that temporarily switch control to an external program such
as tlsproxy, or perhaps a future policy plugin. Files:
postscreen/postscreen_smtpd, postscreen/postscreen_starttls.c.
+
+20110113
+
+ Cleanup: ps_cache and psc_cache are now postscreen_cache.
+ There is no need for obscure name abbrevations. File:
+ src/global/mail_params.h.
+
+20110115
+
+ Workaround: malloc fuzz (safety margin for malloc requests).
+ Files: util/sys_defs.h, util/mymalloc.c.
+
+ Cleanup: dnsblog_service_name and tlsproxy_service_name are
+ now configurable, in case someone needs this. Files:
+ global/mail_params.h, postscreen/postscreen.c, mantools/postlink,
+ proto/postconf.proto.
processes. Its purpose is to accept connections from the network and to
decide what SMTP clients are allowed to talk to Postfix. According to the
2008 MessageLabs annual report, 81% of all email was spam, and 90% of that
- was sent by botnets. While postscreen(8) keeps the zombies away, more smtpd
- (8) processes remain available for legitimate clients.
-
- The postscreen(8) server is still evolving, and is likely to undergo
- changes that break compatibility with earlier versions. For this reason the
- postscreen(8) server is not installed with the stable Postfix release.
+ was sent by botnets; by 2010, those numbers were 92% and 95%, respectively.
+ While postscreen(8) keeps the zombies away, more smtpd(8) processes remain
+ available for legitimate clients.
+
+ The postscreen(8) server is available with Postfix 2.8 and later. To keep
+ the implementation simple, postscreen(8) delegates DNS white/backlist
+ lookups to dnsblog(8) server processes, and delegates TLS encryption/
+ decryption to tlsproxy(8) server processes. This delegation is invisible to
+ the remote SMTP client, and is not shown in the diagram below.
zombie
systems.
* Turning on postscreen(8) without blocking mail
+ * postscreen(8) TLS configuration
* Blocking mail with postscreen(8)
* Turning off postscreen(8)
("postfix stop; postfix start"). This is needed because the Postfix "pass"
master service type did not work reliably on all systems.
+p\bpo\bos\bst\bts\bsc\bcr\bre\bee\ben\bn(\b(8\b8)\b) T\bTL\bLS\bS c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bn
+
+postscreen(8) TLS support is available for remote SMTP clients that aren't
+whitelisted, including clients that need to renew their temporary whitelist
+status. When a remote SMTP client requests TLS service, postscreen(8) invisibly
+hands off the connection to a tlsproxy(8) process. Then, tlsproxy(8) encrypts
+and decrypts the traffic between postscreen(8) and the remote SMTP client. One
+tlsproxy(8) process can handle multiple SMTP sessions. The number of tlsproxy
+(8) processes slowly increases with server load, but it should always be much
+smaller than the number of postscreen(8) TLS sessions.
+
+TLS support for postscreen(8) and tlsproxy(8) uses the same parameters as with
+smtpd(8). We recommend that you keep the relevant configuration parameters in
+main.cf. If you must specify "-o smtpd_mumble=value" parameter overrides in
+master.cf for a postscreen-protected smtpd(8) service, then you should specify
+those same parameter overrides for the postscreen(8) and tlsproxy(8) services.
+
B\bBl\blo\boc\bck\bki\bin\bng\bg m\bma\bai\bil\bl w\bwi\bit\bth\bh p\bpo\bos\bst\bts\bsc\bcr\bre\bee\ben\bn(\b(8\b8)\b)
To use the postscreen(8) service to block mail, edit main.cf and specify one or
Remove this file from the stable release.
- Make tlsproxy_service and dnsblog_service configurable.
-
Things to do after the stable release:
When does it pay off to send domains in the active queue
<a href="smtpd.8.html">smtpd(8)</a> processes. Its purpose is to accept connections from the
network and to decide what SMTP clients are allowed to talk to
Postfix. According to the 2008 MessageLabs annual report, 81% of
-all email was spam, and 90% of that was sent by botnets. While
-<a href="postscreen.8.html">postscreen(8)</a> keeps the zombies away, more <a href="smtpd.8.html">smtpd(8)</a> processes remain
-available for legitimate clients. </p>
-
-<p> The <a href="postscreen.8.html">postscreen(8)</a> server is still evolving, and is likely to
-undergo changes that break compatibility with earlier versions.
-For this reason the <a href="postscreen.8.html">postscreen(8)</a> server is not installed with the
-stable Postfix release. </p>
+all email was spam, and 90% of that was sent by botnets; by 2010,
+those numbers were 92% and 95%, respectively. While <a href="postscreen.8.html">postscreen(8)</a>
+keeps the zombies away, more <a href="smtpd.8.html">smtpd(8)</a> processes remain available
+for legitimate clients. </p>
+
+<p> The <a href="postscreen.8.html">postscreen(8)</a> server is available with Postfix 2.8 and
+later. To keep the implementation simple, <a href="postscreen.8.html">postscreen(8)</a> delegates
+DNS white/backlist lookups to <a href="dnsblog.8.html">dnsblog(8)</a> server processes, and
+delegates TLS encryption/decryption to <a href="tlsproxy.8.html">tlsproxy(8)</a> server processes.
+This delegation is invisible to the remote SMTP client, and is not
+shown in the diagram below. </p>
<table>
<li> <a href="#enable"> Turning on postscreen(8) without blocking
mail</a>
+<li> <a href="#starttls"> postscreen(8) TLS configuration </a>
+
<li> <a href="#blocking"> Blocking mail with postscreen(8) </a>
<li> <a href="#turnoff"> Turning off postscreen(8) </a>
</ul>
+<h3> <a name="starttls"> postscreen(8) TLS configuration </a> </h3>
+
+<p> <a href="postscreen.8.html">postscreen(8)</a> TLS support is available for remote SMTP clients
+that aren't whitelisted, including clients that need to renew their
+temporary whitelist status. When a remote SMTP client requests TLS
+service, <a href="postscreen.8.html">postscreen(8)</a> invisibly hands off the connection to a
+<a href="tlsproxy.8.html">tlsproxy(8)</a> process. Then, <a href="tlsproxy.8.html">tlsproxy(8)</a> encrypts and decrypts the
+traffic between <a href="postscreen.8.html">postscreen(8)</a> and the remote SMTP client. One
+<a href="tlsproxy.8.html">tlsproxy(8)</a> process can handle multiple SMTP sessions. The number
+of <a href="tlsproxy.8.html">tlsproxy(8)</a> processes slowly increases with server load, but it
+should always be much smaller than the number of <a href="postscreen.8.html">postscreen(8)</a> TLS
+sessions. </p>
+
+<p> TLS support for <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a> uses the same
+parameters as with <a href="smtpd.8.html">smtpd(8)</a>. We recommend that you keep the relevant
+configuration parameters in <a href="postconf.5.html">main.cf</a>. If you must specify "-o
+smtpd_mumble=value" parameter overrides in <a href="master.5.html">master.cf</a> for a
+postscreen-protected <a href="smtpd.8.html">smtpd(8)</a> service, then you should specify those
+same parameter overrides for the <a href="postscreen.8.html">postscreen(8)</a> and <a href="tlsproxy.8.html">tlsproxy(8)</a>
+services. </p>
+
<h3> <a name="blocking"> Blocking mail with postscreen(8) </a> </h3>
<p> To use the <a href="postscreen.8.html">postscreen(8)</a> service to block mail, edit <a href="postconf.5.html">main.cf</a> and
DNSBLOG(8) DNSBLOG(8)
<b>NAME</b>
- dnsblog - Postfix DNS blocklist logger
+ dnsblog - Postfix DNS white/blacklist logger
<b>SYNOPSIS</b>
<b>dnsblog</b> [generic Postfix daemon options]
<b>DESCRIPTION</b>
- The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server implements an ad-hoc DNS blocklist
- lookup service that will eventually be replaced by an UDP
- client that is built directly into the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- server.
+ The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server implements an ad-hoc DNS
+ white/blacklist lookup service that will eventually be
+ replaced by an UDP client that is built directly into the
+ <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
With each connection, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server receives a DNS
- blocklist domain name and an IP address. If the address is
- listed under the DNS blocklist, the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server logs
- the match and replies with the query arguments plus a non-
- zero status. Otherwise it replies with the query argu-
- ments plus a zero status. Finally, The <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server
- closes the connection.
+ white/blacklist domain name and an IP address. If the
+ address is listed under the DNS white/blacklist, the <b>dns-</b>
+ <b>blog</b>(8) server logs the match and replies with the query
+ arguments plus a non-zero status. Otherwise it replies
+ with the query arguments plus a zero status. Finally, The
+ <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> server closes the connection.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
built-in watchdog timer.
<b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
- Optional list of DNS blocklist domains, filters and
- weight factors.
+ Optional list of DNS white/blacklist domains, fil-
+ ters and weight factors.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information
<p> This feature is available in Postfix 2.8. </p>
+</DD>
+
+<DT><b><a name="dnsblog_service_name">dnsblog_service_name</a>
+(default: dnsblog)</b></DT><DD>
+
+<p> The name of the <a href="dnsblog.8.html">dnsblog(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
+service performs DNS white/blacklist lookups. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
</DD>
<DT><b><a name="dont_remove">dont_remove</a>
</DD>
<DT><b><a name="postscreen_cache_map">postscreen_cache_map</a>
-(default: btree:$<a href="postconf.5.html#data_directory">data_directory</a>/ps_cache)</b></DT><DD>
+(default: btree:$<a href="postconf.5.html#data_directory">data_directory</a>/postscreen_cache)</b></DT><DD>
<p> Persistent storage for the <a href="postscreen.8.html">postscreen(8)</a> server decisions. </p>
<DT><b><a name="postscreen_dnsbl_sites">postscreen_dnsbl_sites</a>
(default: empty)</b></DT><DD>
-<p>Optional list of DNS blocklist domains, filters and weight
+<p>Optional list of DNS white/blacklist domains, filters and weight
factors. When the list is non-empty, the <a href="dnsblog.8.html">dnsblog(8)</a> daemon will
-query these domains with the IP addresses of non-whitelisted remote
-SMTP clients, and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL
-score with each non-error reply. </p>
+query these domains with the IP addresses of remote SMTP clients,
+and <a href="postscreen.8.html">postscreen(8)</a> will update an SMTP client's DNSBL score with
+each non-error reply. </p>
<p> Caution: when postscreen rejects mail, it replies with the DNSBL
domain name. Use the <a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> feature to hide
<p> This feature is available in Postfix 2.8 and later. </p>
+</DD>
+
+<DT><b><a name="tlsproxy_service_name">tlsproxy_service_name</a>
+(default: tlsproxy)</b></DT><DD>
+
+<p> The name of the <a href="tlsproxy.8.html">tlsproxy(8)</a> service entry in <a href="master.5.html">master.cf</a>. This
+service performs plaintext <=> TLS ciphertext conversion. <p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+
</DD>
<DT><b><a name="tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a>
<li> <a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
+<li> <a href="dnsblog.8.html">dnsblog(8)</a>, DNS black/whitelist logger
+
<li> <a href="error.8.html">error(8)</a>, Postfix error delivery agent
<li> <a href="flush.8.html">flush(8)</a>, Postfix fast ETRN service
<a href="bounce.8.html">bounce(8)</a>, <a href="defer.8.html">defer(8)</a>, <a href="trace.8.html">trace(8)</a>, Delivery status reports
<a href="cleanup.8.html">cleanup(8)</a>, canonicalize and enqueue message
<a href="discard.8.html">discard(8)</a>, Postfix discard delivery agent
+ <a href="dnsblog.8.html">dnsblog(8)</a>, DNS black/whitelist logger
<a href="error.8.html">error(8)</a>, Postfix error delivery agent
<a href="flush.8.html">flush(8)</a>, Postfix fast ETRN service
<a href="local.8.html">local(8)</a>, Postfix local delivery agent
remote SMTP client.
<b>BEFORE-GREETING TRIAGE</b>
+ <b><a href="postconf.5.html#dnsblog_service_name">dnsblog_service_name</a> (dnsblog)</b>
+ The name of the <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a> service entry in mas-
+ ter.cf.
+
<b><a href="postconf.5.html#postscreen_access_list">postscreen_access_list</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>)</b>
Permanent white/blacklist for remote SMTP client IP
addresses; <a href="postscreen.8.html"><b>postscreen</b>(8)</a> searches this list immedi-
ately after a remote SMTP client connects.
<b><a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
- client is permanently blacklisted with the
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+ client is permanently blacklisted with the
<a href="postconf.5.html#postscreen_blacklist_networks">postscreen_blacklist_networks</a> parameter.
<b><a href="postconf.5.html#postscreen_blacklist_networks">postscreen_blacklist_networks</a> (empty)</b>
Network addresses that are permanently blacklisted;
- see the <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> parameter for
+ see the <a href="postconf.5.html#postscreen_blacklist_action">postscreen_blacklist_action</a> parameter for
possible actions.
<b><a href="postconf.5.html#postscreen_dnsbl_action">postscreen_dnsbl_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
client's combined DNSBL score is equal to or
- greater than a threshold (as defined with the
+ greater than a threshold (as defined with the
<a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> and <a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_thresh</a>-
<a href="postconf.5.html#postscreen_dnsbl_threshold">old</a> parameters).
<b><a href="postconf.5.html#postscreen_dnsbl_reply_map">postscreen_dnsbl_reply_map</a> (empty)</b>
- A mapping from actual DNSBL domain name which
- includes a secret password, to the DNSBL domain
+ A mapping from actual DNSBL domain name which
+ includes a secret password, to the DNSBL domain
name that postscreen will reply with when it
rejects mail.
<b><a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> (empty)</b>
- Optional list of DNS blocklist domains, filters and
- weight factors.
+ Optional list of DNS white/blacklist domains, fil-
+ ters and weight factors.
<b><a href="postconf.5.html#postscreen_dnsbl_threshold">postscreen_dnsbl_threshold</a> (1)</b>
- The inclusive lower bound for blocking an SMTP
+ The inclusive lower bound for blocking an SMTP
client, based on its combined DNSBL score as
- defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
+ defined with the <a href="postconf.5.html#postscreen_dnsbl_sites">postscreen_dnsbl_sites</a> parameter.
<b><a href="postconf.5.html#postscreen_greet_action">postscreen_greet_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
client speaks before its turn within the time spec-
ified with the <a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> parameter.
The <i>text</i> in the optional "220-<i>text</i>..." server
response that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> sends ahead of the real
Postfix SMTP server's "220 text..." response, in an
- attempt to confuse bad SMTP clients so that they
+ attempt to confuse bad SMTP clients so that they
speak before their turn (pre-greet).
<b><a href="postconf.5.html#postscreen_greet_wait">postscreen_greet_wait</a> (${stress?2}${stress:6}s)</b>
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will wait for
- an SMTP client to send a command before its turn,
- and for DNS blocklist lookup results to arrive
- (default: up to 2 seconds under stress, up to 6
+ an SMTP client to send a command before its turn,
+ and for DNS blocklist lookup results to arrive
+ (default: up to 2 seconds under stress, up to 6
seconds otherwise).
<b>AFTER-GREETING TRIAGE</b>
<b><a href="postconf.5.html#postscreen_bare_newline_action">postscreen_bare_newline_action</a> (ignore)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
- client sends a bare newline character, that is, a
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+ client sends a bare newline character, that is, a
newline not preceded by carriage return.
<b><a href="postconf.5.html#postscreen_bare_newline_enable">postscreen_bare_newline_enable</a> (no)</b>
- Enable "bare newline" SMTP protocol tests in the
+ Enable "bare newline" SMTP protocol tests in the
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
<b><a href="postconf.5.html#postscreen_disable_vrfy_command">postscreen_disable_vrfy_command</a> ($<a href="postconf.5.html#disable_vrfy_command">disable_vrfy_command</a>)</b>
- Disable
the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ Disable
the SMTP VRFY command in the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
daemon.
<b><a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> ($<a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a>)</b>
siders in violation of the SMTP protocol.
<b><a href="postconf.5.html#postscreen_helo_required">postscreen_helo_required</a> ($<a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a>)</b>
- Require that a remote SMTP client sends HELO or
+ Require that a remote SMTP client sends HELO or
EHLO before commencing a MAIL transaction.
<b><a href="postconf.5.html#postscreen_non_smtp_command_action">postscreen_non_smtp_command_action</a> (drop)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
- client sends non-SMTP commands as specified with
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+ client sends non-SMTP commands as specified with
the <a href="postconf.5.html#postscreen_forbidden_commands">postscreen_forbidden_commands</a> parameter.
<b><a href="postconf.5.html#postscreen_non_smtp_command_enable">postscreen_non_smtp_command_enable</a> (no)</b>
- Enable "non-SMTP command" tests in the
+ Enable "non-SMTP command" tests in the
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
<b><a href="postconf.5.html#postscreen_pipelining_action">postscreen_pipelining_action</a> (enforce)</b>
- The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
- client sends multiple commands instead of sending
- one command and waiting for the server to respond.
+ The action that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> takes when an SMTP
+ client sends multiple commands instead of sending
+ one command and waiting for the server to respond.
<b><a href="postconf.5.html#postscreen_pipelining_enable">postscreen_pipelining_enable</a> (no)</b>
- Enable "pipelining" SMTP protocol tests in the
+ Enable "pipelining" SMTP protocol tests in the
<a href="postscreen.8.html"><b>postscreen</b>(8)</a> server.
<b>AFTER-TRIAGE CONTROLS</b>
<b><a href="postconf.5.html#smtpd_service_name">smtpd_service_name</a> (smtpd)</b>
- The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> forwards
+ The internal service that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> forwards
allowed connections to.
<b>CACHE CONTROLS</b>
<b><a href="postconf.5.html#postscreen_cache_cleanup_interval">postscreen_cache_cleanup_interval</a> (12h)</b>
- The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
+ The amount of time between <a href="postscreen.8.html"><b>postscreen</b>(8)</a> cache
cleanup runs.
- <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (btree:$<a href="postconf.5.html#data_directory">data_directory</a>/ps_cache)</b>
- Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
+ <b><a href="postconf.5.html#postscreen_cache_map">postscreen_cache_map</a> (btree:$data_direc-</b>
+ <b>tory/postscreen_cache)</b>
+ Persistent storage for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> server
decisions.
<b><a href="postconf.5.html#postscreen_cache_retention_time">postscreen_cache_retention_time</a> (7d)</b>
The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will cache an
- expired temporary whitelist entry before it is
+ expired temporary whitelist entry before it is
removed.
<b><a href="postconf.5.html#postscreen_bare_newline_ttl">postscreen_bare_newline_ttl</a> (30d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
result from a successful "bare newline" SMTP proto-
col test.
<b><a href="postconf.5.html#postscreen_dnsbl_ttl">postscreen_dnsbl_ttl</a> (1h)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
result from a successful DNS blocklist test.
<b><a href="postconf.5.html#postscreen_greet_ttl">postscreen_greet_ttl</a> (1d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
result from a successful PREGREET test.
<b><a href="postconf.5.html#postscreen_non_smtp_command_ttl">postscreen_non_smtp_command_ttl</a> (30d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
- result from a successful "non_smtp_command" SMTP
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ result from a successful "non_smtp_command" SMTP
protocol test.
<b><a href="postconf.5.html#postscreen_pipelining_ttl">postscreen_pipelining_ttl</a> (30d)</b>
- The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
+ The amount of time that <a href="postscreen.8.html"><b>postscreen</b>(8)</a> will use the
result from a successful "pipelining" SMTP protocol
test.
<b>RESOURCE CONTROLS</b>
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
- Upon input, long lines are chopped up into pieces
- of at most this length; upon delivery, long lines
+ Upon input, long lines are chopped up into pieces
+ of at most this length; upon delivery, long lines
are reconstructed.
<b><a href="postconf.5.html#postscreen_client_connection_count_limit">postscreen_client_connection_count_limit</a></b>
<b>($<a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>)</b>
- How many simultaneous connections any client is
+ How many simultaneous connections any client is
allowed to have with the <a href="postscreen.8.html"><b>postscreen</b>(8)</a> daemon.
<b><a href="postconf.5.html#postscreen_command_count_limit">postscreen_command_count_limit</a> (20)</b>
- The limit on the total number of commands per SMTP
- session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
+ The limit on the total number of commands per SMTP
+ session for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s built-in SMTP protocol
engine.
<b><a href="postconf.5.html#postscreen_command_time_limit">postscreen_command_time_limit</a> (${stress?10}${stress:300}s)</b>
- The
command "read" time limit for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
+ The
command "read" time limit for <a href="postscreen.8.html"><b>postscreen</b>(8)</a>'s
built-in SMTP protocol engine.
<b><a href="postconf.5.html#postscreen_post_queue_limit">postscreen_post_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
- The number of clients that can be waiting for ser-
+ The number of clients that can be waiting for ser-
vice from a real SMTP server process.
<b><a href="postconf.5.html#postscreen_pre_queue_limit">postscreen_pre_queue_limit</a> ($<a href="postconf.5.html#default_process_limit">default_process_limit</a>)</b>
- The number of non-whitelisted clients that can be
- waiting for a decision whether they will receive
+ The number of non-whitelisted clients that can be
+ waiting for a decision whether they will receive
service from a real SMTP server process.
<b><a href="postconf.5.html#postscreen_watchdog_timeout">postscreen_watchdog_timeout</a> (10s)</b>
- How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
- respond to an SMTP client command or to perform a
+ How much time a <a href="postscreen.8.html"><b>postscreen</b>(8)</a> process may take to
+ respond to an SMTP client command or to perform a
cache operation before it is terminated by a built-
in watchdog timer.
<b>STARTTLS CONTROLS</b>
<b><a href="postconf.5.html#postscreen_tls_security_level">postscreen_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
- The
SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
- server; when a non-empty value is specified, this
+ The
SMTP TLS security level for the <a href="postscreen.8.html"><b>postscreen</b>(8)</a>
+ server; when a non-empty value is specified, this
overrides the obsolete parameters
<a href="postconf.5.html#postscreen_use_tls">postscreen_use_tls</a> and <a href="postconf.5.html#postscreen_enforce_tls">postscreen_enforce_tls</a>.
+ <b><a href="postconf.5.html#tlsproxy_service_name">tlsproxy_service_name</a> (tlsproxy)</b>
+ The name of the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> service entry in mas-
+ ter.cf.
+
<b>OBSOLETE STARTTLS SUPPORT CONTROLS</b>
These parameters are supported for compatibility with
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> legacy parameters.
<b>SEE ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a>, Postfix SMTP server
<a href="tlsproxy.8.html">tlsproxy(8)</a>, Postfix TLS proxy server
- <a href="dnsblog.8.html">dnsblog(8)</a>, temporary DNS helper
+ <a href="dnsblog.8.html">dnsblog(8)</a>, DNS black/whitelist logger
syslogd(8), system logging
<b>README FILES</b>
bounce(8), defer(8), trace(8), Delivery status reports
cleanup(8), canonicalize and enqueue message
discard(8), Postfix discard delivery agent
+dnsblog(8), DNS black/whitelist logger
error(8), Postfix error delivery agent
flush(8), Postfix fast ETRN service
local(8), Postfix local delivery agent
A debugging aid to artifically delay DNS responses.
.PP
This feature is available in Postfix 2.8.
+.SH dnsblog_service_name (default: dnsblog)
+The name of the \fBdnsblog\fR(8) service entry in master.cf. This
+service performs DNS white/blacklist lookups.
+.PP
+This feature is available in Postfix 2.8 and later.
.SH dont_remove (default: 0)
Don't remove queue files and save them to the "saved" mail queue.
This is a debugging aid. To inspect the envelope information and
(weeks).
.PP
This feature is available in Postfix 2.8.
-.SH postscreen_cache_map (default: btree:$data_directory/ps_cache)
+.SH postscreen_cache_map (default: btree:$data_directory/postscreen_cache)
Persistent storage for the \fBpostscreen\fR(8) server decisions.
.PP
This feature is available in Postfix 2.8.
.PP
This feature is available in Postfix 2.8.
.SH postscreen_dnsbl_sites (default: empty)
-Optional list of DNS blocklist domains, filters and weight
+Optional list of DNS white/blacklist domains, filters and weight
factors. When the list is non-empty, the \fBdnsblog\fR(8) daemon will
-query these domains with the IP addresses of non-whitelisted remote
-SMTP clients, and \fBpostscreen\fR(8) will update an SMTP client's DNSBL
-score with each non-error reply.
+query these domains with the IP addresses of remote SMTP clients,
+and \fBpostscreen\fR(8) will update an SMTP client's DNSBL score with
+each non-error reply.
.PP
Caution: when postscreen rejects mail, it replies with the DNSBL
domain name. Use the postscreen_dnsbl_reply_map feature to hide
further details.
.PP
This feature is available in Postfix 2.8 and later.
+.SH tlsproxy_service_name (default: tlsproxy)
+The name of the \fBtlsproxy\fR(8) service entry in master.cf. This
+service performs plaintext <=> TLS ciphertext conversion.
+.PP
+This feature is available in Postfix 2.8 and later.
.SH tlsproxy_tls_CAfile (default: $smtpd_tls_CAfile)
A file containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate
.SH NAME
dnsblog
\-
-Postfix DNS blocklist logger
+Postfix DNS white/blacklist logger
.SH "SYNOPSIS"
.na
.nf
.SH DESCRIPTION
.ad
.fi
-The \fBdnsblog\fR(8) server implements an ad-hoc DNS blocklist
-lookup service that will eventually be replaced by an UDP
-client that is built directly into the \fBpostscreen\fR(8)
-server.
+The \fBdnsblog\fR(8) server implements an ad-hoc DNS
+white/blacklist lookup service that will eventually be
+replaced by an UDP client that is built directly into the
+\fBpostscreen\fR(8) server.
With each connection, the \fBdnsblog\fR(8) server receives
-a DNS blocklist domain name and an IP address. If the address
-is listed under the DNS blocklist, the \fBdnsblog\fR(8)
-server logs the match and replies with the query arguments
-plus a non-zero status. Otherwise it replies with the query
-arguments plus a zero status. Finally, The \fBdnsblog\fR(8)
-server closes the connection.
+a DNS white/blacklist domain name and an IP address. If the
+address is listed under the DNS white/blacklist, the
+\fBdnsblog\fR(8) server logs the match and replies with the
+query arguments plus a non-zero status. Otherwise it replies
+with the query arguments plus a zero status. Finally, The
+\fBdnsblog\fR(8) server closes the connection.
.SH DIAGNOSTICS
.ad
.fi
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
.IP "\fBpostscreen_dnsbl_sites (empty)\fR"
-Optional list of DNS blocklist domains, filters and weight
+Optional list of DNS white/blacklist domains, filters and weight
factors.
.IP "\fBipc_timeout (3600s)\fR"
The time limit for sending or receiving information over an internal
.nf
.ad
.fi
+.IP "\fBdnsblog_service_name (dnsblog)\fR"
+The name of the \fBdnsblog\fR(8) service entry in master.cf.
.IP "\fBpostscreen_access_list (permit_mynetworks)\fR"
Permanent white/blacklist for remote SMTP client IP addresses;
\fBpostscreen\fR(8) searches this list immediately after a remote SMTP
password, to the DNSBL domain name that postscreen will reply with
when it rejects mail.
.IP "\fBpostscreen_dnsbl_sites (empty)\fR"
-Optional list of DNS blocklist domains, filters and weight
+Optional list of DNS white/blacklist domains, filters and weight
factors.
.IP "\fBpostscreen_dnsbl_threshold (1)\fR"
The inclusive lower bound for blocking an SMTP client, based on
.fi
.IP "\fBpostscreen_cache_cleanup_interval (12h)\fR"
The amount of time between \fBpostscreen\fR(8) cache cleanup runs.
-.IP "\fBpostscreen_cache_map (btree:$data_directory/ps_cache)\fR"
+.IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR"
Persistent storage for the \fBpostscreen\fR(8) server decisions.
.IP "\fBpostscreen_cache_retention_time (7d)\fR"
The amount of time that \fBpostscreen\fR(8) will cache an expired
The SMTP TLS security level for the \fBpostscreen\fR(8) server; when
a non-empty value is specified, this overrides the obsolete parameters
postscreen_use_tls and postscreen_enforce_tls.
+.IP "\fBtlsproxy_service_name (tlsproxy)\fR"
+The name of the \fBtlsproxy\fR(8) service entry in master.cf.
.SH "OBSOLETE STARTTLS SUPPORT CONTROLS"
.na
.nf
.nf
smtpd(8), Postfix SMTP server
tlsproxy(8), Postfix TLS proxy server
-dnsblog(8), temporary DNS helper
+dnsblog(8), DNS black/whitelist logger
syslogd(8), system logging
.SH "README FILES"
.na
s;\bpostscreen_command_count_limit\b;<a href="postconf.5.html#postscreen_command_count_limit">$&</a>;g;
s;\bpostscreen_com[-</bB>]*\n* *[<bB>]*mand_time_limit\b;<a href="postconf.5.html#postscreen_command_time_limit">$&</a>;g;
s;\bsmtpd_service_name\b;<a href="postconf.5.html#smtpd_service_name">$&</a>;g;
+ s;\bdnsblog_service_name\b;<a href="postconf.5.html#dnsblog_service_name">$&</a>;g;
+ s;\btlsproxy_service_name\b;<a href="postconf.5.html#tlsproxy_service_name">$&</a>;g;
s;\bpostscreen_bare_newline_enable\b;<a href="postconf.5.html#postscreen_bare_newline_enable">$&</a>;g;
s;\bpostscreen_bare_newline_action\b;<a href="postconf.5.html#postscreen_bare_newline_action">$&</a>;g;
s;\bpostscreen_bare_newline_ttl\b;<a href="postconf.5.html#postscreen_bare_newline_ttl">$&</a>;g;
smtpd(8) processes. Its purpose is to accept connections from the
network and to decide what SMTP clients are allowed to talk to
Postfix. According to the 2008 MessageLabs annual report, 81% of
-all email was spam, and 90% of that was sent by botnets. While
-postscreen(8) keeps the zombies away, more smtpd(8) processes remain
-available for legitimate clients. </p>
-
-<p> The postscreen(8) server is still evolving, and is likely to
-undergo changes that break compatibility with earlier versions.
-For this reason the postscreen(8) server is not installed with the
-stable Postfix release. </p>
+all email was spam, and 90% of that was sent by botnets; by 2010,
+those numbers were 92% and 95%, respectively. While postscreen(8)
+keeps the zombies away, more smtpd(8) processes remain available
+for legitimate clients. </p>
+
+<p> The postscreen(8) server is available with Postfix 2.8 and
+later. To keep the implementation simple, postscreen(8) delegates
+DNS white/backlist lookups to dnsblog(8) server processes, and
+delegates TLS encryption/decryption to tlsproxy(8) server processes.
+This delegation is invisible to the remote SMTP client, and is not
+shown in the diagram below. </p>
<table>
<li> <a href="#enable"> Turning on postscreen(8) without blocking
mail</a>
+<li> <a href="#starttls"> postscreen(8) TLS configuration </a>
+
<li> <a href="#blocking"> Blocking mail with postscreen(8) </a>
<li> <a href="#turnoff"> Turning off postscreen(8) </a>
</ul>
+<h3> <a name="starttls"> postscreen(8) TLS configuration </a> </h3>
+
+<p> postscreen(8) TLS support is available for remote SMTP clients
+that aren't whitelisted, including clients that need to renew their
+temporary whitelist status. When a remote SMTP client requests TLS
+service, postscreen(8) invisibly hands off the connection to a
+tlsproxy(8) process. Then, tlsproxy(8) encrypts and decrypts the
+traffic between postscreen(8) and the remote SMTP client. One
+tlsproxy(8) process can handle multiple SMTP sessions. The number
+of tlsproxy(8) processes slowly increases with server load, but it
+should always be much smaller than the number of postscreen(8) TLS
+sessions. </p>
+
+<p> TLS support for postscreen(8) and tlsproxy(8) uses the same
+parameters as with smtpd(8). We recommend that you keep the relevant
+configuration parameters in main.cf. If you must specify "-o
+smtpd_mumble=value" parameter overrides in master.cf for a
+postscreen-protected smtpd(8) service, then you should specify those
+same parameter overrides for the postscreen(8) and tlsproxy(8)
+services. </p>
+
<h3> <a name="blocking"> Blocking mail with postscreen(8) </a> </h3>
<p> To use the postscreen(8) service to block mail, edit main.cf and
<p> This feature is available in Postfix 2.7, and as an optional
patch for Postfix 2.6. </p>
-%PARAM postscreen_cache_map btree:$data_directory/ps_cache
+%PARAM postscreen_cache_map btree:$data_directory/postscreen_cache
<p> Persistent storage for the postscreen(8) server decisions. </p>
%PARAM postscreen_dnsbl_sites
-<p>Optional list of DNS blocklist domains, filters and weight
+<p>Optional list of DNS white/blacklist domains, filters and weight
factors. When the list is non-empty, the dnsblog(8) daemon will
-query these domains with the IP addresses of non-whitelisted remote
-SMTP clients, and postscreen(8) will update an SMTP client's DNSBL
-score with each non-error reply. </p>
+query these domains with the IP addresses of remote SMTP clients,
+and postscreen(8) will update an SMTP client's DNSBL score with
+each non-error reply. </p>
<p> Caution: when postscreen rejects mail, it replies with the DNSBL
domain name. Use the postscreen_dnsbl_reply_map feature to hide
See smtpd_command_filter for further details. </p>
<p> This feature is available in Postfix 2.8 and later. </p>
+
+%PARAM dnsblog_service_name dnsblog
+
+<p> The name of the dnsblog(8) service entry in master.cf. This
+service performs DNS white/blacklist lookups. </p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
+%PARAM tlsproxy_service_name tlsproxy
+
+<p> The name of the tlsproxy(8) service entry in master.cf. This
+service performs plaintext <=> TLS ciphertext conversion. <p>
+
+<p> This feature is available in Postfix 2.8 and later. </p>
+
ul
whitelisted
whitelists
+=== proto/POSTSCREEN_README.html ===
+Amavisd
+MUA
+Mailserver
+SpamAssassin
+barracudacentral
+bl
+spamcop
+tlsproxy
/* NAME
/* dnsblog 8
/* SUMMARY
-/* Postfix DNS blocklist logger
+/* Postfix DNS white/blacklist logger
/* SYNOPSIS
/* \fBdnsblog\fR [generic Postfix daemon options]
/* DESCRIPTION
-/* The \fBdnsblog\fR(8) server implements an ad-hoc DNS blocklist
-/* lookup service that will eventually be replaced by an UDP
-/* client that is built directly into the \fBpostscreen\fR(8)
-/* server.
+/* The \fBdnsblog\fR(8) server implements an ad-hoc DNS
+/* white/blacklist lookup service that will eventually be
+/* replaced by an UDP client that is built directly into the
+/* \fBpostscreen\fR(8) server.
/*
/* With each connection, the \fBdnsblog\fR(8) server receives
-/* a DNS blocklist domain name and an IP address. If the address
-/* is listed under the DNS blocklist, the \fBdnsblog\fR(8)
-/* server logs the match and replies with the query arguments
-/* plus a non-zero status. Otherwise it replies with the query
-/* arguments plus a zero status. Finally, The \fBdnsblog\fR(8)
-/* server closes the connection.
+/* a DNS white/blacklist domain name and an IP address. If the
+/* address is listed under the DNS white/blacklist, the
+/* \fBdnsblog\fR(8) server logs the match and replies with the
+/* query arguments plus a non-zero status. Otherwise it replies
+/* with the query arguments plus a zero status. Finally, The
+/* \fBdnsblog\fR(8) server closes the connection.
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
/* CONFIGURATION PARAMETERS
/* How much time a Postfix daemon process may take to handle a
/* request before it is terminated by a built-in watchdog timer.
/* .IP "\fBpostscreen_dnsbl_sites (empty)\fR"
-/* Optional list of DNS blocklist domains, filters and weight
+/* Optional list of DNS white/blacklist domains, filters and weight
/* factors.
/* .IP "\fBipc_timeout (3600s)\fR"
/* The time limit for sending or receiving information over an internal
* postscreen(8)
*/
#define VAR_PSC_CACHE_MAP "postscreen_cache_map"
-#define DEF_PSC_CACHE_MAP "btree:$data_directory/psc_cache"
+#define DEF_PSC_CACHE_MAP "btree:$data_directory/postscreen_cache"
extern char *var_psc_cache_map;
-#define VAR_SMTPD_SERVICE "smtpd_service"
+#define VAR_SMTPD_SERVICE "smtpd_service_name"
#define DEF_SMTPD_SERVICE "smtpd"
extern char *var_smtpd_service;
#define DEF_PSC_ACL PSC_ACL_NAME_WL_MYNETWORKS
extern char *var_psc_acl;
+#define VAR_DNSBLOG_SERVICE "dnsblog_service_name"
+#define DEF_DNSBLOG_SERVICE MAIL_SERVICE_DNSBLOG
+extern char *var_dnsblog_service;
+
#define VAR_DNSBLOG_DELAY "dnsblog_reply_delay"
#define DEF_DNSBLOG_DELAY "0s"
extern int var_dnsblog_delay;
+#define VAR_TLSPROXY_SERVICE "tlsproxy_service_name"
+#define DEF_TLSPROXY_SERVICE MAIL_SERVICE_TLSPROXY
+extern char *var_tlsproxy_service;
+
#define VAR_TLSP_WATCHDOG "tlsproxy_watchdog_timeout"
#define DEF_TLSP_WATCHDOG "10s"
extern int var_tlsp_watchdog;
#define MAIL_PROTO_QMQP "QMQP"
/*
- * Names of services: these are the names if INET ports, UNIX-domain sockets
- * or FIFOs that a service listens on.
+ * Names of services: these are the names of the UNIX-domain socket or or
+ * FIFO that a service listens on.
*/
#define MAIL_SERVICE_BOUNCE "bounce"
#define MAIL_SERVICE_CLEANUP "cleanup"
#define MAIL_SERVICE_PROXYMAP "proxymap"
#define MAIL_SERVICE_PROXYWRITE "proxywrite"
#define MAIL_SERVICE_SCACHE "scache"
+#define MAIL_SERVICE_DNSBLOG "dnsblog"
+#define MAIL_SERVICE_TLSPROXY "tlsproxy"
/*
* Well-known socket or FIFO directories. The main difference is in file
#define MAIL_ATTR_DSN_ORCPT "dsn_orig_rcpt" /* dsn original recipient */
/*
- * PROXY support.
+ * TLSPROXY support.
*/
#define MAIL_ATTR_REMOTE_ENDPT "remote_endpoint" /* name[addr]:port */
#define MAIL_ATTR_ROLE "role" /* requested role */
#define MAIL_ATTR_ISSUER_CN "issuer_CN"
#define MAIL_ATTR_PEER_FPT "peer_fingerprint"
#define MAIL_ATTR_PEER_STATUS "peer_status"
-#define MAIL_ATTR_CIPHER_PROTOCOL "cipher_protocol"
+#define MAIL_ATTR_CIPHER_PROTOCOL "cipher_protocol"
#define MAIL_ATTR_CIPHER_NAME "cipher_name"
-#define MAIL_ATTR_CIPHER_USEBITS "cipher_usebits"
-#define MAIL_ATTR_CIPHER_ALGBITS "cipher_algbits"
+#define MAIL_ATTR_CIPHER_USEBITS "cipher_usebits"
+#define MAIL_ATTR_CIPHER_ALGBITS "cipher_algbits"
/*
* SMTP reply footer support.
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20110113"
+#define MAIL_RELEASE_DATE "20110115"
#define MAIL_VERSION_NUMBER "2.8"
#ifdef SNAPSHOT
/* bounce(8), defer(8), trace(8), Delivery status reports
/* cleanup(8), canonicalize and enqueue message
/* discard(8), Postfix discard delivery agent
+/* dnsblog(8), DNS black/whitelist logger
/* error(8), Postfix error delivery agent
/* flush(8), Postfix fast ETRN service
/* local(8), Postfix local delivery agent
postscreen_dnsbl.o: ../../include/mymalloc.h
postscreen_dnsbl.o: ../../include/split_at.h
postscreen_dnsbl.o: ../../include/string_list.h
+postscreen_dnsbl.o: ../../include/stringops.h
postscreen_dnsbl.o: ../../include/sys_defs.h
postscreen_dnsbl.o: ../../include/valid_hostname.h
postscreen_dnsbl.o: ../../include/vbuf.h
/* BEFORE-GREETING TRIAGE
/* .ad
/* .fi
+/* .IP "\fBdnsblog_service_name (dnsblog)\fR"
+/* The name of the \fBdnsblog\fR(8) service entry in master.cf.
/* .IP "\fBpostscreen_access_list (permit_mynetworks)\fR"
/* Permanent white/blacklist for remote SMTP client IP addresses;
/* \fBpostscreen\fR(8) searches this list immediately after a remote SMTP
/* password, to the DNSBL domain name that postscreen will reply with
/* when it rejects mail.
/* .IP "\fBpostscreen_dnsbl_sites (empty)\fR"
-/* Optional list of DNS blocklist domains, filters and weight
+/* Optional list of DNS white/blacklist domains, filters and weight
/* factors.
/* .IP "\fBpostscreen_dnsbl_threshold (1)\fR"
/* The inclusive lower bound for blocking an SMTP client, based on
/* .fi
/* .IP "\fBpostscreen_cache_cleanup_interval (12h)\fR"
/* The amount of time between \fBpostscreen\fR(8) cache cleanup runs.
-/* .IP "\fBpostscreen_cache_map (btree:$data_directory/ps_cache)\fR"
+/* .IP "\fBpostscreen_cache_map (btree:$data_directory/postscreen_cache)\fR"
/* Persistent storage for the \fBpostscreen\fR(8) server decisions.
/* .IP "\fBpostscreen_cache_retention_time (7d)\fR"
/* The amount of time that \fBpostscreen\fR(8) will cache an expired
/* The SMTP TLS security level for the \fBpostscreen\fR(8) server; when
/* a non-empty value is specified, this overrides the obsolete parameters
/* postscreen_use_tls and postscreen_enforce_tls.
+/* .IP "\fBtlsproxy_service_name (tlsproxy)\fR"
+/* The name of the \fBtlsproxy\fR(8) service entry in master.cf.
/* OBSOLETE STARTTLS SUPPORT CONTROLS
/* .ad
/* .fi
/* SEE ALSO
/* smtpd(8), Postfix SMTP server
/* tlsproxy(8), Postfix TLS proxy server
-/* dnsblog(8), temporary DNS helper
+/* dnsblog(8), DNS black/whitelist logger
/* syslogd(8), system logging
/* README FILES
/* .ad
int var_psc_cmd_count;
char *var_psc_cmd_time;
+char *var_dnsblog_service;
+char *var_tlsproxy_service;
+
char *var_smtpd_rej_footer;
char *var_psc_rej_footer;
VAR_PSC_DNSBL_REPLY, DEF_PSC_DNSBL_REPLY, &var_psc_dnsbl_reply, 0, 0,
VAR_PSC_TLS_LEVEL, DEF_PSC_TLS_LEVEL, &var_psc_tls_level, 0, 0,
VAR_PSC_CMD_FILTER, DEF_PSC_CMD_FILTER, &var_psc_cmd_filter, 0, 0,
+ VAR_DNSBLOG_SERVICE, DEF_DNSBLOG_SERVICE, &var_dnsblog_service, 1, 0,
+ VAR_TLSPROXY_SERVICE, DEF_TLSPROXY_SERVICE, &var_tlsproxy_service, 1, 0,
0,
};
static const CONFIG_INT_TABLE int_table[] = {
#include <valid_hostname.h>
#include <ip_match.h>
#include <myaddrinfo.h>
+#include <stringops.h>
/* Global library. */
#include <postscreen.h>
-#define DNSBL_SERVICE "dnsblog"
+ /*
+ * Talking to the DNSBLOG service.
+ */
#define DNSBLOG_TIMEOUT 10
+static char *psc_dnsbl_service;
/*
* Per-DNSBL filters and weights.
* implementation.
*/
for (ht = dnsbl_site_list; *ht; ht++) {
- if ((fd = LOCAL_CONNECT("private/" DNSBL_SERVICE, NON_BLOCKING, 1)) < 0) {
- msg_warn("%s: connect to " DNSBL_SERVICE " service: %m", myname);
+ if ((fd = LOCAL_CONNECT(psc_dnsbl_service, NON_BLOCKING, 1)) < 0) {
+ msg_warn("%s: connect to %s service: %m",
+ myname, psc_dnsbl_service);
continue;
}
stream = vstream_fdopen(fd, O_RDWR);
ATTR_TYPE_STR, MAIL_ATTR_ACT_CLIENT_ADDR, client_addr,
ATTR_TYPE_END);
if (vstream_fflush(stream) != 0) {
- msg_warn("%s: error sending to " DNSBL_SERVICE " service: %m", myname);
+ msg_warn("%s: error sending to %s service: %m",
+ myname, psc_dnsbl_service);
vstream_fclose(stream);
continue;
}
if (dnsbl_site_cache != 0)
msg_panic("%s: called more than once", myname);
+ /*
+ * pre-compute the DNSBLOG socket name.
+ */
+ psc_dnsbl_service = concatenate(MAIL_CLASS_PRIVATE, "/",
+ var_dnsblog_service, (char *) 0);
+
/*
* Prepare for quick iteration when sending out queries to all DNSBL
* servers, and for quick lookup when a reply arrives from a specific
#include <mymalloc.h>
#include <connect.h>
#include <stringops.h> /* concatenate() */
+#include <vstring.h>
/* Global library. */
#define TLSPROXY_INIT_TIMEOUT 10
+static char *psc_tlsp_service = 0;
+
/* psc_starttls_finish - complete negotiation with TLS proxy */
static void psc_starttls_finish(int event, char *context)
*/
msg_warn("%s sending file handle to %s service",
event == EVENT_TIME ? "timeout" : "problem",
- TLSPROXY_SERVICE);
+ psc_tlsp_service);
event_disable_readwrite(vstream_fileno(tlsproxy_stream));
vstream_fclose(tlsproxy_stream);
PSC_SEND_REPLY(smtp_state,
const char *myname = "psc_starttls_open";
PSC_STARTTLS *starttls_state;
VSTREAM *tlsproxy_stream;
- char *remote_endpt;
int fd;
+ static VSTRING *remote_endpt = 0;
+
+ if (psc_tlsp_service == 0) {
+ psc_tlsp_service = concatenate(MAIL_CLASS_PRIVATE "/",
+ var_tlsproxy_service, (char *) 0);
+ remote_endpt = vstring_alloc(20);
+ }
/*
* Connect to the tlsproxy(8) daemon. We report all errors
* asynchronously, to avoid having to maintain multiple delivery paths.
*/
- if ((fd = LOCAL_CONNECT("private/" TLSPROXY_SERVICE,
- NON_BLOCKING, 1)) < 0) {
- msg_warn("connect to %s service: %m", TLSPROXY_SERVICE);
+ if ((fd = LOCAL_CONNECT(psc_tlsp_service, NON_BLOCKING, 1)) < 0) {
+ msg_warn("connect to %s service: %m", psc_tlsp_service);
PSC_SEND_REPLY(smtp_state,
"454 4.7.0 TLS not available due to local problem\r\n");
event_request_timer(resume_event, (char *) smtp_state, 0);
* simplify all the format strings throughout the program.
*/
tlsproxy_stream = vstream_fdopen(fd, O_RDWR);
- remote_endpt = concatenate("[", smtp_state->smtp_client_addr, "]:",
- smtp_state->smtp_client_port, (char *) 0);
+ vstring_sprintf(remote_endpt, "[%s]:%s", smtp_state->smtp_client_addr,
+ smtp_state->smtp_client_port);
attr_print(tlsproxy_stream, ATTR_FLAG_NONE,
- ATTR_TYPE_STR, MAIL_ATTR_REMOTE_ENDPT, remote_endpt,
+ ATTR_TYPE_STR, MAIL_ATTR_REMOTE_ENDPT, STR(remote_endpt),
ATTR_TYPE_INT, MAIL_ATTR_FLAGS, TLS_PROXY_FLAG_ROLE_SERVER,
ATTR_TYPE_INT, MAIL_ATTR_TIMEOUT, psc_normal_cmd_time_limit,
ATTR_TYPE_END);
- myfree(remote_endpt);
if (vstream_fflush(tlsproxy_stream) != 0) {
- msg_warn("error sending request to %s service: %m", TLSPROXY_SERVICE);
+ msg_warn("error sending request to %s service: %m", psc_tlsp_service);
vstream_fclose(tlsproxy_stream);
PSC_SEND_REPLY(smtp_state,
"454 4.7.0 TLS not available due to local problem\r\n");
int smtpd_proxy_opts;
+#ifdef USE_TLSPROXY
+char *var_tlsproxy_service;
+
+#endif
+
/*
* Silly little macros.
*/
#define PROXY_OPEN_FLAGS \
(TLS_PROXY_FLAG_ROLE_SERVER | TLS_PROXY_FLAG_SEND_CONTEXT)
- state->tlsproxy = tls_proxy_open(PROXY_OPEN_FLAGS, state->client,
- state->addr, state->port,
- var_smtpd_tmout);
+ state->tlsproxy = tls_proxy_open(var_tlsproxy_service, PROXY_OPEN_FLAGS,
+ state->client, state->addr,
+ state->port, var_smtpd_tmout);
if (state->tlsproxy == 0) {
state->error_mask |= MAIL_ERROR_SOFTWARE;
/* RFC 4954 Section 6. */
if (SMTPD_STAND_ALONE(state) == 0 && var_smtpd_tls_wrappermode) {
#ifdef USE_TLSPROXY
/* We garbage-collect the VSTREAM in smtpd_state_reset() */
- state->tlsproxy = tls_proxy_open(PROXY_OPEN_FLAGS, state->client,
- state->addr, state->port,
- var_smtpd_tmout);
+ state->tlsproxy = tls_proxy_open(var_tlsproxy_service,
+ PROXY_OPEN_FLAGS,
+ state->client, state->addr,
+ state->port, var_smtpd_tmout);
if (state->tlsproxy == 0) {
msg_warn("Wrapper-mode request dropped from %s for service %s."
" TLS context initialization failed. For details see"
VAR_UNV_RCPT_TF_ACT, DEF_UNV_RCPT_TF_ACT, &var_unv_rcpt_tf_act, 1, 0,
VAR_UNV_FROM_TF_ACT, DEF_UNV_FROM_TF_ACT, &var_unv_from_tf_act, 1, 0,
VAR_SMTPD_CMD_FILTER, DEF_SMTPD_CMD_FILTER, &var_smtpd_cmd_filter, 0, 0,
+#ifdef USE_TLSPROXY
+ VAR_TLSPROXY_SERVICE, DEF_TLSPROXY_SERVICE, &var_tlsproxy_service, 1, 0,
+#endif
0,
};
static const CONFIG_RAW_TABLE raw_table[] = {
tls_proxy_clnt.o: ../../include/attr.h
tls_proxy_clnt.o: ../../include/connect.h
tls_proxy_clnt.o: ../../include/iostuff.h
+tls_proxy_clnt.o: ../../include/mail_params.h
tls_proxy_clnt.o: ../../include/mail_proto.h
tls_proxy_clnt.o: ../../include/msg.h
tls_proxy_clnt.o: ../../include/mymalloc.h
/*
* External interface.
*/
-#define TLSPROXY_SERVICE "tlsproxy"
-
#define TLS_PROXY_FLAG_ROLE_SERVER (1<<0) /* request server role */
#define TLS_PROXY_FLAG_ROLE_CLIENT (1<<1) /* request client role */
#define TLS_PROXY_FLAG_SEND_CONTEXT (1<<2) /* send TLS context */
#ifdef USE_TLS
-extern VSTREAM *tls_proxy_open(int, VSTREAM *, const char *,
+extern VSTREAM *tls_proxy_open(const char *, int, VSTREAM *, const char *,
const char *, int);
extern TLS_SESS_STATE *tls_proxy_context_receive(VSTREAM *);
extern void tls_proxy_context_free(TLS_SESS_STATE *);
/* SYNOPSIS
/* #include <tlsproxy_clnt.h>
/*
-/* VSTREAM *tls_proxy_open(flags, peer_stream, peer_addr,
+/* VSTREAM *tls_proxy_open(service, flags, peer_stream, peer_addr,
/* peer_port, timeout)
+/* const char *service;
/* int flags;
/* VSTREAM *peer_stream;
/* const char *peer_addr;
/* was received with tls_proxy_context_receive().
/*
/* Arguments:
+/* .IP service
+/* The (base) name of the tlsproxy service.
/* .IP flags
/* Bit-wise OR of:
/* .RS
#include <msg.h>
#include <mymalloc.h>
#include <connect.h>
-#include <stringops.h> /* concatenate() */
+#include <stringops.h>
+#include <vstring.h>
/* Global library. */
#include <mail_proto.h>
+#include <mail_params.h>
/* TLS library-specific. */
#define TLSPROXY_INIT_TIMEOUT 10
+/* SLMs. */
+
+#define STR vstring_str
+
/* tls_proxy_open - open negotiations with TLS proxy */
-VSTREAM *tls_proxy_open(int flags, VSTREAM *peer_stream,
- const char *peer_addr,
- const char *peer_port,
- int timeout)
+VSTREAM *tls_proxy_open(const char *service, int flags,
+ VSTREAM *peer_stream,
+ const char *peer_addr,
+ const char *peer_port,
+ int timeout)
{
VSTREAM *tlsproxy_stream;
- char *remote_endpt;
int status;
int fd;
+ static VSTRING *tlsproxy_service = 0;
+ static VSTRING *remote_endpt = 0;
+
+ /*
+ * Initialize.
+ */
+ if (tlsproxy_service == 0) {
+ tlsproxy_service = vstring_alloc(20);
+ remote_endpt = vstring_alloc(20);
+ }
/*
- * Connect to the tlsproxy(8) daemon. We report all errors
- * asynchronously, to avoid having to maintain multiple delivery paths.
+ * Connect to the tlsproxy(8) daemon.
*/
- if ((fd = LOCAL_CONNECT("private/" TLSPROXY_SERVICE, BLOCKING,
+ vstring_sprintf(tlsproxy_service, "%s/%s", MAIL_CLASS_PRIVATE, service);
+ if ((fd = LOCAL_CONNECT(STR(tlsproxy_service), BLOCKING,
TLSPROXY_INIT_TIMEOUT)) < 0) {
- msg_warn("connect to %s service: %m", TLSPROXY_SERVICE);
+ msg_warn("connect to %s service: %m", STR(tlsproxy_service));
return (0);
}
* simplify all the format strings throughout the program.
*/
tlsproxy_stream = vstream_fdopen(fd, O_RDWR);
- remote_endpt = concatenate("[", peer_addr, "]:",
- peer_port, (char *) 0);
+ vstring_sprintf(remote_endpt, "[%s]:%s", peer_addr, peer_port);
attr_print(tlsproxy_stream, ATTR_FLAG_NONE,
- ATTR_TYPE_STR, MAIL_ATTR_REMOTE_ENDPT, remote_endpt,
+ ATTR_TYPE_STR, MAIL_ATTR_REMOTE_ENDPT, STR(remote_endpt),
ATTR_TYPE_INT, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_INT, MAIL_ATTR_TIMEOUT, timeout,
ATTR_TYPE_END);
- myfree(remote_endpt);
if (vstream_fflush(tlsproxy_stream) != 0) {
- msg_warn("error sending request to %s service: %m", TLSPROXY_SERVICE);
+ msg_warn("error sending request to %s service: %m",
+ STR(tlsproxy_service));
vstream_fclose(tlsproxy_stream);
return (0);
}
* configuration error, or other causes).
*/
msg_warn("%s service role \"%s\" is not available",
- TLSPROXY_SERVICE,
+ STR(tlsproxy_service),
(flags & TLS_PROXY_FLAG_ROLE_SERVER) ? "server" :
(flags & TLS_PROXY_FLAG_ROLE_CLIENT) ? "client" :
"bogus role");
/*
* Some error: drop the TLS proxy stream.
*/
- msg_warn("sending file handle to %s service: %m", TLSPROXY_SERVICE);
+ msg_warn("sending file handle to %s service: %m",
+ STR(tlsproxy_service));
vstream_fclose(tlsproxy_stream);
return (0);
}
tls_context = (TLS_SESS_STATE *) mymalloc(sizeof(*tls_context));
if (attr_scan(proxy_stream, ATTR_FLAG_STRICT,
- ATTR_TYPE_FUNC, tls_proxy_context_scan, (char *) tls_context,
+ ATTR_TYPE_FUNC, tls_proxy_context_scan, (char *) tls_context,
ATTR_TYPE_END) != 1) {
tls_proxy_context_free(tls_context);
return (0);
/* tls_proxy_context_free - destroy object from tls_proxy_context_receive() */
-void tls_proxy_context_free(TLS_SESS_STATE *tls_context)
+void tls_proxy_context_free(TLS_SESS_STATE *tls_context)
{
if (tls_context->peer_CN)
myfree(tls_context->peer_CN);
msg_info("CONNECT %s %s",
(req_flags & TLS_PROXY_FLAG_ROLE_SERVER) ? "from" :
(req_flags & TLS_PROXY_FLAG_ROLE_CLIENT) ? "to" :
- "(bogus direction)", state->remote_endpt);
+ "(bogus_direction)", state->remote_endpt);
state->req_flags = req_flags;
state->timeout = timeout + 10; /* XXX */
event_enable_read(plaintext_fd, tlsp_get_fd_event, (char *) state);
{
DICT_HT *dict_ht = (DICT_HT *) dict;
HTABLE_INFO *ht;
+ char *saved_value = mystrdup(value);
/*
* Optionally fold the key.
} else {
ht = htable_enter(dict_ht->table, name, (char *) 0);
}
- ht->value = mystrdup(value);
+ ht->value = saved_value;
}
/* dict_ht_sequence - first/next iterator */
*/
if (len < 1)
msg_panic("mymalloc: requested length %ld", (long) len);
+#ifdef MYMALLOC_FUZZ
+ len += MYMALLOC_FUZZ;
+#endif
if ((real_ptr = (MBLOCK *) malloc(SPACE_FOR(len))) == 0)
msg_fatal("mymalloc: insufficient memory: %m");
CHECK_OUT_PTR(ptr, real_ptr, len);
*/
if (len < 1)
msg_panic("myrealloc: requested length %ld", (long) len);
+#ifdef MYMALLOC_FUZZ
+ len += MYMALLOC_FUZZ;
+#endif
CHECK_IN_PTR(ptr, real_ptr, old_len, "myrealloc");
if ((real_ptr = (MBLOCK *) realloc((char *) real_ptr, SPACE_FOR(len))) == 0)
msg_fatal("myrealloc: insufficient memory: %m");
#define BROKEN_AI_PASSIVE_NULL_HOST
#define BROKEN_AI_NULL_SERVICE
#define USE_SYSV_POLL
+#define MYMALLOC_FUZZ 1
#endif
#ifdef AIX4
projects / thirdparty / postfix.git / commitdiff
