= yes" if you need backwards compatibility. Fix by Victor
Duchovni, BC added by Wietse. Files: tls/tls_verify.c,
tls/tls_misc.c, proto/TLS_README.html, global/mail_params.h.
+
+20130210
+
+ Bugfix: an error handler for smtp_tls_policy_maps lookups
+ was never invoked. File: smtp/smtp_session.c.
A command written as
- % command
+ $ command
should be executed as an unprivileged user.
print a README file without backspace characters, use the col(1) command. For
example:
- % col -bx <file | lpr
+ $ col -bx <file | lpr
In order to view the manual pages before installing Postfix, point your MANPATH
environment variable to the "man" subdirectory; be sure to use an absolute
path.
- % export MANPATH; MANPATH="`pwd`/man:$MANPATH"
- % setenv MANPATH "`pwd`/man:$MANPATH"
+ $ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+ $ setenv MANPATH "`pwd`/man:$MANPATH"
Of particular interest is the postconf(5) manual page that lists all the 500+
configuration parameters. The HTML version of this text makes it easy to
AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2
BSD/OS 2.x, 3.x, 4.x
- Darwin 1.x
- FreeBSD 2.x, 3.x, 4.x, 5.x
+ FreeBSD 2.x .. 9.x
HP-UX 9.x, 10.x, 11.x
IRIX 5.x, 6.x
- Linux Debian 1.3.1, 2.x, 3.x
- Linux RedHat 3.x (January 2004) - 9.x
- Linux Slackware 3.x, 4.x, 7.x
- Linux SuSE 5.x, 6.x, 7.x
- Linux Ubuntu 4.10..7.04
+ Linux Debian 1.3.1 and later
+ Linux RedHat 3.x (January 2004) and later
+ Linux Slackware 3.x and later
+ Linux SuSE 5.x and later
+ Linux Ubuntu 4.10 and later
Mac OS X
NEXTSTEP 3.x
- NetBSD 1.x
+ NetBSD 1.x and later
OPENSTEP 4.x
OSF1.V3 - OSF1.V5 (Digital UNIX)
Reliant UNIX 5.x
- Rhapsody 5.x
SunOS 4.1.4 (March 2007)
SunOS 5.4 - 5.10 (Solaris 2.4..10)
Ultrix 4.x (well, that was long ago)
how to ..." you should be able to recover by running the following command from
the Postfix top-level directory:
- % make -f Makefile.init makefiles
+ $ make -f Makefile.init makefiles
If you copied the Postfix source code after building it on another machine, it
is a good idea to cd into the top-level directory and first do this:
- % make tidy
+ $ make tidy
This will get rid of any system dependencies left over from compiling the
software elsewhere.
for your system, just cd into the top-level Postfix directory of the source
tree and type:
- % make
+ $ make
To build with a non-default compiler, you need to specify the name of the
compiler. Here are a few examples:
- % make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
- % make
+ $ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+ $ make
- % make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
- % make
+ $ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+ $ make
- % make makefiles CC="purify cc"
- % make
+ $ make makefiles CC="purify cc"
+ $ make
and so on. In some cases, optimization is turned off automatically.
of Postfix configuration files. In order to build Postfix with a configuration
directory other than /etc/postfix, use:
- % make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
- % make
+ $ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
+ $ make
IMPORTANT: Be sure to get the quotes right. These details matter a lot.
The general method to override Postfix compile-time features is as follows:
- % make makefiles name=value name=value...
- % make
+ $ make makefiles name=value name=value...
+ $ make
The following is an extensive list of names and values.
expect to run more than 1000 mail delivery processes, you may need to override
the definition of the FD_SETSIZE macro to make select() work correctly:
- % make makefiles CCARGS=-DFD_SETSIZE=2048
+ $ make makefiles CCARGS=-DFD_SETSIZE=2048
Warning: the above has no effect on some Linux versions. Apparently, on these
systems the FD_SETSIZE value can be changed only by using undocumented
If the command
- % make
+ $ make
is successful, then you can proceed to install Postfix (section 6).
maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the
pathname is defined in the /etc/syslog.conf file.
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+ $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Note: the most important error message is logged first. Later messages are not
as useful.
In order to inspect the mail queue, use one of the following commands:
- % mailq
+ $ mailq
- % sendmail -bp
+ $ sendmail -bp
- % postqueue -p
+ $ postqueue -p
See also the "Care and feeding" section 12 below.
maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the
pathname is defined in the /etc/syslog.conf file.
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+ $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Note: the most important error message is logged first. Later messages are not
as useful.
In order to inspect the mail queue, use one of the following commands:
- % mailq
+ $ mailq
- % sendmail -bp
+ $ sendmail -bp
- % postqueue -p
+ $ postqueue -p
See also the "Care and feeding" section 12 below.
maillog, /var/log/mail, /var/log/syslog, or something else. Typically, the
pathname is defined in the /etc/syslog.conf file.
- % egrep '(reject|warning|error|fatal|panic):' /some/log/file
+ $ egrep '(reject|warning|error|fatal|panic):' /some/log/file
Note: the most important error message is logged first. Later messages are not
as useful.
In order to inspect the mail queue, use one of the following commands:
- % mailq
+ $ mailq
- % sendmail -bp
+ $ sendmail -bp
- % postqueue -p
+ $ postqueue -p
See also the "Care and feeding" section 12 below.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-If you upgrade from Postfix 2.8 or earlier, read RELEASE_NOTES-2.9
+If you upgrade from Postfix 2.9 or earlier, read RELEASE_NOTES-2.10
before proceeding.
-
-Incompatible changes with snapshot 20130203
-===========================================
-
-Thanks to OpenSSL documentation, the Postfix 2.9.0..2.9.5 SMTP
-client and server computed incorrect TLS certificate PUBLIC-KEY
-fingerprints. Support for certificate PUBLIC-KEY finger prints
-was introduced with Postfix 2.9; there is no known problem with the
-certificate fingerprint algorithms available since Postfix 2.2.
-
-Certificate PUBLIC-KEY finger prints may be used in the Postfix
-SMTP server (with "check_ccert_access") and in the Postfix SMTP
-client (with the "fingerprint" security level).
-
-Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
-pending a migration from configuration files with incorrect Postfix
-2.9.0..2.9.5 certificate PUBLIC-KEY finger prints, to the correct
-fingerprints used by Postfix 2.9.6 and later.
-
-To compute the correct PUBLIC-KEY finger prints:
-
-# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
-$ openssl x509 -in cert.pem -noout -pubkey | \
- openssl pkey -pubin -outform DER | \
- openssl dgst -sha1 -c
-
-# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
-$ openssl x509 -in cert.pem -noout -pubkey | \
- openssl rsa -pubin -outform DER | \
- openssl dgst -md5 -c
-
-Incompatible changes with snapshot 20130201
-===========================================
-
-The "postconf -Mn" feature is withdrawn, in favor of a better design
-that not only supports queries but also updates of named properties
-of a master.cf service entry. But there is not enough time to finish
-that for Postfix 2.10.
-
-Incompatible changes with snapshot 20121224
-===========================================
-
-The postconf command produces more warnings:
-
-- An attempt to modify a read-only parameter (process_name, process_id)
- in main.cf or master.cf.
-
-- An undefined $name in a parameter value in main.cf or master.cf
- (except for backwards-compatibility parameters such as $virtual_maps).
-
-Major changes with snapshot 20121224
-====================================
-
-The postconf command has been updated to make trouble-shooting (and
-support) easier. In summary, use "postconf -Mxf" and "postconf -nxf"
-to review master.cf and main.cf parameter settings with expanded
-parameter values.
-
-- "postconf -x" now expands $name in main.cf and master.cf parameter
- values.
-
-- postconf warns about attempts to modify a read-only parameter
- (process_name, process_id) in main.cf or master.cf.
-
-- postconf warns about an undefined $name in a parameter value in
- main.cf or master.cf (except for backwards-compatibility parameters
- such as $virtual_maps).
-
-Added with snapshot 20121227:
-
-- "postconf -o name=value" overrides main.cf parameter settings.
- This can be used, for example, to examine stress-dependent settings
- with "postconf -x -o stress=yes".
-
-Incompatible changes with snapshot 20121123
-===========================================
-
-The postscreen deep protocol tests now log the last command before
-a protocol error ("UNIMPLEMENTED" when the last command is not
-implemented, "CONNECT" when there was no prior command). The
-changed logfile messages are:
-
-NON-SMTP COMMAND from [address]:port after command: text
-BARE NEWLINE from [address]:port after command
-COMMAND TIME LIMIT from [address]:port after command
-COMMAND COUNT LIMIT from [address]:port after command
-COMMAND LENGTH LIMIT from [address]:port after command
-
-Incompatible changes with snapshot 20121007
-===========================================
-
-As part of a forward compatibility safety net, the Postfix installation
-procedure adds the following smtpd_relay_restrictions entry to
-main.cf when there is none:
-
- smtpd_relay_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- defer_unauth_destination
-
-If your site has a complex mail relay policy configured under
-smtpd_recipient_restrictions, this safety net will defer mail that
-the built-in smtpd_relay_restrictions setting would bounce.
-
-To eliminate this safety net, take one of the following three
-actions:
-
-- Set smtpd_relay_restrictions empty, and keep using the existing
- mail relay authorization policy in smtpd_recipient_restrictions.
-
-- Copy the existing mail relay authorization policy from
- smtpd_recipient_restrictions to smtpd_relay_restrictions.
-
-- Set smtpd_relay_restrictions by hand to the new built-in
- policy: permit_mynetworks reject_unauth_destination.
-
-There is no need to change the value of smtpd_recipient_restrictions.
-
-Major changes with snapshot 20121007
-====================================
-
-This version introduces the smtpd_relay_restrictions feature
-for mail relay control. The new built-in default settings are:
-
- smtpd_relay_restrictions =
- permit_mynetworks
- reject_unauth_destination
-
- smtpd_recipient_restrictions =
- ( optional spam blocking rules would go here )
-
-For comparison, this is the Postfix before 2.10 default:
-
- smtpd_recipient_restrictions =
- permit_mynetworks
- reject_unauth_destination
- ( optional spam blocking rules would go here )
-
-With Postfix versions before 2.10, the mail relay policy and spam
-blocking policy were combined under smtpd_recipient_restrictions,
-resulting in error-prone configuration.
-
-As of Postfix 2.10, the mail relay policy is preferably implemented
-with smtpd_relay_restrictions, so that a permissive spam blocking
-policy under smtpd_recipient_restrictions will not unexpectedly
-result in a permissive mail relay policy.
-
-As usual, this new feature is introduced with safety nets to prevent
-surprises when a site upgrades from an earlier Postfix release.
-
-1 - FORWARD COMPATIBILITY SAFETY NET: the Postfix installation
- procedure adds the following smtpd_relay_restrictions entry to
- main.cf when there is none:
-
- smtpd_relay_restrictions =
- permit_mynetworks
- permit_sasl_authenticated
- defer_unauth_destination
-
- If your site has a complex mail relay policy configured under
- smtpd_recipient_restrictions, this safety net will defer mail
- that the built-in smtpd_relay_restrictions setting would bounce.
-
- To eliminate this safety net, take one of the following three
- actions:
-
- - Set smtpd_relay_restrictions empty, and keep using the existing
- mail relay authorization policy in smtpd_recipient_restrictions.
-
- - Copy the existing mail relay authorization policy from
- smtpd_recipient_restrictions to smtpd_relay_restrictions.
-
- - Set smtpd_relay_restrictions by hand to the new built-in
- policy: permit_mynetworks reject_unauth_destination.
-
- There is no need to change the value of smtpd_recipient_restrictions.
-
-2 - BACKWARDS COMPATIBILITY SAFETY NET: sites that migrate from
- Postfix versions before 2.10 can set smtpd_relay_restrictions
- to the empty value, and use smtpd_recipient_restrictions exactly
- as they used it before.
-
-Incompatible changes with snapshot 20120924
-===========================================
-
-Postfix no longer uses FIFOs to emulate UNIX-domain sockets on
-Solaris 9 (Vintage 2002!) and later. If you install Postfix for
-the first time on an older Solaris system, edit the master.cf file
-and replace "unix" with "fifo" for the pickup and qmgr services.
-
-Major changes with snapshot 20120924
-====================================
-
-Laptop-friendliness: the default master.cf file now uses "unix"
-instead of "fifo" for the pickup and qmgr services. This avoids
-periodic disk drive spin-up.
-
-Incompatible changes with snapshot 20120625
-===========================================
-
-The postscreen(8)-to-smtpd(8) protocol has changed. To avoid "cannot
-receive connection attributes" warnings and dropped connections,
-execute the command "postfix reload". No mail will be lost as long
-as the remote SMTP client tries again later.
-
-Major changes with snapshot 20120625
-====================================
-
-Support for upstream proxy agent in the postscreen(8) and smtpd(8)
-daemons. To enable the haproxy protocol, specify one of the
-following:
-
- postscreen_upstream_proxy_protocol = haproxy
- smtpd_upstream_proxy_protocol = haproxy
-
-Note 1: smtpd_upstream_proxy_protocol can't be used in smtpd processes
-that are behind postscreen. Configure postscreen_upstream_proxy_protocol
-instead.
-
-Note 2: To use the nginx proxy with smtpd(8), enable the XCLIENT
-protocol with smtpd_authorized_xclient_hosts. This supports SASL
-authentication in the proxy agent (Postfix 2.9 and later).
-
-Major changes with snapshot 20120422
-====================================
-
-This release adds support to turn off the TLSv1.1 and TLSv1.2
-protocols. Introduced with OpenSSL version 1.0.1, these are known
-to cause inter-operability problems with for example hotmail.
-
-The radical workaround is to temporarily turn off problematic
-protocols globally:
-
-/etc/postfix/main.cf:
- smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
- smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
-
- smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
- smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
-
-However, it may be better to temporarily turn off problematic
-protocols for broken sites only:
-
-/etc/postfix/main.cf:
- smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
-
-/etc/postfix/tls_policy:
- example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
-
-Important:
-
-- Note the use of ":" instead of comma or space. Also, note that
- there is NO space around the "=" in "protocols=".
-
-- The smtp_tls_policy_maps lookup key must match the "next-hop"
- destination that is given to the Postfix SMTP client. If you
- override the next-hop destination with transport_maps, relayhost,
- sender_dependent_relayhost_maps, or otherwise, you need to specify
- the same destination for the smtp_tls_policy_maps lookup key.
-
-Major changes with snapshot 20120306
-====================================
-
-New master "-w" option, to wait for daemon process initialization
-to complete. This feature returns an error exit status if master
-daemon initialization fails, or if it does not complete in a
-reasonable amount of time. The exit status is used by "postfix
-start" to provide more accurate information to system start-up
-scripts.
-
-Major changes with snapshot 20120303
-====================================
-
-New control for "permit" logging in smtpd_mumble_restrictions (by
-default, the SMTP server logs "reject" actions but not "permit"
-actions). Specify "smtpd_log_access_permit_actions = static:all"
-to log all "permit"-style actions, or specify a list of explicit
-action names. More details are in the postconf(5) manpage.
--- /dev/null
+The stable Postfix release is called postfix-2.10.x where 2=major
+release number, 10=minor release number, x=patchlevel. The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
+
+New features are developed in snapshot releases. These are called
+postfix-2.11-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day). Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
+
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
+
+If you upgrade from Postfix 2.8 or earlier, read RELEASE_NOTES-2.9
+before proceeding.
+
+Major changes - laptop-friendliness
+-----------------------------------
+
+[Incompat 20120924] Postfix no longer uses FIFOs to emulate UNIX-domain
+sockets on Solaris 9 (Vintage 2002!) and later. If you install
+Postfix for the first time on an older Solaris system, edit the
+master.cf file and replace "unix" with "fifo" for the pickup and
+qmgr services.
+
+[Feature 20120924] the default master.cf file now uses "unix" instead
+of "fifo" for the pickup and qmgr services. This avoids periodic
+disk drive spin-up.
+
+Major changes - permit logging
+------------------------------
+
+[Feature 20120303] [Feature 20120303] New control for "permit"
+logging in smtpd_mumble_restrictions (by default, the SMTP server
+logs "reject" actions but not "permit" actions). Specify
+"smtpd_log_access_permit_actions = static:all" to log all "permit"-style
+actions, or specify a list of explicit action names. More details
+are in the postconf(5) manpage.
+
+Major changes - postconf
+------------------------
+
+[Incompat 20121224] The postconf command produces more warnings:
+
+- An attempt to modify a read-only parameter (process_name, process_id)
+ in main.cf or master.cf.
+
+- An undefined $name in a parameter value in main.cf or master.cf
+ (except for backwards-compatibility parameters such as $virtual_maps).
+
+[Feature 20121224] The postconf command has been updated to make
+trouble-shooting (and support) easier. In summary, use "postconf
+-Mxf" and "postconf -nxf" to review master.cf and main.cf parameter
+settings with expanded parameter values.
+
+- "postconf -x" now expands $name in main.cf and master.cf parameter
+ values.
+
+- postconf warns about attempts to modify a read-only parameter
+ (process_name, process_id) in main.cf or master.cf.
+
+- postconf warns about an undefined $name in a parameter value in
+ main.cf or master.cf (except for backwards-compatibility parameters
+ such as $virtual_maps).
+
+[Feature 20121227]
+
+- "postconf -o name=value" overrides main.cf parameter settings.
+ This can be used, for example, to examine stress-dependent settings
+ with "postconf -x -o stress=yes".
+
+Major changes - postscreen
+--------------------------
+
+[Incompat 20121123] The postscreen deep protocol tests now log the
+last command before a protocol error ("UNIMPLEMENTED" when the last
+command is not implemented, "CONNECT" when there was no prior
+command). The changed logfile messages are:
+
+NON-SMTP COMMAND from [address]:port after command: text
+BARE NEWLINE from [address]:port after command
+COMMAND TIME LIMIT from [address]:port after command
+COMMAND COUNT LIMIT from [address]:port after command
+COMMAND LENGTH LIMIT from [address]:port after command
+
+Major changes - load-balancer support
+-------------------------------------
+
+[Incompat 20120625] The postscreen(8)-to-smtpd(8) protocol has
+changed. To avoid "cannot receive connection attributes" warnings
+and dropped connections, execute the command "postfix reload". No
+mail will be lost as long as the remote SMTP client tries again
+later.
+
+[Feature 20120625] Support for upstream proxy agent in the postscreen(8)
+and smtpd(8) daemons. To enable the haproxy protocol, specify one
+of the following:
+
+ postscreen_upstream_proxy_protocol = haproxy
+ smtpd_upstream_proxy_protocol = haproxy
+
+Note 1: smtpd_upstream_proxy_protocol can't be used in smtpd processes
+that are behind postscreen. Configure postscreen_upstream_proxy_protocol
+instead.
+
+Note 2: To use the nginx proxy with smtpd(8), enable the XCLIENT
+protocol with smtpd_authorized_xclient_hosts. This supports SASL
+authentication in the proxy agent (Postfix 2.9 and later).
+
+Major changes - relay safety
+----------------------------
+
+[Incompat 20121007] As part of a forward compatibility safety net,
+the Postfix installation procedure adds the following
+smtpd_relay_restrictions entry to main.cf when there is none:
+
+ smtpd_relay_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ defer_unauth_destination
+
+If your site has a complex mail relay policy configured under
+smtpd_recipient_restrictions, this safety net will defer mail that
+the built-in smtpd_relay_restrictions setting would bounce.
+
+To eliminate this safety net, take one of the following three
+actions:
+
+- Set smtpd_relay_restrictions empty, and keep using the existing
+ mail relay authorization policy in smtpd_recipient_restrictions.
+
+- Copy the existing mail relay authorization policy from
+ smtpd_recipient_restrictions to smtpd_relay_restrictions.
+
+- Set smtpd_relay_restrictions by hand to the new built-in
+ policy: permit_mynetworks reject_unauth_destination.
+
+There is no need to change the value of smtpd_recipient_restrictions.
+
+[Feature 20121007] This version introduces the smtpd_relay_restrictions
+feature for mail relay control. The new built-in default settings
+are:
+
+ smtpd_relay_restrictions =
+ permit_mynetworks
+ reject_unauth_destination
+
+ smtpd_recipient_restrictions =
+ ( optional spam blocking rules would go here )
+
+For comparison, this is the Postfix before 2.10 default:
+
+ smtpd_recipient_restrictions =
+ permit_mynetworks
+ reject_unauth_destination
+ ( optional spam blocking rules would go here )
+
+With Postfix versions before 2.10, the mail relay policy and spam
+blocking policy were combined under smtpd_recipient_restrictions,
+resulting in error-prone configuration.
+
+As of Postfix 2.10, the mail relay policy is preferably implemented
+with smtpd_relay_restrictions, so that a permissive spam blocking
+policy under smtpd_recipient_restrictions will not unexpectedly
+result in a permissive mail relay policy.
+
+As usual, this new feature is introduced with safety nets to prevent
+surprises when a site upgrades from an earlier Postfix release.
+
+1 - FORWARD COMPATIBILITY SAFETY NET: the Postfix installation
+ procedure adds the following smtpd_relay_restrictions entry to
+ main.cf when there is none:
+
+ smtpd_relay_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ defer_unauth_destination
+
+ If your site has a complex mail relay policy configured under
+ smtpd_recipient_restrictions, this safety net will defer mail
+ that the built-in smtpd_relay_restrictions setting would bounce.
+
+ To eliminate this safety net, take one of the following three
+ actions:
+
+ - Set smtpd_relay_restrictions empty, and keep using the existing
+ mail relay authorization policy in smtpd_recipient_restrictions.
+
+ - Copy the existing mail relay authorization policy from
+ smtpd_recipient_restrictions to smtpd_relay_restrictions.
+
+ - Set smtpd_relay_restrictions by hand to the new built-in
+ policy: permit_mynetworks reject_unauth_destination.
+
+ There is no need to change the value of smtpd_recipient_restrictions.
+
+2 - BACKWARDS COMPATIBILITY SAFETY NET: sites that migrate from
+ Postfix versions before 2.10 can set smtpd_relay_restrictions
+ to the empty value, and use smtpd_recipient_restrictions exactly
+ as they used it before.
+
+Major changes - start-up
+------------------------
+
+[Feature 20120306] New master "-w" option, to wait for master daemon
+process initialization to complete. This feature returns an error
+exit status if master daemon initialization fails, or if it does
+not complete in a reasonable amount of time. The exit status is
+used by "postfix start" to provide more accurate information to
+system start-up scripts.
+
+Major changes - tls
+-------------------
+
+[Incompat 20130203] Thanks to OpenSSL documentation, the Postfix
+2.9.0..2.9.5 SMTP client and server server used an incorrect procedure
+to compute TLS certificate PUBLIC-KEY fingerprints (these may be
+used in the check_ccert_access and in smtp_tls_policy_maps features).
+Support for certificate PUBLIC-KEY finger prints was introduced
+with Postfix 2.9; there is no known problem with the certificate
+fingerprint algorithms available since Postfix 2.2.
+
+Certificate PUBLIC-KEY finger prints may be used in the Postfix
+SMTP server (with "check_ccert_access") and in the Postfix SMTP
+client (with the "fingerprint" security level).
+
+Specify "tls_legacy_public_key_fingerprints = yes" temporarily,
+pending a migration from configuration files with incorrect Postfix
+2.9.0..2.9.5 certificate PUBLIC-KEY finger prints, to the correct
+fingerprints used by Postfix 2.9.6 and later.
+
+To compute the correct PUBLIC-KEY finger prints:
+
+# OpenSSL 1.0 with all certificates and SHA-1 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey | \
+ openssl pkey -pubin -outform DER | \
+ openssl dgst -sha1 -c
+
+# OpenSSL 0.9.8 with RSA certificates and MD5 fingerprints.
+$ openssl x509 -in cert.pem -noout -pubkey | \
+ openssl rsa -pubin -outform DER | \
+ openssl dgst -md5 -c
+
+[Feature 20120422] This release adds support to turn off the TLSv1.1
+and TLSv1.2 protocols. Introduced with OpenSSL version 1.0.1, these
+are known to cause inter-operability problems with for example
+hotmail.
+
+The radical workaround is to temporarily turn off problematic
+protocols globally:
+
+/etc/postfix/main.cf:
+ smtp_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
+ smtp_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
+
+ smtpd_tls_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
+ smtpd_tls_mandatory_protocols = !SSLv2, !TLSv1.1, !TLSv1.2
+
+However, it may be better to temporarily turn off problematic
+protocols for broken sites only:
+
+/etc/postfix/main.cf:
+ smtp_tls_policy_maps = hash:/etc/postfix/tls_policy
+
+/etc/postfix/tls_policy:
+ example.com may protocols=!SSLv2:!TLSv1.1:!TLSv1.2
+
+Important:
+
+- Note the use of ":" instead of comma or space. Also, note that
+ there is NO space around the "=" in "protocols=".
+
+- The smtp_tls_policy_maps lookup key must match the "next-hop"
+ destination that is given to the Postfix SMTP client. If you
+ override the next-hop destination with transport_maps, relayhost,
+ sender_dependent_relayhost_maps, or otherwise, you need to specify
+ the same destination for the smtp_tls_policy_maps lookup key.
<blockquote>
<pre>
-% command
+$ command
</pre>
</blockquote>
<blockquote>
<pre>
-% col -bx <file | lpr
+$ col -bx <file | lpr
</pre>
</blockquote>
<blockquote>
<pre>
-% export MANPATH; MANPATH="`pwd`/man:$MANPATH"
-% setenv MANPATH "`pwd`/man:$MANPATH"
+$ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+$ setenv MANPATH "`pwd`/man:$MANPATH"
</pre>
</blockquote>
<p>
AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
BSD/OS 2.x, 3.x, 4.x <br>
-Darwin 1.x <br>
-FreeBSD 2.x, 3.x, 4.x, 5.x <br>
+FreeBSD 2.x .. 9.x <br>
HP-UX 9.x, 10.x, 11.x <br>
IRIX 5.x, 6.x <br>
-Linux Debian 1.3.1, 2.x, 3.x <br>
-Linux RedHat 3.x (January 2004) - 9.x <br>
-Linux Slackware 3.x, 4.x, 7.x <br>
-Linux SuSE 5.x, 6.x, 7.x <br>
-Linux Ubuntu 4.10..7.04<br>
+Linux Debian 1.3.1 and later <br>
+Linux RedHat 3.x (January 2004) and later <br>
+Linux Slackware 3.x and later <br>
+Linux SuSE 5.x and later <br>
+Linux Ubuntu 4.10 and later<br>
Mac OS X <br>
NEXTSTEP 3.x <br>
-NetBSD 1.x <br>
+NetBSD 1.x and later <br>
OPENSTEP 4.x <br>
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
-Rhapsody 5.x <br>
SunOS 4.1.4 (March 2007) <br>
SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
Ultrix 4.x (well, that was long ago) <br>
<blockquote>
<pre>
-% make -f Makefile.init makefiles
+$ make -f Makefile.init makefiles
</pre>
</blockquote>
<blockquote>
<pre>
-% make tidy
+$ make tidy
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
-% make
+$ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+$ make
-% make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
-% make
+$ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+$ make
-% make makefiles CC="purify cc"
-% make
+$ make makefiles CC="purify cc"
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
-% make
+$ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles name=value name=value...
-% make
+$ make makefiles name=value name=value...
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS=-DFD_SETSIZE=2048
+$ make makefiles CCARGS=-DFD_SETSIZE=2048
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
.in -4
.PP
The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher.
.PP
\fBNote:\fR Postfix 2.9.0–2.9.5 computed the public key
.in -4
.PP
The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher.
.PP
\fBNote:\fR Postfix 2.9.0–2.9.5 computed the public key
<blockquote>
<pre>
-% command
+$ command
</pre>
</blockquote>
<blockquote>
<pre>
-% col -bx <file | lpr
+$ col -bx <file | lpr
</pre>
</blockquote>
<blockquote>
<pre>
-% export MANPATH; MANPATH="`pwd`/man:$MANPATH"
-% setenv MANPATH "`pwd`/man:$MANPATH"
+$ export MANPATH; MANPATH="`pwd`/man:$MANPATH"
+$ setenv MANPATH "`pwd`/man:$MANPATH"
</pre>
</blockquote>
<p>
AIX 3.2.5, 4.1.x, 4.2.0, 4.3.x, 5.2 <br>
BSD/OS 2.x, 3.x, 4.x <br>
-Darwin 1.x <br>
-FreeBSD 2.x, 3.x, 4.x, 5.x <br>
+FreeBSD 2.x .. 9.x <br>
HP-UX 9.x, 10.x, 11.x <br>
IRIX 5.x, 6.x <br>
-Linux Debian 1.3.1, 2.x, 3.x <br>
-Linux RedHat 3.x (January 2004) - 9.x <br>
-Linux Slackware 3.x, 4.x, 7.x <br>
-Linux SuSE 5.x, 6.x, 7.x <br>
-Linux Ubuntu 4.10..7.04<br>
+Linux Debian 1.3.1 and later <br>
+Linux RedHat 3.x (January 2004) and later <br>
+Linux Slackware 3.x and later <br>
+Linux SuSE 5.x and later <br>
+Linux Ubuntu 4.10 and later<br>
Mac OS X <br>
NEXTSTEP 3.x <br>
-NetBSD 1.x <br>
+NetBSD 1.x and later <br>
OPENSTEP 4.x <br>
OSF1.V3 - OSF1.V5 (Digital UNIX) <br>
Reliant UNIX 5.x <br>
-Rhapsody 5.x <br>
SunOS 4.1.4 (March 2007) <br>
SunOS 5.4 - 5.10 (Solaris 2.4..10) <br>
Ultrix 4.x (well, that was long ago) <br>
<blockquote>
<pre>
-% make -f Makefile.init makefiles
+$ make -f Makefile.init makefiles
</pre>
</blockquote>
<blockquote>
<pre>
-% make tidy
+$ make tidy
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
-% make
+$ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
+$ make
-% make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
-% make
+$ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
+$ make
-% make makefiles CC="purify cc"
-% make
+$ make makefiles CC="purify cc"
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
-% make
+$ make makefiles CCARGS='-DDEF_CONFIG_DIR=\"/some/where\"'
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles name=value name=value...
-% make
+$ make makefiles name=value name=value...
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% make makefiles CCARGS=-DFD_SETSIZE=2048
+$ make makefiles CCARGS=-DFD_SETSIZE=2048
</pre>
</blockquote>
<blockquote>
<pre>
-% make
+$ make
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
<blockquote>
<pre>
-% egrep '(reject|warning|error|fatal|panic):' /some/log/file
+$ egrep '(reject|warning|error|fatal|panic):' /some/log/file
</pre>
</blockquote>
<blockquote>
<pre>
-% mailq
+$ mailq
-% sendmail -bp
+$ sendmail -bp
-% postqueue -p
+$ postqueue -p
</pre>
</blockquote>
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
</blockquote>
<p> The Postfix SMTP server and client log the peer (leaf) certificate
-fingerprint and public key fingerprint when TLS loglevel is 1 or
+fingerprint and public key fingerprint when the TLS loglevel is 2 or
higher. </p>
<p> <b>Note:</b> Postfix 2.9.0–2.9.5 computed the public key
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20130204"
-#define MAIL_VERSION_NUMBER "2.10"
+#define MAIL_RELEASE_DATE "20130211"
+#define MAIL_VERSION_NUMBER "2.11"
#ifdef SNAPSHOT
# define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
#undef FREE_RETURN
#define FREE_RETURN(x) do { myfree(saved_policy); return (x); } while (0)
- if ((lookup = maps_find(tls_policy, site_name, 0)) == 0)
+ if ((lookup = maps_find(tls_policy, site_name, 0)) == 0) {
+ if (tls_policy->error) {
+ msg_fatal("%s: %s lookup error for %s",
+ session->state->request->queue_id,
+ tls_policy->title, site_name);
+ /* XXX session->stream has no longjmp context yet. */
+ }
return (0);
-
- if (tls_policy->error) {
- msg_warn("%s: %s lookup error for %s",
- session->state->request->queue_id,
- tls_policy->title, site_name);
- vstream_longjmp(session->stream, SMTP_ERR_DATA);
}
if (cbuf == 0)
cbuf = vstring_alloc(10);
projects / thirdparty / postfix.git / commitdiff
