20140110-15
Miscellaneous documentation cleanups.
+
+20140116
+
+ Workaround: prepend "-I. -I../../include" to CCARGS, to
+ avoid name clashes with non-Postfix header files. File:
+ makedefs.
+
+20140125
+
+ Cleanup: assorted documentation glitches.
+
+20140209
+
+ Workaround: the Postfix SMTP client now also falls back to
+ plaintext when TLS fails after the TLS protocol handshake.
+ Files: smtp/smtp.h, smtp/smtp_connect.c, smtp/smtp_trouble.c.
+
+ Testbed: unsupported HANGUP access map action that drops
+ the connection without responding to the remote SMTP client.
+ File: smtpd/smtpd_check.c.
F\bFo\bor\brw\bwa\bar\brd\bd S\bSe\bec\bcr\bre\bec\bcy\by i\bin\bn t\bth\bhe\be P\bPo\bos\bst\btf\bfi\bix\bx S\bSM\bMT\bTP\bP C\bCl\bli\bie\ben\bnt\bt
The Postfix >= 2.2 SMTP client supports forward secrecy in its default
-configuration. No configuration changes are needed besides turning on elliptic-
-curve support with Postfix 2.6 and 2.7 (see the quick-start section). If the
-remote SMTP server supports cipher suites with forward secrecy (and does not
-override the SMTP client's cipher preference), then the traffic between the
-server and client will resist decryption even if the server's long-term
-authentication keys are later compromised.
+configuration. All supported OpenSSL releases support EDH key exchange. OpenSSL
+releases >= 1.0.0 also support EECDH key exchange (provided elliptic-curve
+support has not been disabled by the vendor as in some versions of RedHat
+Linux). If the remote SMTP server supports cipher suites with forward secrecy
+(and does not override the SMTP client's cipher preference), then the traffic
+between the server and client will resist decryption even if the server's long-
+term authentication keys are later compromised.
The default Postfix SMTP client cipher lists are correctly ordered to prefer
EECDH and EDH cipher suites ahead of similar cipher suites that don't implement
G\bGe\bet\btt\bti\bin\bng\bg s\bst\bta\bar\brt\bte\bed\bd,\b, q\bqu\bui\bic\bck\bk a\ban\bnd\bd d\bdi\bir\brt\bty\by
-E\bEE\bEC\bCD\bDH\bH C\bCl\bli\bie\ben\bnt\bt a\ban\bnd\bd s\bse\ber\brv\bve\ber\br s\bsu\bup\bpp\bpo\bor\brt\bt (\b(P\bPo\bos\bst\btf\bfi\bix\bx >\b>=\b= 2\b2.\b.6\b6 w\bwi\bit\bth\bh O\bOp\bpe\ben\bnS\bSS\bSL\bL >\b>=\b= 1\b1.\b.0\b0.\b.0\b0)\b)
+E\bEE\bEC\bCD\bDH\bH C\bCl\bli\bie\ben\bnt\bt s\bsu\bup\bpp\bpo\bor\brt\bt (\b(P\bPo\bos\bst\btf\bfi\bix\bx >\b>=\b= 2\b2.\b.2\b2 w\bwi\bit\bth\bh O\bOp\bpe\ben\bnS\bSS\bSL\bL >\b>=\b= 1\b1.\b.0\b0.\b.0\b0)\b)
+
+This works "out of the box" without additional configuration.
+
+E\bEE\bEC\bCD\bDH\bH S\bSe\ber\brv\bve\ber\br s\bsu\bup\bpp\bpo\bor\brt\bt (\b(P\bPo\bos\bst\btf\bfi\bix\bx >\b>=\b= 2\b2.\b.6\b6 w\bwi\bit\bth\bh O\bOp\bpe\ben\bnS\bSS\bSL\bL >\b>=\b= 1\b1.\b.0\b0.\b.0\b0)\b)
With Postfix 2.6 and 2.7, enable elliptic-curve support in the Postfix SMTP
-client and server. This is the default with Postfix >= 2.8. Note, however, that
-elliptic-curve support may be disabled by the vendor, as in some versions of
-RedHat Linux.
+server. This is the default with Postfix >= 2.8. Note, however, that elliptic-
+curve support may be disabled by the vendor, as in some versions of RedHat
+Linux.
/etc/postfix/main.cf:
# Postfix 2.6 or 2.7 only. This is default with Postfix 2.8 and later.
<h2> <a name="client_fs">Forward Secrecy in the Postfix SMTP Client</a> </h2>
<p> The Postfix ≥ 2.2 SMTP client supports forward secrecy in
-its default configuration. No configuration changes are needed
-besides turning on elliptic-curve support with Postfix 2.6 and 2.7
-(see the <a href="#quick-start"> quick-start</a> section). If the
+its default configuration. All supported OpenSSL releases support
+EDH key exchange. OpenSSL releases ≥ 1.0.0 also support EECDH
+key exchange (provided elliptic-curve support has not been disabled
+by the vendor as in some versions of RedHat Linux). If the
remote SMTP server supports cipher suites with forward secrecy (and
does not override the SMTP client's cipher preference), then the
traffic between the server and client will resist decryption even
<h2><a name="quick-start">Getting started, quick and dirty</a></h2>
-<h3> EECDH Client and server support (Postfix ≥ 2.6 with OpenSSL
-≥ 1.0.0) </h3>
+<h3> EECDH Client support (Postfix ≥ 2.2 with OpenSSL ≥ 1.0.0) </h3>
+
+<p> This works "out of the box" without additional configuration. </p>
+
+<h3> EECDH Server support (Postfix ≥ 2.6 with OpenSSL ≥ 1.0.0) </h3>
<p> With Postfix 2.6 and 2.7, enable elliptic-curve support in the
-Postfix SMTP client and server. This is the default with Postfix
+Postfix SMTP server. This is the default with Postfix
≥ 2.8. Note, however, that elliptic-curve support may be disabled
by the vendor, as in some versions of RedHat Linux. </p>
The default is as if "<b>-C all</b>" is specified.
+ This feature is available with Postfix 2.9 and later.
+
<b>-d</b> Print <a href="postconf.5.html"><b>main.cf</b></a> default parameter settings instead of actual set-
tings. Specify <b>-df</b> to fold long lines for human readability
(Postfix 2.9 and later).
<b>-p</b> Show <a href="postconf.5.html"><b>main.cf</b></a> parameter settings. This is the default.
+ This feature is available with Postfix 2.11 and later.
+
<b>-P</b> Show <a href="master.5.html"><b>master.cf</b></a> service parameter settings (by default all ser-
vices and all parameters). formatted as one "<i>ser-</i>
<i>vice/type/parameter=value</i>" per line. Specify <b>-Pf</b> to fold long
The Secure Mailer license must be distributed with this software.
<b>AUTHOR(S)</b>
- Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
- Heights, NY 10598, USA
+ Wietse Venema
+ IBM T.J. Watson Research
+ P.O. Box 704
+ Yorktown Heights, NY 10598, USA
POSTCONF(1)
</pre> </body> </html>
# needed before the code stabilizes.
#CCARGS="$CCARGS -DNONPROD"
+# Workaround: prepend Postfix include files before other include files.
+CCARGS="-I. -I../../include $CCARGS"
+
sed 's/ / /g' <<EOF
SYSTYPE = $SYSTYPE
AR = $AR
.IP
The default is as if "\fB-C all\fR" is
specified.
+
+This feature is available with Postfix 2.9 and later.
.IP \fB-d\fR
Print \fBmain.cf\fR default parameter settings instead of
actual settings.
This feature is available with Postfix 2.10 and later.
.IP \fB-p\fR
Show \fBmain.cf\fR parameter settings. This is the default.
+
+This feature is available with Postfix 2.11 and later.
.IP \fB-P\fR
Show \fBmaster.cf\fR service parameter settings (by default
all services and all parameters). formatted as one
.SH "AUTHOR(S)"
.na
.nf
-Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-Heights, NY 10598, USA
+Wietse Venema
+IBM T.J. Watson Research
+P.O. Box 704
+Yorktown Heights, NY 10598, USA
<h2> <a name="client_fs">Forward Secrecy in the Postfix SMTP Client</a> </h2>
<p> The Postfix ≥ 2.2 SMTP client supports forward secrecy in
-its default configuration. No configuration changes are needed
-besides turning on elliptic-curve support with Postfix 2.6 and 2.7
-(see the <a href="#quick-start"> quick-start</a> section). If the
+its default configuration. All supported OpenSSL releases support
+EDH key exchange. OpenSSL releases ≥ 1.0.0 also support EECDH
+key exchange (provided elliptic-curve support has not been disabled
+by the vendor as in some versions of RedHat Linux). If the
remote SMTP server supports cipher suites with forward secrecy (and
does not override the SMTP client's cipher preference), then the
traffic between the server and client will resist decryption even
<h2><a name="quick-start">Getting started, quick and dirty</a></h2>
-<h3> EECDH Client and server support (Postfix ≥ 2.6 with OpenSSL
-≥ 1.0.0) </h3>
+<h3> EECDH Client support (Postfix ≥ 2.2 with OpenSSL ≥ 1.0.0) </h3>
+
+<p> This works "out of the box" without additional configuration. </p>
+
+<h3> EECDH Server support (Postfix ≥ 2.6 with OpenSSL ≥ 1.0.0) </h3>
<p> With Postfix 2.6 and 2.7, enable elliptic-curve support in the
-Postfix SMTP client and server. This is the default with Postfix
+Postfix SMTP server. This is the default with Postfix
≥ 2.8. Note, however, that elliptic-curve support may be disabled
by the vendor, as in some versions of RedHat Linux. </p>
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20140115"
+#define MAIL_RELEASE_DATE "20140209"
#define MAIL_VERSION_NUMBER "2.12"
#ifdef SNAPSHOT
/* The Secure Mailer license must be distributed with this
/* software.
/* AUTHOR(S)
-/* Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-/* Heights, NY 10598, USA
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
/* The Secure Mailer license must be distributed with this
/* software.
/* AUTHOR(S)
-/* Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-/* Heights, NY 10598, USA
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
/* .IP
/* The default is as if "\fB-C all\fR" is
/* specified.
+/*
+/* This feature is available with Postfix 2.9 and later.
/* .IP \fB-d\fR
/* Print \fBmain.cf\fR default parameter settings instead of
/* actual settings.
/* This feature is available with Postfix 2.10 and later.
/* .IP \fB-p\fR
/* Show \fBmain.cf\fR parameter settings. This is the default.
+/*
+/* This feature is available with Postfix 2.11 and later.
/* .IP \fB-P\fR
/* Show \fBmaster.cf\fR service parameter settings (by default
/* all services and all parameters). formatted as one
/* The Secure Mailer license must be distributed with this
/* software.
/* AUTHOR(S)
-/* Wietse Venema IBM T.J. Watson Research P.O. Box 704 Yorktown
-/* Heights, NY 10598, USA
+/* Wietse Venema
+/* IBM T.J. Watson Research
+/* P.O. Box 704
+/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
smtp_trouble.o: ../../include/vstream.h
smtp_trouble.o: ../../include/vstring.h
smtp_trouble.o: smtp.h
+smtp_trouble.o: smtp_sasl.h
smtp_trouble.o: smtp_trouble.c
smtp_unalias.o: ../../include/argv.h
smtp_unalias.o: ../../include/attr.h
* Encapsulate the following so that we don't expose details of of
* connection management and error handling to the SMTP protocol engine.
*/
+#ifdef USE_SASL_AUTH
+#define HAVE_SASL_CREDENTIALS \
+ (var_smtp_sasl_enable \
+ && *var_smtp_sasl_passwd \
+ && smtp_sasl_passwd_lookup(session))
+#else
+#define HAVE_SASL_CREDENTIALS (0)
+#endif
+
+#define PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE \
+ (session->tls_context == 0 \
+ && session->tls->level == TLS_LEV_MAY \
+ && !HAVE_SASL_CREDENTIALS)
+
+#define PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE \
+ (session->tls_context != 0 \
+ && session->tls->level == TLS_LEV_MAY \
+ && !HAVE_SASL_CREDENTIALS)
+
+ /*
+ * XXX The following will not retry recipients that were deferred while the
+ * SMTP_MISC_FLAG_FINAL_SERVER flag was already set.
+ */
#define RETRY_AS_PLAINTEXT do { \
session->tls_retry_plain = 1; \
state->misc_flags &= ~SMTP_MISC_FLAG_FINAL_SERVER; \
&& next == 0)
state->misc_flags |= SMTP_MISC_FLAG_FINAL_SERVER;
smtp_xfer(state);
+#ifdef USE_TLS
+
+ /*
+ * When opportunistic TLS fails after the STARTTLS
+ * handshake, try the same address again, with TLS
+ * disabled. See also the RETRY_AS_PLAINTEXT macro.
+ */
+ if ((retry_plain = session->tls_retry_plain) != 0) {
+ --sess_count;
+ --addr_count;
+ next = addr;
+ }
+#endif
}
smtp_cleanup_session(state);
} else {
* plaintext connections, then we don't want delivery to fail with
* "relay access denied".
*/
- if (session->tls->level == TLS_LEV_MAY
-#ifdef USE_SASL_AUTH
- && !(var_smtp_sasl_enable
- && *var_smtp_sasl_passwd
- && smtp_sasl_passwd_lookup(session))
-#endif
- )
+ if (PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE)
RETRY_AS_PLAINTEXT;
return (smtp_site_fail(state, DSN_BY_LOCAL_MTA,
SMTP_RESP_FAKE(&fake, "4.7.5"),
/* Application-specific. */
#include "smtp.h"
+#include "smtp_sasl.h"
#define SMTP_THROTTLE 1
#define SMTP_NOTHROTTLE 0
case SMTP_ERR_EOF:
dsb_simple(why, "4.4.2", "lost connection with %s while %s",
session->namaddr, description);
+#ifdef USE_TLS
+ if (PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE)
+ RETRY_AS_PLAINTEXT;
+#endif
break;
case SMTP_ERR_TIME:
dsb_simple(why, "4.4.2", "conversation with %s timed out while %s",
session->namaddr, description);
+#ifdef USE_TLS
+ if (PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE)
+ RETRY_AS_PLAINTEXT;
+#endif
break;
case SMTP_ERR_DATA:
session->error_mask |= MAIL_ERROR_DATA;
#include <dsn_util.h>
#include <conv_time.h>
#include <xtext.h>
+#include <smtp_stream.h>
/* Application-specific. */
if (msg_verbose)
msg_info("%s: %s %s", myname, state->name, state->addr);
- if (own_inet_addr((struct sockaddr *) & (state->sockaddr)))
+ if (own_inet_addr((struct sockaddr *) &(state->sockaddr)))
/* Permit logging in generic_checks() only. */
return (SMTPD_CHECK_OK);
return (SMTPD_CHECK_DUNNO);
reply_name, reply_class,
*dp.text ? dp.text : "Access denied"));
}
+#ifndef SHUT_RDWR
+#define SHUT_RDWR 2
+#endif
+
+ /*
+ * HANGUP. Text is optional. Drop the connection without sending any
+ * reply.
+ *
+ * Note: this is an unsupported test feature. No attempt is made to maintain
+ * compatibility between successive versions.
+ */
+ if (STREQUAL(value, "HANGUP", cmd_len)) {
+ shutdown(vstream_fileno(state->client), SHUT_RDWR);
+ log_whatsup(state, "hangup", cmd_text);
+ vstream_longjmp(state->client, SMTP_ERR_QUIET);
+ }
/*
* WARN. Text is optional.
projects / thirdparty / postfix.git / commitdiff
