encountered, up to 5 times or as specified with the \fB-m\fR option.
/* By default reconnection is disabled, specify a positive delay to
/* enable this behavior.
+/* .IP "\fB-s \fIservername\fR"
+/* The server name to send with the TLS Server Name Indication (SNI)
+/* extension. When the server has DANE TLSA records, this parameter
+/* is ignored and the TLSA base domain is used instead. Otherwise, SNI is
+/* not used by default, but can be enabled by specifying the desired value
+/* with this option.
/* .IP "\fB-S\fR"
/* Disable SMTP; that is, connect to an LMTP server. The default port for
/* LMTP over TCP is 24. Alternative ports can specified by appending
char *mdalg; /* fingerprint digest algorithm */
char *CAfile; /* Trusted public CAs */
char *CApath; /* Trusted public CAs */
+ char *chains; /* TLS client certificate chain files */
char *certfile; /* TLS client certificate file */
char *keyfile; /* TLS client key file */
+ char *sni; /* Server SNI name */
ARGV *match; /* match arguments */
int print_trust; /* -C option */
BIO *tls_bio; /* BIO wrapper for stdout */
log_param = "-L option",
log_level = state->options.logopts,
verifydepth = DEF_SMTP_TLS_SCERT_VD,
- cache_type = "memory",
+ cache_type = TLS_MGR_SCACHE_SMTP,
+ chain_files = state->chains,
cert_file = state->certfile,
key_file = state->keyfile,
dcert_file = "",
nexthop = state->nexthop,
host = state->hostname,
namaddr = state->namaddrport,
+ sni = state->sni,
serverid = state->addrport,
helo = state->helo ? state->helo : "",
protocols = state->protocols,
* context attributes.
*/
state->tls_context = tls_proxy_context_receive(state->stream);
- msg_info("%s: subject_CN=%s, issuer_CN=%s, "
- "fingerprint=%s, pkey_fingerprint=%s",
- state->namaddrport, state->tls_context->peer_CN,
- state->tls_context->issuer_CN,
- state->tls_context->peer_cert_fprint,
- state->tls_context->peer_pkey_fprint);
+ if (state->log_mask &
+ (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT))
+ msg_info("%s: subject_CN=%s, issuer_CN=%s, "
+ "fingerprint=%s, pkey_fingerprint=%s",
+ state->namaddrport, state->tls_context->peer_CN,
+ state->tls_context->issuer_CN,
+ state->tls_context->peer_cert_fprint,
+ state->tls_context->peer_pkey_fprint);
tls_log_summary(TLS_ROLE_CLIENT, TLS_USAGE_NEW,
state->tls_context);
}
nexthop = state->nexthop,
host = state->hostname,
namaddr = state->namaddrport,
+ sni = state->sni,
serverid = state->addrport,
helo = state->helo ? state->helo : "",
protocols = state->protocols,
static void ssl_cleanup(void)
{
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
ERR_remove_thread_state(0); /* Thread-id is now a pointer */
-#else
- ERR_remove_state(0); /* Deprecated with OpenSSL 1.0.0 */
-#endif
ENGINE_cleanup();
CONF_modules_unload(1);
ERR_free_strings();
myfree(state->CAfile);
myfree(state->certfile);
myfree(state->keyfile);
+ myfree(state->sni);
if (state->options.level)
myfree(state->options.level);
myfree(state->options.logopts);
static void usage(void)
{
#ifdef USE_TLS
- fprintf(stderr, "usage: %s %s \\\n\t%s \\\n\t%s \\\n\t%s"
+ fprintf(stderr, "usage: %s %s \\\n\t%s \\\n\t%s \\\n\t%s \\\n\t%s"
" destination [match ...]\n", var_procname,
"[-acCfSvw] [-t conn_tmout] [-T cmd_tmout] [-L logopts]",
"[-h host_lookup] [-l level] [-d mdalg] [-g grade] [-p protocols]",
- "[-A tafile] [-F CAfile.pem] [-P CApath/] "
- "[-k certfile [-K keyfile]] [-m count] [-r delay]",
- "[-o name=value]");
+ "[-A tafile] [-F CAfile.pem] [-P CApath/] [-s servername]",
+ "[ [-H chainfiles] | [-k certfile [-K keyfile]] ]",
+ "[-m count] [-r delay] [-o name=value]");
#else
fprintf(stderr, "usage: %s [-acStTv] [-h host_lookup] [-o name=value] destination\n",
var_procname);
log_level = state->options.logopts,
verifydepth = DEF_SMTP_TLS_SCERT_VD,
cache_type = "memory",
+ chain_files = state->chains,
cert_file = state->certfile,
key_file = state->keyfile,
dcert_file = "",
#define OPTS "a:ch:o:St:T:v"
#ifdef USE_TLS
-#define TLSOPTS "A:Cd:fF:g:k:K:l:L:m:M:p:P:r:wX"
+#define TLSOPTS "A:Cd:fF:g:H:k:K:l:L:m:M:p:P:r:s:wX"
state->mdalg = mystrdup("sha1");
state->CApath = mystrdup("");
state->CAfile = mystrdup("");
+ state->chains = mystrdup("");
state->certfile = mystrdup("");
state->keyfile = mystrdup("");
+ state->sni = mystrdup("");
state->options.tas = argv_alloc(1);
state->options.logopts = 0;
state->level = TLS_LEV_DANE;
myfree(state->grade);
state->grade = mystrdup(optarg);
break;
+ case 'H':
+ {
+ char *tmp;
+
+ if (*state->chains)
+ tmp = concatenate(state->chains, ", ", optarg, (char *) 0);
+ else
+ tmp = mystrdup(optarg);
+ myfree(state->chains);
+ state->chains = tmp;
+ }
+ break;
case 'k':
myfree(state->certfile);
state->certfile = mystrdup(optarg);
case 'r':
state->reconnect = atoi(optarg);
break;
+ case 's':
+ myfree(state->sni);
+ state->sni = mystrdup(optarg);
+ break;
case 'w':
state->wrapper_mode = 1;
+ break;
case 'X':
state->tlsproxy_mode = 1;
break;
if (state->addr_pref < 0)
msg_fatal("bad '-a' option value: %s", state->options.addr_pref);
+ if (state->tlsproxy_mode && state->reconnect)
+ msg_fatal("The -X and -r options are mutually exclusive");
+
/*
* Select hostname lookup mechanisms.
*/
#ifdef USE_TLS
+ if (*state->chains && *state->certfile)
+ msg_fatal("When the '-H' option is used, neither the '-k',"
+ " nor the '-K' options may be used");
+
if (state->reconnect < 0)
tlsmgrmem_disable();
/* TROUBLE SHOOTING CONTROLS
/* .ad
/* .fi
-/* The DEBUG_README file gives examples of how to trouble shoot a
+/* The DEBUG_README file gives examples of how to troubleshoot a
/* Postfix system.
/* .IP "\fBdebugger_command (empty)\fR"
/* The external command to execute when a Postfix daemon program is
#ifdef USE_TLS
VAR_LMTP_SASL_TLS_OPTS, DEF_LMTP_SASL_TLS_OPTS, &var_smtp_sasl_tls_opts, 0, 0,
VAR_LMTP_SASL_TLSV_OPTS, DEF_LMTP_SASL_TLSV_OPTS, &var_smtp_sasl_tlsv_opts, 0, 0,
+ VAR_LMTP_TLS_CHAIN_FILES, DEF_LMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0,
VAR_LMTP_TLS_CERT_FILE, DEF_LMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0,
VAR_LMTP_TLS_KEY_FILE, DEF_LMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0,
VAR_LMTP_TLS_DCERT_FILE, DEF_LMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0,
VAR_LMTP_TLS_ECCERT_FILE, DEF_LMTP_TLS_ECCERT_FILE, &var_smtp_tls_eccert_file, 0, 0,
VAR_LMTP_TLS_ECKEY_FILE, DEF_LMTP_TLS_ECKEY_FILE, &var_smtp_tls_eckey_file, 0, 0,
VAR_LMTP_TLS_LOGLEVEL, DEF_LMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0,
+ VAR_LMTP_TLS_SNI, DEF_LMTP_TLS_SNI, &var_smtp_tls_sni, 0, 0,
#endif
VAR_LMTP_SASL_MECHS, DEF_LMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
VAR_LMTP_SASL_TYPE, DEF_LMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0,
/* Available in Postfix version 3.4 and later:
/* .IP "\fBsmtp_tls_connection_reuse (no)\fR"
/* Try to make multiple deliveries per TLS-encrypted connection.
+/* .IP "\fBsmtp_tls_chain_files (empty)\fR"
+/* List of one or more PEM files, each holding one or more private keys
+/* directly followed by a corresponding certificate chain.
+/* .IP "\fBsmtp_tls_servername (empty)\fR"
+/* Optional name to send to the remote SMTP server in the TLS Server
+/* Name Indication (SNI) extension.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
int var_smtp_starttls_tmout;
char *var_smtp_tls_CAfile;
char *var_smtp_tls_CApath;
+char *var_smtp_tls_chain_files;
char *var_smtp_tls_cert_file;
char *var_smtp_tls_mand_ciph;
char *var_smtp_tls_excl_ciph;
char *var_smtp_tls_ciph;
char *var_smtp_tls_eccert_file;
char *var_smtp_tls_eckey_file;
+char *var_smtp_tls_sni;
bool var_smtp_tls_blk_early_mail_reply;
bool var_smtp_tls_force_tlsa;
char *var_smtp_tls_insecure_mx_policy;
#ifdef USE_TLS
TLS_CLIENT_INIT_PROPS props;
+ tls_pre_jail_init(TLS_ROLE_CLIENT);
+
/*
* We get stronger type safety and a cleaner interface by combining
* the various parameters into a single tls_client_props structure.
log_level = var_smtp_tls_loglevel,
verifydepth = var_smtp_tls_scert_vd,
cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE),
+ chain_files = var_smtp_tls_chain_files,
cert_file = var_smtp_tls_cert_file,
key_file = var_smtp_tls_key_file,
dcert_file = var_smtp_tls_dcert_file,
ARGV *matchargv; /* Cert match patterns */
DSN_BUF *why; /* Lookup error status */
TLS_DANE *dane; /* DANE TLSA digests */
+ char *sni; /* Optional SNI name when not DANE */
int conn_reuse; /* enable connection reuse */
} SMTP_TLS_POLICY;
_tls_policy_init_tmp->matchargv = 0; \
_tls_policy_init_tmp->why = (w); \
_tls_policy_init_tmp->dane = 0; \
+ _tls_policy_init_tmp->sni = 0; \
_tls_policy_init_tmp->conn_reuse = 0; \
} while (0)
#ifdef USE_TLS
VAR_SMTP_SASL_TLS_OPTS, DEF_SMTP_SASL_TLS_OPTS, &var_smtp_sasl_tls_opts, 0, 0,
VAR_SMTP_SASL_TLSV_OPTS, DEF_SMTP_SASL_TLSV_OPTS, &var_smtp_sasl_tlsv_opts, 0, 0,
+ VAR_SMTP_TLS_CHAIN_FILES, DEF_SMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0,
VAR_SMTP_TLS_CERT_FILE, DEF_SMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0,
VAR_SMTP_TLS_KEY_FILE, DEF_SMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0,
VAR_SMTP_TLS_DCERT_FILE, DEF_SMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0,
VAR_SMTP_TLS_ECCERT_FILE, DEF_SMTP_TLS_ECCERT_FILE, &var_smtp_tls_eccert_file, 0, 0,
VAR_SMTP_TLS_ECKEY_FILE, DEF_SMTP_TLS_ECKEY_FILE, &var_smtp_tls_eckey_file, 0, 0,
VAR_SMTP_TLS_LOGLEVEL, DEF_SMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0,
+ VAR_SMTP_TLS_SNI, DEF_SMTP_TLS_SNI, &var_smtp_tls_sni, 0, 0,
VAR_SMTP_TLS_INSECURE_MX_POLICY, DEF_SMTP_TLS_INSECURE_MX_POLICY, &var_smtp_tls_insecure_mx_policy, 0, 0,
#endif
VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
verifydepth = var_smtp_tls_scert_vd,
cache_type
= LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE),
+ chain_files = var_smtp_tls_chain_files,
cert_file = var_smtp_tls_cert_file,
key_file = var_smtp_tls_key_file,
dcert_file = var_smtp_tls_dcert_file,
nexthop = session->tls_nexthop,
host = STR(iter->host),
namaddr = session->namaddrport,
+ sni = state->tls->sni,
serverid = vstring_str(serverid),
helo = session->helo,
protocols = state->tls->protocols,
nexthop = session->tls_nexthop,
host = STR(iter->host),
namaddr = session->namaddrport,
+ sni = state->tls->sni,
serverid = vstring_str(serverid),
helo = session->helo,
protocols = state->tls->protocols,
#include <mymalloc.h>
#include <vstring.h>
#include <stringops.h>
+#include <valid_hostname.h>
#include <valid_utf8_hostname.h>
#include <ctable.h>
tls->protocols = mystrdup(val);
continue;
}
+ /* Only one instance per policy. */
+ if (!strcasecmp(name, "servername")) {
+ if (tls->sni) {
+ msg_warn("%s: attribute \"%s\" is specified multiple times",
+ WHERE, name);
+ INVALID_RETURN(tls->why, site_level);
+ }
+ if (valid_hostname(val, DONT_GRIPE))
+ tls->sni = mystrdup(val);
+ else {
+ msg_warn("%s: \"%s=%s\" specifies an invalid hostname",
+ WHERE, name, val);
+ INVALID_RETURN(tls->why, site_level);
+ }
+ continue;
+ }
/* Multiple instances per policy. */
if (!strcasecmp(name, "match")) {
if (*val == 0) {
tls->conn_reuse = 0;
} else {
msg_warn("%s: attribute \"%s\" has bad value: \"%s\"",
- WHERE, name, val);
+ WHERE, name, val);
INVALID_RETURN(tls->why, site_level);
}
}
return ((void *) tls);
/*
- * Use main.cf protocols setting if not set in per-destination table.
+ * Use main.cf protocols and SNI settings if not set in per-destination
+ * table.
*/
if (tls->level > TLS_LEV_NONE && tls->protocols == 0)
tls->protocols =
mystrdup((tls->level == TLS_LEV_MAY) ?
var_smtp_tls_proto : var_smtp_tls_mand_proto);
+ if (tls->level > TLS_LEV_NONE && tls->sni == 0) {
+ if (!*var_smtp_tls_sni || valid_hostname(var_smtp_tls_sni, DONT_GRIPE))
+ tls->sni = mystrdup(var_smtp_tls_sni);
+ else {
+ msg_warn("\"%s = %s\" specifies an invalid hostname",
+ VAR_LMTP_SMTP(TLS_SNI), var_smtp_tls_sni);
+ MARK_INVALID(tls->why, &tls->level);
+ return ((void *) tls);
+ }
+ }
/*
* Compute cipher grade (if set in per-destination table, else
if (tls->protocols)
myfree(tls->protocols);
+ if (tls->sni)
+ myfree(tls->sni);
if (tls->grade)
myfree(tls->grade);
if (tls->exclusions)
/* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
/* The prioritized list of elliptic curves supported by the Postfix
/* SMTP client and server.
+/* .PP
+/* Available in Postfix version 3.4 and later:
+/* .IP "\fBsmtpd_tls_chain_files (empty)\fR"
+/* List of one or more PEM files, each holding one or more private keys
+/* directly followed by a corresponding certificate chain.
+/* .IP "\fBtls_server_sni_maps (empty)\fR"
+/* Optional lookup tables that map names received from remote SMTP
+/* clients via the TLS Server Name Indication (SNI) extension to the
+/* appropriate keys and certificate chains.
/* OBSOLETE STARTTLS CONTROLS
/* .ad
/* .fi
/* fails due to a temporary error condition.
/* .IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR"
/* The Postfix SMTP server's action when reject_unknown_helo_hostname
-/* fails due to an temporary error condition.
+/* fails due to a temporary error condition.
/* .IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR"
/* The Postfix SMTP server's action when reject_unknown_sender_domain
/* or reject_unknown_recipient_domain fail due to a temporary error
char *var_smtpd_tls_eecdh;
char *var_smtpd_tls_eccert_file;
char *var_smtpd_tls_eckey_file;
+char *var_smtpd_tls_chain_files;
#endif
no_server_cert_ok = 0;
cert_file = var_smtpd_tls_cert_file;
}
- have_server_cert =
- (*cert_file || *var_smtpd_tls_dcert_file || *var_smtpd_tls_eccert_file);
+ have_server_cert = *cert_file != 0;
+ have_server_cert |= *var_smtpd_tls_eccert_file != 0;
+ have_server_cert |= *var_smtpd_tls_dcert_file != 0;
+
+ if (*var_smtpd_tls_chain_files != 0) {
+ if (!have_server_cert)
+ have_server_cert = 1;
+ else
+ msg_warn("Both %s and one or more of the legacy "
+ " %s, %s or %s are non-empty; the legacy "
+ " parameters will be ignored",
+ VAR_SMTPD_TLS_CHAIN_FILES,
+ VAR_SMTPD_TLS_CERT_FILE,
+ VAR_SMTPD_TLS_ECCERT_FILE,
+ VAR_SMTPD_TLS_DCERT_FILE);
+ }
/* Some TLS configuration errors are not show stoppers. */
if (!have_server_cert && require_server_cert)
msg_warn("Need a server cert to request client certs");
if (!var_smtpd_enforce_tls && var_smtpd_tls_req_ccert)
msg_warn("Can't require client certs unless TLS is required");
/* After a show-stopper error, reply with 454 to STARTTLS. */
- if (have_server_cert || (no_server_cert_ok && !require_server_cert))
+ if (have_server_cert
+ || (no_server_cert_ok && !require_server_cert)) {
+
+ tls_pre_jail_init(TLS_ROLE_SERVER);
/*
* Large parameter lists are error-prone, so we emulate a
verifydepth = var_smtpd_tls_ccert_vd,
cache_type = TLS_MGR_SCACHE_SMTPD,
set_sessid = var_smtpd_tls_set_sessid,
+ chain_files = var_smtpd_tls_chain_files,
cert_file = cert_file,
key_file = var_smtpd_tls_key_file,
dcert_file = var_smtpd_tls_dcert_file,
var_smtpd_tls_proto,
ask_ccert = ask_client_cert,
mdalg = var_smtpd_tls_fpt_dgst);
- else
+ } else {
msg_warn("No server certs available. TLS won't be enabled");
+ }
#endif /* USE_TLSPROXY */
#else
msg_warn("TLS has been selected, but TLS support is not compiled in");
#ifdef USE_TLS
VAR_RELAY_CCERTS, DEF_RELAY_CCERTS, &var_smtpd_relay_ccerts, 0, 0,
VAR_SMTPD_SASL_TLS_OPTS, DEF_SMTPD_SASL_TLS_OPTS, &var_smtpd_sasl_tls_opts, 0, 0,
+ VAR_SMTPD_TLS_CHAIN_FILES, DEF_SMTPD_TLS_CHAIN_FILES, &var_smtpd_tls_chain_files, 0, 0,
VAR_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CERT_FILE, &var_smtpd_tls_cert_file, 0, 0,
VAR_SMTPD_TLS_KEY_FILE, DEF_SMTPD_TLS_KEY_FILE, &var_smtpd_tls_key_file, 0, 0,
VAR_SMTPD_TLS_DCERT_FILE, DEF_SMTPD_TLS_DCERT_FILE, &var_smtpd_tls_dcert_file, 0, 0,
#define ssl_cipher_stack_t STACK_OF(SSL_CIPHER)
#define ssl_comp_stack_t STACK_OF(SSL_COMP)
-#if (OPENSSL_VERSION_NUMBER < 0x00090700f)
-#error "need OpenSSL version 0.9.7 or later"
+#if (OPENSSL_VERSION_NUMBER < 0x1000200fUL)
+#error "OpenSSL releases prior to 1.0.2 are no longer supported"
#endif
/* Backwards compatibility with OpenSSL < 1.1.0 */
#define OpenSSL_version_num SSLeay
#define OpenSSL_version SSLeay_version
#define OPENSSL_VERSION SSLEAY_VERSION
+#define X509_STORE_up_ref(store) \
+ CRYPTO_add(&((store)->references), 1, CRYPTO_LOCK_X509)
#define X509_up_ref(x) \
CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
#define EVP_PKEY_up_ref(k) \
#define tls_get_peer_dh_pubkey SSL_get_server_tmp_key
#else
#define tls_get_peer_dh_pubkey SSL_get_peer_tmp_key
-#endif
-
-/* SSL_CIPHER_get_name() got constified in 0.9.7g */
-#if OPENSSL_VERSION_NUMBER >= 0x0090707fL /* constification */
-#define SSL_CIPHER_const const
-#else
-#define SSL_CIPHER_const
-#endif
-
-/* d2i_X509() got constified in 0.9.8a */
-#if OPENSSL_VERSION_NUMBER >= 0x0090801fL
-#define D2I_const const
-#else
-#define D2I_const
#endif
/*
*/
struct TLS_APPL_STATE {
SSL_CTX *ssl_ctx;
+ SSL_CTX *sni_ctx;
int log_mask;
char *cache_type;
char *cipher_exclusions; /* Last cipher selection state */
const char *log_level;
int verifydepth;
const char *cache_type;
+ const char *chain_files;
const char *cert_file;
const char *key_file;
const char *dcert_file;
const char *nexthop; /* destination domain */
const char *host; /* MX hostname */
const char *namaddr; /* nam[addr] for logging */
+ const char *sni; /* optional SNI name when not DANE */
const char *serverid; /* Session cache key */
const char *helo; /* Server name from EHLO response */
const char *protocols; /* Enabled protocols */
tls_session_stop(ctx, (stream), (timeout), (failure), (TLScontext))
#define TLS_CLIENT_INIT_ARGS(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
- a10, a11, a12, a13) \
+ a10, a11, a12, a13, a14) \
(((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
- ((props)->a12), ((props)->a13), (props))
+ ((props)->a12), ((props)->a13), ((props)->a14), (props))
#define TLS_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
- a10, a11, a12, a13) \
+ a10, a11, a12, a13, a14) \
tls_client_init(TLS_CLIENT_INIT_ARGS(props, a1, a2, a3, a4, a5, \
- a6, a7, a8, a9, a10, a11, a12, a13))
+ a6, a7, a8, a9, a10, a11, a12, a13, a14))
#define TLS_CLIENT_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
- a10, a11, a12, a13, a14, a15, a16) \
+ a10, a11, a12, a13, a14, a15, a16, a17) \
tls_client_start((((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
- ((props)->a16), (props)))
+ ((props)->a16), ((props)->a17), (props)))
/*
* tls_server.c
int verifydepth;
const char *cache_type;
int set_sessid;
+ const char *chain_files;
const char *cert_file;
const char *key_file;
const char *dcert_file;
tls_session_stop(ctx, (stream), (timeout), (failure), (TLScontext))
#define TLS_SERVER_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
- a10, a11, a12, a13, a14, a15, a16, a17, a18, a19) \
+ a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20) \
tls_server_init((((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \
- ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props)))
+ ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), \
+ ((props)->a20), (props)))
#define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \
tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \
extern const char *tls_run_version(void);
extern const char **tls_pkey_algorithms(void);
extern void tls_log_summary(TLS_ROLE, TLS_USAGE, TLS_SESS_STATE *);
+extern void tls_pre_jail_init(TLS_ROLE);
#ifdef TLS_INTERNAL
extern void tls_set_dh_from_file(const char *, int);
extern DH *tls_tmp_dh_cb(SSL *, int, int);
extern void tls_set_eecdh_curve(SSL_CTX *, const char *);
-extern void tls_auto_eecdh_curves(SSL_CTX *);
+extern void tls_auto_eecdh_curves(SSL_CTX *, const char *);
/*
* tls_rsa.c
* tls_certkey.c
*/
extern int tls_set_ca_certificate_info(SSL_CTX *, const char *, const char *);
-extern int tls_set_my_certificate_key_info(SSL_CTX *,
+extern int tls_load_pem_chain(SSL *, const char *, const char *);
+extern int tls_set_my_certificate_key_info(SSL_CTX *, /* All */ const char *,
/* RSA */ const char *, const char *,
/* DSA */ const char *, const char *,
/* ECDSA */ const char *, const char *);
*/
extern int TLScontext_index;
-extern TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *, int);
+extern TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *, SSL_CTX *, int);
extern TLS_SESS_STATE *tls_alloc_sess_context(int, const char *);
extern void tls_free_context(TLS_SESS_STATE *);
extern void tls_check_version(void);
/* const char *CAfile;
/* const char *CApath;
/*
-/* int tls_set_my_certificate_key_info(ctx, cert_file, key_file,
+/* int tls_set_my_certificate_key_info(ctx, chain_files,
+/* cert_file, key_file,
/* dcert_file, dkey_file,
/* eccert_file, eckey_file)
/* SSL_CTX *ctx;
+/* const char *chain_files;
/* const char *cert_file;
/* const char *key_file;
/* const char *dcert_file;
/* const char *dkey_file;
/* const char *eccert_file;
/* const char *eckey_file;
+/*
+/* int tls_load_pem_chain(ssl, pem, origin);
+/* SSL *ssl;
+/* const char *pem;
+/* const char *origin;
/* DESCRIPTION
/* OpenSSL supports two options to specify CA certificates:
/* either one file CAfile that contains all CA certificates,
/* certificates and private keys for the specified TLS server
/* or client context. Up to 3 pairs of key pairs (RSA, DSA and
/* ECDSA) may be specified; each certificate and key pair must
-/* match. The result is -1 on failure, 0 on success.
+/* match. The chain_files argument makes it possible to load
+/* keys and certificates for more than 3 algorithms, via either
+/* a single file, or a list of multiple files. The result is -1
+/* on failure, 0 on success.
+/*
+/* tls_load_pem_chain() loads one or more (key, cert, [chain])
+/* triples from an in-memory PEM blob. The "origin" argument
+/* is used for error logging, to identify the provenance of the
+/* PEM blob. Exactly one of "ctx" or "ssl" must be non-zero,
+/* and the keys and certificates will be loaded into that object.
/* LICENSE
/* .ad
/* .fi
#define TLS_INTERNAL
#include <tls.h>
+#define STATE_PEM_NOGO -2 /* Unusable object or sequence */
+#define STATE_PEM_FAIL -1 /* Error in libcrypto */
+#define STATE_PEM_DONE 0 /* End of PEM file, return value only */
+#define STATE_PEM_INIT 1 /* No PEM objects seen */
+#define STATE_PEM_PKEY 2 /* Last object was a private key */
+#define STATE_PEM_CERT 3 /* Last object was a certificate */
+#define STATE_PEM_BOTH 4 /* Unordered, key + first cert seen */
+
+#define LOAD_MODE_MIXED 0 /* Key order not fixed */
+#define LOAD_MODE_MORE 1 /* Keys first, more files */
+#define LOAD_MODE_LAST 2 /* Keys first, last file */
+
+typedef struct pem_load_state {
+ const char *origin; /* PEM chain origin description */
+ const char *source; /* PEM BIO origin description */
+ const char *keysrc; /* Source of last key */
+ BIO *pembio; /* PEM input stream */
+ SSL_CTX *ctx; /* SSL connection factory */
+ SSL *ssl; /* SSL connection handle */
+ EVP_PKEY *pkey; /* current key */
+ X509 *cert; /* current certificate */
+ x509_stack_t *chain; /* current chain */
+ int keynum; /* Index of last key */
+ int objnum; /* Index in current source */
+ int state; /* Current state, never "DONE" */
+} pem_load_state;
+
+/* init_pem_load_state - fill in initial pem_load_state structure */
+
+static void init_pem_load_state(pem_load_state *st, SSL_CTX *ctx, SSL *ssl,
+ const char *origin)
+{
+ st->origin = origin;
+ st->source = origin;
+ st->keysrc = 0;
+ st->pembio = 0;
+ st->ctx = ctx;
+ st->ssl = ssl;
+ st->pkey = 0;
+ st->cert = 0;
+ st->chain = 0;
+ st->keynum = 0;
+ st->objnum = 0;
+ st->state = STATE_PEM_INIT;
+}
+
+/* use_chain - load cert, key and chain into ctx or ssl */
+
+#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL
+static int use_chain(pem_load_state *st)
+{
+ int ret;
+ int replace = 0;
+
+ /*
+ * With replace == 0, an error is returned if the algorithm slot is
+ * already taken, and a previous key + chain of the same type would be
+ * clobbered.
+ */
+ if (st->ctx)
+ ret = SSL_CTX_use_cert_and_key(st->ctx, st->cert, st->pkey, st->chain,
+ replace);
+ else
+ ret = SSL_use_cert_and_key(st->ssl, st->cert, st->pkey, st->chain,
+ replace);
+
+ /*
+ * SSL_[CTX_]_use_cert_key() uprefs all the objects in question, so we
+ * must free ours.
+ */
+ X509_free(st->cert);
+ st->cert = 0;
+ EVP_PKEY_free(st->pkey);
+ st->pkey = 0;
+ sk_X509_pop_free(st->chain, X509_free);
+ st->chain = 0;
+
+ return ret;
+}
+
+#else
+
+/* Legacy OpenSSL 1.0.2 interface */
+static int use_chain(pem_load_state *st)
+{
+ int ret = 1;
+
+#define TRY(op, o) \
+ ((st->ctx && SSL_CTX_##op(st->ctx, st->o)) || \
+ (st->ssl && SSL_##op(st->ssl, st->o)))
+
+ /*
+ * This ensures the cert and key have the same type and match. A similar
+ * check is performed in use_PrivateKey(), but only if if the key and
+ * cert are of the same type.
+ */
+ if (!X509_check_private_key(st->cert, st->pkey))
+ ret = 0;
+
+ /*
+ * XXX: With OpenSSL 1.0.2, setting the certificate clears any previous
+ * mismatched key of the same type, so we don't detect conflicting chains
+ * for the same algorithm, and silently use the last one.
+ */
+
+ /* use_certificate() increments the refcount */
+ if (ret && !TRY(use_certificate, cert))
+ ret = 0;
+ X509_free(st->cert);
+
+ /* use_PrivateKey() increments the refcount */
+ if (ret && !TRY(use_PrivateKey, pkey))
+ ret = 0;
+ EVP_PKEY_free(st->pkey);
+
+ /* set0_chain() does not increment the refcount */
+ if (!ret || !(ret = TRY(set0_chain, chain)))
+ sk_X509_pop_free(st->chain, X509_free);
+
+ return ret;
+}
+
+#endif
+
+/* load_cert - decode and load a DER-encoded X509 certificate */
+
+static void load_cert(pem_load_state *st, int mode, unsigned char *buf,
+ long buflen)
+{
+ const unsigned char *p = buf;
+ X509 *cert = d2i_X509(0, &p, buflen);
+
+ /*
+ * When expecting one or more keys, each key must precede the associated
+ * certicate (chain).
+ */
+ if (mode != LOAD_MODE_MIXED && st->state == STATE_PEM_INIT) {
+ msg_warn("error loading chain from %s: key not first", st->source);
+ if (cert)
+ X509_free(cert);
+ st->state = STATE_PEM_NOGO;
+ return;
+ }
+ if (!cert) {
+ msg_warn("error loading certificate (PEM object number %d) from %s",
+ st->objnum, st->source);
+ st->state = STATE_PEM_FAIL;
+ return;
+ }
+ if (p - buf != buflen) {
+ msg_warn("error loading certificate (PEM object number %d) from %s:"
+ " excess data", st->objnum, st->source);
+ X509_free(cert);
+ st->state = STATE_PEM_NOGO;
+ return;
+ }
+
+ /*
+ * The first certificate after a new key becomes the leaf certificate for
+ * that key, and the additional issuer certificte list is cleared.
+ * Subsequent certificates are added to the issuer chain (without an
+ * "upref" so they are now owne by the chain, and must not be freed).
+ *
+ * In "mixed" mode, the first certificate is either after the key, or else
+ * comes first.
+ */
+ if (!st->cert) {
+ st->cert = cert;
+ } else if ((!st->chain && (st->chain = sk_X509_new_null()) == 0)
+ || !sk_X509_push(st->chain, cert)) {
+ X509_free(cert);
+ st->state = STATE_PEM_FAIL;
+ return;
+ }
+ if (st->state == STATE_PEM_INIT) {
+ st->state = STATE_PEM_CERT;
+ return;
+ }
+ if (st->state != STATE_PEM_PKEY)
+ return;
+ if (mode == LOAD_MODE_MIXED)
+ st->state = STATE_PEM_BOTH;
+ else
+ st->state = STATE_PEM_CERT;
+}
+
+/* load_pkey - decode and load a DER-encoded private key */
+
+static void load_pkey(pem_load_state *st, int mode, int pkey_type,
+ unsigned char *buf, long buflen)
+{
+ const char *myname = "load_pkey";
+ const unsigned char *p = buf;
+ PKCS8_PRIV_KEY_INFO *p8;
+ EVP_PKEY *pkey = 0;
+
+ /*
+ * Keys are either algorithm-specific, or else (ideally) algorithm
+ * agnostic, in which case they are wrapped as PKCS#8 objects with an
+ * algorithm OID.
+ */
+ if (pkey_type != NID_undef) {
+ pkey = d2i_PrivateKey(pkey_type, 0, &p, buflen);
+ } else {
+ p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, buflen);
+ if (p8) {
+ pkey = EVP_PKCS82PKEY(p8);
+ PKCS8_PRIV_KEY_INFO_free(p8);
+ }
+ }
+
+ /*
+ * Except in "mixed" mode, where a single key appears anywhere in a file
+ * with multiple certificates, a given key is either at the first object
+ * we process, or occurs after a previous key and one or more associated
+ * certificates. Thus, encountering a key in a state other than "INIT"
+ * or "CERT" is an error, except in "mixed" mode where a second key is
+ * ignored with a warning.
+ */
+ switch (st->state) {
+ case STATE_PEM_INIT:
+ break;
+
+ case STATE_PEM_CERT:
+
+ /*
+ * When processing the key of a "next" chain, we're in the "CERT"
+ * state, and first complete the processing of the previous chain.
+ */
+ if (mode != LOAD_MODE_MIXED && !use_chain(st)) {
+ msg_warn("error loading certificate chain: "
+ "key number %d in %s does not match the certificate",
+ st->keynum, st->keysrc);
+ st->state = STATE_PEM_FAIL;
+ return;
+ }
+ break;
+
+ case STATE_PEM_PKEY:
+ case STATE_PEM_BOTH:
+ if (pkey)
+ EVP_PKEY_free(pkey);
+
+ /* XXX: Legacy behaviour was silent, should we stay silent? */
+ if (mode == LOAD_MODE_MIXED) {
+ msg_warn("ignoring 2nd key at index %d in %s after 1st at %d",
+ st->objnum, st->source, st->keynum);
+ return;
+ }
+ /* Mode != "mixed" => state == "PKEY", so back-to-back keys */
+ msg_warn("error loading certificate chain: "
+ "key number %d in %s not followed by a certificate",
+ st->keynum, st->keysrc);
+ st->state = STATE_PEM_NOGO;
+ return;
+
+ default:
+ msg_error("%s: internal error: bad state: %d", myname, st->state);
+ st->state = STATE_PEM_NOGO;
+ return;
+ }
+
+ if (!pkey) {
+ msg_warn("error loading private key (PEM object number %d) from %s",
+ st->objnum, st->source);
+ st->state = STATE_PEM_FAIL;
+ return;
+ }
+ /* Reject unexpected data beyond the end of the DER-encoded object */
+ if (p - buf != buflen) {
+ msg_warn("error loading private key (PEM object number %d) from %s:"
+ " excess data", st->objnum, st->source);
+ EVP_PKEY_free(pkey);
+ st->state = STATE_PEM_NOGO;
+ return;
+ }
+ /* All's well, update the state */
+ st->pkey = pkey;
+ if (st->state == STATE_PEM_INIT) {
+ st->state = STATE_PEM_PKEY;
+ return;
+ }
+ if (st->state != STATE_PEM_CERT)
+ return;
+ if (mode == LOAD_MODE_MIXED)
+ st->state = STATE_PEM_BOTH;
+ else
+ st->state = STATE_PEM_PKEY;
+}
+
+/* load_pem_object - load next pkey or cert from open BIO */
+
+static int load_pem_object(pem_load_state *st, int mode)
+{
+ char *name = 0;
+ char *header = 0;
+ unsigned char *buf = 0;
+ long buflen;
+ int pkey_type = NID_undef;
+
+ if (!PEM_read_bio(st->pembio, &name, &header, &buf, &buflen)) {
+ if (ERR_GET_REASON(ERR_peek_last_error()) != PEM_R_NO_START_LINE)
+ return (st->state = STATE_PEM_FAIL);
+
+ ERR_clear_error();
+ /* Clean EOF, preserve stored state for any next input file */
+ return (STATE_PEM_DONE);
+ }
+ if (strcmp(name, PEM_STRING_X509) == 0
+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+ load_cert(st, mode, buf, buflen);
+ } else if (strcmp(name, PEM_STRING_PKCS8INF) == 0
+ || ((pkey_type = EVP_PKEY_RSA) != NID_undef
+ && strcmp(name, PEM_STRING_RSA) == 0)
+ || ((pkey_type = EVP_PKEY_EC) != NID_undef
+ && strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0)
+ || ((pkey_type = EVP_PKEY_DSA) != NID_undef
+ && strcmp(name, PEM_STRING_DSA) == 0)) {
+ load_pkey(st, mode, pkey_type, buf, buflen);
+ } else if (mode != LOAD_MODE_MIXED) {
+ msg_warn("error loading %s: unexpected PEM type: %s", st->source, name);
+ st->state = STATE_PEM_NOGO;
+ }
+ OPENSSL_free(name);
+ OPENSSL_free(header);
+ OPENSSL_free(buf);
+ return (st->state);
+}
+
+/* load_pem_bio - load all key/certs from bio and free the bio */
+
+static int load_pem_bio(pem_load_state *st, int mode)
+{
+ int state = st->state;
+
+ /* Don't report old news */
+ ERR_clear_error();
+
+ /*
+ * When "mode" == LOAD_MODE_MORE, more files will be loaded after the
+ * current file, and final processing for the last key and chain is
+ * deferred.
+ *
+ * When "mode" == LOAD_MODE_LAST, this is the last file in the list, and we
+ * validate the final chain.
+ *
+ * When "mode" == LOAD_MODE_MIXED, this is the only file, and its key can
+ * occur at any location. In this case we load at most one key.
+ */
+ for (st->objnum = 1; state > STATE_PEM_DONE; ++st->objnum) {
+ state = load_pem_object(st, mode);
+ if (state == STATE_PEM_PKEY || state == STATE_PEM_BOTH) {
+ if (mode != LOAD_MODE_MIXED) {
+ st->keynum = st->objnum;
+ st->keysrc = st->source;
+ } else if (st->keynum == 0) {
+ st->keynum = st->objnum;
+ st->keysrc = st->source;
+ }
+ }
+ }
+ /* We're responsible for unconditionally freeing the BIO */
+ BIO_free(st->pembio);
+
+ /* Success with current file, go back for more? */
+ if (mode == LOAD_MODE_MORE && state >= STATE_PEM_DONE)
+ return 0;
+
+ /*
+ * If all is well so far, complete processing for the final chain.
+ */
+ if (st->state >= STATE_PEM_INIT) {
+ if (st->state == STATE_PEM_INIT) {
+ msg_warn("No PEM data in %s", st->origin);
+ st->state = STATE_PEM_NOGO;
+ } else if (st->state == STATE_PEM_PKEY) {
+ msg_warn("No certs for key number %d in %s",
+ st->keynum, st->keysrc);
+ st->state = STATE_PEM_NOGO;
+ } else if (mode == LOAD_MODE_MIXED && st->state == STATE_PEM_CERT) {
+ msg_warn("No private key found in %s", st->origin);
+ st->state = STATE_PEM_NOGO;
+ } else if (!use_chain(st)) {
+ msg_warn("key number %d in %s does not match next certificate",
+ st->keynum, st->keysrc);
+ st->state = STATE_PEM_FAIL;
+ } else {
+ /* use_chain() freed the key and certs, and zeroed the pointers */
+ return (0);
+ }
+ }
+ /* Free any left-over unused keys and certs */
+ EVP_PKEY_free(st->pkey);
+ X509_free(st->cert);
+ sk_X509_pop_free(st->chain, X509_free);
+
+ switch (st->state) {
+ case STATE_PEM_FAIL:
+ tls_print_errors();
+ /* FALLTHROUGH */
+ default:
+ msg_warn("error loading private keys and certificates from: %s: %s",
+ st->ctx ? "disabling TLS support" : "aborting TLS handshake",
+ st->origin);
+ return (-1);
+ }
+}
+
+/* load_chain_files - load sequence of (key, cert, [chain]) from files */
+
+static int load_chain_files(SSL_CTX *ctx, const char *chain_files)
+{
+ pem_load_state st;
+ ARGV *files = argv_split(chain_files, CHARS_COMMA_SP);
+ char **filep;
+ int ret = 0;
+ int mode;
+
+ init_pem_load_state(&st, ctx, 0, chain_files);
+ for (filep = files->argv; ret == 0 && *filep; ++filep) {
+ st.source = *filep;
+ if ((st.pembio = BIO_new_file(st.source, "r")) == NULL) {
+ msg_warn("error opening chain file: %s: %m", st.source);
+ st.state = STATE_PEM_NOGO;
+ break;
+ }
+ mode = filep[1] ? LOAD_MODE_MORE : LOAD_MODE_LAST;
+ /* load_pem_bio() frees the BIO */
+ ret = load_pem_bio(&st, mode);
+ }
+ argv_free(files);
+ return (ret);
+}
+
/* tls_set_ca_certificate_info - load Certification Authority certificates */
int tls_set_ca_certificate_info(SSL_CTX *ctx, const char *CAfile,
const char *key_file)
{
+ /*
+ * When the certfile and keyfile are one and the same, load both in a
+ * single pass, avoiding potential race conditions during key rollover.
+ */
+ if (strcmp(cert_file, key_file) == 0) {
+ pem_load_state st;
+
+ init_pem_load_state(&st, ctx, 0, cert_file);
+ if ((st.pembio = BIO_new_file(st.source, "r")) == NULL) {
+ msg_warn("error opening chain file: %s: %m", st.source);
+ return (-1);
+ }
+ /* load_pem_bio() frees the BIO */
+ return (load_pem_bio(&st, LOAD_MODE_MIXED) == 0);
+ }
+
/*
* We need both the private key (in key_file) and the public key
- * certificate (in cert_file). Both may specify the same file.
+ * certificate (in cert_file).
*
* Code adapted from OpenSSL apps/s_cb.c.
*/
/* tls_set_my_certificate_key_info - load client or server certificates/keys */
-int tls_set_my_certificate_key_info(SSL_CTX *ctx,
+int tls_set_my_certificate_key_info(SSL_CTX *ctx, const char *chain_files,
const char *cert_file,
const char *key_file,
const char *dcert_file,
const char *eckey_file)
{
+ /* The "chain_files" parameter overrides all the legacy parameters */
+ if (chain_files && *chain_files)
+ return load_chain_files(ctx, chain_files);
+
/*
* Lack of certificates is fine so long as we are prepared to use
* anonymous ciphers.
*/
if (*cert_file && !set_cert_stuff(ctx, "RSA", cert_file, key_file))
- return (-1); /* logged */
+ return (-1); /* logged */
if (*dcert_file && !set_cert_stuff(ctx, "DSA", dcert_file, dkey_file))
return (-1); /* logged */
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fL && !defined(OPENSSL_NO_ECDH)
+#ifndef OPENSSL_NO_ECDH
if (*eccert_file && !set_cert_stuff(ctx, "ECDSA", eccert_file, eckey_file))
return (-1); /* logged */
#else
return (0);
}
+/* tls_load_pem_chain - load in-memory PEM client or server chain */
+
+int tls_load_pem_chain(SSL *ssl, const char *pem, const char *origin)
+{
+ static VSTRING *obuf;
+ pem_load_state st;
+
+ if (!obuf)
+ obuf = vstring_alloc(100);
+ vstring_sprintf(obuf, "SNI data for %s", origin);
+ init_pem_load_state(&st, 0, ssl, vstring_str(obuf));
+
+ if ((st.pembio = BIO_new_mem_buf(pem, -1)) == NULL) {
+ msg_warn("error opening memory BIO for %s", st.origin);
+ tls_print_errors();
+ return (-1);
+ }
+ /* load_pem_bio() frees the BIO */
+ return (load_pem_bio(&st, LOAD_MODE_LAST));
+}
+
#endif
* uses certificates).
*/
if (tls_set_my_certificate_key_info(client_ctx,
+ props->chain_files,
props->cert_file,
props->key_file,
props->dcert_file,
* configurable with the preferred curve negotiated via the supported
* curves extension.
*/
- tls_auto_eecdh_curves(client_ctx);
+ tls_auto_eecdh_curves(client_ctx, var_tls_eecdh_auto);
/*
* Finally, the setup for the server certificate checking, done "by the
* Allocate an application context, and populate with mandatory protocol
* and cipher data.
*/
- app_ctx = tls_alloc_app_context(client_ctx, log_mask);
+ app_ctx = tls_alloc_app_context(client_ctx, 0, log_mask);
/*
* The external session cache is implemented by the tlsmgr(8) process.
SSL_SESSION *session = 0;
TLS_SESS_STATE *TLScontext;
TLS_APPL_STATE *app_ctx = props->ctx;
+ const char *sni = 0;
char *myserverid;
int log_mask = app_ctx->log_mask;
}
}
#ifdef TLSEXT_MAXLEN_host_name
- if (TLS_DANE_BASED(props->tls_level)
- && strlen(props->host) <= TLSEXT_MAXLEN_host_name) {
+ if (TLS_DANE_BASED(props->tls_level)) {
/*
* With DANE sessions, send an SNI hint. We don't care whether the
* SMTP server).
*
* Since the hostname is DNSSEC-validated, it must be a DNS FQDN and
- * thererefore valid for use with SNI. Failure to set a valid SNI
- * hostname is a memory allocation error, and thus transient. Since
- * we must not cache the session if we failed to send the SNI name,
- * we have little choice but to abort.
+ * thererefore valid for use with SNI.
*/
- if (!SSL_set_tlsext_host_name(TLScontext->con, props->host)) {
+ sni = props->host;
+ } else if (props->sni && *props->sni) {
+ if (strcmp(props->sni, "hostname") == 0)
+ sni = props->host;
+ else if (strcmp(props->sni, "nexthop") == 0)
+ sni = props->nexthop;
+ else
+ sni = props->sni;
+ }
+ if (sni && strlen(sni) <= TLSEXT_MAXLEN_host_name) {
+
+ /*
+ * Failure to set a valid SNI hostname is a memory allocation error,
+ * and thus transient. Since we must not cache the session if we
+ * failed to send the SNI name, we have little choice but to abort.
+ */
+ if (!SSL_set_tlsext_host_name(TLScontext->con, sni)) {
msg_warn("%s: error setting SNI hostname to: %s", props->namaddr,
- props->host);
+ sni);
tls_free_context(TLScontext);
return (0);
}
if (log_mask & TLS_LOG_DEBUG)
- msg_info("%s: SNI hostname: %s", props->namaddr, props->host);
+ msg_info("%s: SNI hostname: %s", props->namaddr, sni);
}
#endif
tls_int_seed();
(void) tls_ext_seed(var_tls_daemon_rand_bytes);
- /*
- * Initialize the SSL connection to connect state. This should not be
- * necessary anymore since 0.9.3, but the call is still in the library
- * and maintaining compatibility never hurts.
- */
- SSL_set_connect_state(TLScontext->con);
-
/*
* Connect the SSL connection with the network socket.
*/
TLS_SESS_STATE *tls_client_post_connect(TLS_SESS_STATE *TLScontext,
const TLS_CLIENT_START_PROPS *props)
{
- SSL_CIPHER_const SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
X509 *peercert;
/* Turn off packet dump if only dumping the handshake */
/* Application-specific. */
-#undef TRUST_ANCHOR_SUPPORT
#undef DANE_TLSA_SUPPORT
-#undef WRAP_SIGNED
-
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fL && \
- (defined(X509_V_FLAG_PARTIAL_CHAIN) || !defined(OPENSSL_NO_ECDH))
-#define TRUST_ANCHOR_SUPPORT
-
-#ifndef X509_V_FLAG_PARTIAL_CHAIN
-#define WRAP_SIGNED
-#endif
#if defined(TLSEXT_MAXLEN_host_name) && RES_USE_DNSSEC && RES_USE_EDNS0
#define DANE_TLSA_SUPPORT
-#endif
-
-#endif /* OPENSSL_VERSION_NUMBER ... */
-
-#ifdef TRUST_ANCHOR_SUPPORT
-static int ta_support = 1;
-
-#else
-static int ta_support = 0;
-
-#endif
-
-#ifdef WRAP_SIGNED
-static int wrap_signed = 1;
-
-#else
-static int wrap_signed = 0;
-
-#endif
-
-#ifdef DANE_TLSA_SUPPORT
static int dane_tlsa_support = 1;
#else
#endif
-static EVP_PKEY *signkey;
-static const EVP_MD *signmd;
static const char *signalg;
static ASN1_OBJECT *serverAuth;
return (d ? (d->pref) : (MAXDIGESTS + dane_id));
}
-/* gencakey - generate interal DANE root CA key */
-
-static EVP_PKEY *gencakey(void)
-{
- EVP_PKEY *key = 0;
-
-#ifdef WRAP_SIGNED
- EC_KEY *eckey;
- EC_GROUP *group = 0;
-
- ERR_clear_error();
-
- if ((eckey = EC_KEY_new()) != 0
- && (group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 0
- && (EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE),
- EC_KEY_set_group(eckey, group))
- && EC_KEY_generate_key(eckey)
- && (key = EVP_PKEY_new()) != 0
- && !EVP_PKEY_set1_EC_KEY(key, eckey)) {
- EVP_PKEY_free(key);
- key = 0;
- }
- if (group)
- EC_GROUP_free(group);
- if (eckey)
- EC_KEY_free(eckey);
-#endif /* WRAP_SIGNED */
- return (key);
-}
-
/* dane_init - initialize DANE parameters */
static void dane_init(void)
* Add the full matching type at highest preference and then the users
* configured list.
*
- * The most preferred digest will be used for cert signing and hashing full
- * values for comparison.
+ * The most preferred digest will be used for hashing full values for
+ * comparison.
*/
if (add_digest(fullmtype, 0)) {
save = cp = mystrdup(var_tls_dane_digests);
while ((tok = mystrtok(&cp, CHARS_COMMA_SP)) != 0) {
if ((d = add_digest(tok, ++digest_pref)) == 0) {
signalg = 0;
- signmd = 0;
break;
}
if (digest_pref == 1) {
signalg = d->mdalg;
- signmd = d->md;
}
}
myfree(save);
ERR_clear_error();
/*
- * DANE TLSA support requires trust-anchor support plus working DANE
- * digests.
+ * DANE TLSA support requires working DANE digests.
*/
- if (!ta_support
- || (wrap_signed && (signkey = gencakey()) == 0)
- || (serverAuth = OBJ_nid2obj(NID_server_auth)) == 0) {
- msg_warn("cannot generate TA certificates, "
- "no trust-anchor or DANE support");
+ if ((serverAuth = OBJ_nid2obj(NID_server_auth)) == 0) {
+ msg_warn("cannot designate intermediate TA certificates, "
+ "no DANE support");
tls_print_errors();
- dane_tlsa_support = ta_support = 0;
- } else if (signmd == 0) {
+ dane_tlsa_support = 0;
+ } else if (signalg == 0) {
msg_warn("digest algorithm initializaton failed, no DANE support");
tls_print_errors();
dane_tlsa_support = 0;
uint8_t selector;
uint8_t mtype;
ssize_t dlen;
- D2I_const unsigned char *data;
- D2I_const unsigned char *p;
+ const unsigned char *data;
+ const unsigned char *p;
int iscname = strcasecmp(rr->rname, rr->qname);
const char *q = (iscname) ? (rr)->qname : "";
const char *a = (iscname) ? " -> " : "";
selector = *ip++;
mtype = *ip++;
change = usmdelta(usage, selector, mtype, rr->next);
- p = data = (D2I_const unsigned char *) ip;
+ p = data = (const unsigned char *) ip;
/*
* Handle digest agility for non-zero matching types.
return (FILTER_RR_DROP);
}
}
-
/*-
* Drop unsupported usages.
* Note: NO SUPPORT for usages 0/1 which do not apply to SMTP.
if (!dane_initialized)
dane_init();
- if (!ta_support) {
- msg_warn("trust-anchor files not supported");
- return (0);
- }
+ /* Per-destination TA support is available even when DANE is not */
mdalg = signalg ? signalg : "sha1";
/*
for (tacount = 0;
errtype == 0 && PEM_read_bio(bp, &name, &header, &data, &len);
++tacount) {
- D2I_const unsigned char *p = data;
+ const unsigned char *p = data;
int usage = DNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
int selector;
char *digest;
static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val)
{
- int ret = 0;
+ int ret = 0;
X509V3_CTX v3ctx;
X509_EXTENSION *ext;
X509_NAME *name = akid_issuer_name(akid);
/*
- * If subject's akid specifies an authority key identifier issuer name, we
- * must use that.
+ * If subject's akid specifies an authority key identifier issuer name,
+ * we must use that.
*/
if (name)
return (X509_set_issuer_name(cert, name));
ERR_clear_error();
- /*
- * If key is NULL generate a self-signed root CA, with key "signkey",
- * otherwise an intermediate CA signed by above.
- *
- * CA cert valid for +/- 30 days.
- */
+ /* CA cert valid for +/- 30 days. */
if (!X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
|| !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
- || !X509_set_pubkey(cert, key ? key : signkey)
+ || !X509_set_pubkey(cert, key)
|| !add_ext(0, cert, NID_basic_constraints, "CA:TRUE")
|| (key && !add_akid(cert, akid))
- || !add_skid(cert, akid)
- || (wrap_signed && !X509_sign(cert, signkey, signmd))) {
+ || !add_skid(cert, akid)) {
tls_print_errors();
msg_fatal("error generating DANE wrapper certificate");
}
if (akid)
AUTHORITY_KEYID_free(akid);
- if (key && wrap_signed) {
- wrap_key(TLScontext, depth + 1, 0, cert);
- grow_chain(TLScontext, UNTRUSTED, cert);
- } else
- grow_chain(TLScontext, TRUSTED, cert);
+ grow_chain(TLScontext, TRUSTED, cert);
if (cert)
X509_free(cert);
}
static void wrap_cert(TLS_SESS_STATE *TLScontext, X509 *tacert, int depth)
{
- X509 *cert;
- int len;
- unsigned char *asn1;
- unsigned char *buf;
-
if (TLScontext->tadepth < 0)
TLScontext->tadepth = depth + 1;
msg_info("%s: depth=%d trust-anchor certificate",
TLScontext->namaddr, depth);
- /*
- * If the TA certificate is self-issued, use it directly.
- */
- if (!wrap_signed || X509_check_issued(tacert, tacert) == X509_V_OK) {
- grow_chain(TLScontext, TRUSTED, tacert);
- return;
- }
- /* Deep-copy tacert by converting to ASN.1 and back */
- len = i2d_X509(tacert, NULL);
- asn1 = buf = (unsigned char *) mymalloc(len);
- i2d_X509(tacert, &buf);
- if (buf - asn1 != len)
- msg_panic("i2d_X509 failed to encode TA certificate");
-
- buf = asn1;
- cert = d2i_X509(0, (D2I_const unsigned char **) &buf, len);
- if (!cert || (buf - asn1) != len)
- msg_panic("d2i_X509 failed to decode TA certificate");
- myfree((void *) asn1);
-
- grow_chain(TLScontext, UNTRUSTED, cert);
-
- /* Sign and wrap TA cert with internal "signkey" */
- if (!X509_sign(cert, signkey, signmd)) {
- tls_print_errors();
- msg_fatal("error generating DANE wrapper certificate");
- }
- wrap_key(TLScontext, depth + 1, signkey, cert);
- X509_free(cert);
+ grow_chain(TLScontext, TRUSTED, tacert);
+ return;
}
/* ta_signed - is certificate signed by a TLSA cert or pkey */
void tls_dane_set_callback(SSL_CTX *ctx, TLS_SESS_STATE *TLScontext)
{
- if (ta_support && TLS_DANE_HASTA(TLScontext->dane))
+ if (TLS_DANE_HASTA(TLScontext->dane))
SSL_CTX_set_cert_verify_callback(ctx, dane_cb, (void *) TLScontext);
else
SSL_CTX_set_cert_verify_callback(ctx, 0, 0);
#include <mail_conf.h>
#include <msg_vstream.h>
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
-#define SSL_get0_param(s) ((s)->param)
-#endif
-
static int verify_chain(SSL *ssl, x509_stack_t *chain, TLS_SESS_STATE *tctx)
{
- int ret;
- X509 *cert;
+ int ret;
+ X509 *cert;
X509_STORE_CTX *store_ctx;
SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl);
X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx);
- int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
+ int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx();
cert = sk_X509_value(chain, 0);
if ((store_ctx = X509_STORE_CTX_new()) == NULL) {
- SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
- return 0;
+ SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+ return 0;
}
if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) {
- X509_STORE_CTX_free(store_ctx);
- return 0;
+ X509_STORE_CTX_free(store_ctx);
+ return 0;
}
X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl);
X509_STORE_CTX_set_default(store_ctx, "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
- SSL_get0_param(ssl));
+ SSL_get0_param(ssl));
if (SSL_get_verify_callback(ssl))
- X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
+ X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl));
ret = dane_cb(store_ctx, tctx);
/* const char *path;
/* int bits;
/*
-/* void tls_auto_eecdh_curves(SSL_CTX *ctx)
+/* void tls_auto_eecdh_curves(ctx, configured)
/* SSL_CTX *ctx;
+/* char *configured;
/*
/* void tls_set_eecdh_curve(server_ctx, grade)
/* SSL_CTX *server_ctx;
/* "bits" argument must be 512 or 1024.
/*
/* tls_auto_eecdh_curves() enables negotiation of the most preferred curve
-/* among the curves specified by the tls_eecdh_auto_curves configuration
-/* parameter.
+/* among the curves specified by the "configured" argument.
/*
/* tls_set_eecdh_curve() enables ephemeral Elliptic-Curve DH
/* key exchange algorithms by instantiating in the server SSL
#define TLS_INTERNAL
#include <tls.h>
#include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#ifndef OPENSSL_NO_ECDH
#include <openssl/ec.h>
#endif
return (dh_tmp);
}
-void tls_auto_eecdh_curves(SSL_CTX *ctx)
+void tls_auto_eecdh_curves(SSL_CTX *ctx, const char *configured)
{
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH)
+#ifndef OPENSSL_NO_ECDH
SSL_CTX *tmpctx;
int *nids;
int space = 5;
return;
}
nids = mymalloc(space * sizeof(int));
- curves = save = mystrdup(var_tls_eecdh_auto);
+ curves = save = mystrdup(configured);
#define RETURN do { \
myfree(save); \
myfree(nids); \
if (nid == NID_undef)
nid = OBJ_ln2nid(curve);
if (nid == NID_undef) {
- msg_warn("ignoring unknown \"auto\" ECDHE curve \"%s\"",
+ msg_warn("ignoring unknown ECDHE curve \"%s\"",
curve);
continue;
}
if (n == 0) {
if (unknown > 0)
- msg_warn("none of the \"auto\" ECDHE curves are supported");
+ msg_warn("none of the configured ECDHE curves are supported");
RETURN;
}
if (SSL_CTX_set1_curves(ctx, nids, n) <= 0) {
- msg_warn("failed to configure \"auto\" ECDHE curves");
+ msg_warn("failed to configure ECDHE curves");
tls_print_errors();
RETURN;
}
#endif
}
-void tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade)
-{
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fUL && !defined(OPENSSL_NO_ECDH)
- int nid;
- EC_KEY *ecdh;
- const char *curve;
- int g;
-
#define TLS_EECDH_INVALID 0
#define TLS_EECDH_NONE 1
#define TLS_EECDH_STRONG 2
#define TLS_EECDH_ULTRA 3
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
#define TLS_EECDH_AUTO 4
-#endif
+
+void tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade)
+{
+#ifndef OPENSSL_NO_ECDH
+ int g;
static NAME_CODE eecdh_table[] = {
"none", TLS_EECDH_NONE,
"strong", TLS_EECDH_STRONG,
"ultra", TLS_EECDH_ULTRA,
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
"auto", TLS_EECDH_AUTO,
-#endif
0, TLS_EECDH_INVALID,
};
case TLS_EECDH_INVALID:
msg_warn("Invalid TLS eecdh grade \"%s\": EECDH disabled", grade);
return;
- case TLS_EECDH_NONE:
- return;
case TLS_EECDH_STRONG:
- curve = var_tls_eecdh_strong;
- break;
+ tls_auto_eecdh_curves(server_ctx, var_tls_eecdh_strong);
+ return;
case TLS_EECDH_ULTRA:
- curve = var_tls_eecdh_ultra;
- break;
-#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL
- case TLS_EECDH_AUTO:
- tls_auto_eecdh_curves(server_ctx);
+ tls_auto_eecdh_curves(server_ctx, var_tls_eecdh_ultra);
return;
-#endif
- }
-
- /*
- * Elliptic-Curve Diffie-Hellman parameters are either "named curves"
- * from RFC 4492 section 5.1.1, or explicitly described curves over
- * binary fields. OpenSSL only supports the "named curves", which provide
- * maximum interoperability. The recommended curve for 128-bit
- * work-factor key exchange is "prime256v1" a.k.a. "secp256r1" from
- * Section 2.7 of http://www.secg.org/download/aid-386/sec2_final.pdf
- */
+ case TLS_EECDH_NONE:
- if ((nid = OBJ_sn2nid(curve)) == NID_undef) {
- msg_warn("unknown curve \"%s\": disabling EECDH support", curve);
- return;
- }
- ERR_clear_error();
- if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0
- || SSL_CTX_set_tmp_ecdh(server_ctx, ecdh) == 0) {
- EC_KEY_free(ecdh); /* OK if NULL */
- msg_warn("unable to use curve \"%s\": disabling EECDH support", curve);
- tls_print_errors();
+ /*
+ * Pretend "none" is "auto", the former is no longer supported or
+ * wise
+ */
+ msg_warn("The \"none\" eecdh grade is no longer supported, "
+ "using \"auto\" instead");
+ case TLS_EECDH_AUTO:
+ tls_auto_eecdh_curves(server_ctx, var_tls_eecdh_auto);
return;
}
- EC_KEY_free(ecdh);
#endif
return;
}
/*
/* void tls_param_init()
/*
+/* void tls_pre_jail_init(TLS_ROLE)
+/* TLS_ROLE role;
+/*
/* int tls_protocol_mask(plist)
/* const char *plist;
/*
/* tls_param_init() loads main.cf parameters used internally in
/* TLS library. Any errors are fatal.
/*
+/* tls_pre_jail_init() opens any tables that need to be opened before
+/* entering a chroot jail. The "role" parameter must be TLS_ROLE_CLIENT
+/* for clients and TLS_ROLE_SERVER for servers. Any errors are fatal.
+/*
/* tls_protocol_mask() returns a bitmask of excluded protocols, given
/* a list (plist) of protocols to include or (preceded by a '!') exclude.
/* If "plist" contains invalid protocol names, TLS_PROTOCOL_INVALID is
#include <argv.h>
#include <name_mask.h>
#include <name_code.h>
+#include <dict.h>
+#include <valid_hostname.h>
/*
* Global library.
*/
#include <mail_params.h>
#include <mail_conf.h>
+#include <maps.h>
/*
* TLS library.
char *var_tls_mgr_service;
char *var_tls_tkt_cipher;
char *var_openssl_path;
+char *var_tls_server_sni_maps;
+
+static MAPS *tls_server_sni_maps;
#ifdef VAR_TLS_PREEMPT_CLIST
bool var_tls_preempt_clist;
get_mail_conf_bool_table(bool_table);
}
+/* tls_pre_jail_init - Load TLS related pre-jail tables */
+
+void tls_pre_jail_init(TLS_ROLE role)
+{
+ static const CONFIG_STR_TABLE str_table[] = {
+ VAR_TLS_SERVER_SNI_MAPS, DEF_TLS_SERVER_SNI_MAPS, &var_tls_server_sni_maps, 0, 0,
+ 0,
+ };
+ int flags;
+
+ /* Nothing for clients at this time */
+ if (role != TLS_ROLE_SERVER)
+ return;
+
+ get_mail_conf_str_table(str_table);
+ if (*var_tls_server_sni_maps == 0)
+ return;
+
+ flags = DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX | DICT_FLAG_SRC_RHS_IS_FILE;
+ tls_server_sni_maps =
+ maps_create(VAR_TLS_SERVER_SNI_MAPS, var_tls_server_sni_maps, flags);
+}
+
+/* server_sni_callback - process client's SNI extension */
+
+static int server_sni_callback(SSL *ssl, int *alert, void *arg)
+{
+ SSL_CTX *sni_ctx = (SSL_CTX *) arg;
+ const char *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
+ const char *pem;
+
+ if (!sni_ctx || !tls_server_sni_maps
+ || !sni || !*sni || !valid_hostname(sni, DONT_GRIPE))
+ return SSL_TLSEXT_ERR_NOACK;
+
+ do {
+ pem = maps_find(tls_server_sni_maps, sni, DICT_FLAG_SRC_RHS_IS_FILE);
+ } while (!pem
+ && !tls_server_sni_maps->error
+ && (sni = strchr(sni + 1, '.')) != 0);
+
+ if (!pem) {
+ if (tls_server_sni_maps->error) {
+ msg_warn("%s: %s map lookup problem",
+ tls_server_sni_maps->title, sni);
+ *alert = SSL_AD_INTERNAL_ERROR;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ return SSL_TLSEXT_ERR_NOACK;
+ }
+ SSL_set_SSL_CTX(ssl, sni_ctx);
+ if (tls_load_pem_chain(ssl, pem, sni) != 0) {
+ /* errors already logged */
+ *alert = SSL_AD_INTERNAL_ERROR;
+ return SSL_TLSEXT_ERR_ALERT_FATAL;
+ }
+ return SSL_TLSEXT_ERR_OK;
+}
+
/* tls_set_ciphers - Set SSL context cipher list */
const char *tls_set_ciphers(TLS_APPL_STATE *app_ctx, const char *context,
/* tls_alloc_app_context - allocate TLS application context */
-TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, int log_mask)
+TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, SSL_CTX *sni_ctx,
+ int log_mask)
{
TLS_APPL_STATE *app_ctx;
/* See portability note below with other memset() call. */
memset((void *) app_ctx, 0, sizeof(*app_ctx));
app_ctx->ssl_ctx = ssl_ctx;
+ app_ctx->sni_ctx = sni_ctx;
app_ctx->log_mask = log_mask;
/* See also: cache purging code in tls_set_ciphers(). */
app_ctx->cache_type = 0;
app_ctx->why = vstring_alloc(1);
+ if (tls_server_sni_maps) {
+ SSL_CTX_set_tlsext_servername_callback(ssl_ctx, server_sni_callback);
+ SSL_CTX_set_tlsext_servername_arg(ssl_ctx, (void *) sni_ctx);
+ }
return (app_ctx);
}
{
if (app_ctx->ssl_ctx)
SSL_CTX_free(app_ctx->ssl_ctx);
+ if (app_ctx->sni_ctx)
+ SSL_CTX_free(app_ctx->sni_ctx);
if (app_ctx->cache_type)
myfree(app_ctx->cache_type);
/* See also: cache purging code in tls_set_ciphers(). */
#ifndef OPENSSL_NO_DSA
"dsa",
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ECDSA)
+#ifndef OPENSSL_NO_ECDSA
"ecdsa",
#endif
#ifndef OPENSSL_NO_RSA
{
long bits = SSL_OP_ALL; /* Work around all known bugs */
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \
- OPENSSL_VERSION_NUMBER < 0x10000000L
- long lib_version = OpenSSL_version_num();
-
- /*
- * In OpenSSL 0.9.8[ab], enabling zlib compression breaks the padding bug
- * work-around, leading to false positives and failed connections. We may
- * not interoperate with systems with the bug, but this is better than
- * breaking on all 0.9.8[ab] systems that have zlib support enabled.
- */
- if (lib_version >= 0x00908000L && lib_version <= 0x0090802fL) {
- ssl_comp_stack_t *comp_methods = SSL_COMP_get_compression_methods();
-
- comp_methods = SSL_COMP_get_compression_methods();
- if (comp_methods != 0 && sk_SSL_COMP_num(comp_methods) > 0)
- bits &= ~SSL_OP_TLS_BLOCK_PADDING_BUG;
- }
-#endif
-
/*
* Silently ignore any strings that don't appear in the tweaks table, or
* hex bits that are not in SSL_OP_ALL.
void *, void *);
#define TLS_PROXY_CLIENT_INIT_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \
- a9, a10, a11, a12, a13) \
+ a9, a10, a11, a12, a13, a14) \
(((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
- ((props)->a12), ((props)->a13))
+ ((props)->a12), ((props)->a13), (props)->a14)
#define TLS_PROXY_CLIENT_START_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \
- a9, a10, a11, a12, a13) \
+ a9, a10, a11, a12, a13, a14) \
(((props)->a1), ((props)->a2), ((props)->a3), \
((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \
((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \
- ((props)->a12), ((props)->a13))
+ ((props)->a12), ((props)->a13), ((props)->a14))
extern TLS_SESS_STATE *tls_proxy_context_receive(VSTREAM *);
extern void tls_proxy_context_free(TLS_SESS_STATE *);
#define TLS_ATTR_VERIFYDEPTH "verifydepth"
#define TLS_ATTR_CACHE_TYPE "cache_type"
#define TLS_ATTR_SET_SESSID "set_sessid"
+#define TLS_ATTR_CHAIN_FILES "chain_files"
#define TLS_ATTR_CERT_FILE "cert_file"
#define TLS_ATTR_KEY_FILE "key_file"
#define TLS_ATTR_DCERT_FILE "dcert_file"
#define TLS_ATTR_LOG_LEVEL "log_level"
#define TLS_ATTR_VERIFYDEPTH "verifydepth"
#define TLS_ATTR_CACHE_TYPE "cache_type"
+#define TLS_ATTR_CHAIN_FILES "chain_files"
#define TLS_ATTR_CERT_FILE "cert_file"
#define TLS_ATTR_KEY_FILE "key_file"
#define TLS_ATTR_DCERT_FILE "dcert_file"
#define TLS_ATTR_NEXTHOP "nexthop"
#define TLS_ATTR_HOST "host"
#define TLS_ATTR_NAMADDR "namaddr"
+#define TLS_ATTR_SNI "sni"
#define TLS_ATTR_SERVERID "serverid"
#define TLS_ATTR_HELO "helo"
#define TLS_ATTR_PROTOCOLS "protocols"
SEND_ATTR_INT(TLS_ATTR_VERIFYDEPTH, props->verifydepth),
SEND_ATTR_STR(TLS_ATTR_CACHE_TYPE,
STRING_OR_EMPTY(props->cache_type)),
+ SEND_ATTR_STR(TLS_ATTR_CHAIN_FILES,
+ STRING_OR_EMPTY(props->chain_files)),
SEND_ATTR_STR(TLS_ATTR_CERT_FILE,
STRING_OR_EMPTY(props->cert_file)),
SEND_ATTR_STR(TLS_ATTR_KEY_FILE,
STRING_OR_EMPTY(props->host)),
SEND_ATTR_STR(TLS_ATTR_NAMADDR,
STRING_OR_EMPTY(props->namaddr)),
+ SEND_ATTR_STR(TLS_ATTR_SNI,
+ STRING_OR_EMPTY(props->sni)),
SEND_ATTR_STR(TLS_ATTR_SERVERID,
STRING_OR_EMPTY(props->serverid)),
SEND_ATTR_STR(TLS_ATTR_HELO,
myfree((void *) props->log_param);
myfree((void *) props->log_level);
myfree((void *) props->cache_type);
+ myfree((void *) props->chain_files);
myfree((void *) props->cert_file);
myfree((void *) props->key_file);
myfree((void *) props->dcert_file);
VSTRING *log_param = vstring_alloc(25);
VSTRING *log_level = vstring_alloc(25);
VSTRING *cache_type = vstring_alloc(25);
+ VSTRING *chain_files = vstring_alloc(25);
VSTRING *cert_file = vstring_alloc(25);
VSTRING *key_file = vstring_alloc(25);
VSTRING *dcert_file = vstring_alloc(25);
RECV_ATTR_STR(TLS_ATTR_LOG_LEVEL, log_level),
RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth),
RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type),
+ RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files),
RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file),
RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file),
RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file),
props->log_param = vstring_export(log_param);
props->log_level = vstring_export(log_level);
props->cache_type = vstring_export(cache_type);
+ props->chain_files = vstring_export(chain_files);
props->cert_file = vstring_export(cert_file);
props->key_file = vstring_export(key_file);
props->dcert_file = vstring_export(dcert_file);
props->CAfile = vstring_export(CAfile);
props->CApath = vstring_export(CApath);
props->mdalg = vstring_export(mdalg);
- ret = (ret == 13 ? 1 : -1);
+ ret = (ret == 14 ? 1 : -1);
if (ret != 1) {
tls_proxy_client_init_free(props);
props = 0;
char *tls_proxy_client_init_to_string(VSTRING *buf,
TLS_CLIENT_INIT_PROPS *props)
{
- vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n"
+ vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n%s\n"
"%s\n%s\n%s\n%s\n%s\n", props->log_param,
props->log_level, props->verifydepth,
- props->cache_type, props->cert_file, props->key_file,
+ props->cache_type, props->chain_files,
+ props->cert_file, props->key_file,
props->dcert_file, props->dkey_file,
props->eccert_file, props->eckey_file,
props->CAfile, props->CApath, props->mdalg);
myfree((void *) props->nexthop);
myfree((void *) props->host);
myfree((void *) props->namaddr);
+ myfree((void *) props->sni);
myfree((void *) props->serverid);
myfree((void *) props->helo);
myfree((void *) props->protocols);
for (tpp = &head, n = 0; ret == 1 && n < count; n++, tpp = &tp->next) {
*tpp = tp = (TLS_CERTS *) mymalloc(sizeof(*tp));
- D2I_const unsigned char *bp;
+ const unsigned char *bp;
if (buf == 0)
buf = vstring_alloc(100);
ATTR_TYPE_END);
/* Always construct a well-formed structure. */
if (ret == 1) {
- bp = (D2I_const unsigned char *) STR(buf);
+ bp = (const unsigned char *) STR(buf);
if (d2i_X509(&tp->cert, &bp, LEN(buf)) == 0
|| LEN(buf) != ((char *) bp) - STR(buf)) {
msg_warn("malformed certificate in TLS_CERTS");
for (tpp = &head, n = 0; ret == 1 && n < count; n++, tpp = &tp->next) {
*tpp = tp = (TLS_PKEYS *) mymalloc(sizeof(*tp));
- D2I_const unsigned char *bp;
+ const unsigned char *bp;
if (buf == 0)
buf = vstring_alloc(100);
ATTR_TYPE_END);
/* Always construct a well-formed structure. */
if (ret == 1) {
- bp = (D2I_const unsigned char *) STR(buf);
+ bp = (const unsigned char *) STR(buf);
if (d2i_PUBKEY(&tp->pkey, &bp, LEN(buf)) == 0
|| LEN(buf) != (char *) bp - STR(buf)) {
msg_warn("malformed public key in TLS_PKEYS");
VSTRING *nexthop = vstring_alloc(25);
VSTRING *host = vstring_alloc(25);
VSTRING *namaddr = vstring_alloc(25);
+ VSTRING *sni = vstring_alloc(25);
VSTRING *serverid = vstring_alloc(25);
VSTRING *helo = vstring_alloc(25);
VSTRING *protocols = vstring_alloc(25);
RECV_ATTR_STR(TLS_ATTR_NEXTHOP, nexthop),
RECV_ATTR_STR(TLS_ATTR_HOST, host),
RECV_ATTR_STR(TLS_ATTR_NAMADDR, namaddr),
+ RECV_ATTR_STR(TLS_ATTR_SNI, sni),
RECV_ATTR_STR(TLS_ATTR_SERVERID, serverid),
RECV_ATTR_STR(TLS_ATTR_HELO, helo),
RECV_ATTR_STR(TLS_ATTR_PROTOCOLS, protocols),
props->nexthop = vstring_export(nexthop);
props->host = vstring_export(host);
props->namaddr = vstring_export(namaddr);
+ props->sni = vstring_export(sni);
props->serverid = vstring_export(serverid);
props->helo = vstring_export(helo);
props->protocols = vstring_export(protocols);
props->cipher_grade = vstring_export(cipher_grade);
props->cipher_exclusions = vstring_export(cipher_exclusions);
props->mdalg = vstring_export(mdalg);
- ret = (ret == 13 ? 1 : -1);
+ ret = (ret == 14 ? 1 : -1);
if (ret != 1) {
tls_proxy_client_start_free(props);
props = 0;
SEND_ATTR_STR(TLS_ATTR_CACHE_TYPE,
STRING_OR_EMPTY(props->cache_type)),
SEND_ATTR_INT(TLS_ATTR_SET_SESSID, props->set_sessid),
+ SEND_ATTR_STR(TLS_ATTR_CHAIN_FILES,
+ STRING_OR_EMPTY(props->chain_files)),
SEND_ATTR_STR(TLS_ATTR_CERT_FILE,
STRING_OR_EMPTY(props->cert_file)),
SEND_ATTR_STR(TLS_ATTR_KEY_FILE,
VSTRING *log_param = vstring_alloc(25);
VSTRING *log_level = vstring_alloc(25);
VSTRING *cache_type = vstring_alloc(25);
+ VSTRING *chain_files = vstring_alloc(25);
VSTRING *cert_file = vstring_alloc(25);
VSTRING *key_file = vstring_alloc(25);
VSTRING *dcert_file = vstring_alloc(25);
RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth),
RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type),
RECV_ATTR_INT(TLS_ATTR_SET_SESSID, &props->set_sessid),
+ RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files),
RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file),
RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file),
RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file),
props->log_param = vstring_export(log_param);
props->log_level = vstring_export(log_level);
props->cache_type = vstring_export(cache_type);
+ props->chain_files = vstring_export(chain_files);
props->cert_file = vstring_export(cert_file);
props->key_file = vstring_export(key_file);
props->dcert_file = vstring_export(dcert_file);
props->dh1024_param_file = vstring_export(dh1024_param_file);
props->dh512_param_file = vstring_export(dh512_param_file);
props->mdalg = vstring_export(mdalg);
- ret = (ret == 19 ? 1 : -1);
+ ret = (ret == 20 ? 1 : -1);
if (ret != 1) {
tls_proxy_server_init_free(props);
props = 0;
myfree((void *) props->log_param);
myfree((void *) props->log_level);
myfree((void *) props->cache_type);
+ myfree((void *) props->chain_files);
myfree((void *) props->cert_file);
myfree((void *) props->key_file);
myfree((void *) props->dcert_file);
export ? "" : "non-", keylength);
return 0;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
if (rsa_tmp == 0) {
BIGNUM *e = BN_new();
if (e)
BN_free(e);
}
-#else
- if (rsa_tmp == 0)
- rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
-#endif
-
return (rsa_tmp);
}
*/
static const char server_session_id_context[] = "Postfix/TLS";
-#if OPENSSL_VERSION_NUMBER >= 0x1000000fL
#define GET_SID(s, v, lptr) ((v) = SSL_SESSION_get_id((s), (lptr)))
-#else /* Older OpenSSL releases */
-#define GET_SID(s, v, lptr) \
- do { (v) = (s)->session_id; *(lptr) = (s)->session_id_length; } while (0)
-
-#endif /* OPENSSL_VERSION_NUMBER */
-
/* OpenSSL 1.1.0 bitrot */
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
typedef const unsigned char *session_id_t;
/* ticket_cb - configure tls session ticket encrypt/decrypt context */
-#if defined(SSL_OP_NO_TICKET) \
- && !defined(OPENSSL_NO_TLSEXT) \
- && OPENSSL_VERSION_NUMBER >= 0x0090808fL
+#if defined(SSL_OP_NO_TICKET) && !defined(OPENSSL_NO_TLSEXT)
static int ticket_cb(SSL *con, unsigned char name[], unsigned char iv[],
EVP_CIPHER_CTX * ctx, HMAC_CTX * hctx, int create)
TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
{
SSL_CTX *server_ctx;
+ SSL_CTX *sni_ctx;
+ X509_STORE *cert_store;
long off = 0;
int verify_flags = SSL_VERIFY_NONE;
int cachable;
tls_print_errors();
return (0);
}
+ sni_ctx = SSL_CTX_new(TLS_server_method());
+ if (sni_ctx == 0) {
+ SSL_CTX_free(server_ctx);
+ msg_warn("cannot allocate server SNI SSL_CTX: disabling TLS support");
+ tls_print_errors();
+ return (0);
+ }
#ifdef SSL_SECOP_PEER
/* Backwards compatible security as a base for opportunistic TLS. */
SSL_CTX_set_security_level(server_ctx, 0);
+ SSL_CTX_set_security_level(sni_ctx, 0);
#endif
/*
* See the verify callback in tls_verify.c
*/
SSL_CTX_set_verify_depth(server_ctx, props->verifydepth + 1);
+ SSL_CTX_set_verify_depth(sni_ctx, props->verifydepth + 1);
/*
* The session cache is implemented by the tlsmgr(8) server.
/*
* Add SSL_OP_NO_TICKET when the timeout is zero or library support is
- * incomplete. The SSL_CTX_set_tlsext_ticket_key_cb feature was added in
- * OpenSSL 0.9.8h, while SSL_NO_TICKET was added in 0.9.8f.
+ * incomplete.
*/
#ifdef SSL_OP_NO_TICKET
-#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL
+#ifndef OPENSSL_NO_TLSEXT
ticketable = (*var_tls_tkt_cipher && scache_timeout > 0
&& !(off & SSL_OP_NO_TICKET));
if (ticketable) {
* this could trigger inter-operability issues, the client should not
* offer ciphers it implements poorly, but this hasn't stopped some
* vendors from getting it wrong.
- *
- * XXX: Given OpenSSL's security history, nobody should still be using
- * 0.9.7, let alone 0.9.6 or earlier. Warning added to TLS_README.html.
*/
if (var_tls_preempt_clist)
SSL_CTX_set_options(server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ /* Done with server_ctx options, clone to sni_ctx */
+ SSL_CTX_clear_options(sni_ctx, ~0);
+ SSL_CTX_set_options(sni_ctx, SSL_CTX_get_options(server_ctx));
+
/*
* Set the call-back routine to debug handshake progress.
*/
- if (log_mask & TLS_LOG_DEBUG)
+ if (log_mask & TLS_LOG_DEBUG) {
SSL_CTX_set_info_callback(server_ctx, tls_info_callback);
+ SSL_CTX_set_info_callback(sni_ctx, tls_info_callback);
+ }
/*
* Load the CA public key certificates for both the server cert and for
props->CAfile, props->CApath) < 0) {
/* tls_set_ca_certificate_info() already logs a warning. */
SSL_CTX_free(server_ctx); /* 200411 */
+ SSL_CTX_free(sni_ctx);
return (0);
}
+ /*
+ * Upref and share the cert store. Sadly we can't yet use
+ * SSL_CTX_set1_cert_store(3) which was added in OpenSSL 1.1.0.
+ */
+ cert_store = SSL_CTX_get_cert_store(server_ctx);
+ X509_STORE_up_ref(cert_store);
+ SSL_CTX_set_cert_store(sni_ctx, cert_store);
+
/*
* Load the server public key certificate and private key from file and
* check whether the cert matches the key. We can use RSA certificates
* changed in the cipher setup.
*/
if (tls_set_my_certificate_key_info(server_ctx,
+ props->chain_files,
props->cert_file,
props->key_file,
props->dcert_file,
props->eckey_file) < 0) {
/* tls_set_my_certificate_key_info() already logs a warning. */
SSL_CTX_free(server_ctx); /* 200411 */
+ SSL_CTX_free(sni_ctx);
return (0);
}
* directly used.
*/
SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
+ SSL_CTX_set_tmp_rsa_callback(sni_ctx, tls_tmp_rsa_cb);
#endif
/*
* will not abort but just log the error message.
*/
SSL_CTX_set_tmp_dh_callback(server_ctx, tls_tmp_dh_cb);
+ SSL_CTX_set_tmp_dh_callback(sni_ctx, tls_tmp_dh_cb);
if (*props->dh1024_param_file != 0)
tls_set_dh_from_file(props->dh1024_param_file, 1024);
if (*props->dh512_param_file != 0)
* with any remaining key-exchange algorithms.
*/
tls_set_eecdh_curve(server_ctx, props->eecdh_grade);
+ tls_set_eecdh_curve(sni_ctx, props->eecdh_grade);
/*
* If we want to check client certificates, we have to indicate it in
verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(server_ctx, verify_flags,
tls_verify_certificate_callback);
- if (*props->CAfile)
- SSL_CTX_set_client_CA_list(server_ctx,
- SSL_load_client_CA_file(props->CAfile));
+ SSL_CTX_set_verify(sni_ctx, verify_flags,
+ tls_verify_certificate_callback);
+ if (props->ask_ccert && *props->CAfile) {
+ STACK_OF(X509_NAME) *calist = SSL_load_client_CA_file(props->CAfile);
+
+ if (calist == 0) {
+ /* Not generally critical */
+ msg_warn("error loading client CA names from: %s",
+ props->CAfile);
+ tls_print_errors();
+ }
+ SSL_CTX_set_client_CA_list(server_ctx, calist);
+
+ if (calist != 0 && sk_X509_NAME_num(calist) > 0) {
+ calist = SSL_dup_CA_list(calist);
+
+ if (calist == 0) {
+ msg_warn("error duplicating client CA names for SNI");
+ tls_print_errors();
+ } else {
+ SSL_CTX_set_client_CA_list(sni_ctx, calist);
+ }
+ }
+ }
/*
* Initialize our own TLS server handle, before diving into the details
* of TLS session cache management.
*/
- app_ctx = tls_alloc_app_context(server_ctx, log_mask);
+ app_ctx = tls_alloc_app_context(server_ctx, sni_ctx, log_mask);
if (cachable || ticketable || props->set_sessid) {
tls_int_seed();
(void) tls_ext_seed(var_tls_daemon_rand_bytes);
- /*
- * Initialize the SSL connection to accept state. This should not be
- * necessary anymore since 0.9.3, but the call is still in the library
- * and maintaining compatibility never hurts.
- */
- SSL_set_accept_state(TLScontext->con);
-
/*
* Connect the SSL connection with the network socket.
*/
TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext)
{
- SSL_CIPHER_const SSL_CIPHER *cipher;
+ const SSL_CIPHER *cipher;
X509 *peer;
char buf[CCERT_BUFSIZ];
SSL_SESSION *tls_session_activate(const char *session_data, int session_data_len)
{
-#if (OPENSSL_VERSION_NUMBER < 0x0090707fL)
-#define BOGUS_CONST
-#else
-#define BOGUS_CONST const
-#endif
SSL_SESSION *session;
- BOGUS_CONST unsigned char *ptr;
+ const unsigned char *ptr;
/*
* Activate the SSL_SESSION object.
*/
- ptr = (BOGUS_CONST unsigned char *) session_data;
+ ptr = (const unsigned char *) session_data;
session = d2i_SSL_SESSION((SSL_SESSION **) 0, &ptr, session_data_len);
if (!session)
tls_print_errors();
/* File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM
/* format.
/* .IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR"
-/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in
-/* PEM format.
+/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM
+/* format.
/* .IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR"
-/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in
-/* PEM format.
+/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM
+/* format.
/* .IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR"
/* The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral
/* elliptic-curve Diffie-Hellman (EECDH) key exchange.
/* Available in Postfix version 2.11 and later:
/* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
/* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+/* .PP
+/* Available in Postfix version 3.4 and later:
+/* .IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR"
+/* Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
+/* chains in PEM format.
+/* .IP "\fBtls_server_sni_maps (empty)\fR"
+/* Optional lookup tables that map names received from remote SMTP
+/* clients via the TLS Server Name Indication (SNI) extension to the
+/* appropriate keys and certificate chains.
/* TLS CLIENT CONTROLS
/* .ad
/* .fi
/* Directory with PEM format Certification Authority certificates
/* that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS
/* server certificate.
+/* .IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR"
+/* Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate
+/* chains in PEM format.
/* .IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR"
/* File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM
/* format.
/* File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM
/* format.
/* .IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR"
-/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in
-/* PEM format.
+/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM
+/* format.
/* .IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR"
-/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in
-/* PEM format.
+/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM
+/* format.
/* .IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR"
/* The message digest algorithm used to construct remote TLS server
/* certificate fingerprints.
bool var_smtpd_tls_req_ccert;
bool var_smtpd_tls_set_sessid;
char *var_smtpd_relay_ccerts;
+char *var_smtpd_tls_chain_files;
char *var_smtpd_tls_cert_file;
char *var_smtpd_tls_key_file;
char *var_smtpd_tls_dcert_file;
bool var_tlsp_tls_ask_ccert;
bool var_tlsp_tls_req_ccert;
bool var_tlsp_tls_set_sessid;
+char *var_tlsp_tls_chain_files;
char *var_tlsp_tls_cert_file;
char *var_tlsp_tls_key_file;
char *var_tlsp_tls_dcert_file;
*/
char *var_smtp_tls_loglevel;
int var_smtp_tls_scert_vd;
+char *var_smtp_tls_chain_files;
char *var_smtp_tls_cert_file;
char *var_smtp_tls_key_file;
char *var_smtp_tls_dcert_file;
char *var_tlsp_clnt_loglevel;
char *var_tlsp_clnt_logparam;
int var_tlsp_clnt_scert_vd;
+char *var_tlsp_clnt_chain_files;
char *var_tlsp_clnt_cert_file;
char *var_tlsp_clnt_key_file;
char *var_tlsp_clnt_dcert_file;
* Macro for readability.
*/
#define TLSP_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \
- a10, a11, a12, a13) \
+ a10, a11, a12, a13, a14) \
tlsp_client_init(TLS_CLIENT_INIT_ARGS((props), a1, a2, a3, a4, \
- a5, a6, a7, a8, a9, a10, a11, a12, a13))
+ a5, a6, a7, a8, a9, a10, a11, a12, a13, a14))
/* tlsp_client_init - initialize a TLS client engine */
else if ((tlsp_pre_jail_client_props_key == 0
|| strcmp(tlsp_pre_jail_client_props_key, key) != 0)
- && (NOT_EMPTY(init_props->cert_file)
+ && (NOT_EMPTY(init_props->chain_files)
+ || NOT_EMPTY(init_props->cert_file)
|| NOT_EMPTY(init_props->key_file)
|| NOT_EMPTY(init_props->dcert_file)
|| NOT_EMPTY(init_props->dkey_file)
|| NOT_EMPTY(init_props->eckey_file)
|| NOT_EMPTY(init_props->CAfile)
|| NOT_EMPTY(init_props->CApath))) {
- msg_warn("tls_client_init request with key_file='%s' dkey_file='%s' "
- "eckey_file='%s' differs from tlsproxy_client_* settings",
- init_props->key_file, init_props->dkey_file,
- init_props->eckey_file);
+ msg_warn("tls_client_init request with chain_files='%s' key_file='%s' "
+ "dkey_file='%s' eckey_file='%s' differs from tlsproxy client "
+ "settings", init_props->chain_files, init_props->key_file,
+ init_props->dkey_file, init_props->eckey_file);
msg_warn("to avoid this warning, 1) identify the SMTP client that is "
"making this tls_client_init request, 2) configure a "
"custom tlsproxy service with tlsproxy_client_* settings "
have_server_cert =
(*cert_file || *var_tlsp_tls_dcert_file || *var_tlsp_tls_eccert_file);
+ if (*var_tlsp_tls_chain_files != 0) {
+ if (!have_server_cert)
+ have_server_cert = 1;
+ else
+ msg_warn("Both %s and one or more of the legacy "
+ " %s, %s or %s are non-empty; the legacy "
+ " parameters will be ignored",
+ VAR_TLSP_TLS_CHAIN_FILES,
+ VAR_TLSP_TLS_CERT_FILE,
+ VAR_TLSP_TLS_ECCERT_FILE,
+ VAR_TLSP_TLS_DCERT_FILE);
+ }
/* Some TLS configuration errors are not show stoppers. */
if (!have_server_cert && require_server_cert)
msg_warn("Need a server cert to request client certs");
if (!var_tlsp_enforce_tls && var_tlsp_tls_req_ccert)
msg_warn("Can't require client certs unless TLS is required");
/* After a show-stopper error, log a warning. */
- if (have_server_cert || (no_server_cert_ok && !require_server_cert))
+ if (have_server_cert || (no_server_cert_ok && !require_server_cert)) {
+
+ tls_pre_jail_init(TLS_ROLE_SERVER);
/*
* Large parameter lists are error-prone, so we emulate a language
verifydepth = var_tlsp_tls_ccert_vd,
cache_type = TLS_MGR_SCACHE_SMTPD,
set_sessid = var_tlsp_tls_set_sessid,
+ chain_files = var_tlsp_tls_chain_files,
cert_file = cert_file,
key_file = var_tlsp_tls_key_file,
dcert_file = var_tlsp_tls_dcert_file,
var_tlsp_tls_proto,
ask_ccert = ask_client_cert,
mdalg = var_tlsp_tls_fpt_dgst);
- else
+ } else {
msg_warn("No server certs available. TLS can't be enabled");
+ }
/*
* To maintain sanity, allow partial SSL_write() operations, and allow
if (clnt_use_tls || var_tlsp_clnt_per_site[0] || var_tlsp_clnt_policy[0]) {
TLS_CLIENT_INIT_PROPS props;
+ tls_pre_jail_init(TLS_ROLE_CLIENT);
+
/*
* We get stronger type safety and a cleaner interface by combining
* the various parameters into a single tls_client_props structure.
log_level = var_tlsp_clnt_loglevel,
verifydepth = var_tlsp_clnt_scert_vd,
cache_type = TLS_MGR_SCACHE_SMTP,
+ chain_files = var_tlsp_clnt_chain_files,
cert_file = var_tlsp_clnt_cert_file,
key_file = var_tlsp_clnt_key_file,
dcert_file = var_tlsp_clnt_dcert_file,
0,
};
static const CONFIG_STR_TABLE compat_str_table[] = {
+ VAR_SMTPD_TLS_CHAIN_FILES, DEF_SMTPD_TLS_CHAIN_FILES, &var_smtpd_tls_chain_files, 0, 0,
VAR_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CERT_FILE, &var_smtpd_tls_cert_file, 0, 0,
VAR_SMTPD_TLS_KEY_FILE, DEF_SMTPD_TLS_KEY_FILE, &var_smtpd_tls_key_file, 0, 0,
VAR_SMTPD_TLS_DCERT_FILE, DEF_SMTPD_TLS_DCERT_FILE, &var_smtpd_tls_dcert_file, 0, 0,
VAR_SMTPD_TLS_FPT_DGST, DEF_SMTPD_TLS_FPT_DGST, &var_smtpd_tls_fpt_dgst, 1, 0,
VAR_SMTPD_TLS_LOGLEVEL, DEF_SMTPD_TLS_LOGLEVEL, &var_smtpd_tls_loglevel, 0, 0,
VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0,
+ VAR_SMTP_TLS_CHAIN_FILES, DEF_SMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0,
VAR_SMTP_TLS_CERT_FILE, DEF_SMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0,
VAR_SMTP_TLS_KEY_FILE, DEF_SMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0,
VAR_SMTP_TLS_DCERT_FILE, DEF_SMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0,
0,
};
static const CONFIG_STR_TABLE str_table[] = {
+ VAR_TLSP_TLS_CHAIN_FILES, DEF_TLSP_TLS_CHAIN_FILES, &var_tlsp_tls_chain_files, 0, 0,
VAR_TLSP_TLS_CERT_FILE, DEF_TLSP_TLS_CERT_FILE, &var_tlsp_tls_cert_file, 0, 0,
VAR_TLSP_TLS_KEY_FILE, DEF_TLSP_TLS_KEY_FILE, &var_tlsp_tls_key_file, 0, 0,
VAR_TLSP_TLS_DCERT_FILE, DEF_TLSP_TLS_DCERT_FILE, &var_tlsp_tls_dcert_file, 0, 0,
VAR_TLSP_TLS_LEVEL, DEF_TLSP_TLS_LEVEL, &var_tlsp_tls_level, 0, 0,
VAR_TLSP_CLNT_LOGLEVEL, DEF_TLSP_CLNT_LOGLEVEL, &var_tlsp_clnt_loglevel, 0, 0,
VAR_TLSP_CLNT_LOGPARAM, DEF_TLSP_CLNT_LOGPARAM, &var_tlsp_clnt_logparam, 0, 0,
+ VAR_TLSP_CLNT_CHAIN_FILES, DEF_TLSP_CLNT_CHAIN_FILES, &var_tlsp_clnt_chain_files, 0, 0,
VAR_TLSP_CLNT_CERT_FILE, DEF_TLSP_CLNT_CERT_FILE, &var_tlsp_clnt_cert_file, 0, 0,
VAR_TLSP_CLNT_KEY_FILE, DEF_TLSP_CLNT_KEY_FILE, &var_tlsp_clnt_key_file, 0, 0,
VAR_TLSP_CLNT_DCERT_FILE, DEF_TLSP_CLNT_DCERT_FILE, &var_tlsp_clnt_dcert_file, 0, 0,
projects / thirdparty / postfix.git / commitdiff
