From: Wietse Venema Date: Fri, 10 Oct 2008 05:00:00 +0000 (-0500) Subject: postfix-2.6-20081010 X-Git-Tag: v2.6.0-RC1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=545bde996fb141772e61a7509695e4f40999d815;p=thirdparty%2Fpostfix.git postfix-2.6-20081010 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 14f850734..2753ba705 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -14677,27 +14677,45 @@ Apologies for any names omitted. 20081005 - Further refinements to the handling of missing or non-existent - remote client attributes. Files: smtpd/smtpd.c, smtpd/smtpd.h. + Bugfix: further refinements to the handling of missing or + non-existent remote client attributes. Files: smtpd/smtpd.c, + smtpd/smtpd.h. - The XFORWARD specification of the ADDR attribute did not - agree with the actual on-the-wire protocol. The spec has - been updated. File: proto/XFORWARD_README.html. + Documentation: the XFORWARD specification of the ADDR + attribute did not agree with the actual on-the-wire protocol. + Since we can't change already existing deployments, the + spec has been updated. File: proto/XFORWARD_README.html. 20081006 - Further refinements to the handling of remote client + Bugfix: further refinements to the handling of remote client attributes. Introduced a dummy "we have forwarded client info" record, to eliminate the need for the backwards incompatible queue file change that was introduced 20081003. Files: smtpd/smtpd.c, cleanup/cleanup_envelope.c, *qmgr/qmgr_message.c. - Hardened the proxymap client, in case it ever ends up in - a set-gid program. File: global/dict_proxy.c. + Security: hardened the proxymap client, in case it ever + ends up in a set-gid program. File: global/dict_proxy.c. 10081007 - Undo the proxymap client change. It broke chrooted servers - when they attempted to reconnect to the proxy read/write - service. File: global/dict_proxy.c. + Workaround: undo the proxymap client change. It broke + chrooted servers when they attempted to reconnect to the + proxy read/write service. File: global/dict_proxy.c. + +20081008 + + Safety: added checks that $queue_directory/pid is owned by + root, and that $queue_directory/saved is owned by $mail_owner. + File: conf/postfix-script. + +20081010 + + Feature: controls for opportunistic TLS protocols and + ciphers. The smtp_tls_protocols, smtp_tls_ciphers, and + equivalent parameters for lmtp and smtpd provide global + settings; The SMTP client TLS policy table provides ciphers + and protocols settings for specific peers. Code by Victor + Duchovni. Files: smtp/smtp.c, smtp/smtp_session.c, smtpd/smtpd.c + and documentation. diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index 6740bf3eb..f10b918b3 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -508,24 +508,33 @@ smtpd_tls_cipherlist parameter specifies the acceptable ciphers as an explicit OpenSSL cipherlist. The obsolete setting applies even when TLS encryption is not enforced. Use of this control on public MX hosts is strongly discouraged. -With mandatory TLS encryption, the Postfix SMTP server will by default only use -SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. This is -controlled by the smtpd_tls_mandatory_protocols configuration parameter. - The Postfix SMTP server supports 5 distinct cipher security levels as specified by the smtpd_tls_mandatory_ciphers configuration parameter, which determines the cipher grade with mandatory TLS encryption. The default value is "medium" which is essentially 128-bit encryption or better. With opportunistic TLS -encryption, the minimum accepted cipher grade is always "export". +encryption, the minimum accepted cipher grade is typically "export". Postfix >= +2.6 has a corresponding smtpd_tls_ciphers parameter which controls the cipher +grade used with opportunistic TLS. + +By default anonymous ciphers are enabled. They are automatically disabled when +remote SMTP client certificates are requested. If clients are expected to +always verify the Postfix SMTP server certificate you may want to disable +anonymous ciphers by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL" or +"smtpd_tls_exclude_ciphers = aNULL", as appropriate. One can't force a remote +SMTP client to check the server certificate, so excluding anonymous ciphers is +generally unnecessary. + +The "smtpd_tls_ciphers" (Postfix >= 2.6) configuration parameter provides +control over the minimum cipher grade for opportunistic TLS. With Postfix < +2.6, the minimum opportunistic TLS cipher grade is always "export". -By default anonymous ciphers are allowed, and automatically disabled when -client certificates are requested. If clients are expected to always verify the -server certificate you may want to exclude anonymous ciphers by setting -"smtpd_tls_mandatory_exclude_ciphers = aNULL". One can't force a client to -check the server certificate, so excluding anonymous ciphers is generally -unnecessary. +With mandatory TLS encryption, the Postfix SMTP server will by default only use +SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. The +mandatory TLS protocol list is specified via the smtpd_tls_mandatory_protocols +configuration parameter. Postfix >= 2.6 has a corresponding smtpd_tls_protocols +parameter which controls the SSL/TLS protocols used with opportunistic TLS. -For a server that is not a public Internet MX host, Postfix 2.3 supports +For a server that is not a public Internet MX host, Postfix (>= 2.3) supports configurations with no server certificates that use oonnllyy the anonymous ciphers. This is enabled by explicitly setting "smtpd_tls_cert_file = none" and not specifying an smtpd_tls_dcert_file. @@ -892,10 +901,12 @@ server. Otherwise, messages are sent in the clear. With Postfix 2.3 and later, opportunistic TLS can be configured by setting "smtp_tls_security_level = may". Since sending in the clear is acceptable, demanding stronger than default TLS -security merely reduces inter-operability. For this reason, Postfix 2.3 and -later ignore the smtp_tls_mandatory_ciphers and smtp_tls_mandatory_protocols -parameters at the "may" security level: all protocols are allowed, and "export" -grade or better ciphers are used. +security mostly reduces inter-operability. If you must restrict TLS protocol or +cipher selection even with opportunistic TLS, the Postfix >= 2.6 +"smtp_tls_ciphers" and "smtp_tls_protocols" configuration parameters provide +control over the protocols and cipher grade used with opportunistic TLS. With +earlier releases the opportunistic TLS cipher grade is always "export" and no +protocols are disabled. With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its default (backwards compatible) empty value, the appropriate configuration @@ -1331,13 +1342,18 @@ describe the corresponding table syntax: nnoonnee No TLS. No additional attributes are supported at this level. mmaayy - Opportunistic TLS. No additional attributes are supported at this level. + Opportunistic TLS. The optional "ciphers", "exclude" and "protocols" + attributes (available for opportunistic TLS with Postfix >= 2.6) override + the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" + configuration parameters. eennccrryypptt Mandatory encryption. Mail is delivered only if the remote SMTP server - offers STARTTLS and the TLS handshake succeeds. At this level and higher - the optional "ciphers" attribute overrides the main.cf - smtp_tls_mandatory_ciphers parameter, and the optional "protocols" - attribute overrides the main.cf smtp_tls_mandatory_protocols parameter. + offers STARTTLS and the TLS handshake succeeds. At this level and higher, + the optional "protocols" attribute overrides the main.cf + smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute + overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the + optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf + smtp_tls_mandatory_exclude_ciphers parameter. ffiinnggeerrpprriinntt Certificate fingerprint verification. Available with Postfix 2.5 and later. At this security level, there are no trusted certificate authorities. The @@ -1378,6 +1394,19 @@ Notes: * When a policy table entry specifies multiple match patterns, multiple match strategies, or multiple protocols, these must be separated by colons. + * The "exclude" attribute (Postfix >= 2.6) is used to disable ciphers that + cause handshake failures with a specific mandatory TLS destination, without + disabling the ciphers for all mandatory destinations. Alternatively, you + can exclude ciphers that cause issues with multiple remote servers in + main.cf, and selectively enable them on a per-destination basis in the + policy table by setting a shorter or empty exclusion list. The per- + destination "exclude" list preempts both the opportunistic and mandatory + security level exclusions, so that all excluded ciphers can be enabled for + known-good destinations. For non-mandatory TLS destinations that exhibit + cipher-specific problems, Postfix will fall back to plain-text delivery. If + plain-text is not acceptable make TLS mandatory and exclude the problem + ciphers. + Example: /etc/postfix/main.cf: @@ -1397,6 +1426,9 @@ Example: [thumb.example.org] fingerprint match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 + # Postfix 2.6 and later + example.info may protocols=!SSLv2 ciphers=medium + exclude=3DES NNoottee:: The "hostname" strategy if listed in a non-default setting of smtp_tls_secure_cert_match or in the "match" attribute in the policy table can @@ -1617,6 +1649,16 @@ generally no need to take these measures. Anonymous ciphers save bandwidth and TLS session cache space, if certificates are ignored, there is little point in requesting them. +The "smtp_tls_ciphers" (Postfix >= 2.6) configuration parameter provides +control over the minimum cipher grade for opportunistic TLS. With Postfix < +2.6, the minimum opportunistic TLS cipher grade is always "export". + +With mandatory TLS encryption, the Postfix SMTP client will by default only use +SSLv3 or TLSv1. SSLv2 is only used when TLS encryption is optional. The +mandatory TLS protocol list is specified via the smtp_tls_mandatory_protocols +configuration parameter. Postfix >= 2.6 has a corresponding smtp_tls_protocols +parameter which controls the SSL/TLS protocols used with opportunistic TLS. + Example: /etc/postfix/main.cf: @@ -1626,6 +1668,9 @@ Example: smtp_tls_mandatory_protocols = SSLv3, TLSv1 # Also available with Postfix >= 2.5: smtp_tls_mandatory_protocols = !SSLv2 + # Also available with Postfix >= 2.6: + smtp_tls_ciphers = export + smtp_tls_protocols = CClliieenntt--ssiiddee SSMMTTPPSS ssuuppppoorrtt diff --git a/postfix/README_FILES/XFORWARD_README b/postfix/README_FILES/XFORWARD_README index 0ad4e7587..187b7ef93 100644 --- a/postfix/README_FILES/XFORWARD_README +++ b/postfix/README_FILES/XFORWARD_README @@ -58,6 +58,9 @@ are in fact case insensitive. when the address information is unavailable. Address information is not enclosed with []. + * When both the NAME and ADDR attributes have the value [UNAVAILABLE], the + upcoming MAIL FROM transaction corresponds to a local submission. + * The PORT attribute specifies an up-stream client TCP port number in decimal, or [UNAVAILABLE] when the information is unavailable. @@ -103,10 +106,6 @@ Upon receipt of an initial XFORWARD command, the SMTP server initializes all XFORWARD attributes to [UNAVAILABLE]. With each valid XFORWARD command, the server updates XFORWARD attributes with the specified values. -When both the NAME and ADDR attributes have the value [UNAVAILABLE], the MAIL -FROM transaction corresponds to a local submission. In this case the server -must also treat the HELO, PORT and PROTO attributes as [UNAVAILABLE]. - When the server uses XFORWARD attributes for logging purposes, it must not mix XFORWARD attributes with attributes from the current SMTP session. diff --git a/postfix/conf/postfix-script b/postfix/conf/postfix-script index 4635f865c..c441797c8 100644 --- a/postfix/conf/postfix-script +++ b/postfix/conf/postfix-script @@ -215,7 +215,8 @@ check-fatal) check-warn) # This command is NOT part of the public interface. - for dir in $daemon_directory $config_directory $queue_directory + for dir in $daemon_directory $config_directory $queue_directory \ + $queue_directory/pid do ls -lLd $dir | (grep " root " >/dev/null || $WARN not owned by root: $dir) @@ -232,7 +233,7 @@ check-warn) -exec $WARN not owned by $mail_owner: {} \; find `ls -d $queue_directory/* | \ - egrep '/(incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \ + egrep '/(saved|incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \ ! \( -type p -o -type s \) ! -user $mail_owner \ -exec $WARN not owned by $mail_owner: {} \; diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 1aa59fe48..2d8ca6e8a 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -746,26 +746,36 @@ explicit OpenSSL cipherlist. The obsolete setting applies even when TLS encryption is not enforced. Use of this control on public MX hosts is strongly discouraged.

-

With mandatory TLS encryption, the Postfix SMTP server will by -default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption -is optional. This is controlled by the smtpd_tls_mandatory_protocols -configuration parameter.

-

The Postfix SMTP server supports 5 distinct cipher security levels as specified by the smtpd_tls_mandatory_ciphers configuration parameter, which determines the cipher grade with mandatory TLS encryption. The default value is "medium" which is essentially 128-bit encryption or better. With opportunistic TLS encryption, the minimum accepted cipher grade is -always "export".

- -

By default anonymous ciphers are allowed, and automatically disabled -when client certificates are requested. If clients are expected to always -verify the server certificate you may want to exclude anonymous ciphers -by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL". -One can't force a client to check the server certificate, so excluding +typically "export". Postfix ≥ 2.6 has a corresponding smtpd_tls_ciphers +parameter which controls the cipher grade used with opportunistic TLS.

+ +

By default anonymous ciphers are enabled. They are automatically +disabled when remote SMTP client certificates are requested. If +clients are expected to always verify the Postfix SMTP +server certificate you may want to disable anonymous ciphers +by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL" or +"smtpd_tls_exclude_ciphers = aNULL", as appropriate. One can't force +a remote SMTP client to check the server certificate, so excluding anonymous ciphers is generally unnecessary.

-

For a server that is not a public Internet MX host, Postfix 2.3 +

The "smtpd_tls_ciphers" (Postfix ≥ 2.6) configuration parameter +provides control over the minimum cipher grade for opportunistic TLS. With +Postfix < 2.6, the minimum opportunistic TLS cipher grade is always +"export".

+ +

With mandatory TLS encryption, the Postfix SMTP server will by +default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption +is optional. The mandatory TLS protocol list is specified via the +smtpd_tls_mandatory_protocols configuration parameter. Postfix ≥ +2.6 has a corresponding smtpd_tls_protocols parameter which controls +the SSL/TLS protocols used with opportunistic TLS.

+ +

For a server that is not a public Internet MX host, Postfix (≥ 2.3) supports configurations with no server certificates that use only the anonymous ciphers. This is enabled by explicitly setting "smtpd_tls_cert_file = none" @@ -1264,11 +1274,12 @@ With Postfix 2.3 and later, opportunistic TLS can be configured by setting "smtp_tls_security_level = may".

Since sending in the clear is acceptable, demanding stronger -than default TLS security merely reduces inter-operability. For -this reason, Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers -and smtp_tls_mandatory_protocols parameters at the "may" -security level: all protocols are allowed, and "export" grade or -better ciphers are used.

+than default TLS security mostly reduces inter-operability. If you +must restrict TLS protocol or cipher selection even with opportunistic +TLS, the Postfix ≥ 2.6 "smtp_tls_ciphers" and "smtp_tls_protocols" +configuration parameters provide control over the protocols and cipher grade +used with opportunistic TLS. With earlier releases the opportunistic TLS +cipher grade is always "export" and no protocols are disabled.

With Postfix 2.2 and earlier, or when smtp_tls_security_level is set to its default (backwards compatible) empty value, the appropriate @@ -1820,15 +1831,19 @@ describe the corresponding table syntax:

additional attributes are supported at this level.
may
Opportunistic TLS. -No additional attributes are supported at this level.
- -
encrypt
Mandatory -encryption. Mail is delivered only if the remote SMTP -server offers STARTTLS and the TLS handshake succeeds. At this -level and higher the optional "ciphers" attribute overrides the +The optional "ciphers", "exclude" and "protocols" attributes +(available for opportunistic TLS with Postfix ≥ 2.6) override the +"smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" +configuration parameters.
+ +
encrypt
Mandatory encryption. +Mail is delivered only if the remote SMTP server offers STARTTLS +and the TLS handshake succeeds. At this level and higher, the optional +"protocols" attribute overrides the main.cf smtp_tls_mandatory_protocols +parameter, the optional "ciphers" attribute overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the optional -"protocols" attribute -overrides the main.cf smtp_tls_mandatory_protocols parameter.
+"exclude" attribute (Postfix ≥ 2.6) overrides the main.cf +smtp_tls_mandatory_exclude_ciphers parameter.
fingerprint
Certificate fingerprint verification. Available with Postfix 2.5 and @@ -1881,6 +1896,19 @@ host fails.

multiple match strategies, or multiple protocols, these must be separated by colons.

+

  • The "exclude" attribute (Postfix ≥ 2.6) is used to disable +ciphers that cause handshake failures with a specific mandatory TLS +destination, without disabling the ciphers for all mandatory destinations. +Alternatively, you can exclude ciphers that cause issues with multiple +remote servers in main.cf, and selectively enable them on a per-destination +basis in the policy table by setting a shorter or empty exclusion list. The +per-destination "exclude" list preempts both the opportunistic and +mandatory security level exclusions, so that all excluded ciphers +can be enabled for known-good destinations. For non-mandatory TLS +destinations that exhibit cipher-specific problems, Postfix will fall +back to plain-text delivery. If plain-text is not acceptable make TLS +mandatory and exclude the problem ciphers.

    +

    @@ -1906,6 +1934,8 @@ Example: [thumb.example.org] fingerprint match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35 match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1 + # Postfix 2.6 and later + example.info may protocols=!SSLv2 ciphers=medium exclude=3DES @@ -2193,6 +2223,18 @@ no need to take these measures. Anonymous ciphers save bandwidth and TLS session cache space, if certificates are ignored, there is little point in requesting them.

    +

    The "smtp_tls_ciphers" (Postfix ≥ 2.6) configuration parameter +provides control over the minimum cipher grade for opportunistic TLS. With +Postfix < 2.6, the minimum opportunistic TLS cipher grade is always +"export".

    + +

    With mandatory TLS encryption, the Postfix SMTP client will by +default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption +is optional. The mandatory TLS protocol list is specified via the +smtp_tls_mandatory_protocols configuration parameter. Postfix ≥ +2.6 has a corresponding smtp_tls_protocols parameter which controls +the SSL/TLS protocols used with opportunistic TLS.

    +

    Example:

    @@ -2204,6 +2246,9 @@ little point in requesting them.

    smtp_tls_mandatory_protocols = SSLv3, TLSv1 # Also available with Postfix ≥ 2.5: smtp_tls_mandatory_protocols = !SSLv2 + # Also available with Postfix ≥ 2.6: + smtp_tls_ciphers = export + smtp_tls_protocols =
    diff --git a/postfix/html/XFORWARD_README.html b/postfix/html/XFORWARD_README.html index 9eddd6170..64b60c662 100644 --- a/postfix/html/XFORWARD_README.html +++ b/postfix/html/XFORWARD_README.html @@ -95,6 +95,10 @@ names are shown in upper case, they are in fact case insensitive. is unavailable. Address information is not enclosed with [].

    +

  • When both the NAME and ADDR attributes have the value + [UNAVAILABLE], the upcoming MAIL FROM transaction corresponds + to a local submission.

    +

  • The PORT attribute specifies an up-stream client TCP port number in decimal, or [UNAVAILABLE] when the information is unavailable.

    @@ -151,11 +155,6 @@ initializes all XFORWARD attributes to [UNAVAILABLE]. With each valid XFORWARD command, the server updates XFORWARD attributes with the specified values.

    -

    When both the NAME and ADDR attributes have the value [UNAVAILABLE], -the MAIL FROM transaction corresponds to a local submission. In -this case the server must also treat the HELO, PORT and PROTO -attributes as [UNAVAILABLE].

    -

    When the server uses XFORWARD attributes for logging purposes, it must not mix XFORWARD attributes with attributes from the current SMTP session.

    diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index ddfc4ab1c..fd01a39d5 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -194,7 +194,7 @@ SMTP(8) SMTP(8) smtp_quote_rfc821_envelope (yes) Quote addresses in SMTP MAIL FROM and RCPT TO com- - mands as required by RFC 821. + mands as required by RFC 2821. smtp_skip_5xx_greeting (yes) Skip SMTP servers that greet with a 5XX status code @@ -509,6 +509,17 @@ SMTP(8) SMTP(8) The message digest algorithm used to construct remote SMTP server certificate fingerprints. + Available in Postfix version 2.6 and later: + + smtp_tls_protocols (empty) + List of TLS protocols that the Postfix SMTP client + will exclude or include with opportunistic TLS + encryption. + + smtp_tls_ciphers (export) + The minimum TLS cipher grade that the Postfix SMTP + client will use with opportunistic TLS encryption. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these @@ -547,7 +558,7 @@ SMTP(8) SMTP(8) smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per delivery via + The maximal number of recipients per message for the smtp message delivery transport. smtp_connect_timeout (30s) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index bc1080e74..d8236ca9f 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4185,6 +4185,17 @@ configuration parameter. See there for details.

    This feature is available in Postfix 2.3 and later.

    +
    • + +
    lmtp_tls_ciphers +(default: export)
    + +

    The LMTP-specific version of the smtp_tls_ciphers configuration +parameter. See there for details.

    + +

    This feature is available in Postfix 2.6 and later.

    + +
    lmtp_tls_dcert_file @@ -4339,6 +4350,17 @@ configuration parameter. See there for details.

    This feature is available in Postfix 2.3 and later.

    + + +
    lmtp_tls_protocols +(default: empty)
    + +

    The LMTP-specific version of the smtp_tls_protocols configuration +parameter. See there for details.

    + +

    This feature is available in Postfix 2.6 and later.

    + +
    lmtp_tls_scert_verifydepth @@ -8701,6 +8723,34 @@ control over the TLS software and settings of the peer servers.

    Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead.

    + + +
    smtp_tls_ciphers +(default: export)
    + +

    The minimum TLS cipher grade that the Postfix SMTP client +will use with opportunistic TLS encryption. Cipher types listed in +smtp_tls_exclude_ciphers are excluded from the base definition of +the selected cipher grade. The default value "export" ensures maximum +inter-operability. Because encryption is optional, stronger controls +are not appropriate, and this setting SHOULD NOT be changed unless the +change is essential.

    + +

    When TLS is mandatory the cipher grade is chosen via the +smtp_tls_mandatory_ciphers configuration parameter, see there for syntax +details. See smtp_tls_policy_maps for information on how to configure +ciphers on a per-destination basis.

    + +

    Example:

    +
    +smtp_tls_ciphers = export
+
    + +

    This feature is available in Postfix 2.6 and later. With earlier Postfix +releases only the smtp_tls_mandatory_ciphers parameter is implemented, +and opportunistic TLS always uses "export" or better (i.e. all) ciphers.

    + +
    smtp_tls_dcert_file @@ -9045,6 +9095,10 @@ SMTP client cipher list at mandatory TLS security levels. This list works in addition to the exclusions listed with smtp_tls_exclude_ciphers (see there for syntax details).

    +

    Starting with Postfix 2.6, the mandatory cipher exclusions can be +specified on a per-destination basis via the TLS policy "exclude" +attribute. See smtp_tls_policy_maps for notes and examples.

    +

    This feature is available in Postfix 2.3 and later.

    @@ -9165,9 +9219,10 @@ settings. "verify" security levels for the new smtp_tls_security_level parameter introduced in Postfix 2.3. Starting with Postfix 2.3, and independently of how the policy is specified, the smtp_tls_mandatory_ciphers and -smtp_tls_mandatory_protocols parameters only apply when TLS encryption -is mandatory. Connections for which encryption is optional enable -all "export" grade and better ciphers.

    +smtp_tls_mandatory_protocols parameters apply when TLS encryption +is mandatory. Connections for which encryption is optional typically +enable all "export" grade and better ciphers and all SSL/TLS protocols +(see smtp_tls_ciphers and smtp_tls_protocols).

    As long as no secure DNS lookup mechanism is available, false hostnames in MX or CNAME responses can change the server hostname @@ -9223,21 +9278,23 @@ security are:

    No TLS. No additional attributes are supported at this level.
    may
    -
    Opportunistic TLS. No additional attributes are supported at this -level. Since sending in the clear is acceptable, demanding stronger -than default TLS security parameters merely reduces inter-operability. -Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers and -smtp_tls_mandatory_protocols parameters at this security level; all -protocols are allowed and "export" grade or better ciphers are used. -When TLS handshakes fail, the connection is retried with TLS disabled. +
    Opportunistic TLS. Since sending in the clear is acceptable, +demanding stronger than default TLS security merely reduces +inter-operability. The optional "ciphers", "exclude" and "protocols" +attributes (available for opportunistic TLS with Postfix ≥ 2.6) +override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and +"smtp_tls_protocols" configuration parameters. When opportunistic TLS +handshakes fail, Postfix retries the connection with TLS disabled. This allows mail delivery to sites with non-interoperable TLS implementations.
    encrypt
    Mandatory TLS encryption. At this level -and higher the optional "ciphers" attribute overrides the main.cf -smtp_tls_mandatory_ciphers parameter and the optional "protocols" -keyword overrides the main.cf smtp_tls_mandatory_protocols parameter. -In the policy table, multiple protocols must be separated by colons, +and higher, the optional "protocols" attribute overrides the main.cf +smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute +overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the +optional "exclude" attribute (Postfix ≥ 2.6) overrides the main.cf +smtp_tls_mandatory_exclude_ciphers parameter. In the policy table, +multiple protocols or excluded ciphers must be separated by colons, as attribute values may not contain whitespace or commas.
    fingerprint
    Certificate fingerprint @@ -9317,6 +9374,39 @@ configurations in environments where DNS security is not assured.

    This feature is available in Postfix 2.3 and later.

    +
    + +
    smtp_tls_protocols +(default: empty)
    + +

    List of TLS protocols that the Postfix SMTP client will exclude +or include with opportunistic TLS encryption. This parameter SHOULD be +left at its default empty value, allowing all protocols to be used with +opportunistic TLS.

    + +

    In main.cf the values are separated by whitespace, commas or +colons. In the policy table (see smtp_tls_policy_maps) the only valid +separator is colon. An empty value means allow all protocols. The valid +protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" +and "TLSv1".

    + +

    To include a protocol list its name, to exclude it, prefix the name +with a "!" character. To exclude SSLv2 even for opportunistic TLS set +"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set +"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to +include, is supported, but not recommended. OpenSSL provides no mechanisms +for excluding protocols not known at compile-time. If Postfix is linked +against an OpenSSL library that supports additional protocol versions, +they cannot be excluded using either syntax.

    + +

    Example:

    +
    +smtp_tls_protocols = !SSLv2
+
    + +

    This feature is available in Postfix 2.6 and later.

    + +
    smtp_tls_scert_verifydepth @@ -9403,10 +9493,12 @@ destinations via smtp_tls_policy_
    Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext. Since sending in the clear is acceptable, demanding stronger than default TLS -security parameters merely reduces inter-operability. Postfix 2.3 and -later ignore the smtp_tls_mandatory_ciphers and -smtp_tls_mandatory_protocols parameters at this security level; all -protocols are allowed and "export" grade or better ciphers are used. +security merely reduces inter-operability. +The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6) +configuration parameters provide control over the protocols and +cipher grade used with opportunistic TLS. With earlier releases the +opportunistic TLS cipher grade is always "export" and no protocols +are disabled. When TLS handshakes fail, the connection is retried with TLS disabled. This allows mail delivery to sites with non-interoperable TLS implementations.
    @@ -9462,6 +9554,13 @@ Examples: 
     # Opportunistic TLS.
 smtp_tls_security_level = may
+# Postfix ≥ 2.6:
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade from "export" to "low" or "medium").
+smtp_tls_ciphers = export
+smtp_tls_protocols =
 
    @@ -11929,6 +12028,33 @@ clients. 
    
 Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead. 
    
 
 
+
+
+
    smtpd_tls_ciphers
+(default: export)
    
+
+
     The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+smtpd_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. 
    
+
+
     When TLS is mandatory the cipher grade is chosen via the
+smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. 
    
+
+
     Example: 
    
+
    +smtpd_tls_ciphers = export
+
    
+
+
     This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. 
    
+
+
 
    
 
 
    smtpd_tls_dcert_file
@@ -12165,13 +12291,12 @@ loglevel 4 is strongly discouraged. 
    
 
    smtpd_tls_mandatory_ciphers
 (default: medium)
    
 
-
     The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
-or smtpd_tls_exclude_ciphers are excluded from the base definition
-of the selected cipher grade. With opportunistic TLS encryption,
-the "export" grade is used unconditionally with exclusions specified
-only via smtpd_tls_exclude_ciphers. 
    
+
     The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption. Cipher types listed in
+smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
+excluded from the base definition of the selected cipher grade. See
+smtpd_tls_ciphers for cipher controls that apply to opportunistic
+TLS. 
    
 
 
     The following cipher grades are supported: 
    
 
@@ -12289,6 +12414,39 @@ level. 
    
 
     This feature is available in Postfix 2.3 and later. 
    
 
 
+
    
+
+
    smtpd_tls_protocols
+(default: empty)
    
+
+
     List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. 
    
+
+
     In main.cf the values are separated by whitespace, commas or
+colons. An empty value means allow all protocols. The valid protocol
+names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
+"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
+values are separated by a colon. 
    
+
+
     To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. 
    
+
+
     Example: 
    
+
    +smtpd_tls_protocols = !SSLv2
+
    
+
+
     This feature is available in Postfix 2.6 and later. 
    
+
+
 
    
 
 
    smtpd_tls_received_header
diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html
index ddfc4ab1c..fd01a39d5 100644
--- a/postfix/html/smtp.8.html
+++ b/postfix/html/smtp.8.html
@@ -194,7 +194,7 @@ SMTP(8)                                                                SMTP(8)
 
        smtp_quote_rfc821_envelope (yes)
               Quote addresses in SMTP MAIL FROM and RCPT TO  com-
-              mands as required by RFC 821.
+              mands as required by RFC 2821.
 
        smtp_skip_5xx_greeting (yes)
               Skip SMTP servers that greet with a 5XX status code
@@ -509,6 +509,17 @@ SMTP(8)                                                                SMTP(8)
               The message  digest  algorithm  used  to  construct
               remote SMTP server certificate fingerprints.
 
+       Available in Postfix version 2.6 and later:
+
+       smtp_tls_protocols (empty)
+              List  of TLS protocols that the Postfix SMTP client
+              will exclude  or  include  with  opportunistic  TLS
+              encryption.
+
+       smtp_tls_ciphers (export)
+              The  minimum TLS cipher grade that the Postfix SMTP
+              client will use with opportunistic TLS  encryption.
+
 OBSOLETE STARTTLS CONTROLS
        The  following configuration parameters exist for compati-
        bility with Postfix versions before 2.3. Support for these
@@ -547,7 +558,7 @@ SMTP(8)                                                                SMTP(8)
 
        smtp_destination_recipient_limit        ($default_destina-
        tion_recipient_limit)
-              The maximal number of recipients per  delivery  via
+              The maximal number of recipients  per  message  for
               the smtp message delivery transport.
 
        smtp_connect_timeout (30s)
diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html
index f60e811b8..491276fee 100644
--- a/postfix/html/smtpd.8.html
+++ b/postfix/html/smtpd.8.html
@@ -505,6 +505,17 @@ SMTPD(8)                                                              SMTPD(8)
               client-certificate         fingerprints         for
               check_ccert_access and permit_tls_clientcerts.
 
+       Available in Postfix version 2.6 and later:
+
+       smtpd_tls_protocols (empty)
+              List  of TLS protocols that the Postfix SMTP server
+              will exclude  or  include  with  opportunistic  TLS
+              encryption.
+
+       smtpd_tls_ciphers (export)
+              The  minimum TLS cipher grade that the Postfix SMTP
+              server will use with opportunistic TLS  encryption.
+
 OBSOLETE STARTTLS CONTROLS
        The  following configuration parameters exist for compati-
        bility with Postfix versions before 2.3. Support for these
diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5
index 263f792ae..a270edf0e 100644
--- a/postfix/man/man5/postconf.5
+++ b/postfix/man/man5/postconf.5
@@ -2277,6 +2277,11 @@ The LMTP-specific version of the smtp_tls_cert_file
 configuration parameter.  See there for details.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_ciphers (default: export)
+The LMTP-specific version of the smtp_tls_ciphers configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later.
 .SH lmtp_tls_dcert_file (default: empty)
 The LMTP-specific version of the smtp_tls_dcert_file
 configuration parameter.  See there for details.
@@ -2347,6 +2352,11 @@ The LMTP-specific version of the smtp_tls_policy_maps
 configuration parameter. See there for details.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH lmtp_tls_protocols (default: empty)
+The LMTP-specific version of the smtp_tls_protocols configuration
+parameter. See there for details.
+.PP
+This feature is available in Postfix 2.6 and later.
 .SH lmtp_tls_scert_verifydepth (default: 9)
 The LMTP-specific version of the smtp_tls_scert_verifydepth
 configuration parameter.  See there for details.
@@ -4957,6 +4967,32 @@ control over the TLS software and settings of the peer servers.
 .PP
 This feature is available in Postfix version 2.2. It is not used with
 Postfix 2.3 and later; use smtp_tls_mandatory_ciphers instead.
+.SH smtp_tls_ciphers (default: export)
+The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+smtp_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential.
+.PP
+When TLS is mandatory the cipher grade is chosen via the
+smtp_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. See smtp_tls_policy_maps for information on how to configure
+ciphers on a per-destination basis.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtp_tls_ciphers = export
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtp_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers.
 .SH smtp_tls_dcert_file (default: empty)
 File with the Postfix SMTP client DSA certificate in PEM format.
 This file may also contain the Postfix SMTP client private DSA key.
@@ -5260,6 +5296,10 @@ SMTP client cipher list at mandatory TLS security levels. This list
 works in addition to the exclusions listed with smtp_tls_exclude_ciphers
 (see there for syntax details).
 .PP
+Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per-destination basis via the TLS policy "exclude"
+attribute. See smtp_tls_policy_maps for notes and examples.
+.PP
 This feature is available in Postfix 2.3 and later.
 .SH smtp_tls_mandatory_protocols (default: SSLv3, TLSv1)
 List of SSL/TLS protocols that the Postfix SMTP client will use with
@@ -5366,9 +5406,10 @@ The above keywords correspond to the "none", "may", "encrypt" and
 "verify" security levels for the new smtp_tls_security_level parameter
 introduced in Postfix 2.3. Starting with Postfix 2.3, and independently
 of how the policy is specified, the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters only apply when TLS encryption
-is mandatory. Connections for which encryption is optional enable
-all "export" grade and better ciphers.
+smtp_tls_mandatory_protocols parameters apply when TLS encryption
+is mandatory. Connections for which encryption is optional typically
+enable all "export" grade and better ciphers and all SSL/TLS protocols
+(see smtp_tls_ciphers and smtp_tls_protocols).
 .PP
 As long as no secure DNS lookup mechanism is available, false
 hostnames in MX or CNAME responses can change the server hostname
@@ -5413,21 +5454,23 @@ security are:
 .IP "\fBnone\fR"
 No TLS. No additional attributes are supported at this level.
 .IP "\fBmay\fR"
-Opportunistic TLS. No additional attributes are supported at this
-level. Since sending in the clear is acceptable, demanding stronger
-than default TLS security parameters merely reduces inter-operability.
-Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
-When TLS handshakes fail, the connection is retried with TLS disabled.
+Opportunistic TLS. Since sending in the clear is acceptable,
+demanding stronger than default TLS security merely reduces
+inter-operability. The optional "ciphers", "exclude" and "protocols"
+attributes (available for opportunistic TLS with Postfix >= 2.6)
+override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and
+"smtp_tls_protocols" configuration parameters. When opportunistic TLS
+handshakes fail, Postfix retries the connection with TLS disabled.
 This allows mail delivery to sites with non-interoperable TLS
 implementations.
 .IP "\fBencrypt\fR"
 Mandatory TLS encryption. At this level
-and higher the optional "ciphers" attribute overrides the main.cf
-smtp_tls_mandatory_ciphers parameter and the optional "protocols"
-keyword overrides the main.cf smtp_tls_mandatory_protocols parameter.
-In the policy table, multiple protocols must be separated by colons,
+and higher, the optional "protocols" attribute overrides the main.cf
+smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute
+overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the
+optional "exclude" attribute (Postfix >= 2.6) overrides the main.cf
+smtp_tls_mandatory_exclude_ciphers parameter. In the policy table,
+multiple protocols or excluded ciphers must be separated by colons,
 as attribute values may not contain whitespace or commas.
 .IP "\fBfingerprint\fR"
 Certificate fingerprint
@@ -5509,6 +5552,37 @@ DNS forgery. Do not use the \fBhostname\fR strategy for secure-channel
 configurations in environments where DNS security is not assured.
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH smtp_tls_protocols (default: empty)
+List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS.
+.PP
+In main.cf the values are separated by whitespace, commas or
+colons. In the policy table (see smtp_tls_policy_maps) the only valid
+separator is colon. An empty value means allow all protocols. The valid
+protocol names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3"
+and "TLSv1".
+.PP
+To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtp_tls_protocols = !SSLv2
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
 .SH smtp_tls_scert_verifydepth (default: 9)
 The verification depth for remote SMTP server certificates. A depth
 of 1 is sufficient if the issuing CA is listed in a local CA file.
@@ -5579,10 +5653,12 @@ destinations via smtp_tls_policy_maps.
 Opportunistic TLS. Use TLS if this is supported by the remote
 SMTP server, otherwise use plaintext. Since
 sending in the clear is acceptable, demanding stronger than default TLS
-security parameters merely reduces inter-operability. Postfix 2.3 and
-later ignore the smtp_tls_mandatory_ciphers and
-smtp_tls_mandatory_protocols parameters at this security level; all
-protocols are allowed and "export" grade or better ciphers are used.
+security merely reduces inter-operability.
+The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix >= 2.6)
+configuration parameters provide control over the protocols and
+cipher grade used with opportunistic TLS.  With earlier releases the
+opportunistic TLS cipher grade is always "export" and no protocols
+are disabled.
 When TLS handshakes fail, the connection is retried with TLS disabled.
 This allows mail delivery to sites with non-interoperable TLS
 implementations.
@@ -5640,6 +5716,13 @@ smtp_tls_security_level = none
 .ft C
 # Opportunistic TLS.
 smtp_tls_security_level = may
+# Postfix >= 2.6:
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade from "export" to "low" or "medium").
+smtp_tls_ciphers = export
+smtp_tls_protocols =
 .fi
 .ad
 .ft R
@@ -7329,6 +7412,31 @@ clients.
 .PP
 This feature is available with Postfix version 2.2. It is not used with
 Postfix 2.3 and later; use smtpd_tls_mandatory_ciphers instead.
+.SH smtpd_tls_ciphers (default: export)
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+smtpd_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential.
+.PP
+When TLS is mandatory the cipher grade is chosen via the
+smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
+details.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtpd_tls_ciphers = export
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers.
 .SH smtpd_tls_dcert_file (default: empty)
 File with the Postfix SMTP server DSA certificate in PEM format.
 This file may also contain the Postfix SMTP server private DSA key.
@@ -7541,13 +7649,12 @@ loglevel 4 is strongly discouraged.
 .PP
 This feature is available in Postfix 2.2 and later.
 .SH smtpd_tls_mandatory_ciphers (default: medium)
-The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
-or smtpd_tls_exclude_ciphers are excluded from the base definition
-of the selected cipher grade. With opportunistic TLS encryption,
-the "export" grade is used unconditionally with exclusions specified
-only via smtpd_tls_exclude_ciphers.
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption. Cipher types listed in
+smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
+excluded from the base definition of the selected cipher grade. See
+smtpd_tls_ciphers for cipher controls that apply to opportunistic
+TLS.
 .PP
 The following cipher grades are supported:
 .IP "\fBexport\fR"
@@ -7647,6 +7754,37 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 .ft R
 .PP
 This feature is available in Postfix 2.3 and later.
+.SH smtpd_tls_protocols (default: empty)
+List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS.
+.PP
+In main.cf the values are separated by whitespace, commas or
+colons. An empty value means allow all protocols. The valid protocol
+names, (see \\fBfBSSL_get_version\fR(3)\fR), are "SSLv2", "SSLv3" and
+"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
+values are separated by a colon.
+.PP
+To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax.
+.PP
+Example:
+.nf
+.na
+.ft C
+smtpd_tls_protocols = !SSLv2
+.fi
+.ad
+.ft R
+.PP
+This feature is available in Postfix 2.6 and later.
 .SH smtpd_tls_received_header (default: no)
 Request that the Postfix SMTP server produces Received:  message
 headers that include information about the protocol and cipher used,
diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8
index 830b72625..f1d396f42 100644
--- a/postfix/man/man8/smtp.8
+++ b/postfix/man/man8/smtp.8
@@ -184,7 +184,7 @@ Lookup tables, indexed by the remote SMTP server address, with
 per-destination workarounds for CISCO PIX firewall bugs.
 .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
 Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-by RFC 821.
+by RFC 2821.
 .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
 Skip SMTP servers that greet with a 5XX status code (go away, do
 not try again later).
@@ -414,6 +414,14 @@ fingerprint).
 .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR"
 The message digest algorithm used to construct remote SMTP server
 certificate fingerprints.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBsmtp_tls_protocols (empty)\fR"
+List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption.
+.IP "\fBsmtp_tls_ciphers (export)\fR"
+The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption.
 .SH "OBSOLETE STARTTLS CONTROLS"
 .na
 .nf
@@ -447,7 +455,7 @@ cipher list.
 The maximal number of parallel deliveries to the same destination
 via the smtp message delivery transport.
 .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR"
-The maximal number of recipients per delivery via the smtp
+The maximal number of recipients per message for the smtp
 message delivery transport.
 .IP "\fBsmtp_connect_timeout (30s)\fR"
 The SMTP client time limit for completing a TCP connection, or
diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8
index d1e45a72c..07c25d24d 100644
--- a/postfix/man/man8/smtpd.8
+++ b/postfix/man/man8/smtpd.8
@@ -370,9 +370,8 @@ File with the Postfix SMTP server RSA private key in PEM format.
 .IP "\fBsmtpd_tls_loglevel (0)\fR"
 Enable additional Postfix SMTP server logging of TLS activity.
 .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
-The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption.
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption.
 .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
 Additional list of ciphers or cipher types to exclude from the
 SMTP server cipher list at mandatory TLS security levels.
@@ -417,6 +416,14 @@ Available in Postfix version 2.5 and later:
 The message digest algorithm used to construct client-certificate
 fingerprints for \fBcheck_ccert_access\fR and
 \fBpermit_tls_clientcerts\fR.
+.PP
+Available in Postfix version 2.6 and later:
+.IP "\fBsmtpd_tls_protocols (empty)\fR"
+List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption.
+.IP "\fBsmtpd_tls_ciphers (export)\fR"
+The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption.
 .SH "OBSOLETE STARTTLS CONTROLS"
 .na
 .nf
diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink
index 38306a692..8d42cb605 100755
--- a/postfix/mantools/postlink
+++ b/postfix/mantools/postlink
@@ -213,6 +213,8 @@ while (<>) {
     s;\blmtp_connection_cache_destinations\b;$&;g;
     s;\blmtp_connection_cache_time_limit\b;$&;g;
     s;\blmtp_tls_mandatory_protocols\b;$&;g;
+    s;\blmtp_tls_protocols\b;$&;g;
+    s;\blmtp_tls_ciphers\b;$&;g;
     s;\blmtp_tls_policy_maps\b;$&;g;
     s;\blmtp_tls_secure_cert_match\b;$&;g;
     s;\blmtp_tls_security_level\b;$&;g;
@@ -569,6 +571,8 @@ while (<>) {
     s;\bsmtp_tls_CApath\b;$&;g;
     s;\bsmtp_tls_cert_file\b;$&;g;
     s;\bsmtp_tls_fingerprint_digest\b;$&;g;
+    s;\bsmtp_tls_protocols\b;$&;g;
+    s;\bsmtp_tls_ciphers\b;$&;g;
     s;\bsmtp_tls_mandatory_ciphers\b;$&;g;
     s;\bsmtp_tls_cipherlist\b;$&;g;
     s;\bsmtp_tls_exclude_ciphers\b;$&;g;
@@ -607,6 +611,8 @@ while (<>) {
     s;\bsmtpd_tls_cipherlist\b;$&;g;
     s;\bsmtpd_tls_exclude_ciphers\b;$&;g;
     s;\bsmtpd_tls_fingerprint_digest\b;$&;g;
+    s;\bsmtpd_tls_protocols\b;$&;g;
+    s;\bsmtpd_tls_ciphers\b;$&;g;
     s;\bsmtpd_tls_mandatory_ciphers\b;$&;g;
     s;\bsmtpd_tls_mandatory_exclude_ciphers\b;$&;g;
     s;\bsmtpd_tls_dcert_file\b;$&;g;
diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html
index d171dfe17..81cbf4c13 100644
--- a/postfix/proto/TLS_README.html
+++ b/postfix/proto/TLS_README.html
@@ -746,26 +746,36 @@ explicit OpenSSL cipherlist. The obsolete setting applies even when TLS
 encryption is not enforced. Use of this control on public MX hosts is
 strongly discouraged. 
    
 
-
     With mandatory TLS encryption, the Postfix SMTP server will by
-default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
-is optional. This is controlled by the smtpd_tls_mandatory_protocols
-configuration parameter. 
    
-
 
     The Postfix SMTP server supports 5 distinct cipher security levels
 as specified by the smtpd_tls_mandatory_ciphers configuration parameter,
 which determines the cipher grade with mandatory TLS encryption. The
 default value is "medium" which is essentially 128-bit encryption or better.
 With opportunistic TLS encryption, the minimum accepted cipher grade is
-always "export". 
    
-
-
     By default anonymous ciphers are allowed, and automatically disabled
-when client certificates are requested. If clients are expected to always
-verify the server certificate you may want to exclude anonymous ciphers
-by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL".
-One can't force a client to check the server certificate, so excluding
+typically "export". Postfix ≥ 2.6 has a corresponding smtpd_tls_ciphers
+parameter which controls the cipher grade used with opportunistic TLS. 
    
+
+
     By default anonymous ciphers are enabled. They are automatically
+disabled when remote SMTP client certificates are requested. If
+clients are expected to always verify the Postfix SMTP
+server certificate you may want to disable anonymous ciphers
+by setting "smtpd_tls_mandatory_exclude_ciphers = aNULL" or
+"smtpd_tls_exclude_ciphers = aNULL", as appropriate. One can't force
+a remote SMTP client to check the server certificate, so excluding
 anonymous ciphers is generally unnecessary. 
    
 
-
     For a server that is not a public Internet MX host, Postfix 2.3
+
     The "smtpd_tls_ciphers" (Postfix ≥ 2.6) configuration parameter
+provides control over the minimum cipher grade for opportunistic TLS. With
+Postfix < 2.6, the minimum opportunistic TLS cipher grade is always
+"export". 
    
+
+
     With mandatory TLS encryption, the Postfix SMTP server will by
+default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption
+is optional. The mandatory TLS protocol list is specified via the
+smtpd_tls_mandatory_protocols configuration parameter. Postfix ≥
+2.6 has a corresponding smtpd_tls_protocols parameter which controls
+the SSL/TLS protocols used with opportunistic TLS. 
    
+
+
     For a server that is not a public Internet MX host, Postfix (≥ 2.3)
 supports configurations with no server
 certificates that use only the anonymous ciphers. This is
 enabled by explicitly setting "smtpd_tls_cert_file = none"
@@ -1264,11 +1274,12 @@ With Postfix 2.3 and later, opportunistic TLS can be configured by
 setting "smtp_tls_security_level = may".
 
 
     Since sending in the clear is acceptable, demanding stronger
-than default TLS security merely reduces inter-operability.  For
-this reason, Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers
-and smtp_tls_mandatory_protocols parameters at the "may"
-security level: all protocols are allowed, and "export" grade or
-better ciphers are used. 
    
+than default TLS security mostly reduces inter-operability. If you
+must restrict TLS protocol or cipher selection even with opportunistic
+TLS, the Postfix ≥ 2.6 "smtp_tls_ciphers" and "smtp_tls_protocols"
+configuration parameters provide control over the protocols and cipher grade
+used with opportunistic TLS. With earlier releases the opportunistic TLS
+cipher grade is always "export" and no protocols are disabled. 
    
 
 
     With Postfix 2.2 and earlier, or when smtp_tls_security_level is
 set to its default (backwards compatible) empty value, the appropriate
@@ -1820,15 +1831,19 @@ describe the corresponding table syntax: 
    
 additional attributes are supported at this level. 
 
 
    may
     
    Opportunistic TLS.
-No additional attributes are supported at this level. 
    
-
-
    encrypt
     
    Mandatory
-encryption. Mail is delivered only if the remote SMTP
-server offers STARTTLS and the TLS handshake succeeds. At this
-level and higher the optional "ciphers" attribute overrides the
+The optional "ciphers", "exclude" and "protocols" attributes
+(available for opportunistic TLS with Postfix ≥ 2.6) override the
+"smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols"
+configuration parameters.  
    
+
+
    encrypt
     
     Mandatory encryption.
+Mail is delivered only if the remote SMTP server offers STARTTLS
+and the TLS handshake succeeds. At this level and higher, the optional
+"protocols" attribute overrides the main.cf smtp_tls_mandatory_protocols
+parameter, the optional "ciphers" attribute overrides the
 main.cf smtp_tls_mandatory_ciphers parameter, and the optional
-"protocols" attribute
-overrides the main.cf smtp_tls_mandatory_protocols parameter. 
    
+"exclude" attribute (Postfix ≥ 2.6) overrides the main.cf
+smtp_tls_mandatory_exclude_ciphers parameter.  
 
 
    fingerprint
     
    Certificate
 fingerprint verification. Available with Postfix 2.5 and
@@ -1881,6 +1896,19 @@ host fails.  
    
 multiple match strategies, or multiple protocols, these must be
 separated by colons.  
    
 
+
  •  
     The "exclude" attribute (Postfix ≥ 2.6) is used to disable
+ciphers that cause handshake failures with a specific mandatory TLS
+destination, without disabling the ciphers for all mandatory destinations.
+Alternatively, you can exclude ciphers that cause issues with multiple 
+remote servers in main.cf, and selectively enable them on a per-destination
+basis in the policy table by setting a shorter or empty exclusion list. The
+per-destination "exclude" list preempts both the opportunistic and
+mandatory security level exclusions, so that all excluded ciphers
+can be enabled for known-good destinations.  For non-mandatory TLS
+destinations that exhibit cipher-specific problems, Postfix will fall
+back to plain-text delivery.  If plain-text is not acceptable make TLS
+mandatory and exclude the problem ciphers. 
    
+
 
 
 
    
@@ -1906,6 +1934,8 @@ Example:
     [thumb.example.org]         fingerprint
     	match=EC:3B:2D:B0:5B:B1:FB:6D:20:A3:9D:72:F6:8D:12:35
 	match=3D:95:34:51:24:66:33:B9:D2:40:99:C0:C1:17:0B:D1
+    # Postfix 2.6 and later
+    example.info            may protocols=!SSLv2 ciphers=medium exclude=3DES
    • @@ -2193,6 +2223,18 @@ no need to take these measures. Anonymous ciphers save bandwidth and TLS session cache space, if certificates are ignored, there is little point in requesting them.

    +

    The "smtp_tls_ciphers" (Postfix ≥ 2.6) configuration parameter +provides control over the minimum cipher grade for opportunistic TLS. With +Postfix < 2.6, the minimum opportunistic TLS cipher grade is always +"export".

    + +

    With mandatory TLS encryption, the Postfix SMTP client will by +default only use SSLv3 or TLSv1. SSLv2 is only used when TLS encryption +is optional. The mandatory TLS protocol list is specified via the +smtp_tls_mandatory_protocols configuration parameter. Postfix ≥ +2.6 has a corresponding smtp_tls_protocols parameter which controls +the SSL/TLS protocols used with opportunistic TLS.

    +

    Example:

    @@ -2204,6 +2246,9 @@ little point in requesting them.

    smtp_tls_mandatory_protocols = SSLv3, TLSv1 # Also available with Postfix ≥ 2.5: smtp_tls_mandatory_protocols = !SSLv2 + # Also available with Postfix ≥ 2.6: + smtp_tls_ciphers = export + smtp_tls_protocols =
    diff --git a/postfix/proto/XFORWARD_README.html b/postfix/proto/XFORWARD_README.html index 0cff1389e..3762b537f 100644 --- a/postfix/proto/XFORWARD_README.html +++ b/postfix/proto/XFORWARD_README.html @@ -95,6 +95,10 @@ names are shown in upper case, they are in fact case insensitive. is unavailable. Address information is not enclosed with [].

    +

  • When both the NAME and ADDR attributes have the value + [UNAVAILABLE], the upcoming MAIL FROM transaction corresponds + to a local submission.

    +

  • The PORT attribute specifies an up-stream client TCP port number in decimal, or [UNAVAILABLE] when the information is unavailable.

    @@ -151,11 +155,6 @@ initializes all XFORWARD attributes to [UNAVAILABLE]. With each valid XFORWARD command, the server updates XFORWARD attributes with the specified values.

    -

    When both the NAME and ADDR attributes have the value [UNAVAILABLE], -the MAIL FROM transaction corresponds to a local submission. In -this case the server must also treat the HELO, PORT and PROTO -attributes as [UNAVAILABLE].

    -

    When the server uses XFORWARD attributes for logging purposes, it must not mix XFORWARD attributes with attributes from the current SMTP session.

    diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 6b45f1d36..eae09926c 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -9049,9 +9049,10 @@ settings. "verify" security levels for the new smtp_tls_security_level parameter introduced in Postfix 2.3. Starting with Postfix 2.3, and independently of how the policy is specified, the smtp_tls_mandatory_ciphers and -smtp_tls_mandatory_protocols parameters only apply when TLS encryption -is mandatory. Connections for which encryption is optional enable -all "export" grade and better ciphers.

    +smtp_tls_mandatory_protocols parameters apply when TLS encryption +is mandatory. Connections for which encryption is optional typically +enable all "export" grade and better ciphers and all SSL/TLS protocols +(see smtp_tls_ciphers and smtp_tls_protocols).

    As long as no secure DNS lookup mechanism is available, false hostnames in MX or CNAME responses can change the server hostname @@ -9918,21 +9919,23 @@ security are:

    No TLS. No additional attributes are supported at this level.
    may
    -
    Opportunistic TLS. No additional attributes are supported at this -level. Since sending in the clear is acceptable, demanding stronger -than default TLS security parameters merely reduces inter-operability. -Postfix 2.3 and later ignore the smtp_tls_mandatory_ciphers and -smtp_tls_mandatory_protocols parameters at this security level; all -protocols are allowed and "export" grade or better ciphers are used. -When TLS handshakes fail, the connection is retried with TLS disabled. +
    Opportunistic TLS. Since sending in the clear is acceptable, +demanding stronger than default TLS security merely reduces +inter-operability. The optional "ciphers", "exclude" and "protocols" +attributes (available for opportunistic TLS with Postfix ≥ 2.6) +override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and +"smtp_tls_protocols" configuration parameters. When opportunistic TLS +handshakes fail, Postfix retries the connection with TLS disabled. This allows mail delivery to sites with non-interoperable TLS implementations.
    encrypt
    Mandatory TLS encryption. At this level -and higher the optional "ciphers" attribute overrides the main.cf -smtp_tls_mandatory_ciphers parameter and the optional "protocols" -keyword overrides the main.cf smtp_tls_mandatory_protocols parameter. -In the policy table, multiple protocols must be separated by colons, +and higher, the optional "protocols" attribute overrides the main.cf +smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute +overrides the main.cf smtp_tls_mandatory_ciphers parameter, and the +optional "exclude" attribute (Postfix ≥ 2.6) overrides the main.cf +smtp_tls_mandatory_exclude_ciphers parameter. In the policy table, +multiple protocols or excluded ciphers must be separated by colons, as attribute values may not contain whitespace or commas.
    fingerprint
    Certificate fingerprint @@ -10238,10 +10241,12 @@ destinations via smtp_tls_policy_maps.
    Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext. Since sending in the clear is acceptable, demanding stronger than default TLS -security parameters merely reduces inter-operability. Postfix 2.3 and -later ignore the smtp_tls_mandatory_ciphers and -smtp_tls_mandatory_protocols parameters at this security level; all -protocols are allowed and "export" grade or better ciphers are used. +security merely reduces inter-operability. +The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6) +configuration parameters provide control over the protocols and +cipher grade used with opportunistic TLS. With earlier releases the +opportunistic TLS cipher grade is always "export" and no protocols +are disabled. When TLS handshakes fail, the connection is retried with TLS disabled. This allows mail delivery to sites with non-interoperable TLS implementations.
    @@ -10297,6 +10302,13 @@ smtp_tls_security_level = none 
     # Opportunistic TLS.
 smtp_tls_security_level = may
+# Postfix ≥ 2.6:
+# Do not tweak opportunistic ciphers or protocols unless it is essential
+# to do so (if a security vulnerability is found in the SSL library that
+# can be mitigated by disabling a particular protocol or raising the
+# cipher grade from "export" to "low" or "medium").
+smtp_tls_ciphers = export
+smtp_tls_protocols =
 
    @@ -10536,13 +10548,12 @@ meanings.  
    
 
 %PARAM smtpd_tls_mandatory_ciphers medium
 
-
     The minimum TLS cipher grade that the Postfix SMTP server will
-use with mandatory
-TLS encryption. Cipher types listed in smtpd_tls_mandatory_exclude_ciphers
-or smtpd_tls_exclude_ciphers are excluded from the base definition
-of the selected cipher grade. With opportunistic TLS encryption,
-the "export" grade is used unconditionally with exclusions specified
-only via smtpd_tls_exclude_ciphers. 
    
+
     The minimum TLS cipher grade that the Postfix SMTP server
+will use with mandatory TLS encryption. Cipher types listed in
+smtpd_tls_mandatory_exclude_ciphers or smtpd_tls_exclude_ciphers are
+excluded from the base definition of the selected cipher grade. See
+smtpd_tls_ciphers for cipher controls that apply to opportunistic
+TLS. 
    
 
 
     The following cipher grades are supported: 
    
 
@@ -10760,6 +10771,10 @@ SMTP client cipher list at mandatory TLS security levels. This list
 works in addition to the exclusions listed with smtp_tls_exclude_ciphers
 (see there for syntax details).  
    
 
+
     Starting with Postfix 2.6, the mandatory cipher exclusions can be
+specified on a per-destination basis via the TLS policy "exclude"
+attribute. See smtp_tls_policy_maps for notes and examples. 
    
+
 
     This feature is available in Postfix 2.3 and later. 
    
 
 %PARAM tls_high_cipherlist ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
@@ -11183,6 +11198,125 @@ the hostname and IP address. The logging format is "host[address]:port".
 
 
     This feature is available in Postfix 2.5 and later. 
    
 
+%PARAM smtp_tls_protocols
+
+
     List of TLS protocols that the Postfix SMTP client will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. 
    
+
+
     In main.cf the values are separated by whitespace, commas or
+colons. In the policy table (see smtp_tls_policy_maps) the only valid
+separator is colon. An empty value means allow all protocols. The valid
+protocol names, (see SSL_get_version(3)), are "SSLv2", "SSLv3"
+and "TLSv1". 
    
+
+
     To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtp_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtp_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. 
    
+
+
     Example: 
    
+
    +smtp_tls_protocols = !SSLv2
+
    
+
+
     This feature is available in Postfix 2.6 and later. 
    
+
+%PARAM smtpd_tls_protocols
+
+
     List of TLS protocols that the Postfix SMTP server will exclude
+or include with opportunistic TLS encryption. This parameter SHOULD be
+left at its default empty value, allowing all protocols to be used with
+opportunistic TLS. 
    
+
+
     In main.cf the values are separated by whitespace, commas or
+colons. An empty value means allow all protocols. The valid protocol
+names, (see SSL_get_version(3)), are "SSLv2", "SSLv3" and
+"TLSv1". In smtp_tls_policy_maps table entries, "protocols" attribute
+values are separated by a colon. 
    
+
+
     To include a protocol list its name, to exclude it, prefix the name
+with a "!" character. To exclude SSLv2 even for opportunistic TLS set
+"smtpd_tls_protocols = !SSLv2". To exclude both "SSLv2" and "SSLv3" set
+"smtpd_tls_protocols = !SSLv2, !SSLv3". Explicitly listing the protocols to
+include, is supported, but not recommended. OpenSSL provides no mechanisms
+for excluding protocols not known at compile-time. If Postfix is linked
+against an OpenSSL library that supports additional protocol versions,
+they cannot be excluded using either syntax. 
    
+
+
     Example: 
    
+
    +smtpd_tls_protocols = !SSLv2
+
    
+
+
     This feature is available in Postfix 2.6 and later. 
    
+
+%PARAM lmtp_tls_protocols
+
+
     The LMTP-specific version of the smtp_tls_protocols configuration
+parameter. See there for details. 
    
+
+
     This feature is available in Postfix 2.6 and later. 
    
+
+%PARAM smtp_tls_ciphers export
+
+
     The minimum TLS cipher grade that the Postfix SMTP client
+will use with opportunistic TLS encryption. Cipher types listed in
+smtp_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. 
    
+
+
     When TLS is mandatory the cipher grade is chosen via the
+smtp_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. See smtp_tls_policy_maps for information on how to configure
+ciphers on a per-destination basis. 
    
+
+
     Example: 
    
+
    +smtp_tls_ciphers = export
+
    
+
+
     This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtp_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. 
    
+
+%PARAM smtpd_tls_ciphers export
+
+
     The minimum TLS cipher grade that the Postfix SMTP server
+will use with opportunistic TLS encryption. Cipher types listed in
+smtpd_tls_exclude_ciphers are excluded from the base definition of
+the selected cipher grade. The default value "export" ensures maximum
+inter-operability. Because encryption is optional, stronger controls
+are not appropriate, and this setting SHOULD NOT be changed unless the
+change is essential. 
    
+
+
     When TLS is mandatory the cipher grade is chosen via the
+smtpd_tls_mandatory_ciphers configuration parameter, see there for syntax
+details. 
    
+
+
     Example: 
    
+
    +smtpd_tls_ciphers = export
+
    
+
+
     This feature is available in Postfix 2.6 and later. With earlier Postfix
+releases only the smtpd_tls_mandatory_ciphers parameter is implemented,
+and opportunistic TLS always uses "export" or better (i.e. all) ciphers. 
    
+
+%PARAM lmtp_tls_ciphers export
+
+
     The LMTP-specific version of the smtp_tls_ciphers configuration
+parameter. See there for details. 
    
+
+
     This feature is available in Postfix 2.6 and later. 
    
+
 %PARAM smtp_header_checks
 
 
     Restricted header_checks(5) tables for the Postfix SMTP client.
diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c
index 4a7b8cd1a..b21da3e85 100644
--- a/postfix/src/cleanup/cleanup_envelope.c
+++ b/postfix/src/cleanup/cleanup_envelope.c
@@ -176,6 +176,7 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
 	    state->errs |= CLEANUP_STAT_BAD;
 	    return;
 	}
+	/* Zero-length values are place holders for unavailable values. */
 	if (*attr_value == 0) {
 	    msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
 		     state->queue_id, attr_name);
diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h
index 559ea4680..7fd009621 100644
--- a/postfix/src/global/mail_params.h
+++ b/postfix/src/global/mail_params.h
@@ -1189,10 +1189,18 @@ extern char *var_smtpd_tls_CAfile;
 #define DEF_SMTPD_TLS_CA_PATH	""
 extern char *var_smtpd_tls_CApath;
 
+#define VAR_SMTPD_TLS_PROTO		"smtpd_tls_protocols"
+#define DEF_SMTPD_TLS_PROTO		""
+extern char *var_smtpd_tls_proto;
+
 #define VAR_SMTPD_TLS_MAND_PROTO	"smtpd_tls_mandatory_protocols"
 #define DEF_SMTPD_TLS_MAND_PROTO	"SSLv3, TLSv1"
 extern char *var_smtpd_tls_mand_proto;
 
+#define VAR_SMTPD_TLS_CIPH	"smtpd_tls_ciphers"
+#define DEF_SMTPD_TLS_CIPH	"export"
+extern char *var_smtpd_tls_ciph;
+
 #define VAR_SMTPD_TLS_MAND_CIPH	"smtpd_tls_mandatory_ciphers"
 #define DEF_SMTPD_TLS_MAND_CIPH	"medium"
 extern char *var_smtpd_tls_mand_ciph;
@@ -1313,6 +1321,12 @@ extern char *var_smtp_tls_CAfile;
 #define DEF_LMTP_TLS_CA_PATH	""
 extern char *var_smtp_tls_CApath;
 
+#define VAR_SMTP_TLS_CIPH	"smtp_tls_ciphers"
+#define DEF_SMTP_TLS_CIPH	"export"
+#define VAR_LMTP_TLS_CIPH	"lmtp_tls_ciphers"
+#define DEF_LMTP_TLS_CIPH	"export"
+extern char *var_smtp_tls_ciph;
+
 #define VAR_SMTP_TLS_MAND_CIPH	"smtp_tls_mandatory_ciphers"
 #define DEF_SMTP_TLS_MAND_CIPH	"medium"
 #define VAR_LMTP_TLS_MAND_CIPH	"lmtp_tls_mandatory_ciphers"
@@ -1370,6 +1384,12 @@ extern int var_lmtp_tls_scache_timeout;
 #define DEF_LMTP_TLS_POLICY	""
 extern char *var_smtp_tls_policy;
 
+#define VAR_SMTP_TLS_PROTO	"smtp_tls_protocols"
+#define DEF_SMTP_TLS_PROTO	""
+#define VAR_LMTP_TLS_PROTO	"lmtp_tls_protocols"
+#define DEF_LMTP_TLS_PROTO	""
+extern char *var_smtp_tls_proto;
+
 #define VAR_SMTP_TLS_MAND_PROTO	"smtp_tls_mandatory_protocols"
 #define DEF_SMTP_TLS_MAND_PROTO	"SSLv3, TLSv1"
 #define VAR_LMTP_TLS_MAND_PROTO	"lmtp_tls_mandatory_protocols"
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 09700c2ee..0aabde098 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,19 +20,19 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20081007"
+#define MAIL_RELEASE_DATE	"20081010"
 #define MAIL_VERSION_NUMBER	"2.6"
 
 #ifdef SNAPSHOT
-# define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
+#define MAIL_VERSION_DATE	"-" MAIL_RELEASE_DATE
 #else
-# define MAIL_VERSION_DATE	""
+#define MAIL_VERSION_DATE	""
 #endif
 
 #ifdef NONPROD
-# define MAIL_VERSION_PROD	"-nonprod"
+#define MAIL_VERSION_PROD	"-nonprod"
 #else
-# define MAIL_VERSION_PROD	""
+#define MAIL_VERSION_PROD	""
 #endif
 
 #define VAR_MAIL_VERSION	"mail_version"
diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c
index 5f7c41b5a..1373752fa 100644
--- a/postfix/src/smtp/lmtp_params.c
+++ b/postfix/src/smtp/lmtp_params.c
@@ -24,6 +24,8 @@
 	VAR_LMTP_TLS_SEC_CMATCH, DEF_LMTP_TLS_SEC_CMATCH, &var_smtp_tls_sec_cmatch, 1, 0,
 	VAR_LMTP_TLS_FPT_CMATCH, DEF_LMTP_TLS_FPT_CMATCH, &var_smtp_tls_fpt_cmatch, 0, 0,
 	VAR_LMTP_TLS_FPT_DGST, DEF_LMTP_TLS_FPT_DGST, &var_smtp_tls_fpt_dgst, 1, 0,
+	VAR_LMTP_TLS_PROTO, DEF_LMTP_TLS_PROTO, &var_smtp_tls_proto, 0, 0,
+	VAR_LMTP_TLS_CIPH, DEF_LMTP_TLS_CIPH, &var_smtp_tls_ciph, 1, 0,
 #endif
 	VAR_LMTP_SASL_MECHS, DEF_LMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
 	VAR_LMTP_SASL_TYPE, DEF_LMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0,
diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c
index 487178781..56b63580f 100644
--- a/postfix/src/smtp/smtp.c
+++ b/postfix/src/smtp/smtp.c
@@ -162,7 +162,7 @@
 /*	per-destination workarounds for CISCO PIX firewall bugs.
 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
 /*	Quote addresses in SMTP MAIL FROM and RCPT TO commands as required
-/*	by RFC 821.
+/*	by RFC 2821.
 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
 /*	Skip SMTP servers that greet with a 5XX status code (go away, do
 /*	not try again later).
@@ -384,6 +384,14 @@
 /* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR"
 /*	The message digest algorithm used to construct remote SMTP server
 /*	certificate fingerprints.
+/* .PP
+/*	Available in Postfix version 2.6 and later:
+/* .IP "\fBsmtp_tls_protocols (empty)\fR"
+/*	List of TLS protocols that the Postfix SMTP client will exclude
+/*	or include with opportunistic TLS encryption.
+/* .IP "\fBsmtp_tls_ciphers (export)\fR"
+/*	The minimum TLS cipher grade that the Postfix SMTP client
+/*	will use with opportunistic TLS encryption.
 /* OBSOLETE STARTTLS CONTROLS
 /* .ad
 /* .fi
@@ -413,7 +421,7 @@
 /*	The maximal number of parallel deliveries to the same destination
 /*	via the smtp message delivery transport.
 /* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR"
-/*	The maximal number of recipients per delivery via the smtp
+/*	The maximal number of recipients per message for the smtp
 /*	message delivery transport.
 /* .IP "\fBsmtp_connect_timeout (30s)\fR"
 /*	The SMTP client time limit for completing a TCP connection, or
@@ -745,6 +753,8 @@ int     var_smtp_tls_scert_vd;
 char   *var_smtp_tls_vfy_cmatch;
 char   *var_smtp_tls_fpt_cmatch;
 char   *var_smtp_tls_fpt_dgst;
+char   *var_smtp_tls_proto;
+char   *var_smtp_tls_ciph;
 
 #endif
 
diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c
index 61cf8b33c..39ef024ba 100644
--- a/postfix/src/smtp/smtp_params.c
+++ b/postfix/src/smtp/smtp_params.c
@@ -25,6 +25,8 @@
 	VAR_SMTP_TLS_SEC_CMATCH, DEF_SMTP_TLS_SEC_CMATCH, &var_smtp_tls_sec_cmatch, 1, 0,
 	VAR_SMTP_TLS_FPT_CMATCH, DEF_SMTP_TLS_FPT_CMATCH, &var_smtp_tls_fpt_cmatch, 0, 0,
 	VAR_SMTP_TLS_FPT_DGST, DEF_SMTP_TLS_FPT_DGST, &var_smtp_tls_fpt_dgst, 1, 0,
+	VAR_SMTP_TLS_PROTO, DEF_SMTP_TLS_PROTO, &var_smtp_tls_proto, 0, 0,
+	VAR_SMTP_TLS_CIPH, DEF_SMTP_TLS_CIPH, &var_smtp_tls_ciph, 1, 0,
 #endif
 	VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0,
 	VAR_SMTP_SASL_TYPE, DEF_SMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0,
diff --git a/postfix/src/smtp/smtp_session.c b/postfix/src/smtp/smtp_session.c
index b67bc8524..c87fe7535 100644
--- a/postfix/src/smtp/smtp_session.c
+++ b/postfix/src/smtp/smtp_session.c
@@ -264,12 +264,6 @@ static int tls_policy_lookup_one(SMTP_SESSION *session, int *site_level,
 	}
 	/* Only one instance per policy. */
 	if (!strcasecmp(name, "ciphers")) {
-	    if (*site_level < TLS_LEV_ENCRYPT) {
-		msg_warn("%s: attribute \"%s\" invalid at security level \"%s\"",
-			 WHERE, name, policy_name(*site_level));
-		*site_level = TLS_LEV_INVALID;
-		break;
-	    }
 	    if (*val == 0) {
 		msg_warn("%s: attribute \"%s\" has empty value", WHERE, name);
 		*site_level = TLS_LEV_INVALID;
@@ -281,18 +275,11 @@ static int tls_policy_lookup_one(SMTP_SESSION *session, int *site_level,
 		*site_level = TLS_LEV_INVALID;
 		break;
 	    }
-	    /* set_cipher_grade() assumes this is NULL with level < encrypt */
 	    session->tls_grade = mystrdup(val);
 	    continue;
 	}
 	/* Only one instance per policy. */
 	if (!strcasecmp(name, "protocols")) {
-	    if (*site_level < TLS_LEV_ENCRYPT) {
-		msg_warn("%s: attribute \"%s\" invalid at security level \"%s\"",
-			 WHERE, name, policy_name(*site_level));
-		*site_level = TLS_LEV_INVALID;
-		break;
-	    }
 	    if (session->tls_protocols) {
 		msg_warn("%s: attribute \"%s\" is specified multiple times",
 			 WHERE, name);
@@ -322,6 +309,17 @@ static int tls_policy_lookup_one(SMTP_SESSION *session, int *site_level,
 	    else
 		argv_split_append(session->tls_matchargv, val, delim);
 	    continue;
+	}
+	/* Only one instance per policy. */
+	if (!strcasecmp(name, "exclude")) {
+	    if (session->tls_exclusions) {
+		msg_warn("%s: attribute \"%s\" is specified multiple times",
+			 WHERE, name);
+		*site_level = TLS_LEV_INVALID;
+		break;
+	    }
+	    session->tls_exclusions = vstring_strcpy(vstring_alloc(10), val);
+	    continue;
 	} else {
 	    msg_warn("%s: invalid attribute name: \"%s\"", WHERE, name);
 	    *site_level = TLS_LEV_INVALID;
@@ -382,8 +380,8 @@ static void set_cipher_grade(SMTP_SESSION *session)
 	return;
 
     case TLS_LEV_MAY:
-	/* tls_policy_lookup_one() leaves this NULL with level < encrypt. */
-	session->tls_grade = mystrdup("export");/* XXX: For now */
+	if (session->tls_grade == 0)
+	    session->tls_grade = mystrdup(var_smtp_tls_ciph);
 	break;
 
     case TLS_LEV_ENCRYPT:
@@ -411,9 +409,8 @@ static void set_cipher_grade(SMTP_SESSION *session)
     } while (0)
 
     /*
-     * Soon, the "exclude" policy table attribute will be able to override
-     * the main.cf mandatory exclusion list, and the latter may become
-     * obsolete.
+     * The "exclude" policy table attribute overrides main.cf exclusion
+     * lists.
      */
     if (session->tls_exclusions == 0) {
 	session->tls_exclusions = vstring_alloc(10);
@@ -511,7 +508,7 @@ static void session_tls_init(SMTP_SESSION *session, const char *dest,
     if (session->tls_level > TLS_LEV_NONE && session->tls_protocols == 0)
 	session->tls_protocols =
 	    mystrdup((session->tls_level == TLS_LEV_MAY) ?
-		     "" : var_smtp_tls_mand_proto);
+		     var_smtp_tls_proto : var_smtp_tls_mand_proto);
 
     /*
      * Compute cipher grade (if set in per-destination table, else
diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c
index e55814706..3440430c5 100644
--- a/postfix/src/smtpd/smtpd.c
+++ b/postfix/src/smtpd/smtpd.c
@@ -338,9 +338,8 @@
 /* .IP "\fBsmtpd_tls_loglevel (0)\fR"
 /*	Enable additional Postfix SMTP server logging of TLS activity.
 /* .IP "\fBsmtpd_tls_mandatory_ciphers (medium)\fR"
-/*	The minimum TLS cipher grade that the Postfix SMTP server will
-/*	use with mandatory
-/*	TLS encryption.
+/*	The minimum TLS cipher grade that the Postfix SMTP server
+/*	will use with mandatory TLS encryption.
 /* .IP "\fBsmtpd_tls_mandatory_exclude_ciphers (empty)\fR"
 /*	Additional list of ciphers or cipher types to exclude from the
 /*	SMTP server cipher list at mandatory TLS security levels.
@@ -385,6 +384,14 @@
 /*	The message digest algorithm used to construct client-certificate
 /*	fingerprints for \fBcheck_ccert_access\fR and
 /*	\fBpermit_tls_clientcerts\fR.
+/* .PP
+/*	Available in Postfix version 2.6 and later:
+/* .IP "\fBsmtpd_tls_protocols (empty)\fR"
+/*	List of TLS protocols that the Postfix SMTP server will exclude
+/*	or include with opportunistic TLS encryption.
+/* .IP "\fBsmtpd_tls_ciphers (export)\fR"
+/*	The minimum TLS cipher grade that the Postfix SMTP server
+/*	will use with opportunistic TLS encryption.
 /* OBSOLETE STARTTLS CONTROLS
 /* .ad
 /* .fi
@@ -1141,6 +1148,8 @@ bool    var_smtpd_tls_req_ccert;
 int     var_smtpd_tls_scache_timeout;
 bool    var_smtpd_tls_set_sessid;
 char   *var_smtpd_tls_fpt_dgst;
+char   *var_smtpd_tls_ciph;
+char   *var_smtpd_tls_proto;
 
 #endif
 
@@ -3847,7 +3856,7 @@ static void smtpd_start_tls(SMTPD_STATE *state)
 
     if (cipher_grade == 0) {
 	cipher_grade =
-	    enforce_tls ? var_smtpd_tls_mand_ciph : "export";
+	    enforce_tls ? var_smtpd_tls_mand_ciph : var_smtpd_tls_ciph;
 	cipher_exclusions = vstring_alloc(10);
 	ADD_EXCLUDE(cipher_exclusions, var_smtpd_tls_excl_ciph);
 	if (enforce_tls)
@@ -4691,7 +4700,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv)
 				    dh512_param_file
 				    = var_smtpd_tls_dh512_param_file,
 				    protocols = enforce_tls ?
-				    var_smtpd_tls_mand_proto : "",
+				    var_smtpd_tls_mand_proto :
+				    var_smtpd_tls_proto,
 				    ask_ccert = var_smtpd_tls_ask_ccert,
 				    fpt_dgst = var_smtpd_tls_fpt_dgst);
 	    else
@@ -4920,9 +4930,11 @@ int     main(int argc, char **argv)
 	VAR_SMTPD_TLS_DKEY_FILE, DEF_SMTPD_TLS_DKEY_FILE, &var_smtpd_tls_dkey_file, 0, 0,
 	VAR_SMTPD_TLS_CA_FILE, DEF_SMTPD_TLS_CA_FILE, &var_smtpd_tls_CAfile, 0, 0,
 	VAR_SMTPD_TLS_CA_PATH, DEF_SMTPD_TLS_CA_PATH, &var_smtpd_tls_CApath, 0, 0,
+	VAR_SMTPD_TLS_CIPH, DEF_SMTPD_TLS_CIPH, &var_smtpd_tls_ciph, 1, 0,
 	VAR_SMTPD_TLS_MAND_CIPH, DEF_SMTPD_TLS_MAND_CIPH, &var_smtpd_tls_mand_ciph, 1, 0,
 	VAR_SMTPD_TLS_EXCL_CIPH, DEF_SMTPD_TLS_EXCL_CIPH, &var_smtpd_tls_excl_ciph, 0, 0,
 	VAR_SMTPD_TLS_MAND_EXCL, DEF_SMTPD_TLS_MAND_EXCL, &var_smtpd_tls_mand_excl, 0, 0,
+	VAR_SMTPD_TLS_PROTO, DEF_SMTPD_TLS_PROTO, &var_smtpd_tls_proto, 0, 0,
 	VAR_SMTPD_TLS_MAND_PROTO, DEF_SMTPD_TLS_MAND_PROTO, &var_smtpd_tls_mand_proto, 0, 0,
 	VAR_SMTPD_TLS_512_FILE, DEF_SMTPD_TLS_512_FILE, &var_smtpd_tls_dh512_param_file, 0, 0,
 	VAR_SMTPD_TLS_1024_FILE, DEF_SMTPD_TLS_1024_FILE, &var_smtpd_tls_dh1024_param_file, 0, 0,
diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h
index 71184151d..e796ac65d 100644
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@@ -301,20 +301,27 @@ extern void smtpd_peer_reset(SMTPD_STATE *state);
  /*
   * Choose between normal or forwarded attributes.
   * 
-  * Note 1: inside the SMTP server, forwarded attributes must have the exact
-  * same representation as normal attributes: unknown string values are
-  * "unknown", and non-existent HELO is null.
+  * Inside the SMTP server, unknown real client attributes are represented by
+  * the string "unknown", and non-existent HELO is represented as a null
+  * pointer. The SMTP server uses this same representation internally for
+  * forwarded client attributes; the XFORWARD syntax makes no distinction
+  * between unknown (remote submission) and non-existent (local submission).
+  * The SMTP server decides between remote and local submission when it
+  * generates queue file records (see below) so that the correct result is
+  * produced with down-stream logging and with $name expansion in delivery
+  * agents.
   * 
-  * Note 2: the SMTP server representation of unknown/known attribute values is
-  * also used in queue files and in delivery requests, while non-existent
-  * information is represented in those contexts as empty strings. In queue
-  * files and delivery requests, forwarded local submissions are represented
-  * by forwarded client attributes with empty string values (actually one
-  * attribute is sufficient).
+  * Known/unknown client attribute values use the SMTP server's internal
+  * representation in queue files, in queue manager delivery requests, and in
+  * delivery agent $name expansions.
   * 
-  * Note 3: if forwarding client information, don't mix information from the
-  * current SMTP session with forwarded information from an up-stream
-  * session.
+  * Non-existent attribute values are never present in queue files. The SMTP
+  * server stores a dummy attribute to indicate that no client attributes
+  * exist. Non-existent information is represented as empty strings in queue
+  * manager delivery requests and in delivery agent $name expansions.
+  * 
+  * When forwarding client information, don't mix information from the current
+  * SMTP session with forwarded information from an up-stream session.
   */
 #define SMTPD_HAVE_XFORWARD_ATTR(s) \
 	((s)->xforward.flags & SMTPD_STATE_XFORWARD_INIT)