From: Wietse Z Venema Date: Mon, 23 Jun 2025 05:00:00 +0000 (-0500) Subject: postfix-3.11-20250623 X-Git-Tag: v3.11.0-RC1~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6aba6ef601e3a43780e959fd9413b31235e404f2;p=thirdparty%2Fpostfix.git postfix-3.11-20250623 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 20d3fcec9..7f07ff36c 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -29261,3 +29261,24 @@ Apologies for any names omitted. Likewise, include the current TLS security level in the TLS client serverid field. File: smtp/smtp_proto.c. + +20250622 + + Bugfix (defect introduced: 20250509): added missing ``#ifdef + USE_TLS'' guards around memcache key_digest support. File: + global/dict_memcache.c. + +20250623 + + Feature: change the Postfix SMTP client smtp_tls_security_level + default value to "may" if Postfix was built with TLS support, + and the compatibility_level is 3.11 or higher. At lower + compatibility levels, change the default to "empty" and log + a backwards compatibility reminder. Files: global/mail_params.h, + smtp/smtp.c, tlsproxy/tlsproxy.c, proto/postconf.proto, + proto/COMPATIBILITY_README.html. + + There is no equivalent change for Postfix server TLS security + levels, because changing the level alone is not sufficient. + Server-side TLS requires that at least one private key and + corresponding public-key certificate chain are configured. diff --git a/postfix/README_FILES/COMPATIBILITY_README b/postfix/README_FILES/COMPATIBILITY_README index e06ef17eb..e69de29bb 100644 --- a/postfix/README_FILES/COMPATIBILITY_README +++ b/postfix/README_FILES/COMPATIBILITY_README @@ -1,427 +0,0 @@ -PPoossttffiixx BBaacckkwwaarrddss--CCoommppaattiibbiilliittyy SSaaffeettyy NNeett - -------------------------------------------------------------------------------- - -PPuurrppoossee ooff tthhiiss ddooccuummeenntt - -Postfix 3.0 introduces a safety net that runs Postfix programs with backwards- -compatible default settings after an upgrade. The safety net will log a warning -whenever a "new" default setting could have an negative effect on your mail -flow. - -This document provides information on the following topics: - - * Detailed descriptions of Postfix backwards-compatibility warnings. - - * What backwards-compatible settings you may have to make permanent in - main.cf or master.cf. - - * How to turn off Postfix backwards-compatibility warnings. - -OOvveerrvviieeww - -With backwards compatibility turned on, Postfix logs a message whenever a -backwards-compatible default setting may be required for continuity of service. -Based on this logging the system administrator can decide if any backwards- -compatible settings need to be made permanent in main.cf or master.cf, before -turning off the backwards-compatibility safety net as described at the end of -this document. - -Logged with compatibility_level < 1: - - * Using backwards-compatible default setting append_dot_mydomain=yes - - * Using backwards-compatible default setting chroot=y - - * Using backwards-compatible default setting "smtpd_relay_restrictions = - (empty)" - - * Using backwards-compatible default setting smtputf8_enable=no - -Logged with compatibility_level < 2: - - * Using backwards-compatible default setting mynetworks_style=subnet - - * Using backwards-compatible default setting relay_domains=$mydestination - -Logged with compatibility_level < 3.6: - - * Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5 - - * Using backwards-compatible default setting smtp_tls_fingerprint_digest=md5 - - * Using backwards-compatible default setting lmtp_tls_fingerprint_digest=md5 - - * Using backwards-compatible default setting - smtpd_relay_before_recipient_restrictions=no - - * Using backwards-compatible default setting respectful_logging=no - -Logged with compatibility_level < 3.11: - - * using backwards-compatible default setting - smtp_tlsrpt_skip_reused_handshakes=yes - -If such a message is logged in the context of a legitimate request, the system -administrator should make the backwards-compatible setting permanent in main.cf -or master.cf, as detailed in the sections that follow. - -When no more backwards-compatible settings need to be made permanent, the -system administrator should turn off the backwards-compatibility safety net as -described at the end of this document. - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg aappppeenndd__ddoott__mmyyddoommaaiinn==yyeess - -The append_dot_mydomain default value has changed from "yes" to "no". This -could result in unexpected non-delivery of email after Postfix is updated from -an older version. The backwards-compatibility safety net is designed to prevent -such surprises. - -As long as the append_dot_mydomain parameter is left unspecified at its -implicit default value, and the compatibility_level setting is less than 1, -Postfix may log one of the following messages: - - * Messages about missing "localhost" in mydestination or other address class: - - postfix/trivial-rewrite[14777]: using backwards-compatible - default setting append_dot_mydomain=yes to rewrite - "localhost" to "localhost.example.com"; please add - "localhost" to mydestination or other address class - - If Postfix logs the above message, add "localhost" to mydestination (or - virtual_alias_domains, virtual_mailbox_domains, or relay_domains) and - execute the command "ppoossttffiixx rreellooaadd". - - * Messages about incomplete domains in email addresses: - - postfix/trivial-rewrite[25835]: using backwards-compatible - default setting append_dot_mydomain=yes to rewrite "foo" to - "foo.example.com" - - If Postfix logs the above message for domains different from "localhost", - and the sender cannot be changed to use complete domain names in email - addresses, then the system administrator should make the backwards- - compatible setting "append_dot_mydomain = yes" permanent in main.cf: - - # ppoossttccoonnff aappppeenndd__ddoott__mmyyddoommaaiinn==yyeess - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg cchhrroooott==yy - -The master.cf chroot default value has changed from "y" (yes) to "n" (no). The -new default avoids the need for copies of system files under the Postfix queue -directory. However, sites with strict security requirements may want to keep -the chroot feature enabled after updating Postfix from an older version. The -backwards-compatibility safety net is designed allow the administrator to -choose if they want to keep the old behavior. - -As long as a master.cf chroot field is left unspecified at its implicit default -value, and the compatibility_level setting is less than 1, Postfix may log the -following message while it reads the master.cf file: - - postfix/master[27664]: /etc/postfix/master.cf: line 72: using - backwards-compatible default setting chroot=y - -If this service should remain chrooted, then the system administrator should -make the backwards-compatible setting "chroot = y" permanent in master.cf. For -example, to update the chroot setting for the "smtp inet" service: - - # ppoossttccoonnff --FF ssmmttpp//iinneett//cchhrroooott==yy - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss == ((eemmppttyy)) - -The smtpd_relay_restrictions feature was introduced with Postfix version 2.10, -as a safety mechanism for configuration errors in smtpd_recipient_restrictions -that could make Postfix an open relay. - -The smtpd_relay_restrictions implicit default setting forbids mail to remote -destinations from clients that don't match permit_mynetworks or -permit_sasl_authenticated. This could result in unexpected 'Relay access -denied' errors after Postfix is updated from an older Postfix version. The -backwards-compatibility safety net is designed to prevent such surprises. - -When the compatibility_level less than 1, and the smtpd_relay_restrictions -parameter is left unspecified at its implicit default setting, Postfix may log -the following message: - - postfix/smtpd[38463]: using backwards-compatible default setting - "smtpd_relay_restrictions = (empty)" to avoid "Relay access - denied" error for recipient "user@example.com" from client - "host.example.net[10.0.0.2]" - -If this request should not be blocked, then the system administrator should -make the backwards-compatible setting "smtpd_relay_restrictions=" (i.e. empty) -permanent in main.cf: - - # ppoossttccoonnff ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss== - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo - -The smtputf8_enable default value has changed from "no" to "yes". With the new -"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients -that don't request SMTPUTF8 support, after Postfix is updated from an older -version. The backwards-compatibility safety net is designed to prevent such -surprises. - -As long as the smtputf8_enable parameter is left unspecified at its implicit -default value, and the compatibility_level setting is less than 1, Postfix logs -a warning each time an SMTP command uses a non-ASCII address localpart without -requesting SMTPUTF8 support: - - postfix/smtpd[27560]: using backwards-compatible default setting - smtputf8_enable=no to accept non-ASCII sender address - "??@example.org" from localhost[127.0.0.1] - - postfix/smtpd[27560]: using backwards-compatible default setting - smtputf8_enable=no to accept non-ASCII recipient address - "??@example.com" from localhost[127.0.0.1] - -If the address should not be rejected, and the client cannot be updated to use -SMTPUTF8, then the system administrator should make the backwards-compatible -setting "smtputf8_enable = no" permanent in main.cf: - - # ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett - -The mynetworks_style default value has changed from "subnet" to "host". This -parameter is used to implement the "permit_mynetworks" feature. The change -could cause unexpected 'access denied' errors after Postfix is updated from an -older version. The backwards-compatibility safety net is designed to prevent -such surprises. - -As long as the mynetworks and mynetworks_style parameters are left unspecified -at their implicit default values, and the compatibility_level setting is less -than 2, the Postfix SMTP server may log one of the following messages: - - postfix/smtpd[17375]: using backwards-compatible default setting - mynetworks_style=subnet to permit request from client - "foo.example.com[10.1.1.1]" - - postfix/postscreen[24982]: using backwards-compatible default - setting mynetworks_style=subnet to permit request from client - "10.1.1.1" - -If the client request should not be rejected, then the system administrator -should make the backwards-compatible setting "mynetworks_style = subnet" -permanent in main.cf: - - # ppoossttccoonnff mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg rreellaayy__ddoommaaiinnss==$$mmyyddeessttiinnaattiioonn - -The relay_domains default value has changed from "$mydestination" to the empty -value. This could result in unexpected 'Relay access denied' errors or ETRN -errors after Postfix is updated from an older version. The backwards- -compatibility safety net is designed to prevent such surprises. - -As long as the relay_domains parameter is left unspecified at its implicit -default value, and the compatibility_level setting is less than 2, Postfix may -log one of the following messages. - - * Messages about accepting mail for a remote domain: - - postfix/smtpd[19052]: using backwards-compatible default setting - relay_domains=$mydestination to accept mail for domain - "foo.example.com" - - postfix/smtpd[19052]: using backwards-compatible default setting - relay_domains=$mydestination to accept mail for address - "user@foo.example.com" - - * Messages about providing ETRN service for a remote domain: - - postfix/smtpd[19138]: using backwards-compatible default setting - relay_domains=$mydestination to flush mail for domain - "bar.example.com" - - postfix/smtp[13945]: using backwards-compatible default setting - relay_domains=$mydestination to update fast-flush logfile for - domain "bar.example.com" - -If Postfix should continue to accept mail for that domain or continue to -provide ETRN service for that domain, then the system administrator should make -the backwards-compatible setting "relay_domains = $mydestination" permanent in -main.cf: - - # ppoossttccoonnff ''rreellaayy__ddoommaaiinnss==$$mmyyddeessttiinnaattiioonn'' - # ppoossttffiixx rreellooaadd - -Note: quotes are required as indicated above. - -Instead of $mydestination, it may be better to specify an explicit list of -domain names. - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55 - -The smtpd_tls_fingerprint_digest default value has changed from "md5" to -"sha256". With the new "sha256" setting, the Postfix SMTP server avoids using -the deprecated "md5" algorithm and computes a more secure digest of the client -certificate. - -If you're using the default "md5" setting, or even an explicit "sha1" (also -deprecated) setting, you should consider switching to "sha256". This will -require updating any associated lookup table keys with the "sha256" digests of -the expected client certificate or public key. - -As long as the smtpd_tls_fingerprint_digest parameter is left unspecified at -its implicit default value, and the compatibility_level setting is less than -3.6, Postfix logs a warning each time a client certificate or public key -fingerprint is (potentially) used for access control: - - postfix/smtpd[27560]: using backwards-compatible default setting - smtpd_tls_fingerprint_digest=md5 to compute certificate fingerprints - -Since any client certificate fingerprints are passed in policy service lookups, -and Postfix doesn't know whether the fingerprint will be used, the warning may -also be logged when policy lookups are performed for connections that used a -client certificate, even if the policy service does not in fact examine the -client certificate. To reduce the noise somewhat, such warnings are issued at -most once per smtpd(8) process instance. - -If you prefer to stick with "md5", you can suppress the warnings by making that -setting explicit. After addressing any other compatibility warnings, you can -update your compatibility level. - - # ppoossttccoonnff ssmmttppdd__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55 - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttpp__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt==mmdd55 - -The smtp_tls_fingerprint_digest and lmtp_tls_fingerprint_digest default values -have changed from "md5" to "sha256". With the new "sha256" setting, the Postfix -SMTP and LMTP client avoids using the deprecated "md5" algorithm and computes a -more secure digest of the server certificate. - -If you're using the default "md5" setting, or even an explicit "sha1" (also -deprecated) setting, you should consider switching to "sha256". This will -require updating any "fingerprint" security level policies in the TLS policy -table to specify matching "sha256" digests of the expected server certificates -or public keys. - -As long as the smtp_tls_fingerprint_digest (or LMTP equivalent) parameter is -left unspecified at its implicit default value, and the compatibility_level -setting is less than 3.6, Postfix logs a warning each time the "fingerprint" -security level is used to specify matching "md5" digests of trusted server -certificates or public keys: - - postfix/smtp[27560]: using backwards-compatible default setting - smtp_tls_fingerprint_digest=md5 to compute certificate fingerprints - -If you prefer to stick with "md5", you can suppress the warnings by making that -setting explicit. After addressing any other compatibility warnings, you can -update your compatibility level. - - # ppoossttccoonnff ''ssmmttpp__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt == mmdd55'' \\ - ''llmmttpp__ttllss__ffiinnggeerrpprriinntt__ddiiggeesstt == mmdd55'' - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg -ssmmttppdd__rreellaayy__bbeeffoorree__rreecciippiieenntt__rreessttrriiccttiioonnss==nnoo - -The smtpd_relay_before_recipient_restrictions feature was introduced in Postfix -version 3.6, to evaluate smtpd_relay_restrictions before -smtpd_recipient_restrictions. Historically, smtpd_relay_restrictions was -evaluated after smtpd_recipient_restrictions, contradicting documented -behavior. - - Background: smtpd_relay_restrictions is primarily designed to enforce a - mail relaying policy, while smtpd_recipient_restrictions is primarily - designed to enforce spam blocking policy. Both are evaluated while replying - to the RCPT TO command, and both support the same features. - -To maintain compatibility with earlier versions, Postfix will keep evaluating -smtpd_recipient_restrictions before smtpd_relay_restrictions, as long as the -compatibility_level is less than 3.6, and the -smtpd_relay_before_recipient_restrictions parameter is left unspecified at its -implicit default setting. As a reminder, Postfix may log the following message: - - postfix/smtpd[54696]: using backwards-compatible default setting - smtpd_relay_before_recipient_restrictions=no to reject recipient - "user@example.com" from client "host.example.net[10.0.0.2]" - -If Postfix should keep evaluating smtpd_recipient_restrictions before -smtpd_relay_restrictions, then the system administrator should make the -backwards-compatible setting "smtpd_relay_before_recipient_restrictions=no" -permanent in main.cf: - - # ppoossttccoonnff ssmmttppdd__rreellaayy__bbeeffoorree__rreecciippiieenntt__rreessttrriiccttiioonnss==nnoo - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg rreessppeeccttffuull__llooggggiinngg==nnoo - -Postfix version 3.6 deprecates configuration parameter names and logging that -suggest white is better than black. Instead it prefers 'allowlist, 'denylist', -and variations of those words. While the renamed configuration parameters have -backwards-compatible default values, the changes in logging could affect -logfile analysis tools. - -To avoid breaking existing logfile analysis tools, Postfix will keep logging -the deprecated form, as long as the respectful_logging parameter is left -unspecified at its implicit default value, and the compatibility_level setting -is less than 3.6. As a reminder, Postfix may log the following when a remote -SMTP client is allowlisted or denylisted: - - postfix/postscreen[22642]: Using backwards-compatible default setting - respectful_logging=no for client [address]:port - -If Postfix should keep logging the deprecated form, then the system -administrator should make the backwards-compatible setting "respectful_logging -= no" permanent in main.cf. - - # ppoossttccoonnff ""rreessppeeccttffuull__llooggggiinngg == nnoo"" - # ppoossttffiixx rreellooaadd - -UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg -ssmmttpp__ttllssrrpptt__sskkiipp__rreeuusseedd__hhaannddsshhaakkeess==yyeess - -Postfix version 3.11 changes the default value for -smtp_tlsrpt_skip_reused_handshakes from "yes" to "no". The backwards- -compatibility safety net is designed to prevent an unexpected change in -reporting behavior when Postfix is updated from an older version. - -As long as the smtp_tlsrpt_skip_reused_handshakes parameter is left unspecified -at its implicit default value, and the compatibility_level setting is less than -3.11, Postfix will log a reminder that it is using the backwards-compatible -default: - - postfix/smtp[388157] using backwards-compatible default setting - smtp_tlsrpt_skip_reused_handshakes=yes - -To keep the old default setting, the system administrator should make the -backwards-compatible setting "smtp_tlsrpt_skip_reused_handshakes = yes" -permanent in main.cf: - - # ppoossttccoonnff ssmmttpp__ttllssrrpptt__sskkiipp__rreeuusseedd__hhaannddsshhaakkeess==yyeess - # ppoossttffiixx rreellooaadd - -TTuurrnniinngg ooffff tthhee bbaacckkwwaarrddss--ccoommppaattiibbiilliittyy ssaaffeettyy nneett - -Backwards compatibility is turned off by updating the compatibility_level -setting in main.cf. - - # ppoossttccoonnff ccoommppaattiibbiilliittyy__lleevveell==NN - # ppoossttffiixx rreellooaadd - -For N specify the number that is logged in your postfix(1) warning message: - - warning: To disable backwards compatibility use "postconf - compatibility_level=N" and "postfix reload" - -Sites that don't care about backwards compatibility may set -"compatibility_level = 9999" at their own risk. - -Starting with Postfix version 3.6, the compatibility level in the above warning -message is the Postfix version that introduced the last incompatible change. -The level is formatted as major.minor.patch, where patch is usually omitted and -defaults to zero. Earlier compatibility levels are 0, 1 and 2. - -NOTE: Postfix 3.6 also introduces support for the "

  • using backwards-compatible default setting smtp_tlsrpt_skip_reused_handshakes=yes

    +

  • using backwards-compatible default +setting xxx_security_level=(empty)

    +

    @@ -607,6 +610,51 @@ make the backwards-compatible setting " Using backwards-compatible +default setting xxx_security_level=(empty) + +

    Postfix version 3.11 changes the default value for client TLS +security levels from "empty" to "yes". The backwards-compatibility +safety net is designed to prevent an unexpected change in mail +sending behavior when Postfix is updated from an older version. +

    + +

    There is no equivalent change for Postfix server TLS security +levels, because changing the level alone is not sufficient. Server-side +TLS requires that at least one private key and one public-key +certificate chain are configured.

    + +

    As long as a TLS security level parameter is left unspecified +at its implicit default value, and the compatibility_level setting +is less than 3.11, Postfix will log one of the following reminders +that it is using the backwards-compatible default:

    + +
    +
    +postfix/smtp[...] using backwards-compatible default setting
+    smtp_tls_security_level=(empty)
+
    +
    + +
    +
    +postfix/tlsproxy[...] using backwards-compatible default setting
+    tlsproxy_client_security_level=(empty)
+
    +
    + +

    To keep the old default setting, the system administrator should +make the backwards-compatible empty setting permanent in main.cf:

    + +
    +
    +# postconf xxx_security_level=
+# postfix reload
+
    +
    + +

    where xxx is taken from the above compatibility message.

    +

    Turning off the backwards-compatibility safety net

    Backwards compatibility is turned off by updating the diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index f5a3945b6..ba706a170 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -511,7 +511,7 @@ SMTP(8) SMTP(8) Detailed information about STARTTLS configuration may be found in the TLS_README document. - smtp_tls_security_level (empty) + smtp_tls_security_level (Postfix >= 3.11: may; Postfix < 3.11: empty) The default SMTP TLS security level for the Postfix SMTP client. smtp_sasl_tls_security_options ($smtp_sasl_security_options) @@ -757,50 +757,50 @@ SMTP(8) SMTP(8) The pathname of a UNIX-domain datagram socket that is managed by a local TLSRPT reporting service. - smtp_tlsrpt_skip_reused_handshakes (yes) - Do not report the TLSRPT status for TLS protocol handshakes that - reuse a previously-negotiated TLS session (there is no new - information to report). + smtp_tlsrpt_skip_reused_handshakes (Postfix >= 3.11: no, Postfix 3.10: + yes) + When set to "yes", report the TLSRPT status only for "new" TLS + sessions. tls_required_enable (yes) Enable support for the "TLS-Required: no" message header, defined in RFC 8689. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -812,19 +812,19 @@ SMTP(8) SMTP(8) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -838,13 +838,13 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -854,17 +854,17 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -878,23 +878,23 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 - 3.6: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). Available in Postfix version 3.4 and later: @@ -905,13 +905,13 @@ SMTP(8) SMTP(8) Available in Postfix version 3.7 and later: smtp_per_request_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per plaintext or TLS read or write call, to a com- - bined time limit for sending a complete SMTP request and for + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for receiving a complete SMTP response. smtp_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for + The minimum plaintext data transfer rate in bytes/second for DATA requests, when deadlines are enabled with smtp_per_request_deadline. @@ -919,54 +919,54 @@ SMTP(8) SMTP(8) transport_destination_concurrency_limit ($default_destination_concur- rency_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_limit parameter value, where transport is the master.cf name of the message delivery transport. transport_destination_recipient_limit ($default_destination_recipi- ent_limit) A transport-specific override for the default_destination_recip- - ient_limit parameter value, where transport is the master.cf + ient_limit parameter value, where transport is the master.cf name of the message delivery transport. SMTPUTF8 CONTROLS Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. Available in Postfix version 3.2 and later: enable_idna2003_compatibility (no) - Enable 'transitional' compatibility between IDNA2003 and - IDNA2008, when converting UTF-8 domain names to/from the ASCII + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a nexthop destina- - tion, remote client or server name or network address matches a + The increment in verbose logging level when a nexthop destina- + tion, remote client or server name or network address matches a pattern given with the debug_peer_list parameter. debug_peer_list (empty) - Optional list of nexthop destination, remote client or server - name or network address patterns that, if matched, cause the - verbose logging level to increase by the amount specified in + Optional list of nexthop destination, remote client or server + name or network address patterns that, if matched, cause the + verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to - before-queue content inspection by non_smtpd_milters, + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) @@ -974,46 +974,46 @@ SMTP(8) SMTP(8) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The local network interface addresses that this mail system + The local network interface addresses that this mail system receives mail on. inet_protocols (see 'postconf -d' output) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1027,21 +1027,21 @@ SMTP(8) SMTP(8) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The remote network interface addresses that this mail system - receives mail on by way of a proxy or network address transla- + The remote network interface addresses that this mail system + receives mail on by way of a proxy or network address transla- tion unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -1061,7 +1061,7 @@ SMTP(8) SMTP(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available with Postfix 2.2 and earlier: @@ -1073,14 +1073,14 @@ SMTP(8) SMTP(8) Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay destinations that will be used when an - SMTP destination is not found, or when delivery fails due to a + Optional list of relay destinations that will be used when an + SMTP destination is not found, or when delivery fails due to a non-permanent error. Available with Postfix 3.0 and later: smtp_address_verify_target (rcpt) - In the context of email address verification, the SMTP protocol + In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. Available with Postfix 3.1 and later: @@ -1102,7 +1102,7 @@ SMTP(8) SMTP(8) Available in Postfix 3.7 and later: smtp_bind_address_enforce (no) - Defer delivery when the Postfix SMTP client cannot apply the + Defer delivery when the Postfix SMTP client cannot apply the smtp_bind_address or smtp_bind_address6 setting. SEE ALSO diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 520bd062d..8332ff686 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -3482,30 +3482,6 @@ Postfix versions before 2.0 have no support for the original recipient address.

    - - -
    relocated_prefix_enable -(default: yes)
    - -

    Prepend the prefix "5.1.6 User has moved to " to all -relocated_maps lookup results. With "relocated_prefix_enable = -no", all lookup results must contain a valid RFC 3463 compliant -enhanced status code and text (format: "[45].number.number text..."). - -

    -Example: -

    - -
    -/etc/postfix/main.cf:
-    relocated_maps = hash:/etc/postfix/relocated
-    relocated_prefix_enable = no
-
    
-hash:/etc/postfix/relocated:
-    user@example.com 5.2.1 User account is disabled
-
    - -
    enable_threaded_bounces @@ -10546,6 +10522,30 @@ Examples: + + +
    relocated_prefix_enable +(default: yes)
    + +

    Prepend the prefix "5.1.6 User has moved to " to all +relocated_maps lookup results. With "relocated_prefix_enable = +no", all lookup results must contain a valid RFC 3463 compliant +enhanced status code and text (format: "[45].number.number text..."). + +

    +Example: +

    + +
    +/etc/postfix/main.cf:
+    relocated_maps = hash:/etc/postfix/relocated
+    relocated_prefix_enable = no
+
    
+hash:/etc/postfix/relocated:
+    user@example.com 5.2.1 User account is disabled
+
    + +
    remote_header_rewrite_domain @@ -14453,14 +14453,16 @@ example.net secure match=example.com:.example.com
    smtp_tls_security_level -(default: empty)
    +(default: Postfix ≥ 3.11: may; Postfix < 3.11: empty)

    The default SMTP TLS security level for the Postfix SMTP client. When a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername; -when no value is specified for smtp_tls_enforce_peername or the obsolete -parameters, the default SMTP TLS security level is -none.

    +when no value is specified for those obsolete parameters, the default +SMTP TLS security level is may +(compatibility_level ≥ 3.11) or none +(compatibility_level < 3.11).

    Specify one of the following security levels:

    diff --git a/postfix/html/relocated.5.html b/postfix/html/relocated.5.html index a6397fe62..600ee757c 100644 --- a/postfix/html/relocated.5.html +++ b/postfix/html/relocated.5.html @@ -5,7 +5,7 @@ Postfix manual - relocated(5) 
    -RELOCATED(5)                                                      RELOCATED(5)
+RELOCATED(5)                  File Formats Manual                 RELOCATED(5)
 
 NAME
        relocated - Postfix relocated table format
@@ -19,25 +19,25 @@ RELOCATED(5)                                                      RELOCATED(5)
 
        Normally, the relocated(5) table is  specified  as  a  text  file  that
        serves as input to the postmap(1) command.  The result, an indexed file
-       in dbm or db format, is used for fast searching  by  the  mail  system.
-       Execute  the  command  "postmap  /etc/postfix/relocated"  to rebuild an
-       indexed file after changing the corresponding relocated table.
+       in dbm or db format, is used for fast searching by the mail system. Ex-
+       ecute  the  command  "postmap /etc/postfix/relocated" to rebuild an in-
+       dexed file after changing the corresponding relocated table.
 
        When the table is provided via other means such as NIS,  LDAP  or  SQL,
        the same lookups are done as for ordinary indexed files.
 
        Alternatively,  the  table  can be provided as a regular-expression map
-       where patterns are given as regular  expressions,  or  lookups  can  be
-       directed  to a TCP-based server. In those case, the lookups are done in
-       a slightly different way as described below under  "REGULAR  EXPRESSION
-       TABLES" or "TCP-BASED TABLES".
+       where patterns are given as regular expressions, or lookups can be  di-
+       rected  to a TCP-based server. In those case, the lookups are done in a
+       slightly different way as described below under "REGULAR EXPRESSION TA-
+       BLES" or "TCP-BASED TABLES".
 
        Table lookups are case insensitive.
 
 CASE FOLDING
-       The  search string is folded to lowercase before database lookup. As of
-       Postfix 2.3, the search string is not case folded with  database  types
-       such  as  regexp: or pcre: whose lookup fields can match both upper and
+       The search string is folded to lowercase before database lookup. As  of
+       Postfix  2.3,  the search string is not case folded with database types
+       such as regexp: or pcre: whose lookup fields can match both  upper  and
        lower case.
 
 TABLE FORMAT
@@ -48,29 +48,29 @@ RELOCATED(5)                                                      RELOCATED(5)
                    pattern      new_location
 
               Where new_location specifies  contact  information  such  as  an
-              email  address, or perhaps a street address or telephone number.
+              email address, or perhaps a street address or telephone number.
 
-       o      Postfix 3.11 and later can  optionally  disable  the  hard-coded
-              prefix.  Specify  "relocated_prefix_enable = no" in main.cf, and
-              specify relocated_maps entries with your own RFC  3463-compliant
+       o      Postfix  3.11  and  later  can optionally disable the hard-coded
+              prefix. Specify "relocated_prefix_enable = no" in  main.cf,  and
+              specify  relocated_maps entries with your own RFC 3463-compliant
               enhanced status code and text, for example:
 
                    pattern      5.2.0 Mailbox is unavailable
                    pattern      5.2.1 Mailbox is disabled
 
-       o      Empty  lines and whitespace-only lines are ignored, as are lines
+       o      Empty lines and whitespace-only lines are ignored, as are  lines
               whose first non-whitespace character is a `#'.
 
-       o      A logical line starts with  non-whitespace  text.  A  line  that
+       o      A  logical  line  starts  with  non-whitespace text. A line that
               starts with whitespace continues a logical line.
 
 TABLE SEARCH ORDER
-       With  lookups  from  indexed files such as DB or DBM, or from networked
-       tables such as NIS, LDAP or SQL, patterns are tried  in  the  order  as
+       With lookups from indexed files such as DB or DBM,  or  from  networked
+       tables  such  as  NIS,  LDAP or SQL, patterns are tried in the order as
        listed below:
 
        user@domain
-              Matches  user@domain.  This  form  has precedence over all other
+              Matches user@domain. This form has  precedence  over  all  other
               forms.
 
        user   Matches user@site when site is $myorigin, when site is listed in
@@ -83,21 +83,21 @@ RELOCATED(5)                                                      RELOCATED(5)
 
 ADDRESS EXTENSION
        When a mail address localpart contains the optional recipient delimiter
-       (e.g., user+foo@domain), the  lookup  order  becomes:  user+foo@domain,
+       (e.g.,  user+foo@domain),  the  lookup  order becomes: user+foo@domain,
        user@domain, user+foo, user, and @domain.
 
 REGULAR EXPRESSION TABLES
-       This  section  describes how the table lookups change when the table is
-       given in the form of regular expressions or when lookups  are  directed
-       to  a  TCP-based server. For a description of regular expression lookup
-       table syntax, see regexp_table(5) or pcre_table(5). For  a  description
+       This section describes how the table lookups change when the  table  is
+       given  in  the form of regular expressions or when lookups are directed
+       to a TCP-based server. For a description of regular  expression  lookup
+       table  syntax,  see regexp_table(5) or pcre_table(5). For a description
        of the TCP client/server table lookup protocol, see tcp_table(5).  This
        feature is available in Postfix 2.5 and later.
 
-       Each pattern is a regular expression that  is  applied  to  the  entire
-       address  being looked up. Thus, user@domain mail addresses are not bro-
-       ken up into their user and @domain constituent parts, nor  is  user+foo
-       broken up into user and foo.
+       Each pattern is a regular expression that is applied to the entire  ad-
+       dress  being looked up. Thus, user@domain mail addresses are not broken
+       up into their user and @domain constituent parts, nor is user+foo  bro-
+       ken up into user and foo.
 
        Patterns  are  applied  in the order as specified in the table, until a
        pattern is found that matches the search string.
@@ -122,9 +122,9 @@ RELOCATED(5)                                                      RELOCATED(5)
        The table format does not understand quoting conventions.
 
 CONFIGURATION PARAMETERS
-       The  following  main.cf  parameters  are especially relevant.  The text
-       below provides only a  parameter  summary.  See  postconf(5)  for  more
-       details including examples.
+       The following main.cf parameters are especially relevant.  The text be-
+       low provides only a parameter summary. See postconf(5) for more details
+       including examples.
 
        relocated_maps (empty)
               Optional lookup tables with new contact information for users or
@@ -133,27 +133,27 @@ RELOCATED(5)                                                      RELOCATED(5)
        Available with Postfix version 3.11 and later:
 
        relocated_prefix_enable (yes)
-              Prepend the prefix "5.1.6 User has  moved  to  "  to  all  relo-
+              Prepend  the  prefix  "5.1.6  User  has  moved to " to all relo-
               cated_maps lookup results.
 
        Other parameters of interest:
 
        inet_interfaces (all)
-              The  local  network  interface  addresses  that this mail system
-              receives mail on.
+              The local network interface addresses that this mail system  re-
+              ceives mail on.
 
        mydestination ($myhostname, localhost.$mydomain, localhost)
-              The list of domains that are delivered via the  $local_transport
+              The  list of domains that are delivered via the $local_transport
               mail delivery transport.
 
        myorigin ($myhostname)
-              The  domain  name that locally-posted mail appears to come from,
+              The domain name that locally-posted mail appears to  come  from,
               and that locally posted mail is delivered to.
 
        proxy_interfaces (empty)
-              The remote network interface addresses  that  this  mail  system
-              receives  mail  on by way of a proxy or network address transla-
-              tion unit.
+              The remote network interface addresses that this mail system re-
+              ceives  mail on by way of a proxy or network address translation
+              unit.
 
 SEE ALSO
        trivial-rewrite(8), address resolver
@@ -178,5 +178,5 @@ RELOCATED(5)                                                      RELOCATED(5)
        111 8th Avenue
        New York, NY 10011, USA
 
-                                                                  RELOCATED(5)
+                                                                  RELOCATED(5)
    diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index f5a3945b6..ba706a170 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -511,7 +511,7 @@ SMTP(8) SMTP(8) Detailed information about STARTTLS configuration may be found in the TLS_README document. - smtp_tls_security_level (empty) + smtp_tls_security_level (Postfix >= 3.11: may; Postfix < 3.11: empty) The default SMTP TLS security level for the Postfix SMTP client. smtp_sasl_tls_security_options ($smtp_sasl_security_options) @@ -757,50 +757,50 @@ SMTP(8) SMTP(8) The pathname of a UNIX-domain datagram socket that is managed by a local TLSRPT reporting service. - smtp_tlsrpt_skip_reused_handshakes (yes) - Do not report the TLSRPT status for TLS protocol handshakes that - reuse a previously-negotiated TLS session (there is no new - information to report). + smtp_tlsrpt_skip_reused_handshakes (Postfix >= 3.11: no, Postfix 3.10: + yes) + When set to "yes", report the TLSRPT status only for "new" TLS + sessions. tls_required_enable (yes) Enable support for the "TLS-Required: no" message header, defined in RFC 8689. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP server announces + Opportunistic mode: use TLS when a remote SMTP server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers use TLS + Enforcement mode: require that remote SMTP servers use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the remote SMTP - server hostname matches the information in the remote SMTP + With mandatory TLS encryption, require that the remote SMTP + server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) - Optional lookup tables with the Postfix SMTP client TLS usage - policy by next-hop destination and by remote SMTP server host- + Optional lookup tables with the Postfix SMTP client TLS usage + policy by next-hop destination and by remote SMTP server host- name. smtp_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. RESOURCE AND RATE CONTROLS smtp_connect_timeout (30s) - The Postfix SMTP client time limit for completing a TCP connec- + The Postfix SMTP client time limit for completing a TCP connec- tion, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The Postfix SMTP client time limit for sending the HELO or EHLO - command, and for receiving the initial remote SMTP server + The Postfix SMTP client time limit for sending the HELO or EHLO + command, and for receiving the initial remote SMTP server response. lmtp_lhlo_timeout (300s) @@ -812,19 +812,19 @@ SMTP(8) SMTP(8) mand, and for receiving the remote SMTP server response. smtp_mail_timeout (300s) - The Postfix SMTP client time limit for sending the MAIL FROM + The Postfix SMTP client time limit for sending the MAIL FROM command, and for receiving the remote SMTP server response. smtp_rcpt_timeout (300s) - The Postfix SMTP client time limit for sending the SMTP RCPT TO + The Postfix SMTP client time limit for sending the SMTP RCPT TO command, and for receiving the remote SMTP server response. smtp_data_init_timeout (120s) - The Postfix SMTP client time limit for sending the SMTP DATA + The Postfix SMTP client time limit for sending the SMTP DATA command, and for receiving the remote SMTP server response. smtp_data_xfer_timeout (180s) - The Postfix SMTP client time limit for sending the SMTP message + The Postfix SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) @@ -838,13 +838,13 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_mx_address_limit (5) - The maximal number of MX (mail exchanger) IP addresses that can - result from Postfix SMTP client mail exchanger lookups, or zero + The maximal number of MX (mail exchanger) IP addresses that can + result from Postfix SMTP client mail exchanger lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery request before - the Postfix SMTP client gives up or delivers to a fall-back + The maximal number of SMTP sessions per delivery request before + the Postfix SMTP client gives up or delivers to a fall-back relay host, or zero (no limit). smtp_rset_timeout (20s) @@ -854,17 +854,17 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and earlier: lmtp_cache_connection (yes) - Keep Postfix LMTP client connections open for up to $max_idle + Keep Postfix LMTP client connections open for up to $max_idle seconds. Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the specified + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a destination + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. smtp_connection_reuse_time_limit (300s) @@ -878,23 +878,23 @@ SMTP(8) SMTP(8) Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or receive opera- + Time limit for connection cache connect, send or receive opera- tions. Available in Postfix version 2.9 - 3.6: smtp_per_record_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per read or write system call, to a time limit to - send or receive a complete record (an SMTP command line, SMTP - response line, SMTP message content line, or TLS protocol mes- + Change the behavior of the smtp_*_timeout time limits, from a + time limit per read or write system call, to a time limit to + send or receive a complete record (an SMTP command line, SMTP + response line, SMTP message content line, or TLS protocol mes- sage). Available in Postfix version 2.11 and later: smtp_connection_reuse_count_limit (0) - When SMTP connection caching is enabled, the number of times - that an SMTP session may be reused before it is closed, or zero + When SMTP connection caching is enabled, the number of times + that an SMTP session may be reused before it is closed, or zero (no limit). Available in Postfix version 3.4 and later: @@ -905,13 +905,13 @@ SMTP(8) SMTP(8) Available in Postfix version 3.7 and later: smtp_per_request_deadline (no) - Change the behavior of the smtp_*_timeout time limits, from a - time limit per plaintext or TLS read or write call, to a com- - bined time limit for sending a complete SMTP request and for + Change the behavior of the smtp_*_timeout time limits, from a + time limit per plaintext or TLS read or write call, to a com- + bined time limit for sending a complete SMTP request and for receiving a complete SMTP response. smtp_min_data_rate (500) - The minimum plaintext data transfer rate in bytes/second for + The minimum plaintext data transfer rate in bytes/second for DATA requests, when deadlines are enabled with smtp_per_request_deadline. @@ -919,54 +919,54 @@ SMTP(8) SMTP(8) transport_destination_concurrency_limit ($default_destination_concur- rency_limit) - A transport-specific override for the default_destination_con- + A transport-specific override for the default_destination_con- currency_limit parameter value, where transport is the master.cf name of the message delivery transport. transport_destination_recipient_limit ($default_destination_recipi- ent_limit) A transport-specific override for the default_destination_recip- - ient_limit parameter value, where transport is the master.cf + ient_limit parameter value, where transport is the master.cf name of the message delivery transport. SMTPUTF8 CONTROLS Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531, RFC 6532, and RFC 6533. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. Available in Postfix version 3.2 and later: enable_idna2003_compatibility (no) - Enable 'transitional' compatibility between IDNA2003 and - IDNA2008, when converting UTF-8 domain names to/from the ASCII + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a nexthop destina- - tion, remote client or server name or network address matches a + The increment in verbose logging level when a nexthop destina- + tion, remote client or server name or network address matches a pattern given with the debug_peer_list parameter. debug_peer_list (empty) - Optional list of nexthop destination, remote client or server - name or network address patterns that, if matched, cause the - verbose logging level to increase by the amount specified in + Optional list of nexthop destination, remote client or server + name or network address patterns that, if matched, cause the + verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to - before-queue content inspection by non_smtpd_milters, + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) @@ -974,46 +974,46 @@ SMTP(8) SMTP(8) MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail when it + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal point when log- + The maximal number of digits after the decimal point when log- ging delay values. disable_dns_lookups (no) Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) - The local network interface addresses that this mail system + The local network interface addresses that this mail system receives mail on. inet_protocols (see 'postconf -d' output) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. lmtp_assume_final (no) - When a remote LMTP server announces no DSN support, assume that - the server performs final delivery, and send "delivered" deliv- + When a remote LMTP server announces no DSN support, assume that + the server performs final delivery, and send "delivered" deliv- ery status notifications instead of "relayed". lmtp_tcp_port (24) The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1027,21 +1027,21 @@ SMTP(8) SMTP(8) The process name of a Postfix command or daemon process. proxy_interfaces (empty) - The remote network interface addresses that this mail system - receives mail on by way of a proxy or network address transla- + The remote network interface addresses that this mail system + receives mail on by way of a proxy or network address transla- tion unit. smtp_address_preference (any) The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP - client will try first, when a destination has IPv6 and IPv4 + client will try first, when a destination has IPv6 and IPv4 addresses with equal MX preference. smtp_bind_address (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the Postfix SMTP + An optional numerical network address that the Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) @@ -1061,7 +1061,7 @@ SMTP(8) SMTP(8) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available with Postfix 2.2 and earlier: @@ -1073,14 +1073,14 @@ SMTP(8) SMTP(8) Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay destinations that will be used when an - SMTP destination is not found, or when delivery fails due to a + Optional list of relay destinations that will be used when an + SMTP destination is not found, or when delivery fails due to a non-permanent error. Available with Postfix 3.0 and later: smtp_address_verify_target (rcpt) - In the context of email address verification, the SMTP protocol + In the context of email address verification, the SMTP protocol stage that determines whether an email address is deliverable. Available with Postfix 3.1 and later: @@ -1102,7 +1102,7 @@ SMTP(8) SMTP(8) Available in Postfix 3.7 and later: smtp_bind_address_enforce (no) - Defer delivery when the Postfix SMTP client cannot apply the + Defer delivery when the Postfix SMTP client cannot apply the smtp_bind_address or smtp_bind_address6 setting. SEE ALSO diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index a9adc8eef..8baada969 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2190,24 +2190,6 @@ This feature is available in Postfix 2.1 and later. Postfix version 2.0 behaves as if this parameter is always set to \fByes\fR. Postfix versions before 2.0 have no support for the original recipient address. -.SH relocated_prefix_enable (default: yes) -Prepend the prefix "\fB5.1.6 User has moved to \fR" to all -relocated_maps lookup results. With "relocated_prefix_enable = -no", all lookup results must contain a valid RFC 3463 compliant -enhanced status code and text (format: "[45].number.number text..."). -.PP -Example: -.PP -.nf -.na -/etc/postfix/main.cf: - relocated_maps = hash:/etc/postfix/relocated - relocated_prefix_enable = no -.br -hash:/etc/postfix/relocated: - user@example.com 5.2.1 User account is disabled -.fi -.ad .SH enable_threaded_bounces (default: no) Enable non\-delivery, success, and delay notifications that link to the original message by including a References: and In\-Reply\-To: @@ -6561,6 +6543,24 @@ relocated_maps = dbm:/etc/postfix/relocated relocated_maps = hash:/etc/postfix/relocated .fi .ad +.SH relocated_prefix_enable (default: yes) +Prepend the prefix "\fB5.1.6 User has moved to \fR" to all +relocated_maps lookup results. With "relocated_prefix_enable = +no", all lookup results must contain a valid RFC 3463 compliant +enhanced status code and text (format: "[45].number.number text..."). +.PP +Example: +.PP +.nf +.na +/etc/postfix/main.cf: + relocated_maps = hash:/etc/postfix/relocated + relocated_prefix_enable = no +.br +hash:/etc/postfix/relocated: + user@example.com 5.2.1 User account is disabled +.fi +.ad .SH remote_header_rewrite_domain (default: empty) Rewrite or add message headers in mail from remote clients if the remote_header_rewrite_domain parameter value is non\-empty, @@ -9541,13 +9541,14 @@ example.net secure match=example.com:.example.com .in -4 .PP This feature is available in Postfix 2.3 and later. -.SH smtp_tls_security_level (default: empty) +.SH smtp_tls_security_level (default: Postfix >= 3.11: may; Postfix < 3.11: empty) The default SMTP TLS security level for the Postfix SMTP client. When a non\-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername; -when no value is specified for smtp_tls_enforce_peername or the obsolete -parameters, the default SMTP TLS security level is -none. +when no value is specified for those obsolete parameters, the default +SMTP TLS security level is may +(compatibility_level >= 3.11) or none +(compatibility_level < 3.11). .PP Specify one of the following security levels: .IP "\fBnone\fR" diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index a6a56a53d..ff7921bd8 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -492,7 +492,7 @@ results. .fi Detailed information about STARTTLS configuration may be found in the TLS_README document. -.IP "\fBsmtp_tls_security_level (empty)\fR" +.IP "\fBsmtp_tls_security_level (Postfix >= 3.11: may; Postfix < 3.11: empty)\fR" The default SMTP TLS security level for the Postfix SMTP client. .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" The SASL authentication security options that the Postfix SMTP @@ -681,10 +681,9 @@ Enable support for RFC 8460 TLSRPT notifications. .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR" The pathname of a UNIX\-domain datagram socket that is managed by a local TLSRPT reporting service. -.IP "\fBsmtp_tlsrpt_skip_reused_handshakes (yes)\fR" -Do not report the TLSRPT status for TLS protocol handshakes -that reuse a previously\-negotiated TLS session (there is no new -information to report). +.IP "\fBsmtp_tlsrpt_skip_reused_handshakes (Postfix >= 3.11: no, Postfix 3.10: yes)\fR" +When set to "yes", report the TLSRPT status only for "new" TLS +sessions. .IP "\fBtls_required_enable (yes)\fR" Enable support for the "TLS\-Required: no" message header, defined in RFC 8689. diff --git a/postfix/proto/COMPATIBILITY_README.html b/postfix/proto/COMPATIBILITY_README.html index d0fd5d902..000f06269 100644 --- a/postfix/proto/COMPATIBILITY_README.html +++ b/postfix/proto/COMPATIBILITY_README.html @@ -109,6 +109,9 @@ default setting respectful_logging=no

  • using backwards-compatible default setting smtp_tlsrpt_skip_reused_handshakes=yes

    +

  • using backwards-compatible default +setting xxx_security_level=(empty)

    +

    @@ -607,6 +610,51 @@ make the backwards-compatible setting "smtp_tlsrpt_skip_reused_handshakes +

    Using backwards-compatible +default setting xxx_security_level=(empty)

    + +

    Postfix version 3.11 changes the default value for client TLS +security levels from "empty" to "yes". The backwards-compatibility +safety net is designed to prevent an unexpected change in mail +sending behavior when Postfix is updated from an older version. +

    + +

    There is no equivalent change for Postfix server TLS security +levels, because changing the level alone is not sufficient. Server-side +TLS requires that at least one private key and one public-key +certificate chain are configured.

    + +

    As long as a TLS security level parameter is left unspecified +at its implicit default value, and the compatibility_level setting +is less than 3.11, Postfix will log one of the following reminders +that it is using the backwards-compatible default:

    + +
    +
    +postfix/smtp[...] using backwards-compatible default setting
+    smtp_tls_security_level=(empty)
+
    +
    + +
    +
    +postfix/tlsproxy[...] using backwards-compatible default setting
+    tlsproxy_client_security_level=(empty)
+
    +
    + +

    To keep the old default setting, the system administrator should +make the backwards-compatible empty setting permanent in main.cf:

    + +
    +
    +# postconf xxx_security_level=
+# postfix reload
+
    +
    + +

    where xxx is taken from the above compatibility message.

    +

    Turning off the backwards-compatibility safety net

    Backwards compatibility is turned off by updating the diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 860f1aec9..e6aa3680b 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -12114,14 +12114,16 @@ smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

    This feature is available in Postfix 2.3 and later.

    -%PARAM smtp_tls_security_level +%PARAM smtp_tls_security_level Postfix ≥ 3.11: may; Postfix < 3.11: empty

    The default SMTP TLS security level for the Postfix SMTP client. When a non-empty value is specified, this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername; -when no value is specified for smtp_tls_enforce_peername or the obsolete -parameters, the default SMTP TLS security level is -none.

    +when no value is specified for those obsolete parameters, the default +SMTP TLS security level is may +(compatibility_level ≥ 3.11) or none +(compatibility_level < 3.11).

    Specify one of the following security levels:

    diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 782732fda..12c01a031 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -171,3 +171,7 @@ proto proto socketmap_table + address failed File verify verify c address failed File verify verify c address failed due to a database error File verify verify c + failures Fix by Viktor Dukhovni Wietse Files smtp smtp h + Files smtp smtp h +proto proto COMPATIBILITY_README html + smtp smtp c tlsproxy tlsproxy c proto postconf proto diff --git a/postfix/proto/stop.double-install-proto-text b/postfix/proto/stop.double-install-proto-text index 7721d87d7..d14f1018d 100644 --- a/postfix/proto/stop.double-install-proto-text +++ b/postfix/proto/stop.double-install-proto-text @@ -46,3 +46,4 @@ Inbound SMTP smuggling don t strip extra CR in CR LF CR CR LF Prepend the prefix 5 1 6 User has moved to to all pattern number number number text to to the lookup result With Postfix 3 11 and later specify + has moved to to a table lookup result and the format for a diff --git a/postfix/src/global/dict_memcache.c b/postfix/src/global/dict_memcache.c index 09c5cb658..0b6dcc027 100644 --- a/postfix/src/global/dict_memcache.c +++ b/postfix/src/global/dict_memcache.c @@ -78,8 +78,10 @@ typedef struct { CFG_PARSER *parser; /* common parameter parser */ void *dbc_ctxt; /* db_common context */ char *key_digest; /* digest the query key */ +#ifdef USE_TLS OSSL_DGST *key_dgst_eng; /* digest engine */ VSTRING *key_dgst_out; /* digest result */ +#endif char *key_format; /* query key translation */ int timeout; /* client timeout */ int mc_ttl; /* memcache update expiration */ @@ -292,6 +294,7 @@ static ssize_t dict_memcache_prepare_key(DICT_MC *dict_mc, const char *name) } else { vstring_strcpy(dict_mc->key_buf, name); } +#ifdef USE_TLS if (dict_mc->key_dgst_eng) { if (ossl_digest_data(dict_mc->key_dgst_eng, STR(dict_mc->key_buf), LEN(dict_mc->key_buf), dict_mc->key_dgst_out) < 0) { @@ -302,8 +305,9 @@ static ssize_t dict_memcache_prepare_key(DICT_MC *dict_mc, const char *name) return (-1); } hex_encode_opt(dict_mc->key_buf, STR(dict_mc->key_dgst_out), - LEN(dict_mc->key_dgst_out), HEX_ENCODE_FLAG_LOWERCASE); + LEN(dict_mc->key_dgst_out), HEX_ENCODE_FLAG_LOWERCASE); } +#endif /* * The length indicates whether the expansion is empty or not. @@ -503,10 +507,12 @@ static void dict_memcache_close(DICT *dict) db_common_free_ctx(dict_mc->dbc_ctxt); if (dict_mc->key_digest) myfree(dict_mc->key_digest); +#ifdef USE_TLS if (dict_mc->key_dgst_eng) ossl_digest_free(dict_mc->key_dgst_eng); if (dict_mc->key_dgst_out) vstring_free(dict_mc->key_dgst_out); +#endif if (dict_mc->key_format) myfree(dict_mc->key_format); myfree(dict_mc->memcache); @@ -571,6 +577,7 @@ DICT *dict_memcache_open(const char *name, int open_flags, int dict_flags) dict_mc->parser = parser; dict_mc->key_digest = cfg_get_str(dict_mc->parser, DICT_MC_NAME_KEY_DGST, DICT_MC_DEF_KEY_DGST, 0, 0); +#ifdef USE_TLS if (*dict_mc->key_digest) { if ((dict_mc->key_dgst_eng = ossl_digest_new(dict_mc->key_digest)) == 0) /* See below for dict_surrogate() error propagation. */ @@ -580,6 +587,7 @@ DICT *dict_memcache_open(const char *name, int open_flags, int dict_flags) dict_mc->key_dgst_eng = 0; dict_mc->key_dgst_out = 0; } +#endif dict_mc->key_format = cfg_get_str(dict_mc->parser, DICT_MC_NAME_KEY_FMT, DICT_MC_DEF_KEY_FMT, 0, 0); dict_mc->timeout = cfg_get_int(dict_mc->parser, DICT_MC_NAME_MC_TIMEOUT, @@ -632,6 +640,7 @@ DICT *dict_memcache_open(const char *name, int open_flags, int dict_flags) dict_mc->dict.flags |= DICT_FLAG_MULTI_WRITER; +#ifdef USE_TLS if (*dict_mc->key_digest && dict_mc->key_dgst_eng == 0) { /* See above for ossl_digest_new() error detection. */ DICT *d = dict_surrogate(DICT_TYPE_MEMCACHE, name, @@ -642,5 +651,16 @@ DICT *dict_memcache_open(const char *name, int open_flags, int dict_flags) dict_memcache_close(&dict_mc->dict); return (d); } +#else + if (*dict_mc->key_digest) { + DICT *d = dict_surrogate(DICT_TYPE_MEMCACHE, name, + open_flags, dict_flags, "%s support " + "requires build with -DUSE_TLS", + DICT_MC_NAME_KEY_DGST); + + dict_memcache_close(&dict_mc->dict); + return (d); + } +#endif return (&dict_mc->dict); } diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index 6032ea39a..a0da78d1a 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -394,6 +394,9 @@ const char null_format_string[1] = ""; * Compatibility level 3.11. */ int warn_compat_break_smtp_tlsrpt_skip_reused_hs; +int warn_compat_break_smtp_tls_level; +int warn_compat_break_lmtp_tls_level; +int warn_compat_break_tlsp_clnt_level; /* * Compatibility level 3.6. @@ -665,6 +668,17 @@ static void check_legacy_defaults(void) * Each incompatible change has its own flag variable, instead of bit in a * shared variable. We don't want to rip up code when we need more flag * bits. + * + * Note: the purpose of these mail_conf_lookup() calls is to detect if a + * parameter value is not specified. The calls must happen before + * parameter default settings are enforced with mail_conf_update(). + * + * The preferred flow is: 1) in mail_params.h, specify a configuration + * parameter default value that depends on the compatibility level; 2) + * below, set a flag to indicate that the parameter will be set to the + * legacy default value; 3) in the program-specific code, log a message + * when the legacy default value is actually used, and optionally clear + * the flag to avoid spamming the log. */ /* @@ -672,8 +686,16 @@ static void check_legacy_defaults(void) * compatibility level changed to 3.11. */ if (compat_level < compat_level_from_string(COMPAT_LEVEL_3_11, msg_panic)) { +#ifdef USE_TLS if (mail_conf_lookup(VAR_SMTP_TLSRPT_SKIP_REUSED_HS) == 0) warn_compat_break_smtp_tlsrpt_skip_reused_hs = 1; + if (mail_conf_lookup(VAR_SMTP_TLS_LEVEL) == 0) + warn_compat_break_smtp_tls_level = 1; + if (mail_conf_lookup(VAR_LMTP_TLS_LEVEL) == 0) + warn_compat_break_lmtp_tls_level = 1; + if (mail_conf_lookup(VAR_TLSP_CLNT_LEVEL) == 0) + warn_compat_break_tlsp_clnt_level = 1; +#endif } /* diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 15cc2469e..690256a60 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -61,6 +61,9 @@ extern bool var_show_unk_rcpt_table; #define DEF_COMPAT_LEVEL COMPAT_LEVEL_0 extern char *var_compatibility_level; + /* + * See comment in mail_params.c. + */ extern int warn_compat_break_app_dot_mydomain; extern int warn_compat_break_smtputf8_enable; extern int warn_compat_break_chroot; @@ -77,6 +80,9 @@ extern int warn_compat_relay_before_rcpt_checks; extern int warn_compat_respectful_logging; extern int warn_compat_break_smtp_tlsrpt_skip_reused_hs; +extern int warn_compat_break_smtp_tls_level; +extern int warn_compat_break_lmtp_tls_level; +extern int warn_compat_break_tlsp_clnt_level; extern long compat_level; @@ -1469,9 +1475,16 @@ extern bool var_smtp_tls_enforce_peername; extern bool var_smtp_tls_wrappermode; #define VAR_SMTP_TLS_LEVEL "smtp_tls_security_level" -#define DEF_SMTP_TLS_LEVEL "" #define VAR_LMTP_TLS_LEVEL "lmtp_tls_security_level" +#ifdef USE_TLS +#define DEF_SMTP_TLS_LEVEL "${{$compatibility_level} = 3.11: may; Postfix < 3.11: empty)\fR" /* The default SMTP TLS security level for the Postfix SMTP client. /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" /* The SASL authentication security options that the Postfix SMTP @@ -647,10 +647,9 @@ /* .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR" /* The pathname of a UNIX-domain datagram socket that is managed /* by a local TLSRPT reporting service. -/* .IP "\fBsmtp_tlsrpt_skip_reused_handshakes (yes)\fR" -/* Do not report the TLSRPT status for TLS protocol handshakes -/* that reuse a previously-negotiated TLS session (there is no new -/* information to report). +/* .IP "\fBsmtp_tlsrpt_skip_reused_handshakes (Postfix >= 3.11: no, Postfix 3.10: yes)\fR" +/* When set to "yes", report the TLSRPT status only for "new" TLS +/* sessions. /* .IP "\fBtls_required_enable (yes)\fR" /* Enable support for the "TLS-Required: no" message header, defined /* in RFC 8689. @@ -1549,6 +1548,12 @@ static void pre_init(char *unused_name, char **unused_argv) VAR_LMTP_SMTP(SASL_ENABLE)); #endif +#ifdef USE_TLS + /* Postfix <= 3.10 backwards compatibility. */ + if (WARN_COMPAT_BREAK_LMTP_SMTP(tls_level)) + msg_info("using backwards-compatible default setting %s=(empty)", + VAR_LMTP_SMTP(TLS_LEVEL)); +#endif if (*var_smtp_tls_level != 0) switch (tls_level_lookup(var_smtp_tls_level)) { case TLS_LEV_SECURE: diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 7214661a6..16aad5c6c 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -765,6 +765,8 @@ extern int smtp_mode; #define VAR_LMTP_SMTP(x) (smtp_mode ? VAR_SMTP_##x : VAR_LMTP_##x) #define LMTP_SMTP_SUFFIX(x) (smtp_mode ? x##_SMTP : x##_LMTP) +#define WARN_COMPAT_BREAK_LMTP_SMTP(x) \ + (smtp_mode ? warn_compat_break_smtp_##x : warn_compat_break_lmtp_##x) /* * Parsed command-line attributes. These do not change during the process diff --git a/postfix/src/testing/dict_test_helper.c b/postfix/src/testing/dict_test_helper.c index 22474a25e..e46c24f1a 100644 --- a/postfix/src/testing/dict_test_helper.c +++ b/postfix/src/testing/dict_test_helper.c @@ -112,7 +112,7 @@ * TODO(wietse) make this a proper VSTREAM interface or test helper API. */ -/* vstream_swap - capture msg(3) output output for testing */ +/* vstream_swap - capture msg(3) output for testing */ static void vstream_swap(VSTREAM *one, VSTREAM *two) { @@ -157,7 +157,7 @@ char *dict_compose_spec(const char *dict_type, * A dictionary spec is formatted as "type:name", and a dictionary is * registered with dict_register() as "type:name(open_flags,dict_flags)". * The latter form is used to share dictionary instances that have the - * exact same same properties. + * exact same properties. * * Build the composite dictionary spec from the dict_type and component * dictionary specs, and build the list of component specs decorated with diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 5159d54a8..241f8e72d 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -1690,6 +1690,12 @@ static void pre_jail_init_client(void) */ tlsp_client_app_cache = htable_create(10); + /* Postfix <= 3.10 backwards compatibility. */ + if (warn_compat_break_tlsp_clnt_level + && warn_compat_break_smtp_tls_level) + msg_info("using backwards-compatible default setting " + VAR_TLSP_CLNT_LEVEL "=(empty)"); + /* * Most sites don't use TLS client certs/keys. In that case, enabling * tlsproxy-based connection caching is trivial.