Mail addresses (PLEASE send questions to the mailing list)
postfix-users@postfix.org Postfix users mailing list
- wietse@porcupine.org the original author
In order to subscribe to the mailing list, see http://www.postfix.org/.
auxiliary/ Auxiliary software etc.
bin/ Postfix command executables
conf/ Configuration files, run-time scripts
- include/ Installed include files
- lib/ Installed object libraries
+ include/ Include files
+ implementation-notes/ Background information
+ lib/ Object libraries
libexec/ Postfix daemon executables
- mantools/ Manual page utilities
+ mantools/ Documentation utilities
proto/ Documentation source
aliases yes (can enable/disable mail to /file or |command)
bare newlines yes (but will send CRLF)
blacklisting yes (client name/addr; helo hostname; mail from; rcpt to)
-connection caching yes (SMTP shared cache; LMTP in-process cache)
+connection caching yes (SMTP shared cache; LMTP shared cache)
content filter yes (before and after queue, internal and external)
db tables yes (compile time option)
dbm tables yes (compile time option)
delivered-to yes (configurable with prepend_delivered_header)
-dsn almost (supports enhanced status codes and DSN format bounces)
+dsn yes
+enhanced status codes yes
errors-to: no (removed with Postfix 2.2)
esmtp yes
etrn support yes (per-destination log for authorized destinations only)
greylist yes (delegated policy script)
home mailbox yes
ident lookup no
-ipv6 yes (compatibility for ipv4-only kernels/libraries)
+ipv6 yes (compatibility for ipv4-only systems)
ldap tables yes (contributed)
-lmtp support yes (client)
+lmtp support yes (client only)
luser relay yes
m4 config no
mail to command yes (configurable for .forward, aliases, :include:)
mailertable yes (it's called transport)
mailq yes
majordomo yes (edit approve script to delete /^delivered-to:/i)
+milter yes (except body replacement)
mime yes (including 8bit to quoted-printable conversion)
mysql tables yes (contributed)
netinfo tables yes (contributed)
nis+ tables yes (contributed)
no <> in smtp yes (most common address forms)
pgsql tables yes (contributed)
-pipeline option yes (server and client)
-pop/imap yes (with third-party daemons that use mailbox or maildir)
+pipeline option yes (SMTP server and client; LMTP client)
+pop/imap no
qmqp server yes (with verp support)
rbl support yes
-return-receipt: no
+return-receipt: no (use DSN NOTIFY=SUCCESS)
rhsbl support yes
sasl support yes (compile time option)
sendmail -bt no
Cleanup: comments, error messages, and crumbling interfaces.
+20060707
+
+ Workaround: apparently, Solaris gettimeofday() can return
+ out-of range microsecond values. File: src/global/log_adhoc.c.
+
+ Robustness: the SMTPD policy client now encodes the
+ ccert_subject and ccert-issuer attributes as xtext. Some
+ characters are replaced by +XX, where XX is the two-digit
+ hexadecimal code for the character value. File:
+ smtpd/smtpd_check.c.
+
+ Safety: the SMTP/LMTP client now defers delivery when a
+ SASL password exists but the server does not offer SASL
+ authentication. Mail could be rejected otherwise. This
+ may become an issue now that Postfix retries delivery in
+ plaintext after an opportunistic TLS handshake fails. Specify
+ "smtp_sasl_auth_enforce = no" to deliver mail anyway.
+
Wish list:
The usage of TLScontext->cache_type is unclear. It specifies
around as pointers. TLScontext->cache_type is a case in
point.
- In the SMTPD policy client (encode or strip) non-printable
- non-ASCII in (TLS or all) attributes.
-
Are transport:nexthop null fields the same as in the case
of default_transport etc. parameters?
Introduce structured API for tls_server_mumble() just like
with smtp(8): this eliminates ever-growing lists of arguments.
- Defer delivery when a SASL password exists but the server
- does not offer SASL authentication, as mail might otherwise
- be bounced. This may become an issue now that Postfix will
- retry in plaintext after optional TLS fails. Make this
- configurable so people can get the old behavior.
-
Don't lose bits when converting st_dev into maildir file
name. It's 64 bits on Linux. Found with the BEAM source
- code analyzer.
+ code analyzer. Is this really a problem, or are they just
+ using 64 bits for upwards compatibility with LP64 systems?
Do or don't introduce unknown_reverse_client_reject_code.
- mail_addr/rcpt_addr should be externalized as they are in
- Sendmail. Likewise, addresses in add/delete requests should
- be internalized before updating the queue file.
+ In Milter events, mail_addr/rcpt_addr should be externalized
+ as they are in Sendmail. Likewise, addresses in add/delete
+ requests should be internalized before updating the queue
+ file.
Check that "UINT32 == unsigned int" choice is ok (i.e. LP64
UNIX).
- Fix milter_argv() so it does not forget how much memory it
- has.
-
Tempfail when a Milter application wants content access,
while it is configured in an SMTP server that runs before
the smtpd_proxy filter.
Eliminate the (incoming,deferred)->active rename operation.
Softbounce fallback-to-ISP for SOHO users. This requires
- playing with with the soft_error test in the smtp_trouble.c
- module, and a way to avoid trying direct-to-backup-MX.
+ playing with the soft_error test in the smtp_trouble.c
+ module, and avoiding delivery to backup MX hosts.
select -> kqueue, epoll, /dev/poll, poll() ...
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
- ccert_issuer=Wietse Venema
+ ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
P\bPo\bos\bst\btf\bfi\bix\bx v\bve\ber\brs\bsi\bio\bon\bn 2\b2.\b.3\b3 a\ban\bnd\bd l\bla\bat\bte\ber\br:\b:
encryption_protocol=TLSv1/SSLv3
* The "ccert_*" attributes (Postfix 2.2 and later) specify information about
how the client was authenticated via TLS. These attributes are empty in
- case of no certificate authentication.
+ case of no certificate authentication. As of Postfix 2.2.11 these attribute
+ values are encoded as xtext: some characters are represented by +XX, where
+ XX is the two-digit hecadecimal representation of the character value.
* The "encryption_*" attributes (Postfix 2.3 and later) specify information
about how the connection is encrypted. With plaintext connections the
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-Major changes - critical
-------------------------
+Critical notes
+--------------
See RELEASE_NOTES_2.2 if you upgrade from Postfix 2.1 or earlier.
-Postfix internal protocols have has changed. You need to "postfix
+Some Postfix internal protocols have changed. You need to "postfix
reload" or restart Postfix, otherwise many servers will log warning
messages with "unexpected attribute" or "problem talking to service
rewrite: Unknown error: 0", and mail will not be delivered.
-[Incompat 20060515] Milter support introduces a three new queue
-file record types. Queue files created with this Postfix version
-will be understood by older Postfix versions ONLY if Milter support
-is turned off, which is the default.
+The Sendmail-compatible Milter support introduces three new queue
+file record types. As long as you leave this feature turned off,
+you can still go back to Postfix version 2.2 without losing mail.
Major changes - DNS lookups
---------------------------
This gives senders control over successful and failed delivery
notifications. DSN involves extra parameters to the SMTP MAIL FROM
and RCPT TO commands, as well as extra Postfix sendmail command
-line options that provide a sub-set of the functions of those extra
-SMTP command parameters.
+line options for mail submission.
See DSN_README for details. Some implementation notes are in
implementation-notes/DSN.
-[Incompat 20050828] When the cleanup server rejects the content or
-size of mail that was submitted with the Postfix sendmail command,
-forwarded with the local(8) delivery agent, or that was re-queued
-with "postsuper -r", Postfix no longer sends DSN SUCCESS notification
-of virtual alias expansions. Since all the recipients are reported
-as failed, the SUCCESS notification seems redundant.
-
[Incompat 20050615] The new DSN support conflicts with VERP support.
For Sendmail compatibility, Postfix now uses the sendmail -V command
line option for DSN. In order to request VERP style delivery, you
will recognize if you try to use -V for VERP-style delivery. It
will do the right thing and will remind you of the new syntax.
+[Incompat 20050828] When the cleanup server rejects the content or
+size of mail that was submitted with the Postfix sendmail command,
+that was forwarded with the local(8) delivery agent, or that was
+re-queued with "postsuper -r", Postfix no longer sends DSN SUCCESS
+notification after virtual alias expansions. Since all the recipients
+are reported as failed, the SUCCESS notification seems redundant.
+
Major changes - LMTP client
---------------------------
-[Feature 20051208] The SMTP client now implements the LMTP protocol.
-Most but not all smtp_xxx parameters have an lmtp_xxx "ghost"
-parameter. This means there are lot of new LMTP features, including
-support for TLS and for the shared connection cache.
+See the "SASL authentication" and "TLS" sections for changes related
+to SASL authentication and TLS support, respectively.
-[Feature 20060614] The unified SMTP/LMTP client now has complete
-sets of configuration parameters for each protocol.
+[Feature 20051208] The SMTP client now implements the LMTP protocol.
+Most but not all smtp_xxx parameters now have an lmtp_xxx equivalent.
+This means there are lot of new LMTP features, including support
+for TLS and for the shared connection cache.
[Incompat 20051208] The LMTP client now reports the server as
"myhostname[/path/name]". With the real server hostname in delivery
[Feature 20060515] Milter (mail filter) application support,
compatible with Sendmail version 8.13.6 and earlier. This allows
-you to run a large number of plug-ins to reject unwanted mail and
-to sign mail with, for example, domain keys. All Milter functions
-are implemented except replacing the message body, which will be
-added later. Milters are before-queue filters, so they don't change
-the queue ID.
+you to run a large number of plug-ins to reject unwanted mail, and
+to sign mail with for example domain keys. All Milter functions are
+implemented except replacing the message body, which will be added
+later. Milters are before-queue filters, so they don't change the
+queue ID.
See the MILTER_README document for a discussion of how to use Milter
-support with Postfix.
+support with Postfix, and limitations of the current implementation.
-[Incompat 20060515] Milter support introduces a three new queue
-file record types. Queue files created with this Postfix version
-will be understood by older Postfix versions ONLY if Milter support
-is turned off, which is the default.
+[Incompat 20060515] Milter support introduces three new queue file
+record types. As long as you leave this feature turned off, you can
+still go back to Postfix version 2.2 without losing mail.
[Incompat 20060515] Milter support introduces new logfile event
types: milter-reject, milter-discard and milter-hold, that identify
Major changes - SASL authentication
-----------------------------------
+[Incompat 20060707] The SMTP/LMTP client now defers delivery when
+a SASL password exists but the server does not offer SASL authentication.
+Otherwise, the server could reject the mail. This may become an
+issue now that Postfix retries delivery in plaintext after an
+opportunistic TLS handshake fails. Specify "smtp_sasl_auth_enforce
+= no" to deliver mail anyway.
+
[Feature 20051220] Plug-in support for SASL authentication in the
-SMTP server and in the SMTP+LMTP client. With this, Postfix can
+SMTP server and in the SMTP/LMTP client. With this, Postfix can
support multiple SASL implementations without source code patches.
Some distributors may even make SASL support a run-time linking
option, just like they already do with Postfix lookup tables.
The "postconf -a" command shows what plug-in implementations are
available for the SMTP server, and "postconf -A" does the same for
-the SMTP+LMTP client. Plug-in implementations are selected with
+the SMTP/LMTP client. Plug-in implementations are selected with
the smtpd_sasl_type, smtp_sasl_type and lmtp_sasl_type configuration
parameters.
Major changes - SMTP client
---------------------------
-[Feature 20051208] The SMTP client now implements the LMTP protocol.
-Most but not all smtp_xxx parameters have an lmtp_xxx "ghost"
-parameter. This means there are lot of new LMTP features, including
-support for TLS and for the shared connection cache. There are no
-lmtp_xxx "ghost" parameters for the HELO or EHLO commands, because
-those commands exist only in SMTP.
+See the "SASL authentication" and "TLS" sections for changes related
+to SASL authentication and TLS support, respectively.
-[Feature 20060614] The unified SMTP/LMTP client now has complete
-sets of configuration parameters for each protocol.
+[Feature 20051208] The SMTP client now implements the LMTP protocol.
+Most but not all smtp_xxx parameters now have an lmtp_xxx equivalent.
+This means there are lot of new LMTP features, including support
+for TLS and for the shared connection cache.
[Incompat 20060112] The Postfix SMTP/LMTP client by default no
longer allows DNS CNAME records to override the server hostname
"smtp_cname_overrides_servername = yes" to get the old behavior.
[Incompat 20060103] The Postfix SMTP/LMTP client no longer defers
-mail when it receives a malformed SMTP server reply in a session
-with command pipelining. When helpful warnings are enabled, it
-will suggest that command pipelining be disabled for the affected
+mail delivery when it receives a malformed SMTP server reply in a
+session with command pipelining. When helpful warnings are enabled,
+it will suggest that command pipelining be disabled for the affected
destination.
[Incompat 20051208] The fallback_relay feature is renamed to
-smtp_fallback_relay, to make clear that the combined SMTP+LMTP
+smtp_fallback_relay, to make clear that the combined SMTP/LMTP
client uses this setting only for SMTP deliveries. The old name
still works.
from spending lots of time trying to connect to lots of bogus MX
servers.
-[Incompat 20050622] The Postfix SMTP handling of [45]XX server
-greetings was cleaned up. The server reply is now properly reported.
-
Major changes - SMTP server
---------------------------
-[Incompat 20060207] The Postfix SMTP server no longer complains
-when TLS support is not compiled in, but permit_tls_clientcerts,
-permit_tls_all_clientcerts, or check_ccert_access are used. These
-features now are effectively ignored. However, the
-reject_plaintext_session feature is not ignored and will reject
-mail.
+See the "SASL authentication" and "TLS" sections for changes related
+to SASL authentication and TLS support, respectively.
+
+[Feature 20051222] You can now use "resolve_numeric_domain = yes"
+to stop Postfix from rejecting user@ipaddress as an invalid
+destination. It will deliver the mail to user@[ipaddress] instead.
-[Incompat 20051202] The Postfix SMTP daemon will not receive mail
-from the network if it isn't running with postfix mail_owner
+[Incompat 20051202] The Postfix SMTP server now refuses to receive
+mail from the network if it isn't running with postfix mail_owner
privileges. This prevents surprises when, for example, "sendmail
-bs" is configured to run as root from xinetd.
-[Incompat 20051121] The permit_mx_backup feature still accepts mail
-for authorized destinations (see permit_mx_backup for definition),
-but with other destinations it requires that the local MTA is listed
-as non-primary MX. This prevents mail loop problems when someone
-points the primary MX record at Postfix.
+[Incompat 20051121] Although the permit_mx_backup feature still
+accepts mail for authorized destinations (see permit_mx_backup for
+definition), with all other destinations it now requires that the
+local MTA is listed as non-primary MX. This prevents mail loop
+problems when someone points the primary MX record at a Postfix
+system.
[Feature 20051011] Optional protection against SMTP clients that
hammer the server with too many new (i.e. uncached) SMTP-over-TLS
removed in a future Postfix release.
[Feature 20060614] New smtpd_tls_protocols parameter complements
-the smtp_tls_mandatory_protocols parameter, only recommended for
-MSA configurations, not MX hosts.
+the smtp_tls_mandatory_protocols parameter. This recommended for
+MSA configurations, not for MX for hosts that face the Internet.
[Feature 20060626] Both the SMTP client and server can be configured
without a client or server certificate. An SMTP server without
administrator has not excluded the "aNULL" OpenSSL cipher type with
smtp_tls_exclude_ciphers.
-[Feature 20060626] You can specify cipher grades with the
-smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers and
-smtpd_tls_ciphers parameters. Specify
-one of "high", "medium", "low", "export" or "null". See TLS_README
-for details.
+[Feature 20060626] You can specify cipher grades (instead of cipher
+names) with the smtp_tls_mandatory_ciphers, lmtp_tls_mandatory_ciphers
+and smtpd_tls_ciphers parameters. Specify one of "high", "medium",
+"low", "export" or "null". See TLS_README for details.
+
+[Incompat 20060707] The SMTPD policy client now encodes the
+ccert_subject and ccert_issuer attributes as xtext. Some characters
+are represented by +XX, where XX is the two-digit hexadecimal
+representation of the character value.
[Incompat 20060614] The smtp_sasl_tls_verified_security_options
feature is not yet complete, and will therefore not appear in the
for debugging only, use levels 0 or 1 as production settings.
[Incompat 20060207] The Postfix SMTP server no longer complains
-when TLS support is not compiled in, but permit_tls_clientcerts,
-permit_tls_all_clientcerts, or check_ccert_access are used. These
-features now are effectively ignored. However, the
+when TLS support is not compiled in while permit_tls_clientcerts,
+permit_tls_all_clientcerts, or check_ccert_access are specified in
+main.cf. These features now are effectively ignored. However, the
reject_plaintext_session feature is not ignored and will reject
mail.
smtp_tls_per_site feature, without changes to the user interface.
Some Postfix internals had to be re-structured in preparation for
a more general TLS policy mechanism; this required that smtp_tls_per_site
-be re-implemented from scratch.
+be re-implemented from scratch. The obscure behavior was found
+during compatibility testing.
[Feature 20051011] Optional protection against SMTP clients that
hammer the server with too many new (i.e. uncached) SMTP-over-TLS
[Incompat 20060611] The SMTP server XCLIENT implementation has
changed. The SMTP server now resets state to the initial server
-greeting stage, so that it can accurately simulate the effect of
-connection-level access restrictions. Without this change, XCLIENT
-will not work at all with Milter applications.
+greeting stage, immediately before the EHLO/HELO greeting. This
+was needed to correctly simulate the effect of connection-level
+access restrictions. Without this change, XCLIENT would not work
+with Milter applications.
[Incompat 20060611] The SMTP server XCLIENT and XFORWARD commands
now expect that attributes are xtext encoded (RFC 1891). For backwards
-compatibility they will accept unencoded attribute values. The
+compatibility they will also accept unencoded attribute values. The
XFORWARD client code in the SMTP client and in the SMTPD_PROXY
client will always encode attribute values. This change will have
effect only for malformed hostname and helo parameter values.
For more details, see the XCLIENT_README and XFORWARD_README
documents.
-Major changes - address rewriting
----------------------------------
+Major changes - address manipulation
+------------------------------------
[Incompat 20060123] Postfix now preserves uppercase information
while mapping addresses with canonical, virtual, relocated or generic
expression maps. However, the local(8) and virtual(8) delivery
agents still fold addresses to lower case.
+As a side effect, Postfix now also does a better job at being case
+insensitive where it should be, for example while searching per-host
+TLS policies or SASL passwords.
+
By default, Postfix now folds the search string to lowercase only
with tables that have fixed-case lookup fields such as btree:,
hash:, dbm:, ldap:, or *sql:. The search string is no longer case
For safety reasons, Postfix no longer allows $number substitution
in regexp: or pcre: transport tables or per-sender relayhost tables.
-[Feature 20060123] Postfix now does a better job at preserving
-upper/lower case information while transforming addresses. The
-table lookup code was revised, and is now more careful about when
-it folds search strings to lower case. As a side effect, Postfix
-now also does a better job at being case insensitive where it should,
-for example while searching per-host TLS policies or SASL passwords.
-
Major changes - bounce message templates
----------------------------------------
The $mail_name program
EOF
-Major changes - broken SMTP clients
------------------------------------
-
-[Feature 20051222] You can now use "resolve_numeric_domain = yes"
-to stop Postfix from rejecting user@ipaddress as an invalid
-destination. It will deliver the mail to user@[ipaddress] instead.
-
Major changes - built-in filters
--------------------------------
is now limited to just the message headers, to avoid the risk of
exposure to harmful content in the message body or attachments.
-Major changes - connection caching
-----------------------------------
-
-[Incompat 20051026] The smtp_connection_cache_reuse_limit parameter
-(which limits the number of deliveries per SMTP connection) is
-replaced by the new smtp_connection_reuse_time_limit parameter (the
-time after which a connection is no longer stored into the connection
-cache).
-
-[Feature 20051026] This snapshot addresses a performance stability
-problem with remote SMTP servers. The problem is not specific to
-Postfix: it can happen when any MTA sends large amounts of SMTP
-email to a site that has multiple MX hosts. The insight that led
-to the solution, as well as an initial implementation, are due to
-Victor Duchovni.
-
-The problem starts when one of a set of MX hosts becomes slower
-than the rest. Even though SMTP clients connect to fast and slow
-MX hosts with equal probability, the slow MX host ends up with more
-simultaneous inbound connections than the faster MX hosts, because
-the slow MX host needs more time to serve each client request.
-
-The slow MX host becomes a connection attractor. If one MX host
-becomes N times slower than the rest, it dominates mail delivery
-latency unless there are more than N fast MX hosts to counter the
-effect. And if the number of MX hosts is smaller than N, the mail
-delivery latency becomes effectively that of the slowest MX host
-divided by the total number of MX hosts.
-
-The solution uses connection caching in a way that differs from
-Postfix 2.2. By limiting the amount of time during which a connection
-can be used repeatedly (instead of limiting the number of deliveries
-over that connection), Postfix not only restores fairness in the
-distribution of simultaneous connections across a set of MX hosts,
-it also favors deliveries over connections that perform well, which
-is exactly what we want.
-
-The smtp_connection_reuse_time_limit feature implements the connection
-reuse time limit as discussed above. It limits the amount of time
-after which an SMTP connection is no longer stored into the connection
-cache. The default limit, 300s, can result in a huge number of
-deliveries over a single connection.
-
-This solution will be complete when Postfix logging is updated to
-include information about the number of times that a connection was
-used. This information is needed to diagnose inter-operability
-problems with servers that exhibit bugs when they receive multiple
-messages over the same connection.
-
Major changes - database support
--------------------------------
[Incompat 20051106] The relay=... logging has changed and now
includes the remote SMTP server port number as hostname[hostaddr]:port.
+[Incompat 20060112] The Postfix SMTP/LMTP client by default no
+longer allows DNS CNAME records to override the server hostname
+that is used for logging, SASL password lookup, TLS policy selection
+and TLS server certificate verification. Specify
+"smtp_cname_overrides_servername = yes" to get the old behavior.
+
[Incompat 20051105] All delay logging now has sub-second resolution,
including the over-all "delay=nnn" logging. A patch is available
for pflogsumm (pflogsumm-conn-delays-dsn-patch). The qshape script
has been updated (auxiliary/qshape/qshape.pl).
-At this point the Postfix logging for a recipient looks like this:
-
- Nov 3 16:04:31 myname postfix/smtp[30840]: 19B6B2900FE:
- to=<wietse@test.example.com>, orig_to=<wietse@test>,
- relay=mail.example.com[1.2.3.4], conn_use=2, delay=0.22,
- delays=0.04/0.01/0.05/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok)
-
[Feature 20051103] This release makes a beginning with a series of
new attributes in Postfix logfile records.
- Logging of the connection reuse count when SMTP connections are
used for more than one message delivery. This information is
needed because Postfix can now reuse connections hundreds of times
- or more, and can help to diagnose inter-operability problems with
- servers that suffer from memory leaks or other resource leaks.
+ or more. Logging of the connection reuse count can help to diagnose
+ inter-operability problems with servers that suffer from memory
+ leaks or other resource leaks.
At this point the Postfix logging for a recipient looks like this:
Major changes - performance
---------------------------
+[Incompat 20050622] The Postfix SMTP client by default limits the
+number of MX server addresses to smtp_mx_address_limit=5. Previously
+this limit was disabled by default. The new limit prevents Postfix
+from spending lots of time trying to connect to lots of bogus MX
+servers.
+
[Feature 20051026] This snapshot addresses a performance stability
problem with remote SMTP servers. The problem is not specific to
Postfix: it can happen when any MTA sends large amounts of SMTP
---------------------------
[Incompat 20050716] Internal interfaces have changed; this may break
-third-party patches because the text of function argument and result
-type definitions has changed. The type of buffer lengths and offsets
-were changed from "(unsigned) int" (32 bit on 32-bit and LP64
-systems) to "(s)size_t" (64 bit on LP64 systems, 32 bit on 32-bit
-systems).
-
-Otherwise, this change makes no difference on 32-bit systems. On
-LP64 systems, however, software may mis-behave 1) when Postfix is
+third-party patches because the types of function arguments and of
+result values have changed. The types of buffer lengths and offsets
+were changed from "int" or "unsigned int" (32 bit on 32-bit and
+LP64 systems) to "ssize_t" or "size_t" (64 bit on LP64 systems, 32
+bit on 32-bit systems).
+
+This change makes no difference in Postfix behavior on 32-bit
+systems. On LP64 systems, however, this change not only eliminates
+some obscure portability bugs, it also eliminates unnecessary
+conversions between 32/64 bit integer types, because many system
+library routines take "(s)size_t" arguments or return "(s)size_t"
+values.
+
+This change may break software on LP64 systems 1) when Postfix is
linked with pre-compiled code that was compiled with old Postfix
interface definitions and 2) when compiling Postfix source that was
-modified by a third-party patch: incorrect code may be generated
+modified by a third-party patch: incorrect code will be generated
when the patch passes the wrong integer argument type in contexts
that disable automatic argument type conversions. Examples of such
contexts are formatting with printf-like arguments, and invoking
functions that write Postfix request or reply attributes across
inter-process communication channels. Unfortunately, gcc does not
report "(unsigned) int" versus "(s)size_t" format string argument
-mis-matches on 32-bit systems; they can be found only on 64-bit
+mis-matches on 32-bit systems; it reports them only on 64-bit
systems.
-[Feature 20050716] Improved portability to LP64 systems, by converting
-the type of buffer lengths and offsets from "(unsigned) int" to
-"(s)size_t". This change has zero effect on 32-bit systems. On
-LP64 platforms, however, this change not only eliminates some obscure
-portability bugs, it also eliminates unnecessary conversions between
-32/64 bit integer types, because many system library routines take
-"(s)size_t" arguments or return "(s)size_t" values.
-
Major changes - safety
----------------------
-[Incompat 20051121] The permit_mx_backup feature still accepts mail
-for authorized destinations (see permit_mx_backup for definition),
-but with other destinations it requires that the local MTA is listed
-as non-primary MX. This prevents mail loop problems when someone
-points the primary MX record at Postfix.
+[Incompat 20051121] Although the permit_mx_backup feature still
+accepts mail for authorized destinations (see permit_mx_backup for
+definition), with all other destinations it now requires that the
+local MTA is listed as non-primary MX. This prevents mail loop
+problems when someone points the primary MX record at a Postfix
+system.
[Incompat 20051011] The Postfix local(8) delivery agent no longer
updates its idea of the Delivered-To: address while it expands
is now limited to just the message headers, to avoid the risk of
exposure to harmful content in the message body or attachments.
-[Incompat 20051202] The Postfix SMTP daemon will not receive mail
-from the network if it isn't running with postfix mail_owner
+[Incompat 20051202] The Postfix SMTP server now refuses to receive
+mail from the network if it isn't running with postfix mail_owner
privileges. This prevents surprises when, for example, "sendmail
-bs" is configured to run as root from xinetd.
+[Incompat 20060123] For safety reasons, Postfix no longer allows
+$number substitution in regexp: or pcre: transport tables or
+per-sender relayhost tables.
+
+[Incompat 20060112] The Postfix SMTP/LMTP client by default no
+longer allows DNS CNAME records to override the server hostname
+that is used for logging, SASL password lookup, TLS policy selection
+and TLS server certificate verification. Specify
+"smtp_cname_overrides_servername = yes" to get the old behavior.
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
-ccert_issuer=Wietse Venema
+ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
<b>Postfix version 2.3 and later:</b>
encryption_protocol=TLSv1/SSLv3
<li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
information about how the client was authenticated via TLS.
These attributes are empty in case of no certificate authentication.
+ As of Postfix 2.2.11 these attribute values are encoded as
+ xtext: some characters are represented by +XX, where XX is the
+ two-digit hecadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
</p>
+</DD>
+
+<DT><b><a name="lmtp_sasl_auth_enforce">lmtp_sasl_auth_enforce</a>
+(default: yes)</b></DT><DD>
+
+<p> The LMTP-specific version of the <a href="postconf.5.html#smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a>
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
</DD>
<DT><b><a name="lmtp_sasl_mechanism_filter">lmtp_sasl_mechanism_filter</a>
</pre>
+</DD>
+
+<DT><b><a name="smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a>
+(default: yes)</b></DT><DD>
+
+<p> Defer mail delivery when an SMTP server does not support SASL
+authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_password_maps</a> contains SASL
+login/password information for that server. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+
</DD>
<DT><b><a name="smtp_sasl_mechanism_filter">smtp_sasl_mechanism_filter</a>
Available in Postfix version 2.3 and later:
+ <b><a href="postconf.5.html#smtp_sasl_auth_enforce">smtp_sasl_auth_enforce</a> (yes)</b>
+ Defer mail delivery when an SMTP server does not
+ support SASL authentication, while <a href="postconf.5.html#smtp_sasl_password_maps">smtp_sasl_pass</a>-
+ <a href="postconf.5.html#smtp_sasl_password_maps">word_maps</a> contains SASL login/password information
+ for that server.
+
<b><a href="postconf.5.html#smtp_sender_dependent_authentication">smtp_sender_dependent_authentication</a> (no)</b>
- Enable sender-dependent authentication in the SMTP
- client; this is available only with SASL authenti-
- cation, and disables SMTP connection caching to
- ensure that mail from different senders will use
+ Enable sender-dependent authentication in the SMTP
+ client; this is available only with SASL authenti-
+ cation, and disables SMTP connection caching to
+ ensure that mail from different senders will use
the appropriate credentials.
<b><a href="postconf.5.html#smtp_sasl_path">smtp_sasl_path</a> (empty)</b>
- Implementation-specific information that is passed
- through to the SASL plug-in implementation that is
+ Implementation-specific information that is passed
+ through to the SASL plug-in implementation that is
selected with <b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a></b>.
<b><a href="postconf.5.html#smtp_sasl_type">smtp_sasl_type</a> (cyrus)</b>
- The SASL plug-in type that the Postfix SMTP client
+ The SASL plug-in type that the Postfix SMTP client
should use for authentication.
<b>STARTTLS SUPPORT CONTROLS</b>
- Detailed information about STARTTLS configuration may be
+ Detailed information about STARTTLS configuration may be
found in the <a href="TLS_README.html">TLS_README</a> document.
<b><a href="postconf.5.html#smtp_tls_security_level">smtp_tls_security_level</a> (empty)</b>
- The default SMTP TLS security level for all desti-
- nations; when a non-empty value is specified, this
+ The default SMTP TLS security level for all desti-
+ nations; when a non-empty value is specified, this
overrides the obsolete parameters <a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a>,
<a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a>, and <a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a>.
<b><a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a> ($<a href="postconf.5.html#smtp_sasl_security_options">smtp_sasl_secu</a>-</b>
<b><a href="postconf.5.html#smtp_sasl_security_options">rity_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions.
<b><a href="postconf.5.html#smtp_starttls_timeout">smtp_starttls_timeout</a> (300s)</b>
- Time limit for Postfix SMTP client write and read
- operations during TLS startup and shutdown hand-
+ Time limit for Postfix SMTP client write and read
+ operations during TLS startup and shutdown hand-
shake procedures.
<b><a href="postconf.5.html#smtp_tls_CAfile">smtp_tls_CAfile</a> (empty)</b>
- The file with the certificate of the certification
- authority (CA) that issued the Postfix SMTP client
+ The file with the certificate of the certification
+ authority (CA) that issued the Postfix SMTP client
certificate.
<b><a href="postconf.5.html#smtp_tls_CApath">smtp_tls_CApath</a> (empty)</b>
- Directory with PEM format certificate authority
- certificates that the Postfix SMTP client uses to
+ Directory with PEM format certificate authority
+ certificates that the Postfix SMTP client uses to
verify a remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a> (empty)</b>
- File with the Postfix SMTP client RSA certificate
+ File with the Postfix SMTP client RSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_mandatory_ciphers">smtp_tls_mandatory_ciphers</a> (medium)</b>
- The minimum SMTP client TLS cipher grade that is
- strong enough to be used with the "encrypt" secu-
+ The minimum SMTP client TLS cipher grade that is
+ strong enough to be used with the "encrypt" secu-
rity level and higher.
<b><a href="postconf.5.html#smtp_tls_exclude_ciphers">smtp_tls_exclude_ciphers</a> (empty)</b>
<b><a href="postconf.5.html#smtp_tls_mandatory_exclude_ciphers">smtp_tls_mandatory_exclude_ciphers</a> (empty)</b>
List of ciphers or cipher types to exclude from the
- SMTP client cipher list at the mandatory TLS secu-
+ SMTP client cipher list at the mandatory TLS secu-
rity levels: "encrypt", "verify" and "secure".
<b><a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a> (empty)</b>
- File with the Postfix SMTP client DSA certificate
+ File with the Postfix SMTP client DSA certificate
in PEM format.
<b><a href="postconf.5.html#smtp_tls_dkey_file">smtp_tls_dkey_file</a> ($<a href="postconf.5.html#smtp_tls_dcert_file">smtp_tls_dcert_file</a>)</b>
- File with the Postfix SMTP client DSA private key
+ File with the Postfix SMTP client DSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_key_file">smtp_tls_key_file</a> ($<a href="postconf.5.html#smtp_tls_cert_file">smtp_tls_cert_file</a>)</b>
- File with the Postfix SMTP client RSA private key
+ File with the Postfix SMTP client RSA private key
in PEM format.
<b><a href="postconf.5.html#smtp_tls_loglevel">smtp_tls_loglevel</a> (0)</b>
- Enable additional Postfix SMTP client logging of
+ Enable additional Postfix SMTP client logging of
TLS activity.
<b><a href="postconf.5.html#smtp_tls_note_starttls_offer">smtp_tls_note_starttls_offer</a> (no)</b>
- Log the hostname of a remote SMTP server that
- offers STARTTLS, when TLS is not already enabled
+ Log the hostname of a remote SMTP server that
+ offers STARTTLS, when TLS is not already enabled
for that server.
<b><a href="postconf.5.html#smtp_tls_policy_maps">smtp_tls_policy_maps</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
TLS security policy by next-hop destination; when a
- non-empty value is specified, this overrides the
+ non-empty value is specified, this overrides the
obsolete <a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> parameter.
<b><a href="postconf.5.html#smtp_tls_mandatory_protocols">smtp_tls_mandatory_protocols</a> (SSLv3, TLSv1)</b>
- List of TLS protocol versions that are secure
+ List of TLS protocol versions that are secure
enough to be used with the "encrypt" security level
and higher.
<b><a href="postconf.5.html#smtp_tls_scert_verifydepth">smtp_tls_scert_verifydepth</a> (5)</b>
- The verification depth for remote SMTP server cer-
+ The verification depth for remote SMTP server cer-
tificates.
<b><a href="postconf.5.html#smtp_tls_secure_cert_match">smtp_tls_secure_cert_match</a> (nexthop, dot-nexthop)</b>
for the "secure" TLS security level.
<b><a href="postconf.5.html#smtp_tls_session_cache_database">smtp_tls_session_cache_database</a> (empty)</b>
- Name of the file containing the optional Postfix
+ Name of the file containing the optional Postfix
SMTP client TLS session cache.
<b><a href="postconf.5.html#smtp_tls_session_cache_timeout">smtp_tls_session_cache_timeout</a> (3600s)</b>
for the "verify" TLS security level.
<b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
- The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
- or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
- server in order to seed its internal pseudo random
+ The
number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a>
+ or
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a>
+ server in order to seed its internal pseudo random
number generator (PRNG).
<b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a></b>
ciphers.
<b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (!EXPORT:ALL:+RC4:@STRENGTH)</b>
- The OpenSSL cipherlist for "LOW" or higher grade
+ The OpenSSL cipherlist for "LOW" or higher grade
ciphers.
<b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (ALL:+RC4:@STRENGTH)</b>
ciphers.
<b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (!aNULL:eNULL+kRSA)</b>
- The OpenSSL cipherlist for "NULL" grade ciphers
+ The OpenSSL cipherlist for "NULL" grade ciphers
that provide authentication without encryption.
Available in Postfix version 2.4 and later:
<b><a href="postconf.5.html#smtp_sasl_tls_verified_security_options">smtp_sasl_tls_verified_security_options</a></b>
<b>($<a href="postconf.5.html#smtp_sasl_tls_security_options">smtp_sasl_tls_security_options</a>)</b>
- The SASL authentication security options that the
- Postfix SMTP client uses for TLS encrypted SMTP
+ The SASL authentication security options that the
+ Postfix SMTP client uses for TLS encrypted SMTP
sessions with a verified server certificate.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compati-
+ The following configuration parameters exist for compati-
bility with Postfix versions before 2.3. Support for these
will be removed in a future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP
- server announces STARTTLS support, otherwise send
+ Opportunistic mode: use TLS when a remote SMTP
+ server announces STARTTLS support, otherwise send
the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers
- use TLS encryption, and never send mail in the
+ Enforcement mode: require that remote SMTP servers
+ use TLS encryption, and never send mail in the
clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- When TLS encryption is enforced, require that the
+ When TLS encryption is enforced, require that the
remote SMTP server hostname matches the information
in the remote SMTP server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
Optional lookup tables with the Postfix SMTP client
- TLS usage policy by next-hop destination and by
+ TLS usage policy by next-hop destination and by
remote SMTP server hostname.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_destination_concurrency_limit">smtp_destination_concurrency_limit</a> ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">tion_concurrency_limit</a>)</b>
- The maximal number of parallel deliveries to the
- same destination via the smtp message delivery
+ The maximal number of parallel deliveries to the
+ same destination via the smtp message delivery
transport.
<b><a href="postconf.5.html#smtp_destination_recipient_limit">smtp_destination_recipient_limit</a> ($<a href="postconf.5.html#default_destination_recipient_limit">default_destina</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">tion_recipient_limit</a>)</b>
- The maximal number of recipients per delivery via
+ The maximal number of recipients per delivery via
the smtp message delivery transport.
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The SMTP client time limit for completing a TCP
+ The SMTP client time limit for completing a TCP
connection, or zero (use the operating system
built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The SMTP client time limit for sending the HELO or
- EHLO command, and for receiving the initial server
+ The SMTP client time limit for sending the HELO or
+ EHLO command, and for receiving the initial server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
- The LMTP client time limit for sending the LHLO
+ The LMTP client time limit for sending the LHLO
command, and for receiving the initial server
response.
command, and for receiving the server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The SMTP client time limit for sending the MAIL
- FROM command, and for receiving the server
+ The SMTP client time limit for sending the MAIL
+ FROM command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The SMTP client time limit for sending the SMTP
- RCPT TO command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ RCPT TO command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The SMTP client time limit for sending the SMTP
- DATA command, and for receiving the server
+ The SMTP client time limit for sending the SMTP
+ DATA command, and for receiving the server
response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
message content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
- The SMTP client time limit for sending the SMTP
+ The SMTP client time limit for sending the SMTP
".", and for receiving the server response.
<b><a href="postconf.5.html#smtp_quit_timeout">smtp_quit_timeout</a> (300s)</b>
- The SMTP client time limit for sending the QUIT
+ The SMTP client time limit for sending the QUIT
command, and for receiving the server response.
Available in Postfix version 2.1 and later:
lookups, or zero (no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery
- request before giving up or delivering to a fall-
+ The maximal number of SMTP sessions per delivery
+ request before giving up or delivering to a fall-
back <a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
- The SMTP client time limit for sending the RSET
+ The SMTP client time limit for sending the RSET
command, and for receiving the server response.
Available in Postfix version 2.2 and earlier:
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the
+ Permanently enable SMTP connection caching for the
specified destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a
+ Temporarily enable SMTP connection caching while a
destination has a high volume of mail in the active
queue.
<b><a href="postconf.5.html#smtp_connection_cache_time_limit">smtp_connection_cache_time_limit</a> (2s)</b>
When SMTP connection caching is enabled, the amount
- of time that an unused SMTP client socket is kept
+ of time that an unused SMTP client socket is kept
open before it is closed.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or
+ Time limit for connection cache connect, send or
receive operations.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a
- remote client or server matches a pattern in the
+ The increment in verbose logging level when a
+ remote client or server matches a pattern in the
<a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname
- or network address patterns that cause the verbose
- logging level to increase by the amount specified
+ Optional list of remote client or server hostname
+ or network address patterns that cause the verbose
+ logging level to increase by the amount specified
in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about
- mail delivery problems that are caused by policy,
+ The recipient of postmaster notifications about
+ mail delivery problems that are caused by policy,
resource, software or protocol errors.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
- The list of error classes that are reported to the
+ The list of error classes that are reported to the
postmaster.
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail
+ Where the Postfix SMTP client should deliver mail
when it detects a "mail loops back to myself" error
condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and
<a href="master.5.html">master.cf</a> configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to
- handle a request before it is terminated by a
+ How much time a Postfix daemon process may take to
+ handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal
+ The maximal number of digits after the decimal
point when logging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
- Disable DNS lookups in the Postfix SMTP and LMTP
+ Disable DNS lookups in the Postfix SMTP and LMTP
clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
- The Internet protocols Postfix will attempt to use
+ The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
over an internal communication channel.
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
- The default TCP port that the Postfix LMTP client
+ The default TCP port that the Postfix LMTP client
connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix
- daemon process waits for the next service request
+ The maximum amount of time that an idle Postfix
+ daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
- The maximal number of connection requests before a
+ The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
- The process ID of a Postfix command or daemon
+ The process ID of a Postfix command or daemon
process.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
- The process name of a Postfix command or daemon
+ The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
- tem receives mail on by way of a proxy or network
+ tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
- client should bind to when making an IPv4 connec-
+ client should bind to when making an IPv4 connec-
tion.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the SMTP
- client should bind to when making an IPv6 connec-
+ client should bind to when making an IPv6 connec-
tion.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
- The hostname to send in the SMTP EHLO or HELO com-
+ The hostname to send in the SMTP EHLO or HELO com-
mand.
<b><a href="postconf.5.html#lmtp_lhloname">lmtp_lhlo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the LMTP LHLO command.
<b><a href="postconf.5.html#smtp_host_lookup">smtp_host_lookup</a> (dns)</b>
- What mechanisms when the SMTP client uses to look
+ What mechanisms when the SMTP client uses to look
up a host's IP address.
<b><a href="postconf.5.html#smtp_randomize_addresses">smtp_randomize_addresses</a> (yes)</b>
- Randomize the order of equal-preference MX host
+ Randomize the order of equal-preference MX host
addresses.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
- The mail system name that is prepended to the
- process name in syslog records, so that "smtpd"
+ The mail system name that is prepended to the
+ process name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available with Postfix 2.2 and earlier:
<b><a href="postconf.5.html#fallback_relay">fallback_relay</a> (empty)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
Available with Postfix 2.3 and later:
<b><a href="postconf.5.html#smtp_fallback_relay">smtp_fallback_relay</a> ($<a href="postconf.5.html#fallback_relay">fallback_relay</a>)</b>
- Optional list of relay hosts for SMTP destinations
+ Optional list of relay hosts for SMTP destinations
that can't be found or that are unreachable.
<b>SEE ALSO</b>
<a href="TLS_README.html">TLS_README</a>, Postfix STARTTLS howto
<b>LICENSE</b>
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
The default time unit is s (seconds).
.SH lmtp_sasl_auth_enable (default: no)
Enable SASL authentication in the Postfix LMTP client.
+.SH lmtp_sasl_auth_enforce (default: yes)
+The LMTP-specific version of the smtp_sasl_auth_enforce
+configuration parameter. See there for details.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH lmtp_sasl_mechanism_filter (default: empty)
The LMTP-specific version of the smtp_sasl_mechanism_filter
configuration parameter. See there for details.
.fi
.ad
.ft R
+.SH smtp_sasl_auth_enforce (default: yes)
+Defer mail delivery when an SMTP server does not support SASL
+authentication, while smtp_sasl_password_maps contains SASL
+login/password information for that server.
+.PP
+This feature is available in Postfix 2.3 and later.
.SH smtp_sasl_mechanism_filter (default: empty)
If non-empty, a Postfix SMTP client filter for the remote SMTP
server's list of offered SASL mechanisms. Different client and
server's list of offered SASL mechanisms.
.PP
Available in Postfix version 2.3 and later:
+.IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
+Defer mail delivery when an SMTP server does not support SASL
+authentication, while smtp_sasl_password_maps contains SASL
+login/password information for that server.
.IP "\fBsmtp_sender_dependent_authentication (no)\fR"
Enable sender-dependent authentication in the SMTP client; this is
available only with SASL authentication, and disables SMTP connection
s;\blmtp_rcpt_timeout\b;<a href="postconf.5.html#lmtp_rcpt_timeout">$&</a>;g;
s;\blmtp_rset_timeout\b;<a href="postconf.5.html#lmtp_rset_timeout">$&</a>;g;
s;\blmtp_sasl_auth_enable\b;<a href="postconf.5.html#lmtp_sasl_auth_enable">$&</a>;g;
+ s;\blmtp_sasl_auth_enforce\b;<a href="postconf.5.html#lmtp_sasl_auth_enforce">$&</a>;g;
s;\blmtp_sasl_password_maps\b;<a href="postconf.5.html#lmtp_sasl_password_maps">$&</a>;g;
s;\blmtp_sasl_security_options\b;<a href="postconf.5.html#lmtp_sasl_security_options">$&</a>;g;
s;\blmtp_sasl_type\b;<a href="postconf.5.html#lmtp_sasl_type">$&</a>;g;
s;\bsmtp_rset_timeout\b;<a href="postconf.5.html#smtp_rset_timeout">$&</a>;g;
s;\bsmtp_sasl_auth_enable\b;<a href="postconf.5.html#smtp_sasl_auth_enable">$&</a>;g;
s;\bsmtp_sasl_mechanism_filter\b;<a href="postconf.5.html#smtp_sasl_mechanism_filter">$&</a>;g;
- s;\bsmtp_sasl_password_maps\b;<a href="postconf.5.html#smtp_sasl_password_maps">$&</a>;g;
+ s;\bsmtp_sasl_pass
[-</Bb>]*\n* *[<Bb>]*word_maps\b;<a href="postconf.5.html#smtp_sasl_password_maps">$&</a>;g;
s;\bsmtp_sasl_path\b;<a href="postconf.5.html#smtp_sasl_path">$&</a>;g;
s;\bsmtp_sasl_secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtp_sasl_security_options">$&</a>;g;
s;\bsmtp_send_xforward_command\b;<a href="postconf.5.html#smtp_send_xforward_command">$&</a>;g;
s;\bsmtp_[-</Bb>]*\n* *[<Bb>]*sasl_[-</Bb>]*\n* *[<Bb>]*tls_[-</Bb>]*\n* *[<Bb>]*secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtp_sasl_tls_security_options">$&</a>;g;
s;\bsmtp_sasl_tls_verified_secu[-</Bb>]*\n* *[<Bb>]*rity_options\b;<a href="postconf.5.html#smtp_sasl_tls_verified_security_options">$&</a>;g;
s;\bsmtp_sasl_type\b;<a href="postconf.5.html#smtp_sasl_type">$&</a>;g;
+ s;\bsmtp_sasl_auth_enforce\b;<a href="postconf.5.html#smtp_sasl_auth_enforce">$&</a>;g;
s;\bsmtp_starttls_timeout\b;<a href="postconf.5.html#smtp_starttls_timeout">$&</a>;g;
s;\bsmtp_tls_CAfile\b;<a href="postconf.5.html#smtp_tls_CAfile">$&</a>;g;
s;\bsmtp_tls_CApath\b;<a href="postconf.5.html#smtp_tls_CApath">$&</a>;g;
sasl_sender=
size=12345
ccert_subject=solaris9.porcupine.org
-ccert_issuer=Wietse Venema
+ccert_issuer=Wietse+20Venema
ccert_fingerprint=C2:9D:F4:87:71:73:73:D9:18:E7:C2:F3:C1:DA:6E:04
<b>Postfix version 2.3 and later:</b>
encryption_protocol=TLSv1/SSLv3
<li> <p> The "ccert_*" attributes (Postfix 2.2 and later) specify
information about how the client was authenticated via TLS.
These attributes are empty in case of no certificate authentication.
+ As of Postfix 2.2.11 these attribute values are encoded as
+ xtext: some characters are represented by +XX, where XX is the
+ two-digit hecadecimal representation of the character value.
</p>
<li> <p> The "encryption_*" attributes (Postfix 2.3 and later)
configuration parameter. See there for details. </p>
<p> This feature is available in Postfix 2.3 and later. </p>
+
+%PARAM smtp_sasl_auth_enforce yes
+
+<p> Defer mail delivery when an SMTP server does not support SASL
+authentication, while smtp_sasl_password_maps contains SASL
+login/password information for that server. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
+
+%PARAM lmtp_sasl_auth_enforce yes
+
+<p> The LMTP-specific version of the smtp_sasl_auth_enforce
+configuration parameter. See there for details. </p>
+
+<p> This feature is available in Postfix 2.3 and later. </p>
{
CLEANUP_STATE *state = (CLEANUP_STATE *) ptr;
+ /*
+ * Note: if we use XFORWARD attributes here, then consistency requires
+ * that we forward all Sendmail macros via XFORWARD.
+ */
+
/*
* Canonicalize the name.
*/
*
* Don't compute the sdelay (connection setup latency) if there is no time
* stamp for connection setup completion.
+ *
+ * XXX Apparently, Solaris gettimeofday() can return out-of-range
+ * microsecond values.
*/
#define DELTA(x, y, z) \
do { \
(x).dt_sec = (y).tv_sec - (z).tv_sec; \
(x).dt_usec = (y).tv_usec - (z).tv_usec; \
- if ((x).dt_usec < 0) { \
+ while ((x).dt_usec < 0) { \
(x).dt_usec += 1000000; \
(x).dt_sec -= 1; \
} \
+ while ((x).dt_usec >= 1000000) { \
+ (x).dt_usec -= 1000000; \
+ (x).dt_sec += 1; \
+ } \
if ((x).dt_sec < 0) \
(x).dt_sec = (x).dt_usec = 0; \
} while (0)
#define DEF_SMTP_SASL_PASSWD ""
extern char *var_smtp_sasl_passwd;
+#define VAR_SMTP_SASL_ENFORCE "smtp_sasl_auth_enforce"
+#define DEF_SMTP_SASL_ENFORCE 1
+extern bool var_smtp_sasl_enforce;
+
#define VAR_SMTP_SASL_OPTS "smtp_sasl_security_options"
#define DEF_SMTP_SASL_OPTS "noplaintext, noanonymous"
extern char *var_smtp_sasl_opts;
#define DEF_LMTP_SASL_PASSWD ""
extern char *var_lmtp_sasl_passwd;
+#define VAR_LMTP_SASL_ENFORCE "lmtp_sasl_auth_enforce"
+#define DEF_LMTP_SASL_ENFORCE 1
+
#define VAR_LMTP_SASL_OPTS "lmtp_sasl_security_options"
#define DEF_LMTP_SASL_OPTS "noplaintext, noanonymous"
extern char *var_lmtp_sasl_opts;
#define MAIL_ATTR_LABEL "label"
#define MAIL_ATTR_PROP "property"
#define MAIL_ATTR_CCERT_SUBJECT "ccert_subject"
-#define MAIL_ATTR_CCERT_ISSSUER "ccert_issuer"
+#define MAIL_ATTR_CCERT_ISSUER "ccert_issuer"
#define MAIL_ATTR_CCERT_FINGERPRINT "ccert_fingerprint"
#define MAIL_ATTR_CRYPTO_PROTOCOL "encryption_protocol"
#define MAIL_ATTR_CRYPTO_CIPHER "encryption_cipher"
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20060706"
-#define MAIL_VERSION_NUMBER "2.3-RC7"
+#define MAIL_RELEASE_DATE "20060707"
+#define MAIL_VERSION_NUMBER "2.3-RC8"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION MAIL_VERSION_NUMBER
#endif
VAR_LMTP_SENDER_AUTH, DEF_LMTP_SENDER_AUTH, &var_smtp_sender_auth,
VAR_LMTP_CNAME_OVERR, DEF_LMTP_CNAME_OVERR, &var_smtp_cname_overr,
+ VAR_LMTP_SASL_ENFORCE, DEF_LMTP_SASL_ENFORCE, &var_smtp_sasl_enforce,
0,
};
/* server's list of offered SASL mechanisms.
/* .PP
/* Available in Postfix version 2.3 and later:
+/* .IP "\fBsmtp_sasl_auth_enforce (yes)\fR"
+/* Defer mail delivery when an SMTP server does not support SASL
+/* authentication, while smtp_sasl_password_maps contains SASL
+/* login/password information for that server.
/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
/* Enable sender-dependent authentication in the SMTP client; this is
/* available only with SASL authentication, and disables SMTP connection
char *var_lmtp_tcp_port;
int var_scache_proto_tmout;
bool var_smtp_cname_overr;
+bool var_smtp_sasl_enforce;
/*
* Global variables.
#endif
VAR_SMTP_SENDER_AUTH, DEF_SMTP_SENDER_AUTH, &var_smtp_sender_auth,
VAR_SMTP_CNAME_OVERR, DEF_SMTP_CNAME_OVERR, &var_smtp_cname_overr,
+ VAR_SMTP_SASL_ENFORCE, DEF_SMTP_SASL_ENFORCE, &var_smtp_sasl_enforce,
0,
};
#ifdef USE_SASL_AUTH
if (var_smtp_sasl_enable && (session->features & SMTP_FEATURE_AUTH))
return (smtp_sasl_helo_login(state));
+ else if (var_smtp_sasl_enable
+ && *var_smtp_sasl_passwd
+ && var_smtp_sasl_enforce
+ && smtp_sasl_passwd_lookup(session) != 0)
+ return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
+ SMTP_RESP_FAKE(&fake, "4.7.0"),
+ "SASL login/password exists, but host %s "
+ "does not announce SASL authentication support",
+ session->namaddr));
#endif
return (0);
smtpd_check.o: ../../include/verify_clnt.h
smtpd_check.o: ../../include/vstream.h
smtpd_check.o: ../../include/vstring.h
+smtpd_check.o: ../../include/xtext.h
smtpd_check.o: smtpd.h
smtpd_check.o: smtpd_check.c
smtpd_check.o: smtpd_check.h
#include <valid_mailhost_addr.h>
#include <dsn_util.h>
#include <conv_time.h>
+#include <xtext.h>
/* Application-specific. */
static VSTRING *action = 0;
ATTR_CLNT *policy_clnt;
+#ifdef USE_TLS
+ VSTRING *subject_buf;
+ VSTRING *issuer_buf;
+ const char *subject;
+ const char *issuer;
+
+#endif
+ int ret;
+
/*
* Sanity check.
*/
if (action == 0)
action = vstring_alloc(10);
+#ifdef USE_TLS
+#define ENCODE_CN(coded_CN, coded_CN_buf, CN) do { \
+ if (state->tls_context == 0 \
+ || state->tls_context->peer_verified == 0 || (CN) == 0) { \
+ coded_CN_buf = 0; \
+ coded_CN = ""; \
+ } else { \
+ coded_CN_buf = vstring_alloc(strlen(CN)); \
+ xtext_quote(coded_CN_buf, CN, ""); \
+ coded_CN = STR(coded_CN_buf); \
+ } \
+ } while (0);
+
+ ENCODE_CN(subject, subject_buf, state->tls_context->peer_CN);
+ ENCODE_CN(issuer, issuer_buf, state->tls_context->issuer_CN);
+#endif
+
if (attr_clnt_request(policy_clnt,
ATTR_FLAG_NONE, /* Query attributes. */
ATTR_TYPE_STR, MAIL_ATTR_REQ, "smtpd_access_policy",
#define IF_VERIFIED(x) \
((state->tls_context && \
state->tls_context->peer_verified && ((x) != 0)) ? (x) : "")
- ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT,
- IF_VERIFIED(state->tls_context->peer_CN),
- ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSSUER,
- IF_VERIFIED(state->tls_context->issuer_CN),
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_SUBJECT, subject,
+ ATTR_TYPE_STR, MAIL_ATTR_CCERT_ISSUER, issuer,
ATTR_TYPE_STR, MAIL_ATTR_CCERT_FINGERPRINT,
IF_VERIFIED(state->tls_context->peer_fingerprint),
#define IF_ENCRYPTED(x, y) ((state->tls_context && ((x) != 0)) ? (x) : (y))
ATTR_FLAG_MISSING, /* Reply attributes. */
ATTR_TYPE_STR, MAIL_ATTR_ACTION, action,
ATTR_TYPE_END) != 1) {
- return (smtpd_check_reject(state, MAIL_ERROR_POLICY,
- 451, "4.3.5",
- "Server configuration problem"));
+ ret = smtpd_check_reject(state, MAIL_ERROR_POLICY,
+ 451, "4.3.5",
+ "Server configuration problem");
} else {
/*
* XXX This produces bogus error messages when the reply is
* malformed.
*/
- return (check_table_result(state, server, STR(action),
- "policy query", reply_name,
- reply_class, def_acl));
+ ret = check_table_result(state, server, STR(action),
+ "policy query", reply_name,
+ reply_class, def_acl);
}
+#ifdef USE_TLS
+ if (subject_buf)
+ vstring_free(subject_buf);
+ if (issuer_buf)
+ vstring_free(issuer_buf);
+#endif
+ return (ret);
}
/* is_map_command - restriction has form: check_xxx_access type:name */
/*
* Look up the peer address information.
+ *
+ * XXX If we make local endpoint (getsockname) information available to
+ * Milter applications as {if_name} and {if_addr}, then we also must be
+ * able to provide this via the XCLIENT command for Milter testing.
+ *
+ * XXX If support were to be added for Milter applications in down-stream
+ * MTAs, then consistency demands that we propagate a lot of Sendmail
+ * macro information via the XFORWARD command. Otherwise we could end up
+ * with a very confusing situation.
*/
if (getpeername(vstream_fileno(state->client), sa, &sa_length) >= 0) {
errno = 0;
projects / thirdparty / postfix.git / commitdiff
