From: Wietse Venema Date: Wed, 26 Dec 2018 05:00:00 +0000 (-0500) Subject: postfix-3.4-20181226-nonprod X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a625145ecc26b441b90d3edf0a2c89f1809c9c66;p=thirdparty%2Fpostfix.git postfix-3.4-20181226-nonprod --- diff --git a/postfix/.indent.pro b/postfix/.indent.pro index 6488e500c..40ba2bc9d 100644 --- a/postfix/.indent.pro +++ b/postfix/.indent.pro @@ -412,3 +412,4 @@ -Ttime_t -Ttlsa_filter -Tx509_stack_t +-Tpem_load_state diff --git a/postfix/README_FILES/TLS_README b/postfix/README_FILES/TLS_README index cd8a3fe2d..f0cddeb46 100644 --- a/postfix/README_FILES/TLS_README +++ b/postfix/README_FILES/TLS_README @@ -91,15 +91,21 @@ require a server certificate. For servers that are nnoott public Internet MX hosts, Postfix supports configurations with no certificates. This entails the use of just the anonymous -TLS ciphers, which are not supported by typical SMTP clients. Since such -clients will not, as a rule, fall back to plain text after a TLS handshake -failure, a certificate-less Postfix SMTP server will be unable to receive email -from most TLS enabled clients. To avoid accidental configurations with no -certificates, Postfix enables certificate-less operation only when the -administrator explicitly sets "smtpd_tls_cert_file = none". This ensures that -new Postfix SMTP server configurations will not accidentally run with no +TLS ciphers, which are not supported by typical SMTP clients. Since some +clients may not fall back to plain text after a TLS handshake failure, a +certificate-less Postfix SMTP server will be unable to receive email from some +TLS-enabled clients. To avoid accidental configurations with no certificates, +Postfix enables certificate-less operation only when the administrator +explicitly sets "smtpd_tls_cert_file = none". This ensures that new Postfix +SMTP server configurations will not accidentally enable TLS without certificates. +Note that server certificates are nnoott optional in TLS 1.3. To run without +certificates you'd have to disable the TLS 1.3 protocol by including '!TLSv1.3' +in "smtpd_tls_protocols" and perhaps also "smtpd_tls_mandatory_protocols". It +is simpler instead to just configure a certificate chain. Certificate-less +operation is not recommended. + RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. Most sites only have RSA certificates. You can configure all three at the same time, in which case the ciphersuite negotiated with the remote SMTP client determines which @@ -143,11 +149,9 @@ assume that the certificate for "server.example.com" was issued by any other digest of a CA certificate, but it is expected that SHA256 will be by far the most common digest for TLSA. - As a best practice, publish either "3 0 1" or "3 1 1" TLSA associations - that specify the SHA256 digest of the server certificate public key with - the alias-expanded hostname of each STARTTLS capable SMTP server. These - continue to work when a certificate is renewed with the same public/private - key pair. + As a best practice, publish "3 1 1" TLSA associations that specify the + SHA256 digest of the server's public key. These continue to work unmodified + when a certificate is renewed with the same public/private key pair. For instructions on how to compute the digest of a certificate or its public key for use in TLSA records, see the documentation of the @@ -168,6 +172,47 @@ $smtpd_tls_CAfile or install it in the $smtpd_tls_CApath directory. CCoonnffiigguurriinngg tthhee sseerrvveerr cceerrttiiffiiccaattee aanndd kkeeyy ffiilleess +Example: Postfix >= 3.4 all-in-one chain file(s). One or more chain files that +start with a key that is immediately followed by the corresponding certificate +and any additional issuer certificates. A single file can hold multiple (key, +cert, [chain]) sequences, one per algorithm. It is typically simpler to keep +the chain for each algorithm in its own file. Most users are likely to deploy +just a single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to +five chains, one each for RSA, ECDSA, ED25519, ED448 and even the obsolete DSA. + + # Postfix >= 3.4. Preferred configuration interface. Each file + # starts with the private key, followed by the corresponding + # certificate, and any intermediate issuer certificates. The root CA + # cert may also be needed when published as a DANE trust anchor. + # + smtpd_tls_chain_files = + /etc/postfix/rsa.pem, + /etc/postfix/ecdsa.pem, + /etc/postfix/ed25519.pem, + /etc/postfix/ed448.pem + +You can also store the keys separately from their certificates, again provided +each is listed before the corresponding certificate chain. Storing a key and +its associated certificate chain in separate files is not recommended, because +this is prone to race conditions during key rollover, as there is no way to +update multiple files atomically. + + # Postfix >= 3.4. + # Storing keys separately from the associated certificates is not + # recommended. + smtpd_tls_chain_files = + /etc/postfix/rsakey.pem, + /etc/postfix/rsacerts.pem, + /etc/postfix/ecdsakey.pem, + /etc/postfix/ecdsacerts.pem + +The below examples show the legacy algorithm-specific configurations for +Postfix 3.3 and older. With Postfix <= 3.3, even if the key is stored in the +same file as the certificate, the file is read twice and a (brief) race +condition still exists during key rollover. While Postfix >= 3.4 avoids the +race when the key and certificate are in the same file, you should use the new +"smtpd_tls_chain_files" interface shown above. + RSA key and certificate examples: /etc/postfix/main.cf: @@ -183,8 +228,8 @@ Their DSA counterparts: Their ECDSA counterparts (Postfix >= 2.6 + OpenSSL >= 1.0.0): /etc/postfix/main.cf: - # Most clients will not be ECDSA capable, so you will likely also need - # an RSA or DSA certificate and private key. + # Some clients will not be ECDSA capable, so you will likely still need + # an RSA certificate and private key. # smtpd_tls_eccert_file = /etc/postfix/server-ecdsa.pem smtpd_tls_eckey_file = $smtpd_tls_eccert_file @@ -193,6 +238,8 @@ TLS without certificates for servers serving exclusively anonymous-cipher capable clients: /etc/postfix/main.cf: + # Not recommended: breaks TLS 1.3 and clients that don't support + # anonymous cipher suites. smtpd_tls_cert_file = none To verify a remote SMTP client certificate, the Postfix SMTP server needs to @@ -606,7 +653,10 @@ source code. For a server that is not a public Internet MX host, Postfix supports configurations with no server certificates that use oonnllyy the anonymous ciphers. This is enabled by explicitly setting "smtpd_tls_cert_file = none" and not -specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file. +specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file. Such +configurations may not interoperate with some clients, and require that TLSv1.3 +be explicitly disabled. Therefore, they are not recommended, it is better and +simpler to just configure a suitable certificate. Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3, with high grade ciphers: @@ -622,6 +672,17 @@ ciphers: # Legacy syntax: smtpd_tls_mandatory_protocols = TLSv1 +With Postfix >= 3.4, specify instead a single file that holds the key followed +by the corresponding certificate and any associated issuing certificates, +leaving the "smtpd_tls_cert_file" and "smtpd_tls_key_file" and related DSA and +ECDSA parameters empty. + + /etc/postfix/main.cf: + smtpd_tls_chain_files = /etc/postfix/rsachain.pem + smtpd_tls_cert_file = + smtpd_tls_key_file = + ... + If you want to take maximal advantage of ciphers that offer forward secrecy see the Getting started section of FORWARD_SECRECY_README. The full document conveniently presents all information about Postfix forward secrecy support in @@ -826,7 +887,7 @@ interoperability and security guidelines. Despite the potential for eliminating passive eavesdropping attacks, mandatory TLS encryption is not viable as a default security level for mail delivery to -the public Internet. Most MX hosts do not support TLS at all, and some of those +the public Internet. Some MX hosts do not support TLS at all, and some of those that do have broken implementations. On a host that delivers mail to the Internet, you should not configure mandatory TLS encryption as the default security level. @@ -1153,8 +1214,8 @@ SMTP server, and any untrusted issuing parent certificates will be ignored. Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory certificate trust chain and subject name verification is not viable -as a default Internet mail delivery policy. Most MX hosts do not support TLS at -all, and a significant portion of TLS enabled MTAs use self-signed +as a default Internet mail delivery policy. Some MX hosts do not support TLS at +all, and a significant portion of TLS-enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure mandatory server certificate verification as a default policy. @@ -1214,8 +1275,8 @@ SMTP server, and any untrusted issuing parent certificates will be ignored. Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory secure server certificate verification is not viable as a default -Internet mail delivery policy. Most MX hosts do not support TLS at all, and a -significant portion of TLS enabled MTAs use self-signed certificates, or +Internet mail delivery policy. Some MX hosts do not support TLS at all, and a +significant portion of TLS-enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure secure TLS verification as a default policy. @@ -1337,17 +1398,18 @@ them. The recommended setting is to let the defaults stand: # Postfix >= 2.6 smtp_tls_eccert_file = smtp_tls_eckey_file = + # Postfix >= 3.4 + smtp_tls_chain_files = The best way to use the default settings is to comment out the above parameters in main.cf if present. During TLS startup negotiation the Postfix SMTP client may present a -certificate to the remote SMTP server. The Netscape client is rather clever -here and lets the user select between only those certificates that match CA -certificates offered by the remote SMTP server. As the Postfix SMTP client uses -the "SSL_connect()" function from the OpenSSL package, this is not possible and -we have to choose just one certificate. So for now the default is to use _no_ -certificate and key unless one is explicitly specified here. +certificate to the remote SMTP server. Browsers typically let the user select +among the certificates that match the CA names indicated by the remote SMTP +server. The Postfix SMTP client does not yet have a mechanism to select from +multiple candidate certificates on the fly, and supports a single set of +certificates (at most one per public key algorithm). RSA, DSA and ECDSA (Postfix >= 2.6) certificates are supported. You can configure all three at the same time, in which case the cipher used determines @@ -1359,28 +1421,76 @@ as the Postfix SMTP server. If a certificate is to be presented, it must be in accessible without password. Both parts (certificate and private key) may be in the same file. +With OpenSSL 1.1.1 and Postfix >= 3.4 it is also possible to configure Ed25519 +and Ed448 certificates. Rather than add two more pairs of key and certificate +parameters, Postfix 3.4 introduces a new "smtp_tls_chain_files" parameter which +specifies all the configured certificates at once, and handles files that hold +both the key and the associated certificates in one pass, thereby avoiding +potential race conditions during key rollover. + To enable remote SMTP servers to verify the Postfix SMTP client certificate, the issuing CA certificates must be made available to the server. You should include the required certificates in the client certificate file, the client certificate first, then the issuing CA(s) (bottom-up order). Example: the certificate for "client.example.com" was issued by "intermediate -CA" which itself has a certificate issued by "root CA". Create the client.pem -file with: +CA" which itself has a certificate issued by "root CA". As the "root" super- +user create the client.pem file with: - % ccaatt cclliieenntt__cceerrtt..ppeemm iinntteerrmmeeddiiaattee__CCAA..ppeemm >> cclliieenntt..ppeemm + # uummaasskk 007777 + # ccaatt cclliieenntt__kkeeyy..ppeemm cclliieenntt__cceerrtt..ppeemm iinntteerrmmeeddiiaattee__CCAA..ppeemm >> cchhaaiinn..ppeemm A Postfix SMTP client certificate supplied here must be usable as SSL client certificate and hence pass the "openssl verify -purpose sslclient ..." test. A server that trusts the root CA has a local copy of the root CA certificate, so it is not necessary to include the root CA certificate here. Leaving it out -of the "client.pem" file reduces the overhead of the TLS exchange. +of the "chain.pem" file reduces the overhead of the TLS exchange. If you want the Postfix SMTP client to accept remote SMTP server certificates issued by these CAs, append the root certificate to $smtp_tls_CAfile or install it in the $smtp_tls_CApath directory. +Example: Postfix >= 3.4 all-in-one chain file(s). One or more chain files that +start with a key that is immediately followed by the corresponding certificate +and any additional issuer certificates. A single file can hold multiple (key, +cert, [chain]) sequences, one per algorithm. It is typically simpler to keep +the chain for each algorithm in its own file. Most users are likely to deploy +at most a single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up +five chains, one each for RSA, ECDSA, ED25519, ED448 and even the obsolete DSA. + + # Postfix >= 3.4. Preferred configuration interface. Each file + # starts with the private key, followed by the corresponding + # certificate, and any intermediate issuer certificates. + # + smtp_tls_chain_files = + /etc/postfix/rsa.pem, + /etc/postfix/ecdsa.pem, + /etc/postfix/ed25519.pem, + /etc/postfix/ed448.pem + +You can also store the keys separately from their certificates, again provided +each is listed before the corresponding certificate chain. Storing a key and +its associated certificate chain in separate files is not recommended, because +this is prone to race conditions during key rollover, as there is no way to +update multiple files atomically. + + # Postfix >= 3.4. + # Storing keys separately from the associated certificates is not + # recommended. + smtp_tls_chain_files = + /etc/postfix/rsakey.pem, + /etc/postfix/rsacerts.pem, + /etc/postfix/ecdsakey.pem, + /etc/postfix/ecdsacerts.pem + +The below examples show the legacy algorithm-specific configurations for +Postfix 3.3 and older. With Postfix <= 3.3, even if the key is stored in the +same file as the certificate, the file is read twice and a (brief) race +condition still exists during key rollover. While Postfix >= 3.4 avoids the +race when the key and certificate are in the same file, you should use the new +"smtp_tls_chain_files" interface shown above. + RSA key and certificate examples: /etc/postfix/main.cf: @@ -1631,7 +1741,10 @@ mmaayy Opportunistic TLS. The optional "ciphers", "exclude" and "protocols" attributes (available for opportunistic TLS with Postfix >= 2.6) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" - configuration parameters. + configuration parameters. At this level and higher, the optional + "servername" attribute (available with Postfix >= 3.4) overrides the global + "smtp_tls_servername" parameter, enabling per-destination configuration of + the SNI extension sent to the remote SMTP server. eennccrryypptt Mandatory encryption. Mail is delivered only if the remote SMTP server offers STARTTLS and the TLS handshake succeeds. At this level and higher, @@ -2160,7 +2273,10 @@ SSeellff--ssiiggnneedd sseerrvveerr cceerrttiiffiiccaa The following commands (credits: Viktor Dukhovni) generate and install a 2048- bit RSA private key and 10-year self-signed certificate for the local Postfix -system. This requires super-user privileges. +system. This requires super-user privileges. (By using date-specific filenames +for the certificate and key files, and updating main.cf with new filenames, a +potential race condition in which the key and certificate might not match is +avoided). # dir="$(postconf -h config_directory)" # fqdn=$(postconf -h myhostname) diff --git a/postfix/html/TLS_README.html b/postfix/html/TLS_README.html index 4ba42b2b3..c1827b51c 100644 --- a/postfix/html/TLS_README.html +++ b/postfix/html/TLS_README.html @@ -167,17 +167,22 @@ or similar software, it will only negotiate TLS ciphersuites that require a server certificate.

For servers that are not public Internet MX hosts, Postfix -supports configurations with no certificates. This entails the -use of just the anonymous TLS ciphers, which are not supported by -typical SMTP clients. Since such clients will not, as a rule, fall -back to plain text after a TLS handshake failure, a certificate-less -Postfix SMTP server will -be unable to receive email from most TLS enabled clients. To avoid -accidental configurations with no certificates, Postfix enables -certificate-less operation only when the administrator explicitly sets -"smtpd_tls_cert_file = none". This ensures that new Postfix -SMTP server configurations will not accidentally run with no -certificates.

+supports configurations with no certificates. This entails the use of +just the anonymous TLS ciphers, which are not supported by typical SMTP +clients. Since some clients may not fall back to plain text after a TLS +handshake failure, a certificate-less Postfix SMTP server will be unable +to receive email from some TLS-enabled clients. To avoid accidental +configurations with no certificates, Postfix enables certificate-less +operation only when the administrator explicitly sets +"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server +configurations will not accidentally enable TLS without certificates.

+ +

Note that server certificates are not optional in TLS 1.3. To +run without certificates you'd have to disable the TLS 1.3 protocol by +including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also +"smtpd_tls_mandatory_protocols". It is simpler instead to just +configure a certificate chain. Certificate-less operation is not +recommended.

RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported. Most sites only have RSA certificates. You can configure all three @@ -239,11 +244,10 @@ applies to "2 0 2" and "2 1 2" TLSA records or any other digest of a CA certificate, but it is expected that SHA256 will be by far the most common digest for TLSA.

-

As a best practice, publish either "3 0 1" or "3 1 1" TLSA -associations that specify the SHA256 digest of the server certificate -public key with the alias-expanded hostname of each STARTTLS capable -SMTP server. These continue to work when a certificate is renewed -with the same public/private key pair.

+

As a best practice, publish "3 1 1" TLSA associations that specify +the SHA256 digest of the server's public key. These continue to work +unmodified when a certificate is renewed with the same public/private +key pair.

@@ -269,6 +273,58 @@ directory.

Configuring the server certificate and key files

+

Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more +chain files that start with a key that is immediately followed by the +corresponding certificate and any additional issuer certificates. A +single file can hold multiple (key, cert, [chain]) sequences, one +per algorithm. It is typically simpler to keep the chain for each +algorithm in its own file. Most users are likely to deploy just a +single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to +five chains, one each for RSA, ECDSA, ED25519, ED448 and even the +obsolete DSA.

+ +
+
+    # Postfix ≥ 3.4.  Preferred configuration interface.  Each file
+    # starts with the private key, followed by the corresponding
+    # certificate, and any intermediate issuer certificates. The root CA
+    # cert may also be needed when published as a DANE trust anchor.
+    #
+    smtpd_tls_chain_files =
+        /etc/postfix/rsa.pem,
+        /etc/postfix/ecdsa.pem,
+        /etc/postfix/ed25519.pem,
+        /etc/postfix/ed448.pem
+
+
+ +

You can also store the keys separately from their certificates, again +provided each is listed before the corresponding certificate chain. Storing a +key and its associated certificate chain in separate files is not recommended, +because this is prone to race conditions during key rollover, as there is no +way to update multiple files atomically.

+ +
+
+    # Postfix ≥ 3.4.
+    # Storing keys separately from the associated certificates is not
+    # recommended.
+    smtpd_tls_chain_files =
+        /etc/postfix/rsakey.pem,
+        /etc/postfix/rsacerts.pem,
+        /etc/postfix/ecdsakey.pem,
+        /etc/postfix/ecdsacerts.pem
+
+
+ +

The below examples show the legacy algorithm-specific configurations +for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is +stored in the same file as the certificate, the file is read twice and a +(brief) race condition still exists during key rollover. While Postfix +≥ 3.4 avoids the race when the key and certificate are in the same +file, you should use the new "smtpd_tls_chain_files" interface shown +above.

+

RSA key and certificate examples:

@@ -294,8 +350,8 @@ directory. 

 /etc/postfix/main.cf:
-    # Most clients will not be ECDSA capable, so you will likely also need
-    # an RSA or DSA certificate and private key.
+    # Some clients will not be ECDSA capable, so you will likely still need
+    # an RSA certificate and private key.
     #
     smtpd_tls_eccert_file = /etc/postfix/server-ecdsa.pem
     smtpd_tls_eckey_file = $smtpd_tls_eccert_file
@@ -308,6 +364,8 @@ anonymous-cipher capable clients: 

 

 
 /etc/postfix/main.cf:
+    # Not recommended: breaks TLS 1.3 and clients that don't support
+    # anonymous cipher suites.
     smtpd_tls_cert_file = none
 
  
 

@@ -854,7 +912,11 @@ without corresponding changes to the Postfix source code. 

 supports configurations with no server
 certificates that use only the anonymous ciphers. This is
 enabled by explicitly setting "smtpd_tls_cert_file = none"
-and not specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file. 

+and not specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file.
+Such configurations may not interoperate with some clients, and require
+that TLSv1.3 be explicitly disabled. Therefore, they are not
+recommended, it is better and simpler to just configure a suitable
+certificate. 

 
 
 Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
 with high grade ciphers: 

@@ -874,6 +936,21 @@ with high grade ciphers:
+

With Postfix ≥ 3.4, specify instead a single file that holds the +key followed by the corresponding certificate and any associated issuing +certificates, leaving the "smtpd_tls_cert_file" and "smtpd_tls_key_file" +and related DSA and ECDSA parameters empty.

+ +
+
+/etc/postfix/main.cf:
+    smtpd_tls_chain_files = /etc/postfix/rsachain.pem
+    smtpd_tls_cert_file =
+    smtpd_tls_key_file =
+    ...
+
+
+

If you want to take maximal advantage of ciphers that offer forward secrecy see the Getting @@ -1140,7 +1217,7 @@ parameters includes useful interoperability and security guidelines.

Despite the potential for eliminating passive eavesdropping attacks, mandatory TLS encryption is not viable as a default security level for -mail delivery to the public Internet. Most MX hosts do not support TLS at +mail delivery to the public Internet. Some MX hosts do not support TLS at all, and some of those that do have broken implementations. On a host that delivers mail to the Internet, you should not configure mandatory TLS encryption as the default security level.

@@ -1540,8 +1617,8 @@ parent certificates will be ignored.

Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory certificate trust chain and subject name verification -is not viable as a default Internet mail delivery policy. Most MX hosts -do not support TLS at all, and a significant portion of TLS enabled +is not viable as a default Internet mail delivery policy. Some MX hosts +do not support TLS at all, and a significant portion of TLS-enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure mandatory server certificate @@ -1614,8 +1691,8 @@ parent certificates will be ignored.

Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory secure server certificate verification is not -viable as a default Internet mail delivery policy. Most MX hosts -do not support TLS at all, and a significant portion of TLS enabled +viable as a default Internet mail delivery policy. Some MX hosts +do not support TLS at all, and a significant portion of TLS-enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure secure TLS verification @@ -1776,24 +1853,24 @@ well without them. The recommended setting is to let the defaults stand:

# Postfix ≥ 2.6 smtp_tls_eccert_file = smtp_tls_eckey_file = + # Postfix ≥ 3.4 + smtp_tls_chain_files =

The best way to use the default settings is to comment out the above parameters in main.cf if present.

-

During TLS startup negotiation the Postfix SMTP client may present -a certificate to the remote SMTP server. The Netscape client is -rather clever here and lets the user select between only those -certificates that match CA certificates offered by the remote SMTP -server. As the Postfix SMTP client uses the "SSL_connect()" function -from the OpenSSL package, this is not possible and we have to choose -just one certificate. So for now the default is to use _no_ -certificate and key unless one is explicitly specified here.

+

During TLS startup negotiation the Postfix SMTP client may present a +certificate to the remote SMTP server. Browsers typically let the user +select among the certificates that match the CA names indicated by the +remote SMTP server. The Postfix SMTP client does not yet have a mechanism +to select from multiple candidate certificates on the fly, and supports a +single set of certificates (at most one per public key algorithm).

RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported. You can configure all three at the same time, in which case the -cipher used determines which certificate is presented.

+cipher used determines which certificate is presented.

It is possible for the Postfix SMTP client to use the same key/certificate pair as the Postfix SMTP server. If a certificate @@ -1802,6 +1879,14 @@ must not be encrypted, meaning: it must be accessible without password. Both parts (certificate and private key) may be in the same file.

+

With OpenSSL 1.1.1 and Postfix ≥ 3.4 it is also possible to +configure Ed25519 and Ed448 certificates. Rather than add two more +pairs of key and certificate parameters, Postfix 3.4 introduces a new +"smtp_tls_chain_files" parameter which specifies all the configured +certificates at once, and handles files that hold both the key and the +associated certificates in one pass, thereby avoiding potential race +conditions during key rollover.

+

To enable remote SMTP servers to verify the Postfix SMTP client certificate, the issuing CA certificates must be made available to the server. You should include the required certificates in the client @@ -1810,11 +1895,12 @@ CA(s) (bottom-up order).

Example: the certificate for "client.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". -Create the client.pem file with:

+As the "root" super-user create the client.pem file with: 

-% cat client_cert.pem intermediate_CA.pem > client.pem 
+# umask 077
+# cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem
@@ -1824,13 +1910,64 @@ sslclient ..." test.

A server that trusts the root CA has a local copy of the root CA certificate, so it is not necessary to include the root CA -certificate here. Leaving it out of the "client.pem" file reduces +certificate here. Leaving it out of the "chain.pem" file reduces the overhead of the TLS exchange.

If you want the Postfix SMTP client to accept remote SMTP server certificates issued by these CAs, append the root certificate to $smtp_tls_CAfile or install it in the $smtp_tls_CApath directory.

+

Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more +chain files that start with a key that is immediately followed by the +corresponding certificate and any additional issuer certificates. A +single file can hold multiple (key, cert, [chain]) sequences, one +per algorithm. It is typically simpler to keep the chain for each +algorithm in its own file. Most users are likely to deploy at most a +single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up +five chains, one each for RSA, ECDSA, ED25519, ED448 and even the +obsolete DSA.

+ +
+
+    # Postfix ≥ 3.4.  Preferred configuration interface.  Each file
+    # starts with the private key, followed by the corresponding
+    # certificate, and any intermediate issuer certificates.
+    #
+    smtp_tls_chain_files =
+        /etc/postfix/rsa.pem,
+        /etc/postfix/ecdsa.pem,
+        /etc/postfix/ed25519.pem,
+        /etc/postfix/ed448.pem
+
+
+ +

You can also store the keys separately from their certificates, again +provided each is listed before the corresponding certificate chain. Storing a +key and its associated certificate chain in separate files is not recommended, +because this is prone to race conditions during key rollover, as there is no +way to update multiple files atomically.

+ +
+
+    # Postfix ≥ 3.4.
+    # Storing keys separately from the associated certificates is not
+    # recommended.
+    smtp_tls_chain_files =
+        /etc/postfix/rsakey.pem,
+        /etc/postfix/rsacerts.pem,
+        /etc/postfix/ecdsakey.pem,
+        /etc/postfix/ecdsacerts.pem
+
+
+ +

The below examples show the legacy algorithm-specific configurations +for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is +stored in the same file as the certificate, the file is read twice and a +(brief) race condition still exists during key rollover. While Postfix +≥ 3.4 avoids the race when the key and certificate are in the same +file, you should use the new "smtp_tls_chain_files" interface shown +above.

+

RSA key and certificate examples:

@@ -2144,7 +2281,10 @@ additional attributes are supported at this level. The optional "ciphers", "exclude" and "protocols" attributes (available for opportunistic TLS with Postfix ≥ 2.6) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" -configuration parameters. +configuration parameters. At this level and higher, the optional +"servername" attribute (available with Postfix ≥ 3.4) overrides the +global "smtp_tls_servername" parameter, enabling per-destination +configuration of the SNI extension sent to the remote SMTP server.
encrypt
Mandatory encryption. Mail is delivered only if the remote SMTP server offers STARTTLS @@ -2830,6 +2970,9 @@ DANE TLSA records. See the postfix-tls(1) docu

The following commands (credits: Viktor Dukhovni) generate and install a 2048-bit RSA private key and 10-year self-signed certificate for the local Postfix system. This requires super-user privileges. +(By using date-specific filenames for the certificate and key files, +and updating main.cf with new filenames, a potential race condition +in which the key and certificate might not match is avoided).

diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 2ac36e297..4bba215ad 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -578,6 +578,14 @@ SMTP(8) SMTP(8) smtp_tls_connection_reuse (no) Try to make multiple deliveries per TLS-encrypted connection. + smtp_tls_chain_files (empty) + List of one or more PEM files, each holding one or more private + keys directly followed by a corresponding certificate chain. + + smtp_tls_servername (empty) + Optional name to send to the remote SMTP server in the TLS + Server Name Indication (SNI) extension. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff --git a/postfix/html/mailq.1.html b/postfix/html/mailq.1.html index fa4e4828a..0d416c931 100644 --- a/postfix/html/mailq.1.html +++ b/postfix/html/mailq.1.html @@ -314,7 +314,7 @@ SENDMAIL(1) SENDMAIL(1) line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble shoot a Postfix + The DEBUG_README file gives examples of how to troubleshoot a Postfix system. debugger_command (empty) diff --git a/postfix/html/newaliases.1.html b/postfix/html/newaliases.1.html index fa4e4828a..0d416c931 100644 --- a/postfix/html/newaliases.1.html +++ b/postfix/html/newaliases.1.html @@ -314,7 +314,7 @@ SENDMAIL(1) SENDMAIL(1) line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble shoot a Postfix + The DEBUG_README file gives examples of how to troubleshoot a Postfix system. debugger_command (empty) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index decaaa4ce..9abc9f8f1 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -1952,7 +1952,7 @@ is no maximum, it doesn't make much sense to use values above say

The only reason why the value of 2 is not the default is the way this parameter affects the delivery of mailing-list mail. In the -worst case, their delivery can take somewhere between (cost+1/cost) +worst case, delivery can take somewhere between (cost+1/cost) and (cost/cost-1) times more than if the preemptive scheduler was disabled. The default value of 5 turns out to provide reasonable message response times while making sure the mailing-list deliveries @@ -5188,6 +5188,17 @@ configuration parameter. See there for details.

This feature is available in Postfix 2.3 and later.

+
+ +
lmtp_tls_chain_files +(default: empty)
+ +

The LMTP-specific version of the smtp_tls_chain_files configuration +parameter. See there for details.

+ +

This feature is available in Postfix 3.4 and later.

+ +
lmtp_tls_ciphers @@ -5443,6 +5454,17 @@ parameter. See there for details.

This feature is available in Postfix 2.3 and later.

+ + +
lmtp_tls_servername +(default: empty)
+ +

The LMTP-specific version of the smtp_tls_servername configuration +parameter. See there for details.

+ +

This feature is available in Postfix 3.4 and later.

+ +
lmtp_tls_session_cache_database @@ -6079,7 +6101,7 @@ it easier to specify shell syntax (see example below).

If you can, avoid shell meta characters because they will force Postfix to run an expensive shell process. If you're delivering -via Procmail then running a shell won't make a noticeable difference +via "procmail" then running a shell won't make a noticeable difference in the total cost.

@@ -6360,7 +6382,7 @@ Example:

Optional list of user names that are not subjected to address -masquerading, even when their address matches $masquerade_domains. +masquerading, even when their addresses match $masquerade_domains.

@@ -7685,7 +7707,7 @@ to the configured before/after 220 greeting tests. 

 /etc/postfix/main.cf:
     postscreen_access_list = permit_mynetworks,
-                cidr:/etc/postfix/postscreen_access.cidr
+        cidr:/etc/postfix/postscreen_access.cidr
     postscreen_blacklist_action = enforce
@@ -10174,8 +10196,8 @@ files in the compiled-in default $shli

Display the name of the recipient table in the "User unknown" -responses. The extra detail makes trouble shooting easier but also -reveals information that is nobody elses business. +responses. The extra detail makes troubleshooting easier but also +reveals information that is nobody else's business.

@@ -11873,7 +11895,7 @@ chroot jail. If the number of trusted roots is large, consider using present in the chroot jail if the smtp(8) client is chrooted. This file may also be used to augment the client certificate trust chain, but it is best to include all the required certificates directly in -$smtp_tls_cert_file.

+$smtp_tls_cert_file (or, Postfix ≥ 3.4 $smtp_tls_chain_files).

Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use ONLY the system-supplied default Certification Authority certificates. @@ -11944,9 +11966,10 @@ the Postfix SMTP client TLS session.

(default: empty)

File with the Postfix SMTP client RSA certificate in PEM format. -This file may also contain the Postfix SMTP client private RSA key, -and these may be the same as the Postfix SMTP server RSA certificate and key -file.

+This file may also contain the Postfix SMTP client private RSA key, and +these may be the same as the Postfix SMTP server RSA certificate and key +file. With Postfix ≥ 3.4 the preferred way to configure client keys +and certificates is via the "smtp_tls_chain_files" parameter.

Do not configure client certificates unless you must present client TLS certificates to one or more servers. Client certificates are @@ -11957,10 +11980,13 @@ well without them. The recommended setting is to let the defaults stand: 

 smtp_tls_cert_file =
 smtp_tls_key_file =
-smtp_tls_dcert_file =
-smtp_tls_dkey_file =
 smtp_tls_eccert_file =
 smtp_tls_eckey_file =
+# Obsolete DSA parameters
+smtp_tls_dcert_file =
+smtp_tls_dkey_file =
+# Postfix ≥ 3.4 interface
+smtp_tls_chain_files =
@@ -11975,13 +12001,19 @@ CA(s) (bottom-up order).

Example: the certificate for "client.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". -Create the client.pem file with "cat client_cert.pem intermediate_CA.pem -root_CA.pem > client.pem".

+As the "root" super-user create the client.pem file with:

+ +
+
+# umask 077
+# cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem 
+
+

If you also want to verify remote SMTP server certificates issued by these CAs, you can add the CA certificates to the smtp_tls_CAfile, in which case it is not necessary to have them in the smtp_tls_cert_file, -smtp_tls_dcert_file or smtp_tls_eccert_file.

+smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file.

A certificate supplied here must be usable as an SSL client certificate and hence pass the "openssl verify -purpose sslclient ..." test.

@@ -11989,12 +12021,164 @@ and hence pass the "openssl verify -purpose sslclient ..." test.

Example: 

-smtp_tls_cert_file = /etc/postfix/client.pem
+smtp_tls_cert_file = /etc/postfix/chain.pem

This feature is available in Postfix 2.2 and later.

+ + +
smtp_tls_chain_files +(default: empty)
+ +

List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm-specific key and certificate file settings. When this +parameter is non-empty, the legacy parameters are ignored, and a warning +is logged if any are also non-empty.

+ +

With the proliferation of multiple private key algorithms—which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448—it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. + +

Each key must appear immediately before the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: key1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].

+ +

Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key.

+ +

The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or an configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve.

+ +

+Example (separate files for each key and corresponding certificate chain): +

+
+
+/etc/postfix/main.cf:
+    smtp_tls_chain_files =
+        ${config_directory}/ed25519.pem,
+        ${config_directory}/ed448.pem,
+        ${config_directory}/rsa.pem
+
+
+ +
+
+/etc/postfix/ed25519.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/ed448.pem:
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/rsa.pem:
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

+Example (all keys and certificates in a single file): +

+
+
+/etc/postfix/main.cf:
+    smtp_tls_chain_files = ${config_directory}/chains.pem
+
+
+ +
+
+/etc/postfix/chains.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

This feature is available in Postfix 3.4 and later.

+ +
smtp_tls_cipherlist @@ -12098,7 +12282,8 @@ policy is backwards-compatible with earlier Postfix versions. (default: empty)

File with the Postfix SMTP client DSA certificate in PEM format. -This file may also contain the Postfix SMTP client private DSA key.

+This file may also contain the Postfix SMTP client private DSA key. +The DSA algorithm is obsolete and should not be used.

See the discussion under smtp_tls_cert_file for more details.

@@ -12119,7 +12304,8 @@ This file may also contain the Postfix SMTP client private DSA key.

File with the Postfix SMTP client DSA private key in PEM format. This file may be combined with the Postfix SMTP client DSA certificate -file specified with $smtp_tls_dcert_file.

+file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete +and should not be used.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -12135,7 +12321,9 @@ to anyone else.

(default: empty)

File with the Postfix SMTP client ECDSA certificate in PEM format. -This file may also contain the Postfix SMTP client ECDSA private key.

+This file may also contain the Postfix SMTP client ECDSA private key. +With Postfix ≥ 3.4 the preferred way to configure client keys and +certificates is via the "smtp_tls_chain_files" parameter.

See the discussion under smtp_tls_cert_file for more details.

@@ -12156,8 +12344,10 @@ compiled and linked with OpenSSL 1.0.0 or later.

(default: $smtp_tls_eccert_file)

File with the Postfix SMTP client ECDSA private key in PEM format. -This file may be combined with the Postfix SMTP client ECDSA -certificate file specified with $smtp_tls_eccert_file.

+This file may be combined with the Postfix SMTP client ECDSA certificate +file specified with $smtp_tls_eccert_file. With Postfix ≥ 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -12407,7 +12597,9 @@ are not prepared to handle the new TLSA RRset.

File with the Postfix SMTP client RSA private key in PEM format. This file may be combined with the Postfix SMTP client RSA certificate -file specified with $smtp_tls_cert_file.

+file specified with $smtp_tls_cert_file. With Postfix ≥ 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -13185,6 +13377,42 @@ Examples:

This feature is available in Postfix 2.3 and later.

+
+ +
smtp_tls_servername +(default: empty)
+ +

Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. The SNI extension is always on when +DANE is used to authenticate the server, and in that case the SNI name +sent is the one required by RFC7672 and this parameter is ignored.

+ +

Some SMTP servers use the received SNI name to select an appropriate +certificate chain to present to the client. While this may improve +interoperability with such servers, it may reduce interoperability with +other servers that choose to abort the connection when they don't have a +certificate chain configured for the requested name. Such servers +should select a default certificate chain and continue the handshake, +but some may not. Therefore, absent DANE, no SNI name is sent by +default.

+ +

The SNI name must be either a valid DNS hostname, or else one of the +special values hostname or nexthop, which select either the +remote hostname or the nexthop domain respectively. DNS names for SNI must be +in A-label (punycode) form. Invalid DNS names log a configuration error +warning and mail delivery is deferred.

+ +

Except when using a relayhost to forward all email, the only +sensible non-empty main.cf setting for this parameter is +hostname. Other non-empty values are only practical on a +per-destination basis via the servername attribute of the Postfix +TLS policy table. When +in doubt, leave this parameter empty, and configure per-destination SNI +as needed.

+ +

This feature is available in Postfix 3.4 and later.

+ +
smtp_tls_session_cache_database @@ -16497,7 +16725,9 @@ but not any CAs it delegates to.

(default: empty)

File with the Postfix SMTP server RSA certificate in PEM format. -This file may also contain the Postfix SMTP server private RSA key.

+This file may also contain the Postfix SMTP server private RSA key. +With Postfix ≥ 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter.

Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a @@ -16506,15 +16736,22 @@ able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate.

For servers that are not public Internet MX hosts, Postfix -2.3 supports configurations with no certificates. This entails the -use of just the anonymous TLS ciphers, which are not supported by -typical SMTP clients. Since such clients will not, as a rule, fall -back to plain text after a TLS handshake failure, the server will -be unable to receive email from TLS enabled clients. To avoid -accidental configurations with no certificates, Postfix 2.3 enables -certificate-less operation only when the administrator explicitly -sets "smtpd_tls_cert_file = none". This ensures that new Postfix -configurations will not accidentally run with no certificates.

+supports configurations with no certificates. This entails the use of +just the anonymous TLS ciphers, which are not supported by typical SMTP +clients. Since some clients may not fall back to plain text after a TLS +handshake failure, a certificate-less Postfix SMTP server will be unable +to receive email from some TLS-enabled clients. To avoid accidental +configurations with no certificates, Postfix enables certificate-less +operation only when the administrator explicitly sets +"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server +configurations will not accidentally enable TLS without certificates.

+ +

Note that server certificates are not optional in TLS 1.3. To run +without certificates you'd have to disable the TLS 1.3 protocol by +including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also +"smtpd_tls_mandatory_protocols". It is simpler instead to just +configure a certificate chain. Certificate-less operation is not +recommended.

Both RSA and DSA certificates are supported. When both types are present, the cipher used determines which certificate will be @@ -16534,8 +16771,8 @@ root_CA.pem > server.pem".

If you also want to verify client certificates issued by these CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which -case it is not necessary to have them in the smtpd_tls_cert_file or -smtpd_tls_dcert_file.

+case it is not necessary to have them in the smtpd_tls_cert_file, +smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file.

A certificate supplied here must be usable as an SSL server certificate and hence pass the "openssl verify -purpose sslserver ..." test.

@@ -16549,6 +16786,164 @@ and hence pass the "openssl verify -purpose sslserver ..." test.

This feature is available in Postfix 2.2 and later.

+
+ +
smtpd_tls_chain_files +(default: empty)
+ +

List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm-specific key and certificate file settings. When this +parameter is non-empty, the legacy parameters are ignored, and a warning +is logged if any are also non-empty.

+ +

With the proliferation of multiple private key algorithms—which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448—it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. + +

Each key must appear immediately before the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: key1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].

+ +

Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key.

+ +

The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or an configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve.

+ +

RSA is still the most widely supported algorithm. Presently (late +2018), ECDSA support is common, but not yet universal, and Ed25519 and +Ed448 support is mostly absent. Therefore, an RSA key should generally +be configured, along with any additional keys for the other algorithms +when desired.

+ +

+Example (separate files for each key and corresponding certificate chain): +

+
+
+/etc/postfix/main.cf:
+    smtpd_tls_chain_files =
+        ${config_directory}/ed25519.pem,
+        ${config_directory}/ed448.pem,
+        ${config_directory}/rsa.pem
+
+
+ +
+
+/etc/postfix/ed25519.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/ed448.pem:
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/rsa.pem:
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

+Example (all keys and certificates in a single file): +

+
+
+/etc/postfix/main.cf:
+    smtpd_tls_chain_files = ${config_directory}/chains.pem
+
+
+ +
+
+/etc/postfix/chains.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

This feature is available in Postfix 3.4 and later.

+ +
smtpd_tls_cipherlist @@ -16597,7 +16992,8 @@ and opportunistic TLS always uses "export" or better (i.e. all) ciphers.

(default: empty)

File with the Postfix SMTP server DSA certificate in PEM format. -This file may also contain the Postfix SMTP server private DSA key.

+This file may also contain the Postfix SMTP server private DSA key. +The DSA algorithm is obsolete and should not be used.

See the discussion under smtpd_tls_cert_file for more details.

@@ -16684,7 +17080,8 @@ configuration parameter.

File with the Postfix SMTP server DSA private key in PEM format. This file may be combined with the Postfix SMTP server DSA certificate -file specified with $smtpd_tls_dcert_file.

+file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete +and should not be used.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -16700,7 +17097,9 @@ to anyone else.

(default: empty)

File with the Postfix SMTP server ECDSA certificate in PEM format. -This file may also contain the Postfix SMTP server private ECDSA key.

+This file may also contain the Postfix SMTP server private ECDSA key. +With Postfix ≥ 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter.

See the discussion under smtpd_tls_cert_file for more details.

@@ -16721,7 +17120,9 @@ compiled and linked with OpenSSL 1.0.0 or later.

File with the Postfix SMTP server ECDSA private key in PEM format. This file may be combined with the Postfix SMTP server ECDSA certificate -file specified with $smtpd_tls_eccert_file.

+file specified with $smtpd_tls_eccert_file. With Postfix ≥ 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -16930,7 +17331,9 @@ to Postfix 2.9.6 or later.

File with the Postfix SMTP server RSA private key in PEM format. This file may be combined with the Postfix SMTP server RSA certificate -file specified with $smtpd_tls_cert_file.

+file specified with $smtpd_tls_cert_file. With Postfix ≥ 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -18218,6 +18621,76 @@ gives timeout errors.

This feature is available in Postfix 2.2 and later.

+
+ +
tls_server_sni_maps +(default: empty)
+ +

Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. This parameter is implemented +in the Postfix TLS library, and applies to both smtpd(8) and the SMTP +server mode of tlsproxy(8).

+ +

The lookup key is either the verbatim SNI domain name or a an +ancestor domain prefixed with a leading dot. For internationalized +domains, the lookup key must be in IDNA 2008 A-label form (as +required in the TLS SNI extension).

+ +

The mapping from an SNI domain name to a certificate chain is +typically indirect. In the input source files for "cdb", "hash", +"btree" or other tables that are converted to on-disk indexed files +via postmap(1), the value specified for each key is a list of +filenames. When postmap(1) is used with the -F option, the +generated table stores for each lookup key the base64-encoded +contents of the associated files. When querying tables via postmap +-Fq, the table value is decoded from base64, yielding the original +file content, plus a new line.

+ +

With "regexp", "pcre", "inline", "texthash", "static" and similar +tables that are interpreted at run-time, and don't have a separate +source format, the table value is again a list files, that are read-in +when the table is opened.

+ +

Thus, for example:

+ +
+
+$ postmap -Fq "" static:/etc/postfix/chain.pem | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+
+
+ +

produces the same output as:

+ +
+
+$ (cat /etc/postfix/chain.pem; echo) | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+
+
+ +

With tables whose content is managed outside of Postfix, such +as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a +concatenation of the desired PEM keys and certificate chains, that +is then further encoded to yield a single-line base64 string. +Creation of such tables and secure storage are outside the +responsibility of Postfix. With "socketmap" and "tcp" the data +would be transmitted in the clear. With LDAP and SQL, you should +generally use TLS to protect the sensitive data in transit.

+ +

Typically there is only private key and its chain of certificates +starting with the "leaf" certificate corresponding to that key, and +continuing with the appropriate intermediate issuer CA certificates, +with each certificate ideally followed by its issuer. Servers +that have keys and certificates for more than one algorithm (e.g. +both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519) +can use multiple chains concatenated together, with the key always +listed before the corresponding certificates.

+ +

This feature is available in Postfix 3.4 and later.

+ +
tls_session_ticket_cipher @@ -18402,7 +18875,20 @@ server certificate. See smtp_tls_CApat (default: $smtp_tls_cert_file)

File with the Postfix tlsproxy(8) client RSA certificate in PEM -format. See smtp_tls_cert_file for further details.

+format. See smtp_tls_cert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

+ +

This feature is available in Postfix 3.4 and later.

+ + +
+ +
tlsproxy_client_chain_files +(default: $smtp_tls_chain_files)
+ +

Files with the Postfix tlsproxy(8) client keys and certificate +chains in PEM format. See smtp_tls_chain_files for further details.

This feature is available in Postfix 3.4 and later.

@@ -18413,7 +18899,8 @@ format. See smtp_tls_cert_file (default: $smtp_tls_dcert_file)

File with the Postfix tlsproxy(8) client DSA certificate in PEM -format. See smtp_tls_dcert_file for further details.

+format. See smtp_tls_dcert_file for further details. DSA is obsolete and +should not be used.

This feature is available in Postfix 3.4 and later.

@@ -18424,7 +18911,8 @@ format. See smtp_tls_dcert_filesmtp_tls_dkey_file)

File with the Postfix tlsproxy(8) client DSA private key in PEM -format. See smtp_tls_dkey_file for further details.

+format. See smtp_tls_dkey_file for further details. DSA is obsolete and +should not be used.

This feature is available in Postfix 3.4 and later.

@@ -18434,8 +18922,10 @@ format. See smtp_tls_dkey_file
tlsproxy_client_eccert_file (default: $smtp_tls_eccert_file)
-

File with the Postfix tlsproxy(8) client ECDSA certificate in -PEM format. See smtp_tls_eccert_file for further details.

+

File with the Postfix tlsproxy(8) client ECDSA certificate in PEM +format. See smtp_tls_eccert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

@@ -18445,8 +18935,10 @@ PEM format. See smtp_tls_eccert_f
tlsproxy_client_eckey_file (default: $smtp_tls_eckey_file)
-

File with the Postfix tlsproxy(8) client ECDSA private key in -PEM format. See smtp_tls_eckey_file for further details.

+

File with the Postfix tlsproxy(8) client ECDSA private key in PEM +format. See smtp_tls_eckey_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

@@ -18480,7 +18972,9 @@ further details.

(default: $smtp_tls_key_file)

File with the Postfix tlsproxy(8) client RSA private key in PEM -format. See smtp_tls_key_file for further details.

+format. See smtp_tls_key_file for further details. The preferred way to +configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

@@ -18653,11 +19147,24 @@ file. See smtpd_tls_ccert_

File with the Postfix tlsproxy(8) server RSA certificate in PEM format. This file may also contain the Postfix tlsproxy(8) server -private RSA key. See smtpd_tls_cert_file for further details.

+private RSA key. See smtpd_tls_cert_file for further details. With +Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

+
+ +
tlsproxy_tls_chain_files +(default: $smtpd_tls_chain_files)
+ +

Files with the Postfix tlsproxy(8) server keys and certificate +chains in PEM format. See smtpd_tls_chain_files for further details.

+ +

This feature is available in Postfix 3.4 and later.

+ +
tlsproxy_tls_ciphers @@ -18677,8 +19184,8 @@ for further details.

File with the Postfix tlsproxy(8) server DSA certificate in PEM format. This file may also contain the Postfix tlsproxy(8) server -private DSA key. See smtpd_tls_dcert_file for further details. -

+private DSA key. DSA is obsolete and should not be used. See +smtpd_tls_dcert_file for further details.

This feature is available in Postfix 2.8 and later.

@@ -18715,9 +19222,10 @@ result export-grade cipher suites are by default not used.

(default: $smtpd_tls_dkey_file)

File with the Postfix tlsproxy(8) server DSA private key in PEM -format. This file may be combined with the Postfix tlsproxy(8) -server DSA certificate file specified with $smtpd_tls_dcert_file. -See smtpd_tls_dkey_file for further details.

+format. This file may be combined with the Postfix tlsproxy(8) server +DSA certificate file specified with $smtpd_tls_dcert_file. DSA is +obsolete and should not be used. See smtpd_tls_dkey_file for further +details.

This feature is available in Postfix 2.8 and later.

@@ -18727,10 +19235,11 @@ See smtpd_tls_dkey_file for fu
tlsproxy_tls_eccert_file (default: $smtpd_tls_eccert_file)
-

File with the Postfix tlsproxy(8) server ECDSA certificate in -PEM format. This file may also contain the Postfix tlsproxy(8) -server private ECDSA key. See smtpd_tls_eccert_file for further -details.

+

File with the Postfix tlsproxy(8) server ECDSA certificate in PEM +format. This file may also contain the Postfix tlsproxy(8) server +private ECDSA key. See smtpd_tls_eccert_file for further details. With +Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

@@ -18740,10 +19249,12 @@ details.

tlsproxy_tls_eckey_file (default: $smtpd_tls_eckey_file)
-

File with the Postfix tlsproxy(8) server ECDSA private key in -PEM format. This file may be combined with the Postfix tlsproxy(8) -server ECDSA certificate file specified with $smtpd_tls_eccert_file. -See smtpd_tls_eckey_file for further details.

+

File with the Postfix tlsproxy(8) server ECDSA private key in PEM +format. This file may be combined with the Postfix tlsproxy(8) server +ECDSA certificate file specified with $smtpd_tls_eccert_file. See +smtpd_tls_eckey_file for further details. With Postfix ≥ 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

@@ -18791,9 +19302,11 @@ fingerprints. See smtpd_t (default: $smtpd_tls_key_file)

File with the Postfix tlsproxy(8) server RSA private key in PEM -format. This file may be combined with the Postfix tlsproxy(8) -server RSA certificate file specified with $smtpd_tls_cert_file. -See smtpd_tls_key_file for further details.

+format. This file may be combined with the Postfix tlsproxy(8) server +RSA certificate file specified with $smtpd_tls_cert_file. See +smtpd_tls_key_file for further details. With Postfix ≥ 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

@@ -19381,7 +19894,7 @@ Do not change this unless you have a complete understanding of reject_tempfail_action)

The Postfix SMTP server's action when reject_unknown_helo_hostname -fails due to an temporary error condition. Specify "defer" to defer +fails due to a temporary error condition. Specify "defer" to defer the remote SMTP client request immediately. With the default "defer_if_permit" action, the Postfix SMTP server continues to look for opportunities to reject mail, and defers the client request diff --git a/postfix/html/posttls-finger.1.html b/postfix/html/posttls-finger.1.html index 780b5e267..4a47a4818 100644 --- a/postfix/html/posttls-finger.1.html +++ b/postfix/html/posttls-finger.1.html @@ -127,6 +127,17 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) The hostname lookup methods used for the connection. See the documentation of smtp_host_lookup for syntax and semantics. + -H chainfiles (default: none) + List of files with a sequence PEM-encoded TLS client certificate + chains. The list can be built-up incrementally, by specifying + the option multiple times, or all at once via a comma or white- + space separated list of filenames. Each chain starts with a + private key, which is followed immediately by the corresponding + certificate, and optionally by additional issuer certificates. + Each new key begins a new chain for the corresponding algorithm. + This option is mutually exclusive with the below -k and -K + options. + -k certfile (default: keyfile) File with PEM-encoded TLS client certificate chain. This defaults to keyfile if one is specified. @@ -259,6 +270,13 @@ POSTTLS-FINGER(1) POSTTLS-FINGER(1) the -m option. By default reconnection is disabled, specify a positive delay to enable this behavior. + -s servername + The server name to send with the TLS Server Name Indication + (SNI) extension. When the server has DANE TLSA records, this + parameter is ignored and the TLSA base domain is used instead. + Otherwise, SNI is not used by default, but can be enabled by + specifying the desired value with this option. + -S Disable SMTP; that is, connect to an LMTP server. The default port for LMTP over TCP is 24. Alternative ports can specified by appending ":servicename" or ":portnumber" to the destination diff --git a/postfix/html/sendmail.1.html b/postfix/html/sendmail.1.html index fa4e4828a..0d416c931 100644 --- a/postfix/html/sendmail.1.html +++ b/postfix/html/sendmail.1.html @@ -314,7 +314,7 @@ SENDMAIL(1) SENDMAIL(1) line endings from <CR><LF> into UNIX format (<LF>). TROUBLE SHOOTING CONTROLS - The DEBUG_README file gives examples of how to trouble shoot a Postfix + The DEBUG_README file gives examples of how to troubleshoot a Postfix system. debugger_command (empty) diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 2ac36e297..4bba215ad 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -578,6 +578,14 @@ SMTP(8) SMTP(8) smtp_tls_connection_reuse (no) Try to make multiple deliveries per TLS-encrypted connection. + smtp_tls_chain_files (empty) + List of one or more PEM files, each holding one or more private + keys directly followed by a corresponding certificate chain. + + smtp_tls_servername (empty) + Optional name to send to the remote SMTP server in the TLS + Server Name Indication (SNI) extension. + OBSOLETE STARTTLS CONTROLS The following configuration parameters exist for compatibility with Postfix versions before 2.3. Support for these will be removed in a diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index a4f48c464..367e73472 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -578,13 +578,24 @@ SMTPD(8) SMTPD(8) The prioritized list of elliptic curves supported by the Postfix SMTP client and server. + Available in Postfix version 3.4 and later: + + smtpd_tls_chain_files (empty) + List of one or more PEM files, each holding one or more private + keys directly followed by a corresponding certificate chain. + + tls_server_sni_maps (empty) + Optional lookup tables that map names received from remote SMTP + clients via the TLS Server Name Indication (SNI) extension to + the appropriate keys and certificate chains. + OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compatibility with - Postfix versions before 2.3. Support for these will be removed in a + The following configuration parameters exist for compatibility with + Postfix versions before 2.3. Support for these will be removed in a future release. smtpd_use_tls (no) - Opportunistic TLS: announce STARTTLS support to remote SMTP + Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. smtpd_enforce_tls (no) @@ -592,92 +603,92 @@ SMTPD(8) SMTPD(8) and require that clients use TLS encryption. smtpd_tls_cipherlist (empty) - Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS + Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list. SMTPUTF8 CONTROLS Preliminary SMTPUTF8 support is introduced with Postfix 3.0. smtputf8_enable (yes) - Enable preliminary SMTPUTF8 support for the protocols described + Enable preliminary SMTPUTF8 support for the protocols described in RFC 6531..6533. strict_smtputf8 (no) Enable stricter enforcement of the SMTPUTF8 protocol. smtputf8_autodetect_classes (sendmail, verify) - Detect that a message requires SMTPUTF8 support for the speci- + Detect that a message requires SMTPUTF8 support for the speci- fied mail origin classes. Available in Postfix version 3.2 and later: enable_idna2003_compatibility (no) - Enable 'transitional' compatibility between IDNA2003 and - IDNA2008, when converting UTF-8 domain names to/from the ASCII + Enable 'transitional' compatibility between IDNA2003 and + IDNA2008, when converting UTF-8 domain names to/from the ASCII form that is used for DNS lookups. VERP SUPPORT CONTROLS - With VERP style delivery, each recipient of a message receives a cus- - tomized copy of the message with his/her own recipient address encoded + With VERP style delivery, each recipient of a message receives a cus- + tomized copy of the message with his/her own recipient address encoded in the envelope sender address. The VERP_README file describes config- - uration and operation details of Postfix support for variable envelope - return path addresses. VERP style delivery is requested with the SMTP - XVERP command or with the "sendmail -V" command-line option and is + uration and operation details of Postfix support for variable envelope + return path addresses. VERP style delivery is requested with the SMTP + XVERP command or with the "sendmail -V" command-line option and is available in Postfix version 1.1 and later. default_verp_delimiters (+=) The two default VERP delimiter characters. verp_delimiter_filter (-=+) - The characters Postfix accepts as VERP delimiter characters on + The characters Postfix accepts as VERP delimiter characters on the Postfix sendmail(1) command line and in SMTP commands. Available in Postfix version 1.1 and 2.0: authorized_verp_clients ($mynetworks) - What remote SMTP clients are allowed to specify the XVERP com- + What remote SMTP clients are allowed to specify the XVERP com- mand. Available in Postfix version 2.1 and later: smtpd_authorized_verp_clients ($authorized_verp_clients) - What remote SMTP clients are allowed to specify the XVERP com- + What remote SMTP clients are allowed to specify the XVERP com- mand. TROUBLE SHOOTING CONTROLS - The DEBUG_README document describes how to debug parts of the Postfix - mail system. The methods vary from making the software log a lot of + The DEBUG_README document describes how to debug parts of the Postfix + mail system. The methods vary from making the software log a lot of detail, to running some daemon processes under control of a call tracer or debugger. debug_peer_level (2) - The increment in verbose logging level when a remote client or + The increment in verbose logging level when a remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname or network + Optional list of remote client or server hostname or network address patterns that cause the verbose logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about mail delivery + The recipient of postmaster notifications about mail delivery problems that are caused by policy, resource, software or proto- col errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are subject to - before-queue content inspection by non_smtpd_milters, + What categories of Postfix-generated mail are subject to + before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) The list of error classes that are reported to the postmaster. smtpd_reject_footer (empty) - Optional information that is appended after each Postfix SMTP + Optional information that is appended after each Postfix SMTP server 4XX or 5XX response. soft_bounce (no) - Safety net to keep mail queued that would otherwise be returned + Safety net to keep mail queued that would otherwise be returned to the sender. Available in Postfix version 2.1 and later: @@ -688,109 +699,109 @@ SMTPD(8) SMTPD(8) Available in Postfix version 2.10 and later: smtpd_log_access_permit_actions (empty) - Enable logging of the named "permit" actions in SMTP server - access lists (by default, the SMTP server logs "reject" actions + Enable logging of the named "permit" actions in SMTP server + access lists (by default, the SMTP server logs "reject" actions but not "permit" actions). KNOWN VERSUS UNKNOWN RECIPIENT CONTROLS - As of Postfix version 2.0, the SMTP server rejects mail for unknown + As of Postfix version 2.0, the SMTP server rejects mail for unknown recipients. This prevents the mail queue from clogging up with undeliv- - erable MAILER-DAEMON messages. Additional information on this topic is + erable MAILER-DAEMON messages. Additional information on this topic is in the LOCAL_RECIPIENT_README and ADDRESS_CLASS_README documents. show_user_unknown_table_name (yes) - Display the name of the recipient table in the "User unknown" + Display the name of the recipient table in the "User unknown" responses. canonical_maps (empty) - Optional address mapping lookup tables for message headers and + Optional address mapping lookup tables for message headers and envelopes. recipient_canonical_maps (empty) - Optional address mapping lookup tables for envelope and header + Optional address mapping lookup tables for envelope and header recipient addresses. sender_canonical_maps (empty) - Optional address mapping lookup tables for envelope and header + Optional address mapping lookup tables for envelope and header sender addresses. Parameters concerning known/unknown local recipients: mydestination ($myhostname, localhost.$mydomain, localhost) - The list of domains that are delivered via the $local_transport + The list of domains that are delivered via the $local_transport mail delivery transport. inet_interfaces (all) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on. proxy_interfaces (empty) - The network interface addresses that this mail system receives + The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. inet_protocols (all) - The Internet protocols Postfix will attempt to use when making + The Internet protocols Postfix will attempt to use when making or accepting connections. local_recipient_maps (proxy:unix:passwd.byname $alias_maps) Lookup tables with all names or addresses of local recipients: a - recipient address is local when its domain matches $mydestina- + recipient address is local when its domain matches $mydestina- tion, $inet_interfaces or $proxy_interfaces. unknown_local_recipient_reject_code (550) The numerical Postfix SMTP server response code when a recipient - address is local, and $local_recipient_maps specifies a list of + address is local, and $local_recipient_maps specifies a list of lookup tables that does not match the recipient. Parameters concerning known/unknown recipients of relay destinations: relay_domains (Postfix >= 3.0: empty, Postfix < 3.0: $mydestination) - What destination domains (and subdomains thereof) this system + What destination domains (and subdomains thereof) this system will relay mail to. relay_recipient_maps (empty) - Optional lookup tables with all valid addresses in the domains + Optional lookup tables with all valid addresses in the domains that match $relay_domains. unknown_relay_recipient_reject_code (550) - The numerical Postfix SMTP server reply code when a recipient - address matches $relay_domains, and relay_recipient_maps speci- - fies a list of lookup tables that does not match the recipient + The numerical Postfix SMTP server reply code when a recipient + address matches $relay_domains, and relay_recipient_maps speci- + fies a list of lookup tables that does not match the recipient address. - Parameters concerning known/unknown recipients in virtual alias + Parameters concerning known/unknown recipients in virtual alias domains: virtual_alias_domains ($virtual_alias_maps) - Postfix is final destination for the specified list of virtual - alias domains, that is, domains for which all addresses are + Postfix is final destination for the specified list of virtual + alias domains, that is, domains for which all addresses are aliased to addresses in other local or remote domains. virtual_alias_maps ($virtual_maps) - Optional lookup tables that alias specific mail addresses or + Optional lookup tables that alias specific mail addresses or domains to other local or remote address. unknown_virtual_alias_reject_code (550) - The Postfix SMTP server reply code when a recipient address - matches $virtual_alias_domains, and $virtual_alias_maps speci- - fies a list of lookup tables that does not match the recipient + The Postfix SMTP server reply code when a recipient address + matches $virtual_alias_domains, and $virtual_alias_maps speci- + fies a list of lookup tables that does not match the recipient address. Parameters concerning known/unknown recipients in virtual mailbox domains: virtual_mailbox_domains ($virtual_mailbox_maps) - Postfix is final destination for the specified list of domains; - mail is delivered via the $virtual_transport mail delivery + Postfix is final destination for the specified list of domains; + mail is delivered via the $virtual_transport mail delivery transport. virtual_mailbox_maps (empty) - Optional lookup tables with all valid addresses in the domains + Optional lookup tables with all valid addresses in the domains that match $virtual_mailbox_domains. unknown_virtual_mailbox_reject_code (550) - The Postfix SMTP server reply code when a recipient address - matches $virtual_mailbox_domains, and $virtual_mailbox_maps + The Postfix SMTP server reply code when a recipient address + matches $virtual_mailbox_domains, and $virtual_mailbox_maps specifies a list of lookup tables that does not match the recip- ient address. @@ -799,7 +810,7 @@ SMTPD(8) SMTPD(8) control client request rates. line_length_limit (2048) - Upon input, long lines are chopped up into pieces of at most + Upon input, long lines are chopped up into pieces of at most this length; upon delivery, long lines are reconstructed. queue_minfree (0) @@ -807,58 +818,58 @@ SMTPD(8) SMTPD(8) tem that is needed to receive mail. message_size_limit (10240000) - The maximal size in bytes of a message, including envelope + The maximal size in bytes of a message, including envelope information. smtpd_recipient_limit (1000) - The maximal number of recipients that the Postfix SMTP server + The maximal number of recipients that the Postfix SMTP server accepts per message delivery request. smtpd_timeout (normal: 300s, overload: 10s) - The time limit for sending a Postfix SMTP server response and + The time limit for sending a Postfix SMTP server response and for receiving a remote SMTP client request. smtpd_history_flush_threshold (100) - The maximal number of lines in the Postfix SMTP server command - history before it is flushed upon receipt of EHLO, RSET, or end + The maximal number of lines in the Postfix SMTP server command + history before it is flushed upon receipt of EHLO, RSET, or end of DATA. Available in Postfix version 2.3 and later: smtpd_peername_lookup (yes) - Attempt to look up the remote SMTP client hostname, and verify + Attempt to look up the remote SMTP client hostname, and verify that the name matches the client IP address. The per SMTP client connection count and request rate limits are imple- - mented in co-operation with the anvil(8) service, and are available in + mented in co-operation with the anvil(8) service, and are available in Postfix version 2.2 and later. smtpd_client_connection_count_limit (50) - How many simultaneous connections any client is allowed to make + How many simultaneous connections any client is allowed to make to this service. smtpd_client_connection_rate_limit (0) - The maximal number of connection attempts any client is allowed + The maximal number of connection attempts any client is allowed to make to this service per time unit. smtpd_client_message_rate_limit (0) - The maximal number of message delivery requests that any client - is allowed to make to this service per time unit, regardless of + The maximal number of message delivery requests that any client + is allowed to make to this service per time unit, regardless of whether or not Postfix actually accepts those messages. smtpd_client_recipient_rate_limit (0) - The maximal number of recipient addresses that any client is - allowed to send to this service per time unit, regardless of + The maximal number of recipient addresses that any client is + allowed to send to this service per time unit, regardless of whether or not Postfix actually accepts those recipients. smtpd_client_event_limit_exceptions ($mynetworks) - Clients that are excluded from smtpd_client_*_count/rate_limit + Clients that are excluded from smtpd_client_*_count/rate_limit restrictions. Available in Postfix version 2.3 and later: smtpd_client_new_tls_session_rate_limit (0) - The maximal number of new (i.e., uncached) TLS sessions that a + The maximal number of new (i.e., uncached) TLS sessions that a remote SMTP client is allowed to negotiate with this service per time unit. @@ -866,68 +877,68 @@ SMTPD(8) SMTPD(8) smtpd_per_record_deadline (normal: no, overload: yes) Change the behavior of the smtpd_timeout and smtpd_start- - tls_timeout time limits, from a time limit per read or write - system call, to a time limit to send or receive a complete - record (an SMTP command line, SMTP response line, SMTP message + tls_timeout time limits, from a time limit per read or write + system call, to a time limit to send or receive a complete + record (an SMTP command line, SMTP response line, SMTP message content line, or TLS protocol message). Available in Postfix version 3.1 and later: smtpd_client_auth_rate_limit (0) - The maximal number of AUTH commands that any client is allowed - to send to this service per time unit, regardless of whether or + The maximal number of AUTH commands that any client is allowed + to send to this service per time unit, regardless of whether or not Postfix actually accepts those commands. TARPIT CONTROLS - When a remote SMTP client makes errors, the Postfix SMTP server can - insert delays before responding. This can help to slow down run-away - software. The behavior is controlled by an error counter that counts + When a remote SMTP client makes errors, the Postfix SMTP server can + insert delays before responding. This can help to slow down run-away + software. The behavior is controlled by an error counter that counts the number of errors within an SMTP session that a client makes without delivering mail. smtpd_error_sleep_time (1s) - With Postfix version 2.1 and later: the SMTP server response - delay after a client has made more than $smtpd_soft_error_limit - errors, and fewer than $smtpd_hard_error_limit errors, without + With Postfix version 2.1 and later: the SMTP server response + delay after a client has made more than $smtpd_soft_error_limit + errors, and fewer than $smtpd_hard_error_limit errors, without delivering mail. smtpd_soft_error_limit (10) - The number of errors a remote SMTP client is allowed to make - without delivering mail before the Postfix SMTP server slows + The number of errors a remote SMTP client is allowed to make + without delivering mail before the Postfix SMTP server slows down all its responses. smtpd_hard_error_limit (normal: 20, overload: 1) - The maximal number of errors a remote SMTP client is allowed to + The maximal number of errors a remote SMTP client is allowed to make without delivering mail. smtpd_junk_command_limit (normal: 100, overload: 1) - The number of junk commands (NOOP, VRFY, ETRN or RSET) that a - remote SMTP client can send before the Postfix SMTP server + The number of junk commands (NOOP, VRFY, ETRN or RSET) that a + remote SMTP client can send before the Postfix SMTP server starts to increment the error counter with each junk command. Available in Postfix version 2.1 and later: smtpd_recipient_overshoot_limit (1000) - The number of recipients that a remote SMTP client can send in + The number of recipients that a remote SMTP client can send in excess of the limit specified with $smtpd_recipient_limit, - before the Postfix SMTP server increments the per-session error + before the Postfix SMTP server increments the per-session error count for each excess recipient. ACCESS POLICY DELEGATION CONTROLS - As of version 2.1, Postfix can be configured to delegate access policy - decisions to an external server that runs outside Postfix. See the + As of version 2.1, Postfix can be configured to delegate access policy + decisions to an external server that runs outside Postfix. See the file SMTPD_POLICY_README for more information. smtpd_policy_service_max_idle (300s) - The time after which an idle SMTPD policy service connection is + The time after which an idle SMTPD policy service connection is closed. smtpd_policy_service_max_ttl (1000s) - The time after which an active SMTPD policy service connection + The time after which an active SMTPD policy service connection is closed. smtpd_policy_service_timeout (100s) - The time limit for connecting to, writing to, or receiving from + The time limit for connecting to, writing to, or receiving from a delegated SMTPD policy server. Available in Postfix version 3.0 and later: @@ -937,81 +948,81 @@ SMTPD(8) SMTPD(8) The default action when an SMTPD policy service request fails. smtpd_policy_service_request_limit (0) - The maximal number of requests per SMTPD policy service connec- + The maximal number of requests per SMTPD policy service connec- tion, or zero (no limit). smtpd_policy_service_try_limit (2) - The maximal number of attempts to send an SMTPD policy service + The maximal number of attempts to send an SMTPD policy service request before giving up. smtpd_policy_service_retry_delay (1s) - The delay between attempts to resend a failed SMTPD policy ser- + The delay between attempts to resend a failed SMTPD policy ser- vice request. Available in Postfix version 3.1 and later: smtpd_policy_service_policy_context (empty) - Optional information that the Postfix SMTP server specifies in - the "policy_context" attribute of a policy service request - (originally, to share the same service endpoint among multiple + Optional information that the Postfix SMTP server specifies in + the "policy_context" attribute of a policy service request + (originally, to share the same service endpoint among multiple check_policy_service clients). ACCESS CONTROLS - The SMTPD_ACCESS_README document gives an introduction to all the SMTP + The SMTPD_ACCESS_README document gives an introduction to all the SMTP server access control features. smtpd_delay_reject (yes) - Wait until the RCPT TO command before evaluating + Wait until the RCPT TO command before evaluating $smtpd_client_restrictions, $smtpd_helo_restrictions and $smtpd_sender_restrictions, or wait until the ETRN command - before evaluating $smtpd_client_restrictions and + before evaluating $smtpd_client_restrictions and $smtpd_helo_restrictions. parent_domain_matches_subdomains (see 'postconf -d' output) - A list of Postfix features where the pattern "example.com" also - matches subdomains of example.com, instead of requiring an + A list of Postfix features where the pattern "example.com" also + matches subdomains of example.com, instead of requiring an explicit ".example.com" pattern. smtpd_client_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client connection request. smtpd_helo_required (no) - Require that a remote SMTP client introduces itself with the - HELO or EHLO command before sending the MAIL command or other + Require that a remote SMTP client introduces itself with the + HELO or EHLO command before sending the MAIL command or other commands that require EHLO negotiation. smtpd_helo_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client HELO command. smtpd_sender_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client MAIL FROM command. smtpd_recipient_restrictions (see 'postconf -d' output) - Optional restrictions that the Postfix SMTP server applies in - the context of a client RCPT TO command, after + Optional restrictions that the Postfix SMTP server applies in + the context of a client RCPT TO command, after smtpd_relay_restrictions. smtpd_etrn_restrictions (empty) - Optional restrictions that the Postfix SMTP server applies in + Optional restrictions that the Postfix SMTP server applies in the context of a client ETRN command. allow_untrusted_routing (no) - Forward mail with sender-specified routing - (user[@%!]remote[@%!]site) from untrusted clients to destina- + Forward mail with sender-specified routing + (user[@%!]remote[@%!]site) from untrusted clients to destina- tions matching $relay_domains. smtpd_restriction_classes (empty) User-defined aliases for groups of access restrictions. smtpd_null_access_lookup_key (<>) - The lookup key to be used in SMTP access(5) tables instead of + The lookup key to be used in SMTP access(5) tables instead of the null sender address. permit_mx_backup_networks (empty) - Restrict the use of the permit_mx_backup SMTP access feature to + Restrict the use of the permit_mx_backup SMTP access feature to only domains whose primary MX hosts match the listed networks. Available in Postfix version 2.0 and later: @@ -1021,19 +1032,19 @@ SMTPD(8) SMTPD(8) applies in the context of the SMTP DATA command. smtpd_expansion_filter (see 'postconf -d' output) - What characters are allowed in $name expansions of RBL reply + What characters are allowed in $name expansions of RBL reply templates. Available in Postfix version 2.1 and later: smtpd_reject_unlisted_sender (no) - Request that the Postfix SMTP server rejects mail from unknown - sender addresses, even when no explicit reject_unlisted_sender + Request that the Postfix SMTP server rejects mail from unknown + sender addresses, even when no explicit reject_unlisted_sender access restriction is specified. smtpd_reject_unlisted_recipient (yes) - Request that the Postfix SMTP server rejects mail for unknown - recipient addresses, even when no explicit + Request that the Postfix SMTP server rejects mail for unknown + recipient addresses, even when no explicit reject_unlisted_recipient access restriction is specified. Available in Postfix version 2.2 and later: @@ -1047,17 +1058,17 @@ SMTPD(8) SMTPD(8) smtpd_relay_restrictions (permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination) Access restrictions for mail relay control that the Postfix SMTP - server applies in the context of the RCPT TO command, before + server applies in the context of the RCPT TO command, before smtpd_recipient_restrictions. SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS - Postfix version 2.1 introduces sender and recipient address verifica- + Postfix version 2.1 introduces sender and recipient address verifica- tion. This feature is implemented by sending probe email messages that are not actually delivered. This feature is requested via the - reject_unverified_sender and reject_unverified_recipient access - restrictions. The status of verification probes is maintained by the - verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- - mation about how to configure and operate the Postfix sender/recipient + reject_unverified_sender and reject_unverified_recipient access + restrictions. The status of verification probes is maintained by the + verify(8) server. See the file ADDRESS_VERIFICATION_README for infor- + mation about how to configure and operate the Postfix sender/recipient address verification service. address_verify_poll_count (normal: 3, overload: 1) @@ -1069,7 +1080,7 @@ SMTPD(8) SMTPD(8) fication request in progress. address_verify_sender ($double_bounce_sender) - The sender address to use in address verification probes; prior + The sender address to use in address verification probes; prior to Postfix 2.5 the default was "postmaster". unverified_sender_reject_code (450) @@ -1077,18 +1088,18 @@ SMTPD(8) SMTPD(8) address is rejected by the reject_unverified_sender restriction. unverified_recipient_reject_code (450) - The numerical Postfix SMTP server response when a recipient - address is rejected by the reject_unverified_recipient restric- + The numerical Postfix SMTP server response when a recipient + address is rejected by the reject_unverified_recipient restric- tion. Available in Postfix version 2.6 and later: unverified_sender_defer_code (450) - The numerical Postfix SMTP server response code when a sender + The numerical Postfix SMTP server response code when a sender address probe fails due to a temporary error condition. unverified_recipient_defer_code (450) - The numerical Postfix SMTP server response when a recipient + The numerical Postfix SMTP server response when a recipient address probe fails due to a temporary error condition. unverified_sender_reject_reason (empty) @@ -1100,17 +1111,17 @@ SMTPD(8) SMTPD(8) reject_unverified_recipient. unverified_sender_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_sender + The Postfix SMTP server's action when reject_unverified_sender fails due to a temporary error condition. unverified_recipient_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unverified_recipi- + The Postfix SMTP server's action when reject_unverified_recipi- ent fails due to a temporary error condition. Available with Postfix 2.9 and later: address_verify_sender_ttl (0s) - The time between changes in the time-dependent portion of + The time between changes in the time-dependent portion of address verification probe sender addresses. ACCESS CONTROL RESPONSES @@ -1122,36 +1133,36 @@ SMTPD(8) SMTPD(8) map "reject" action. defer_code (450) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "defer" restriction. invalid_hostname_reject_code (501) - The numerical Postfix SMTP server response code when the client - HELO or EHLO command parameter is rejected by the + The numerical Postfix SMTP server response code when the client + HELO or EHLO command parameter is rejected by the reject_invalid_helo_hostname restriction. maps_rbl_reject_code (554) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_rbl_client, + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_rbl_client, reject_rhsbl_client, reject_rhsbl_reverse_client, reject_rhsbl_sender or reject_rhsbl_recipient restriction. non_fqdn_reject_code (504) - The numerical Postfix SMTP server reply code when a client - request is rejected by the reject_non_fqdn_helo_hostname, + The numerical Postfix SMTP server reply code when a client + request is rejected by the reject_non_fqdn_helo_hostname, reject_non_fqdn_sender or reject_non_fqdn_recipient restriction. plaintext_reject_code (450) - The numerical Postfix SMTP server response code when a request + The numerical Postfix SMTP server response code when a request is rejected by the reject_plaintext_session restriction. reject_code (554) - The numerical Postfix SMTP server response code when a remote + The numerical Postfix SMTP server response code when a remote SMTP client request is rejected by the "reject" restriction. relay_domains_reject_code (554) - The numerical Postfix SMTP server response code when a client - request is rejected by the reject_unauth_destination recipient + The numerical Postfix SMTP server response code when a client + request is rejected by the reject_unauth_destination recipient restriction. unknown_address_reject_code (450) @@ -1159,24 +1170,24 @@ SMTPD(8) SMTPD(8) a sender or recipient address because its domain is unknown. unknown_client_reject_code (450) - The numerical Postfix SMTP server response code when a client - without valid address <=> name mapping is rejected by the + The numerical Postfix SMTP server response code when a client + without valid address <=> name mapping is rejected by the reject_unknown_client_hostname restriction. unknown_hostname_reject_code (450) - The numerical Postfix SMTP server response code when the host- - name specified with the HELO or EHLO command is rejected by the + The numerical Postfix SMTP server response code when the host- + name specified with the HELO or EHLO command is rejected by the reject_unknown_helo_hostname restriction. Available in Postfix version 2.0 and later: default_rbl_reply (see 'postconf -d' output) - The default Postfix SMTP server response template for a request + The default Postfix SMTP server response template for a request that is rejected by an RBL-based restriction. multi_recipient_bounce_reject_code (550) - The numerical Postfix SMTP server response code when a remote - SMTP client request is blocked by the reject_multi_recipi- + The numerical Postfix SMTP server response code when a remote + SMTP client request is blocked by the reject_multi_recipi- ent_bounce restriction. rbl_reply_maps (empty) @@ -1186,52 +1197,52 @@ SMTPD(8) SMTPD(8) access_map_defer_code (450) The numerical Postfix SMTP server response code for an access(5) - map "defer" action, including "defer_if_permit" or + map "defer" action, including "defer_if_permit" or "defer_if_reject". reject_tempfail_action (defer_if_permit) - The Postfix SMTP server's action when a reject-type restriction + The Postfix SMTP server's action when a reject-type restriction fails due to a temporary error condition. unknown_helo_hostname_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when reject_unknown_helo_host- - name fails due to an temporary error condition. + The Postfix SMTP server's action when reject_unknown_helo_host- + name fails due to a temporary error condition. unknown_address_tempfail_action ($reject_tempfail_action) - The Postfix SMTP server's action when - reject_unknown_sender_domain or reject_unknown_recipient_domain + The Postfix SMTP server's action when + reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error condition. MISCELLANEOUS CONTROLS config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and master.cf con- + The default location of the Postfix main.cf and master.cf con- figuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to handle a + How much time a Postfix daemon process may take to handle a request before it is terminated by a built-in watchdog timer. command_directory (see 'postconf -d' output) The location of all postfix administrative commands. double_bounce_sender (double-bounce) - The sender address of postmaster notifications that are gener- + The sender address of postmaster notifications that are gener- ated by the mail system. ipc_timeout (3600s) - The time limit for sending or receiving information over an + The time limit for sending or receiving information over an internal communication channel. mail_name (Postfix) - The mail system name that is displayed in Received: headers, in + The mail system name that is displayed in Received: headers, in the SMTP greeting banner, and in bounced mail. mail_owner (postfix) - The UNIX system account that owns the Postfix queue and most + The UNIX system account that owns the Postfix queue and most Postfix daemon processes. max_idle (100s) - The maximum amount of time that an idle Postfix daemon process + The maximum amount of time that an idle Postfix daemon process waits for an incoming connection before terminating voluntarily. max_use (100) @@ -1242,11 +1253,11 @@ SMTPD(8) SMTPD(8) The internet hostname of this mail system. mynetworks (see 'postconf -d' output) - The list of "trusted" remote SMTP clients that have more privi- + The list of "trusted" remote SMTP clients that have more privi- leges than "strangers". myorigin ($myhostname) - The domain name that locally-posted mail appears to come from, + The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. process_id (read-only) @@ -1259,25 +1270,25 @@ SMTPD(8) SMTPD(8) The location of the Postfix top-level queue directory. recipient_delimiter (empty) - The set of characters that can separate a user name from its - extension (example: user+foo), or a .forward file name from its + The set of characters that can separate a user name from its + extension (example: user+foo), or a .forward file name from its extension (example: .forward+foo). smtpd_banner ($myhostname ESMTP $mail_name) - The text that follows the 220 status code in the SMTP greeting + The text that follows the 220 status code in the SMTP greeting banner. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (see 'postconf -d' output) - A prefix that is prepended to the process name in syslog + A prefix that is prepended to the process name in syslog records, so that, for example, "smtpd" becomes "prefix/smtpd". Available in Postfix version 2.2 and later: smtpd_forbidden_commands (CONNECT, GET, POST) - List of commands that cause the Postfix SMTP server to immedi- + List of commands that cause the Postfix SMTP server to immedi- ately terminate the session with a 221 code. Available in Postfix version 2.5 and later: @@ -1294,7 +1305,7 @@ SMTPD(8) SMTPD(8) Available in Postfix 3.4 and later: smtpd_reject_footer_maps (empty) - Lookup tables, indexed by the complete Postfix SMTP server 4xx + Lookup tables, indexed by the complete Postfix SMTP server 4xx or 5xx response, with reject footer templates. SEE ALSO diff --git a/postfix/html/tlsproxy.8.html b/postfix/html/tlsproxy.8.html index 809706801..38067f993 100644 --- a/postfix/html/tlsproxy.8.html +++ b/postfix/html/tlsproxy.8.html @@ -160,24 +160,39 @@ TLSPROXY(8) TLSPROXY(8) tlsmgr_service_name (tlsmgr) The name of the tlsmgr(8) service entry in master.cf. + Available in Postfix version 3.4 and later: + + tlsproxy_tls_chain_files ($smtpd_tls_chain_files) + Files with the Postfix tlsproxy(8) server keys and certificate + chains in PEM format. + + tls_server_sni_maps (empty) + Optional lookup tables that map names received from remote SMTP + clients via the TLS Server Name Indication (SNI) extension to + the appropriate keys and certificate chains. + TLS CLIENT CONTROLS - These parameters are clones of SMTP client settings. They allow + These parameters are clones of SMTP client settings. They allow tlsproxy(8) to load the same certificate and private key information as - the SMTP client, before dropping privileges, so that the key files can + the SMTP client, before dropping privileges, so that the key files can be kept read-only for root. Available in Postfix version 3.4 and later: tlsproxy_client_CAfile ($smtp_tls_CAfile) - A file containing CA certificates of root CAs trusted to sign - either remote TLS server certificates or intermediate CA cer- + A file containing CA certificates of root CAs trusted to sign + either remote TLS server certificates or intermediate CA cer- tificates. tlsproxy_client_CApath ($smtp_tls_CApath) - Directory with PEM format Certification Authority certificates - that the Postfix tlsproxy(8) client uses to verify a remote TLS + Directory with PEM format Certification Authority certificates + that the Postfix tlsproxy(8) client uses to verify a remote TLS server certificate. + tlsproxy_client_chain_files ($smtp_tls_chain_files) + Files with the Postfix tlsproxy(8) client keys and certificate + chains in PEM format. + tlsproxy_client_cert_file ($smtp_tls_cert_file) File with the Postfix tlsproxy(8) client RSA certificate in PEM format. diff --git a/postfix/makedefs b/postfix/makedefs index 5b16e1fb3..e276a11ba 100644 --- a/postfix/makedefs +++ b/postfix/makedefs @@ -882,7 +882,7 @@ CCARGS="$CCARGS -DSNAPSHOT" # Non-production: needs thorough testing, or major changes are still # needed before the code stabilizes. -#CCARGS="$CCARGS -DNONPROD" +CCARGS="$CCARGS -DNONPROD" # Workaround: prepend Postfix include files before other include files. CCARGS="-I. -I../../include $CCARGS" diff --git a/postfix/man/man1/posttls-finger.1 b/postfix/man/man1/posttls-finger.1 index 1ba35da25..9529c20c1 100644 --- a/postfix/man/man1/posttls-finger.1 +++ b/postfix/man/man1/posttls-finger.1 @@ -121,6 +121,16 @@ smtp_tls_mandatory_ciphers for details. .IP "\fB\-h \fIhost_lookup\fR (default: \fBdns\fR)" The hostname lookup methods used for the connection. See the documentation of smtp_host_lookup for syntax and semantics. +.IP "\fB\-H \fIchainfiles\fR (default: \fInone\fR)\fR" +List of files with a sequence PEM\-encoded TLS client certificate +chains. The list can be built\-up incrementally, by specifying +the option multiple times, or all at once via a comma or +whitespace separated list of filenames. Each chain starts with +a private key, which is followed immediately by the +corresponding certificate, and optionally by additional issuer +certificates. Each new key begins a new chain for the +corresponding algorithm. This option is mutually exclusive with +the below \fB\-k\fR and \fB\-K\fR options. .IP "\fB\-k \fIcertfile\fR (default: \fIkeyfile\fR)\fR" File with PEM\-encoded TLS client certificate chain. This defaults to \fIkeyfile\fR if one is specified. @@ -232,6 +242,12 @@ seconds. Report whether the session is re\-used. Retry if a new server is encountered, up to 5 times or as specified with the \fB\-m\fR option. By default reconnection is disabled, specify a positive delay to enable this behavior. +.IP "\fB\-s \fIservername\fR" +The server name to send with the TLS Server Name Indication (SNI) +extension. When the server has DANE TLSA records, this parameter +is ignored and the TLSA base domain is used instead. Otherwise, SNI is +not used by default, but can be enabled by specifying the desired value +with this option. .IP "\fB\-S\fR" Disable SMTP; that is, connect to an LMTP server. The default port for LMTP over TCP is 24. Alternative ports can specified by appending diff --git a/postfix/man/man1/sendmail.1 b/postfix/man/man1/sendmail.1 index e51ed4c2f..3d5d984cc 100644 --- a/postfix/man/man1/sendmail.1 +++ b/postfix/man/man1/sendmail.1 @@ -306,7 +306,7 @@ line endings from into UNIX format (). .nf .ad .fi -The DEBUG_README file gives examples of how to trouble shoot a +The DEBUG_README file gives examples of how to troubleshoot a Postfix system. .IP "\fBdebugger_command (empty)\fR" The external command to execute when a Postfix daemon program is diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index b55a9a9e7..b6669acd9 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -1189,7 +1189,7 @@ is no maximum, it doesn't make much sense to use values above say .PP The only reason why the value of 2 is not the default is the way this parameter affects the delivery of mailing\-list mail. In the -worst case, their delivery can take somewhere between (cost+1/cost) +worst case, delivery can take somewhere between (cost+1/cost) and (cost/cost\-1) times more than if the preemptive scheduler was disabled. The default value of 5 turns out to provide reasonable message response times while making sure the mailing\-list deliveries @@ -3108,6 +3108,11 @@ The LMTP\-specific version of the smtp_tls_cert_file configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_chain_files (default: empty) +The LMTP\-specific version of the smtp_tls_chain_files configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.4 and later. .SH lmtp_tls_ciphers (default: medium) The LMTP\-specific version of the smtp_tls_ciphers configuration parameter. See there for details. @@ -3225,6 +3230,11 @@ The LMTP\-specific version of the smtp_tls_security_level configuration parameter. See there for details. .PP This feature is available in Postfix 2.3 and later. +.SH lmtp_tls_servername (default: empty) +The LMTP\-specific version of the smtp_tls_servername configuration +parameter. See there for details. +.PP +This feature is available in Postfix 3.4 and later. .SH lmtp_tls_session_cache_database (default: empty) The LMTP\-specific version of the smtp_tls_session_cache_database configuration parameter. See there for details. @@ -3655,7 +3665,7 @@ it easier to specify shell syntax (see example below). .PP If you can, avoid shell meta characters because they will force Postfix to run an expensive shell process. If you're delivering -via Procmail then running a shell won't make a noticeable difference +via "procmail" then running a shell won't make a noticeable difference in the total cost. .PP Note: if you use the mailbox_command feature to deliver mail @@ -3825,7 +3835,7 @@ masquerade_domains = $mydomain .ft R .SH masquerade_exceptions (default: empty) Optional list of user names that are not subjected to address -masquerading, even when their address matches $masquerade_domains. +masquerading, even when their addresses match $masquerade_domains. .PP By default, address masquerading makes no exceptions. .PP @@ -4706,7 +4716,7 @@ Example: .ft C /etc/postfix/main.cf: postscreen_access_list = permit_mynetworks, - cidr:/etc/postfix/postscreen_access.cidr + cidr:/etc/postfix/postscreen_access.cidr postscreen_blacklist_action = enforce .fi .ad @@ -6334,8 +6344,8 @@ files in the compiled\-in default $shlib_directory location. This feature is available in Postfix 3.0 and later. .SH show_user_unknown_table_name (default: yes) Display the name of the recipient table in the "User unknown" -responses. The extra detail makes trouble shooting easier but also -reveals information that is nobody elses business. +responses. The extra detail makes troubleshooting easier but also +reveals information that is nobody else's business. .PP This feature is available in Postfix 2.0 and later. .SH showq_service_name (default: showq) @@ -7473,7 +7483,7 @@ smtp_tls_CApath instead, but note that the latter directory must be present in the chroot jail if the \fBsmtp\fR(8) client is chrooted. This file may also be used to augment the client certificate trust chain, but it is best to include all the required certificates directly in -$smtp_tls_cert_file. +$smtp_tls_cert_file (or, Postfix >= 3.4 $smtp_tls_chain_files). .PP Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use ONLY the system\-supplied default Certification Authority certificates. @@ -7531,9 +7541,10 @@ the Postfix SMTP client TLS session. This feature is available in Postfix 2.7. .SH smtp_tls_cert_file (default: empty) File with the Postfix SMTP client RSA certificate in PEM format. -This file may also contain the Postfix SMTP client private RSA key, -and these may be the same as the Postfix SMTP server RSA certificate and key -file. +This file may also contain the Postfix SMTP client private RSA key, and +these may be the same as the Postfix SMTP server RSA certificate and key +file. With Postfix >= 3.4 the preferred way to configure client keys +and certificates is via the "smtp_tls_chain_files" parameter. .PP Do not configure client certificates unless you \fBmust\fR present client TLS certificates to one or more servers. Client certificates are @@ -7546,10 +7557,13 @@ well without them. The recommended setting is to let the defaults stand: .ft C smtp_tls_cert_file = smtp_tls_key_file = -smtp_tls_dcert_file = -smtp_tls_dkey_file = smtp_tls_eccert_file = smtp_tls_eckey_file = +# Obsolete DSA parameters +smtp_tls_dcert_file = +smtp_tls_dkey_file = +# Postfix >= 3.4 interface +smtp_tls_chain_files = .fi .ad .ft R @@ -7566,13 +7580,23 @@ CA(s) (bottom\-up order). .PP Example: the certificate for "client.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". -Create the client.pem file with "cat client_cert.pem intermediate_CA.pem -root_CA.pem > client.pem". +As the "root" super\-user create the client.pem file with: +.sp +.in +4 +.nf +.na +.ft C +# \fBumask 077\fR +# \fBcat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem \fR +.fi +.ad +.ft R +.in -4 .PP If you also want to verify remote SMTP server certificates issued by these CAs, you can add the CA certificates to the smtp_tls_CAfile, in which case it is not necessary to have them in the smtp_tls_cert_file, -smtp_tls_dcert_file or smtp_tls_eccert_file. +smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file. .PP A certificate supplied here must be usable as an SSL client certificate and hence pass the "openssl verify \-purpose sslclient ..." test. @@ -7582,12 +7606,180 @@ Example: .nf .na .ft C -smtp_tls_cert_file = /etc/postfix/client.pem +smtp_tls_cert_file = /etc/postfix/chain.pem .fi .ad .ft R .PP This feature is available in Postfix 2.2 and later. +.SH smtp_tls_chain_files (default: empty) +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm\-specific key and certificate file settings. When this +parameter is non\-empty, the legacy parameters are ignored, and a warning +is logged if any are also non\-empty. +.PP +With the proliferation of multiple private key algorithms-which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448-it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. +.PP +Each key must appear \fBimmediately before\fR the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: \fIkey1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR +.PP +Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key. +.PP +The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or an configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve. +.PP +Example (separate files for each key and corresponding certificate chain): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_tls_chain_files = + ${config_directory}/ed25519.pem, + ${config_directory}/ed448.pem, + ${config_directory}/rsa.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed25519.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed448.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/rsa.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +Example (all keys and certificates in a single file): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtp_tls_chain_files = ${config_directory}/chains.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/chains.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 3.4 and later. .SH smtp_tls_cipherlist (default: empty) Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS cipher list. As this feature applies to all TLS security levels, it is easy @@ -7660,6 +7852,7 @@ policy is backwards\-compatible with earlier Postfix versions. .SH smtp_tls_dcert_file (default: empty) File with the Postfix SMTP client DSA certificate in PEM format. This file may also contain the Postfix SMTP client private DSA key. +The DSA algorithm is obsolete and should not be used. .PP See the discussion under smtp_tls_cert_file for more details. .PP @@ -7677,7 +7870,8 @@ This feature is available in Postfix 2.2 and later. .SH smtp_tls_dkey_file (default: $smtp_tls_dcert_file) File with the Postfix SMTP client DSA private key in PEM format. This file may be combined with the Postfix SMTP client DSA certificate -file specified with $smtp_tls_dcert_file. +file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete +and should not be used. .PP The private key must be accessible without a pass\-phrase, i.e. it must not be encrypted. File permissions should grant read\-only @@ -7688,6 +7882,8 @@ This feature is available in Postfix 2.2 and later. .SH smtp_tls_eccert_file (default: empty) File with the Postfix SMTP client ECDSA certificate in PEM format. This file may also contain the Postfix SMTP client ECDSA private key. +With Postfix >= 3.4 the preferred way to configure client keys and +certificates is via the "smtp_tls_chain_files" parameter. .PP See the discussion under smtp_tls_cert_file for more details. .PP @@ -7705,8 +7901,10 @@ This feature is available in Postfix 2.6 and later, when Postfix is compiled and linked with OpenSSL 1.0.0 or later. .SH smtp_tls_eckey_file (default: $smtp_tls_eccert_file) File with the Postfix SMTP client ECDSA private key in PEM format. -This file may be combined with the Postfix SMTP client ECDSA -certificate file specified with $smtp_tls_eccert_file. +This file may be combined with the Postfix SMTP client ECDSA certificate +file specified with $smtp_tls_eccert_file. With Postfix >= 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter. .PP The private key must be accessible without a pass\-phrase, i.e. it must not be encrypted. File permissions should grant read\-only @@ -7951,7 +8149,9 @@ This feature is available in Postfix 2.11. .SH smtp_tls_key_file (default: $smtp_tls_cert_file) File with the Postfix SMTP client RSA private key in PEM format. This file may be combined with the Postfix SMTP client RSA certificate -file specified with $smtp_tls_cert_file. +file specified with $smtp_tls_cert_file. With Postfix >= 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter. .PP The private key must be accessible without a pass\-phrase, i.e. it must not be encrypted. File permissions should grant read\-only @@ -8701,6 +8901,36 @@ smtp_tls_fingerprint_cert_match = .ft R .PP This feature is available in Postfix 2.3 and later. +.SH smtp_tls_servername (default: empty) +Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. The SNI extension is always on when +DANE is used to authenticate the server, and in that case the SNI name +sent is the one required by RFC7672 and this parameter is ignored. +.PP +Some SMTP servers use the received SNI name to select an appropriate +certificate chain to present to the client. While this may improve +interoperability with such servers, it may reduce interoperability with +other servers that choose to abort the connection when they don't have a +certificate chain configured for the requested name. Such servers +should select a default certificate chain and continue the handshake, +but some may not. Therefore, absent DANE, no SNI name is sent by +default. +.PP +The SNI name must be either a valid DNS hostname, or else one of the +special values \fBhostname\fR or \fBnexthop\fR, which select either the +remote hostname or the nexthop domain respectively. DNS names for SNI must be +in A\-label (punycode) form. Invalid DNS names log a configuration error +warning and mail delivery is deferred. +.PP +Except when using a relayhost to forward all email, the only +sensible non\-empty main.cf setting for this parameter is +\fBhostname\fR. Other non\-empty values are only practical on a +per\-destination basis via the \fBservername\fR attribute of the Postfix +TLS policy table. When +in doubt, leave this parameter empty, and configure per\-destination SNI +as needed. +.PP +This feature is available in Postfix 3.4 and later. .SH smtp_tls_session_cache_database (default: empty) Name of the file containing the optional Postfix SMTP client TLS session cache. Specify a database type that supports enumeration, @@ -11214,6 +11444,8 @@ This feature is available in Postfix 2.2 and later. .SH smtpd_tls_cert_file (default: empty) File with the Postfix SMTP server RSA certificate in PEM format. This file may also contain the Postfix SMTP server private RSA key. +With Postfix >= 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter. .PP Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a @@ -11222,15 +11454,22 @@ able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate. .PP For servers that are \fBnot\fR public Internet MX hosts, Postfix -2.3 supports configurations with no certificates. This entails the -use of just the anonymous TLS ciphers, which are not supported by -typical SMTP clients. Since such clients will not, as a rule, fall -back to plain text after a TLS handshake failure, the server will -be unable to receive email from TLS enabled clients. To avoid -accidental configurations with no certificates, Postfix 2.3 enables -certificate\-less operation only when the administrator explicitly -sets "smtpd_tls_cert_file = none". This ensures that new Postfix -configurations will not accidentally run with no certificates. +supports configurations with no certificates. This entails the use of +just the anonymous TLS ciphers, which are not supported by typical SMTP +clients. Since some clients may not fall back to plain text after a TLS +handshake failure, a certificate\-less Postfix SMTP server will be unable +to receive email from some TLS\-enabled clients. To avoid accidental +configurations with no certificates, Postfix enables certificate\-less +operation only when the administrator explicitly sets +"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server +configurations will not accidentally enable TLS without certificates. +.PP +Note that server certificates are not optional in TLS 1.3. To run +without certificates you'd have to disable the TLS 1.3 protocol by +including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also +"smtpd_tls_mandatory_protocols". It is simpler instead to just +configure a certificate chain. Certificate\-less operation is not +recommended. .PP Both RSA and DSA certificates are supported. When both types are present, the cipher used determines which certificate will be @@ -11250,8 +11489,8 @@ root_CA.pem > server.pem". .PP If you also want to verify client certificates issued by these CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which -case it is not necessary to have them in the smtpd_tls_cert_file or -smtpd_tls_dcert_file. +case it is not necessary to have them in the smtpd_tls_cert_file, +smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file. .PP A certificate supplied here must be usable as an SSL server certificate and hence pass the "openssl verify \-purpose sslserver ..." test. @@ -11267,6 +11506,180 @@ smtpd_tls_cert_file = /etc/postfix/server.pem .ft R .PP This feature is available in Postfix 2.2 and later. +.SH smtpd_tls_chain_files (default: empty) +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm\-specific key and certificate file settings. When this +parameter is non\-empty, the legacy parameters are ignored, and a warning +is logged if any are also non\-empty. +.PP +With the proliferation of multiple private key algorithms-which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448-it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. +.PP +Each key must appear \fBimmediately before\fR the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: \fIkey1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].\fR +.PP +Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key. +.PP +The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or an configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve. +.PP +RSA is still the most widely supported algorithm. Presently (late +2018), ECDSA support is common, but not yet universal, and Ed25519 and +Ed448 support is mostly absent. Therefore, an RSA key should generally +be configured, along with any additional keys for the other algorithms +when desired. +.PP +Example (separate files for each key and corresponding certificate chain): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_tls_chain_files = + ${config_directory}/ed25519.pem, + ${config_directory}/ed448.pem, + ${config_directory}/rsa.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed25519.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/ed448.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/rsa.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +Example (all keys and certificates in a single file): +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/main.cf: + smtpd_tls_chain_files = ${config_directory}/chains.pem +.fi +.ad +.ft R +.in -4 +.sp +.in +4 +.nf +.na +.ft C +/etc/postfix/chains.pem: + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3 + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG + ... + nC0egv51YPDWxEHom4QA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe + LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A== + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG + ... + pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- + \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL + ... + ahQkZ3+krcaJvDSMgvu0tDc= + \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- + \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- + MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL + ... + Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE= + \-\-\-\-\-END CERTIFICATE\-\-\-\-\- +.fi +.ad +.ft R +.in -4 +.PP +This feature is available in Postfix 3.4 and later. .SH smtpd_tls_cipherlist (default: empty) Obsolete Postfix < 2.3 control for the Postfix SMTP server TLS cipher list. It is easy to create interoperability problems by choosing @@ -11299,6 +11712,7 @@ and opportunistic TLS always uses "export" or better (i.e. all) ciphers. .SH smtpd_tls_dcert_file (default: empty) File with the Postfix SMTP server DSA certificate in PEM format. This file may also contain the Postfix SMTP server private DSA key. +The DSA algorithm is obsolete and should not be used. .PP See the discussion under smtpd_tls_cert_file for more details. .PP @@ -11379,7 +11793,8 @@ This feature is available with Postfix version 2.2. .SH smtpd_tls_dkey_file (default: $smtpd_tls_dcert_file) File with the Postfix SMTP server DSA private key in PEM format. This file may be combined with the Postfix SMTP server DSA certificate -file specified with $smtpd_tls_dcert_file. +file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete +and should not be used. .PP The private key must be accessible without a pass\-phrase, i.e. it must not be encrypted. File permissions should grant read\-only @@ -11390,6 +11805,8 @@ This feature is available in Postfix 2.2 and later. .SH smtpd_tls_eccert_file (default: empty) File with the Postfix SMTP server ECDSA certificate in PEM format. This file may also contain the Postfix SMTP server private ECDSA key. +With Postfix >= 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter. .PP See the discussion under smtpd_tls_cert_file for more details. .PP @@ -11408,7 +11825,9 @@ compiled and linked with OpenSSL 1.0.0 or later. .SH smtpd_tls_eckey_file (default: $smtpd_tls_eccert_file) File with the Postfix SMTP server ECDSA private key in PEM format. This file may be combined with the Postfix SMTP server ECDSA certificate -file specified with $smtpd_tls_eccert_file. +file specified with $smtpd_tls_eccert_file. With Postfix >= 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter. .PP The private key must be accessible without a pass\-phrase, i.e. it must not be encrypted. File permissions should grant read\-only @@ -11619,7 +12038,9 @@ This feature is available in Postfix 2.5 and later. .SH smtpd_tls_key_file (default: $smtpd_tls_cert_file) File with the Postfix SMTP server RSA private key in PEM format. This file may be combined with the Postfix SMTP server RSA certificate -file specified with $smtpd_tls_cert_file. +file specified with $smtpd_tls_cert_file. With Postfix >= 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter. .PP The private key must be accessible without a pass\-phrase, i.e. it must not be encrypted. File permissions should grant read\-only @@ -12573,6 +12994,78 @@ Note: on OpenBSD systems specify /dev/arandom when /dev/urandom gives timeout errors. .PP This feature is available in Postfix 2.2 and later. +.SH tls_server_sni_maps (default: empty) +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. This parameter is implemented +in the Postfix TLS library, and applies to both \fBsmtpd\fR(8) and the SMTP +server mode of \fBtlsproxy\fR(8). +.PP +The lookup key is either the verbatim SNI domain name or a an +ancestor domain prefixed with a leading dot. For internationalized +domains, the lookup key must be in IDNA 2008 A\-label form (as +required in the TLS SNI extension). +.PP +The mapping from an SNI domain name to a certificate chain is +typically indirect. In the input source files for "cdb", "hash", +"btree" or other tables that are converted to on\-disk indexed files +via \fBpostmap\fR(1), the value specified for each key is a list of +filenames. When \fBpostmap\fR(1) is used with the \fB\-F\fR option, the +generated table stores for each lookup key the base64\-encoded +contents of the associated files. When querying tables via \fBpostmap +\-Fq\fR, the table value is decoded from base64, yielding the original +file content, plus a new line. +.PP +With "regexp", "pcre", "inline", "texthash", "static" and similar +tables that are interpreted at run\-time, and don't have a separate +source format, the table value is again a list files, that are read\-in +when the table is opened. +.PP +Thus, for example: +.sp +.in +4 +.nf +.na +.ft C +$ postmap \-Fq "" static:/etc/postfix/chain.pem | openssl dgst \-sha1 +(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709 +.fi +.ad +.ft R +.in -4 +.PP +produces the same output as: +.sp +.in +4 +.nf +.na +.ft C +$ (cat /etc/postfix/chain.pem; echo) | openssl dgst \-sha1 +(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709 +.fi +.ad +.ft R +.in -4 +.PP +With tables whose content is managed outside of Postfix, such +as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a +concatenation of the desired PEM keys and certificate chains, that +is then further encoded to yield a single\-line base64 string. +Creation of such tables and secure storage are outside the +responsibility of Postfix. With "socketmap" and "tcp" the data +would be transmitted in the clear. With LDAP and SQL, you should +generally use TLS to protect the sensitive data in transit. +.PP +Typically there is only private key and its chain of certificates +starting with the "leaf" certificate corresponding to that key, and +continuing with the appropriate intermediate issuer CA certificates, +with each certificate ideally followed by its issuer. Servers +that have keys and certificates for more than one algorithm (e.g. +both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519) +can use multiple chains concatenated together, with the key always +listed before the corresponding certificates. +.PP +This feature is available in Postfix 3.4 and later. .SH tls_session_ticket_cipher (default: Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc) Algorithm used to encrypt RFC5077 TLS session tickets. This algorithm must use CBC mode, have a 128\-bit block size, and must @@ -12722,27 +13215,40 @@ server certificate. See smtp_tls_CApath for further details. This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_cert_file (default: $smtp_tls_cert_file) File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM -format. See smtp_tls_cert_file for further details. +format. See smtp_tls_cert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. +.PP +This feature is available in Postfix 3.4 and later. +.SH tlsproxy_client_chain_files (default: $smtp_tls_chain_files) +Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate +chains in PEM format. See smtp_tls_chain_files for further details. .PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_dcert_file (default: $smtp_tls_dcert_file) File with the Postfix \fBtlsproxy\fR(8) client DSA certificate in PEM -format. See smtp_tls_dcert_file for further details. +format. See smtp_tls_dcert_file for further details. DSA is obsolete and +should not be used. .PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_dkey_file (default: $smtp_tls_dkey_file) File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM -format. See smtp_tls_dkey_file for further details. +format. See smtp_tls_dkey_file for further details. DSA is obsolete and +should not be used. .PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_eccert_file (default: $smtp_tls_eccert_file) -File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in -PEM format. See smtp_tls_eccert_file for further details. +File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM +format. See smtp_tls_eccert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. .PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_eckey_file (default: $smtp_tls_eckey_file) -File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in -PEM format. See smtp_tls_eckey_file for further details. +File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM +format. See smtp_tls_eckey_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. .PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_enforce_tls (default: $smtp_enforce_tls) @@ -12758,7 +13264,9 @@ further details. This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_key_file (default: $smtp_tls_key_file) File with the Postfix \fBtlsproxy\fR(8) client RSA private key in PEM -format. See smtp_tls_key_file for further details. +format. See smtp_tls_key_file for further details. The preferred way to +configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter. .PP This feature is available in Postfix 3.4 and later. .SH tlsproxy_client_loglevel (default: $smtp_tls_loglevel) @@ -12841,9 +13349,16 @@ This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_cert_file (default: $smtpd_tls_cert_file) File with the Postfix \fBtlsproxy\fR(8) server RSA certificate in PEM format. This file may also contain the Postfix \fBtlsproxy\fR(8) server -private RSA key. See smtpd_tls_cert_file for further details. +private RSA key. See smtpd_tls_cert_file for further details. With +Postfix >= 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter. .PP This feature is available in Postfix 2.8 and later. +.SH tlsproxy_tls_chain_files (default: $smtpd_tls_chain_files) +Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate +chains in PEM format. See smtpd_tls_chain_files for further details. +.PP +This feature is available in Postfix 3.4 and later. .SH tlsproxy_tls_ciphers (default: $smtpd_tls_ciphers) The minimum TLS cipher grade that the Postfix \fBtlsproxy\fR(8) server will use with opportunistic TLS encryption. See smtpd_tls_ciphers @@ -12853,7 +13368,8 @@ This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dcert_file (default: $smtpd_tls_dcert_file) File with the Postfix \fBtlsproxy\fR(8) server DSA certificate in PEM format. This file may also contain the Postfix \fBtlsproxy\fR(8) server -private DSA key. See smtpd_tls_dcert_file for further details. +private DSA key. DSA is obsolete and should not be used. See +smtpd_tls_dcert_file for further details. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dh1024_param_file (default: $smtpd_tls_dh1024_param_file) @@ -12872,23 +13388,27 @@ result export\-grade cipher suites are by default not used. This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_dkey_file (default: $smtpd_tls_dkey_file) File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM -format. This file may be combined with the Postfix \fBtlsproxy\fR(8) -server DSA certificate file specified with $smtpd_tls_dcert_file. -See smtpd_tls_dkey_file for further details. +format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server +DSA certificate file specified with $smtpd_tls_dcert_file. DSA is +obsolete and should not be used. See smtpd_tls_dkey_file for further +details. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_eccert_file (default: $smtpd_tls_eccert_file) -File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in -PEM format. This file may also contain the Postfix \fBtlsproxy\fR(8) -server private ECDSA key. See smtpd_tls_eccert_file for further -details. +File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM +format. This file may also contain the Postfix \fBtlsproxy\fR(8) server +private ECDSA key. See smtpd_tls_eccert_file for further details. With +Postfix >= 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_eckey_file (default: $smtpd_tls_eckey_file) -File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in -PEM format. This file may be combined with the Postfix \fBtlsproxy\fR(8) -server ECDSA certificate file specified with $smtpd_tls_eccert_file. -See smtpd_tls_eckey_file for further details. +File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM +format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server +ECDSA certificate file specified with $smtpd_tls_eccert_file. See +smtpd_tls_eckey_file for further details. With Postfix >= 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_eecdh_grade (default: $smtpd_tls_eecdh_grade) @@ -12911,9 +13431,11 @@ fingerprints. See smtpd_tls_fingerprint_digest for further details. This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_key_file (default: $smtpd_tls_key_file) File with the Postfix \fBtlsproxy\fR(8) server RSA private key in PEM -format. This file may be combined with the Postfix \fBtlsproxy\fR(8) -server RSA certificate file specified with $smtpd_tls_cert_file. -See smtpd_tls_key_file for further details. +format. This file may be combined with the Postfix \fBtlsproxy\fR(8) server +RSA certificate file specified with $smtpd_tls_cert_file. See +smtpd_tls_key_file for further details. With Postfix >= 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter. .PP This feature is available in Postfix 2.8 and later. .SH tlsproxy_tls_loglevel (default: $smtpd_tls_loglevel) @@ -13264,7 +13786,7 @@ with 450 when the mapping failed due to a temporary error condition. Do not change this unless you have a complete understanding of RFC 5321. .SH unknown_helo_hostname_tempfail_action (default: $reject_tempfail_action) The Postfix SMTP server's action when reject_unknown_helo_hostname -fails due to an temporary error condition. Specify "defer" to defer +fails due to a temporary error condition. Specify "defer" to defer the remote SMTP client request immediately. With the default "defer_if_permit" action, the Postfix SMTP server continues to look for opportunities to reject mail, and defers the client request diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 08563720d..0b9859487 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -512,6 +512,12 @@ record was found via an "insecure" MX lookup. Available in Postfix version 3.4 and later: .IP "\fBsmtp_tls_connection_reuse (no)\fR" Try to make multiple deliveries per TLS\-encrypted connection. +.IP "\fBsmtp_tls_chain_files (empty)\fR" +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. +.IP "\fBsmtp_tls_servername (empty)\fR" +Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 741ab4dc3..23e119e6b 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -517,6 +517,15 @@ Available in Postfix version 3.2 and later: .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" The prioritized list of elliptic curves supported by the Postfix SMTP client and server. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBsmtpd_tls_chain_files (empty)\fR" +List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. +.IP "\fBtls_server_sni_maps (empty)\fR" +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. .SH "OBSOLETE STARTTLS CONTROLS" .na .nf @@ -1043,7 +1052,7 @@ The Postfix SMTP server's action when a reject\-type restriction fails due to a temporary error condition. .IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR" The Postfix SMTP server's action when reject_unknown_helo_hostname -fails due to an temporary error condition. +fails due to a temporary error condition. .IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR" The Postfix SMTP server's action when reject_unknown_sender_domain or reject_unknown_recipient_domain fail due to a temporary error diff --git a/postfix/man/man8/tlsproxy.8 b/postfix/man/man8/tlsproxy.8 index ac02bba64..6b3b40c9b 100644 --- a/postfix/man/man8/tlsproxy.8 +++ b/postfix/man/man8/tlsproxy.8 @@ -109,11 +109,11 @@ should use with export\-grade EDH ciphers. File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM format. .IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR" -File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in -PEM format. +File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM +format. .IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR" -File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in -PEM format. +File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM +format. .IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR" The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral elliptic\-curve Diffie\-Hellman (EECDH) key exchange. @@ -153,6 +153,15 @@ parameters smtpd_use_tls and smtpd_enforce_tls. Available in Postfix version 2.11 and later: .IP "\fBtlsmgr_service_name (tlsmgr)\fR" The name of the \fBtlsmgr\fR(8) service entry in master.cf. +.PP +Available in Postfix version 3.4 and later: +.IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR" +Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate +chains in PEM format. +.IP "\fBtls_server_sni_maps (empty)\fR" +Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. .SH "TLS CLIENT CONTROLS" .na .nf @@ -172,6 +181,9 @@ either remote TLS server certificates or intermediate CA certificates. Directory with PEM format Certification Authority certificates that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS server certificate. +.IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR" +Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate +chains in PEM format. .IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR" File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM format. @@ -185,11 +197,11 @@ format. File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM format. .IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR" -File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in -PEM format. +File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM +format. .IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR" -File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in -PEM format. +File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM +format. .IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR" The message digest algorithm used to construct remote TLS server certificate fingerprints. diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 99b3b4887..806cf1a1a 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -247,10 +247,12 @@ while (<>) { s;\blmtp_tls_policy_maps\b;$&;g; s;\blmtp_tls_secure_cert_match\b;$&;g; s;\blmtp_tls_security_level\b;$&;g; + s;\blmtp_tls_servername\b;$&;g; s;\blmtp_tls_fingerprint_cert_match\b;$&;g; s;\blmtp_tls_verify_cert_match\b;$&;g; s;\blmtp_tls_trust_anchor_file\b;$&;g; s;\blmtp_tls_per_site\b;$&;g; + s;\blmtp_tls_chain_files\b;$&;g; s;\blmtp_tls_cert_file\b;$&;g; s;\blmtp_tls_key_file\b;$&;g; s;\blmtp_tls_dcert_file\b;$&;g; @@ -650,6 +652,7 @@ while (<>) { s;\bsmtp_starttls_timeout\b;$&;g; s;\bsmtp_tls_CAfile\b;$&;g; s;\bsmtp_tls_CApath\b;$&;g; + s;\bsmtp_tls_chain_files\b;$&;g; s;\bsmtp_tls_cert_file\b;$&;g; s;\bsmtp_tls_fingerprint_digest\b;$&;g; s;\bsmtp_tls_protocols\b;$&;g; @@ -672,6 +675,7 @@ while (<>) { s;\bsmtp_tls_fingerprint_cert_match\b;$&;g; s;\bsmtp_tls_verify_cert_match\b;$&;g; s;\bsmtp_tls_secure_cert_match\b;$&;g; + s;\bsmtp_tls_servername\b;$&;g; s;\bsmtp_tls_trust_anchor_file\b;$&;g; s;\bsmtp_tls_scert_verifydepth\b;$&;g; s;\bsmtp_tls_secu[-]*\n* *[]*rity_level\b;$&;g; @@ -702,6 +706,7 @@ while (<>) { s;\bsmtpd_tls_ask_ccert\b;$&;g; s;\bsmtpd_tls_auth_only\b;$&;g; s;\bsmtpd_tls_ccert_verify[-]*\n*[ ]*depth\b;$&;g; + s;\bsmtpd_tls_chain_files\b;$&;g; s;\bsmtpd_tls_cert_file\b;$&;g; s;\bsmtpd_tls_cipherlist\b;$&;g; s;\bsmtpd_tls_exclude_ciphers\b;$&;g; @@ -756,6 +761,7 @@ while (<>) { s;\btls_dane_digests\b;$&;g; s;\btls_wildcard_matches_multiple_labels\b;$&;g; s;\btls_session_ticket_cipher\b;$&;g; + s;\btls_server_sni_maps\b;$&;g; s;\btls_ssl_options\b;$&;g; s;\bfrozen_delivered_to\b;$&;g; @@ -1061,6 +1067,7 @@ while (<>) { s;\btlsproxy_tls_always_issue_session_ids\b;$&;g; s;\btlsproxy_tls_ask_ccert\b;$&;g; s;\btlsproxy_tls_ccert_verifydepth\b;$&;g; + s;\btlsproxy_tls_chain_files\b;$&;g; s;\btlsproxy_tls_cert_file\b;$&;g; s;\btlsproxy_tls_ciphers\b;$&;g; s;\btlsproxy_tls_dcert_file\b;$&;g; @@ -1084,6 +1091,7 @@ while (<>) { s;\btlsproxy_client_CAfile\b;$&;g; s;\btlsproxy_client_CApath\b;$&;g; + s;\btlsproxy_client_chain_files\b;$&;g; s;\btlsproxy_client_cert_file\b;$&;g; s;\btlsproxy_client_dcert_file\b;$&;g; s;\btlsproxy_client_dkey_file\b;$&;g; diff --git a/postfix/proto/TLS_README.html b/postfix/proto/TLS_README.html index 8bfcd339f..040fdfda4 100644 --- a/postfix/proto/TLS_README.html +++ b/postfix/proto/TLS_README.html @@ -167,17 +167,22 @@ or similar software, it will only negotiate TLS ciphersuites that require a server certificate.

For servers that are not public Internet MX hosts, Postfix -supports configurations with no certificates. This entails the -use of just the anonymous TLS ciphers, which are not supported by -typical SMTP clients. Since such clients will not, as a rule, fall -back to plain text after a TLS handshake failure, a certificate-less -Postfix SMTP server will -be unable to receive email from most TLS enabled clients. To avoid -accidental configurations with no certificates, Postfix enables -certificate-less operation only when the administrator explicitly sets -"smtpd_tls_cert_file = none". This ensures that new Postfix -SMTP server configurations will not accidentally run with no -certificates.

+supports configurations with no certificates. This entails the use of +just the anonymous TLS ciphers, which are not supported by typical SMTP +clients. Since some clients may not fall back to plain text after a TLS +handshake failure, a certificate-less Postfix SMTP server will be unable +to receive email from some TLS-enabled clients. To avoid accidental +configurations with no certificates, Postfix enables certificate-less +operation only when the administrator explicitly sets +"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server +configurations will not accidentally enable TLS without certificates.

+ +

Note that server certificates are not optional in TLS 1.3. To +run without certificates you'd have to disable the TLS 1.3 protocol by +including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also +"smtpd_tls_mandatory_protocols". It is simpler instead to just +configure a certificate chain. Certificate-less operation is not +recommended.

RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported. Most sites only have RSA certificates. You can configure all three @@ -239,11 +244,10 @@ applies to "2 0 2" and "2 1 2" TLSA records or any other digest of a CA certificate, but it is expected that SHA256 will be by far the most common digest for TLSA.

-

As a best practice, publish either "3 0 1" or "3 1 1" TLSA -associations that specify the SHA256 digest of the server certificate -public key with the alias-expanded hostname of each STARTTLS capable -SMTP server. These continue to work when a certificate is renewed -with the same public/private key pair.

+

As a best practice, publish "3 1 1" TLSA associations that specify +the SHA256 digest of the server's public key. These continue to work +unmodified when a certificate is renewed with the same public/private +key pair.

@@ -269,6 +273,58 @@ directory.

Configuring the server certificate and key files

+

Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more +chain files that start with a key that is immediately followed by the +corresponding certificate and any additional issuer certificates. A +single file can hold multiple (key, cert, [chain]) sequences, one +per algorithm. It is typically simpler to keep the chain for each +algorithm in its own file. Most users are likely to deploy just a +single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up to +five chains, one each for RSA, ECDSA, ED25519, ED448 and even the +obsolete DSA.

+ +
+
+    # Postfix ≥ 3.4.  Preferred configuration interface.  Each file
+    # starts with the private key, followed by the corresponding
+    # certificate, and any intermediate issuer certificates. The root CA
+    # cert may also be needed when published as a DANE trust anchor.
+    #
+    smtpd_tls_chain_files =
+        /etc/postfix/rsa.pem,
+        /etc/postfix/ecdsa.pem,
+        /etc/postfix/ed25519.pem,
+        /etc/postfix/ed448.pem
+
+
+ +

You can also store the keys separately from their certificates, again +provided each is listed before the corresponding certificate chain. Storing a +key and its associated certificate chain in separate files is not recommended, +because this is prone to race conditions during key rollover, as there is no +way to update multiple files atomically.

+ +
+
+    # Postfix ≥ 3.4.
+    # Storing keys separately from the associated certificates is not
+    # recommended.
+    smtpd_tls_chain_files =
+        /etc/postfix/rsakey.pem,
+        /etc/postfix/rsacerts.pem,
+        /etc/postfix/ecdsakey.pem,
+        /etc/postfix/ecdsacerts.pem
+
+
+ +

The below examples show the legacy algorithm-specific configurations +for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is +stored in the same file as the certificate, the file is read twice and a +(brief) race condition still exists during key rollover. While Postfix +≥ 3.4 avoids the race when the key and certificate are in the same +file, you should use the new "smtpd_tls_chain_files" interface shown +above.

+

RSA key and certificate examples:

@@ -294,8 +350,8 @@ directory. 

 /etc/postfix/main.cf:
-    # Most clients will not be ECDSA capable, so you will likely also need
-    # an RSA or DSA certificate and private key.
+    # Some clients will not be ECDSA capable, so you will likely still need
+    # an RSA certificate and private key.
     #
     smtpd_tls_eccert_file = /etc/postfix/server-ecdsa.pem
     smtpd_tls_eckey_file = $smtpd_tls_eccert_file
@@ -308,6 +364,8 @@ anonymous-cipher capable clients: 

 

 
 /etc/postfix/main.cf:
+    # Not recommended: breaks TLS 1.3 and clients that don't support
+    # anonymous cipher suites.
     smtpd_tls_cert_file = none
 
  
 

@@ -854,7 +912,11 @@ without corresponding changes to the Postfix source code. 

 supports configurations with no server
 certificates that use only the anonymous ciphers. This is
 enabled by explicitly setting "smtpd_tls_cert_file = none"
-and not specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file. 

+and not specifying an smtpd_tls_dcert_file or smtpd_tls_eccert_file.
+Such configurations may not interoperate with some clients, and require
+that TLSv1.3 be explicitly disabled. Therefore, they are not
+recommended, it is better and simpler to just configure a suitable
+certificate. 

 
 
 Example, MSA that requires TLSv1 or higher, not SSLv2 or SSLv3,
 with high grade ciphers: 

@@ -874,6 +936,21 @@ with high grade ciphers:
+

With Postfix ≥ 3.4, specify instead a single file that holds the +key followed by the corresponding certificate and any associated issuing +certificates, leaving the "smtpd_tls_cert_file" and "smtpd_tls_key_file" +and related DSA and ECDSA parameters empty.

+ +
+
+/etc/postfix/main.cf:
+    smtpd_tls_chain_files = /etc/postfix/rsachain.pem
+    smtpd_tls_cert_file =
+    smtpd_tls_key_file =
+    ...
+
+
+

If you want to take maximal advantage of ciphers that offer forward secrecy see the Getting @@ -1140,7 +1217,7 @@ parameters includes useful interoperability and security guidelines.

Despite the potential for eliminating passive eavesdropping attacks, mandatory TLS encryption is not viable as a default security level for -mail delivery to the public Internet. Most MX hosts do not support TLS at +mail delivery to the public Internet. Some MX hosts do not support TLS at all, and some of those that do have broken implementations. On a host that delivers mail to the Internet, you should not configure mandatory TLS encryption as the default security level.

@@ -1540,8 +1617,8 @@ parent certificates will be ignored.

Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory certificate trust chain and subject name verification -is not viable as a default Internet mail delivery policy. Most MX hosts -do not support TLS at all, and a significant portion of TLS enabled +is not viable as a default Internet mail delivery policy. Some MX hosts +do not support TLS at all, and a significant portion of TLS-enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure mandatory server certificate @@ -1614,8 +1691,8 @@ parent certificates will be ignored.

Despite the potential for eliminating "man-in-the-middle" and other attacks, mandatory secure server certificate verification is not -viable as a default Internet mail delivery policy. Most MX hosts -do not support TLS at all, and a significant portion of TLS enabled +viable as a default Internet mail delivery policy. Some MX hosts +do not support TLS at all, and a significant portion of TLS-enabled MTAs use self-signed certificates, or certificates that are signed by a private Certification Authority. On a machine that delivers mail to the Internet, you should not configure secure TLS verification @@ -1776,24 +1853,24 @@ well without them. The recommended setting is to let the defaults stand:

# Postfix ≥ 2.6 smtp_tls_eccert_file = smtp_tls_eckey_file = + # Postfix ≥ 3.4 + smtp_tls_chain_files =

The best way to use the default settings is to comment out the above parameters in main.cf if present.

-

During TLS startup negotiation the Postfix SMTP client may present -a certificate to the remote SMTP server. The Netscape client is -rather clever here and lets the user select between only those -certificates that match CA certificates offered by the remote SMTP -server. As the Postfix SMTP client uses the "SSL_connect()" function -from the OpenSSL package, this is not possible and we have to choose -just one certificate. So for now the default is to use _no_ -certificate and key unless one is explicitly specified here.

+

During TLS startup negotiation the Postfix SMTP client may present a +certificate to the remote SMTP server. Browsers typically let the user +select among the certificates that match the CA names indicated by the +remote SMTP server. The Postfix SMTP client does not yet have a mechanism +to select from multiple candidate certificates on the fly, and supports a +single set of certificates (at most one per public key algorithm).

RSA, DSA and ECDSA (Postfix ≥ 2.6) certificates are supported. You can configure all three at the same time, in which case the -cipher used determines which certificate is presented.

+cipher used determines which certificate is presented.

It is possible for the Postfix SMTP client to use the same key/certificate pair as the Postfix SMTP server. If a certificate @@ -1802,6 +1879,14 @@ must not be encrypted, meaning: it must be accessible without password. Both parts (certificate and private key) may be in the same file.

+

With OpenSSL 1.1.1 and Postfix ≥ 3.4 it is also possible to +configure Ed25519 and Ed448 certificates. Rather than add two more +pairs of key and certificate parameters, Postfix 3.4 introduces a new +"smtp_tls_chain_files" parameter which specifies all the configured +certificates at once, and handles files that hold both the key and the +associated certificates in one pass, thereby avoiding potential race +conditions during key rollover.

+

To enable remote SMTP servers to verify the Postfix SMTP client certificate, the issuing CA certificates must be made available to the server. You should include the required certificates in the client @@ -1810,11 +1895,12 @@ CA(s) (bottom-up order).

Example: the certificate for "client.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". -Create the client.pem file with:

+As the "root" super-user create the client.pem file with: 

-% cat client_cert.pem intermediate_CA.pem > client.pem 
+# umask 077
+# cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem
@@ -1824,13 +1910,64 @@ sslclient ..." test.

A server that trusts the root CA has a local copy of the root CA certificate, so it is not necessary to include the root CA -certificate here. Leaving it out of the "client.pem" file reduces +certificate here. Leaving it out of the "chain.pem" file reduces the overhead of the TLS exchange.

If you want the Postfix SMTP client to accept remote SMTP server certificates issued by these CAs, append the root certificate to $smtp_tls_CAfile or install it in the $smtp_tls_CApath directory.

+

Example: Postfix ≥ 3.4 all-in-one chain file(s). One or more +chain files that start with a key that is immediately followed by the +corresponding certificate and any additional issuer certificates. A +single file can hold multiple (key, cert, [chain]) sequences, one +per algorithm. It is typically simpler to keep the chain for each +algorithm in its own file. Most users are likely to deploy at most a +single RSA chain, but with OpenSSL 1.1.1, it is possible to deploy up +five chains, one each for RSA, ECDSA, ED25519, ED448 and even the +obsolete DSA.

+ +
+
+    # Postfix ≥ 3.4.  Preferred configuration interface.  Each file
+    # starts with the private key, followed by the corresponding
+    # certificate, and any intermediate issuer certificates.
+    #
+    smtp_tls_chain_files =
+        /etc/postfix/rsa.pem,
+        /etc/postfix/ecdsa.pem,
+        /etc/postfix/ed25519.pem,
+        /etc/postfix/ed448.pem
+
+
+ +

You can also store the keys separately from their certificates, again +provided each is listed before the corresponding certificate chain. Storing a +key and its associated certificate chain in separate files is not recommended, +because this is prone to race conditions during key rollover, as there is no +way to update multiple files atomically.

+ +
+
+    # Postfix ≥ 3.4.
+    # Storing keys separately from the associated certificates is not
+    # recommended.
+    smtp_tls_chain_files =
+        /etc/postfix/rsakey.pem,
+        /etc/postfix/rsacerts.pem,
+        /etc/postfix/ecdsakey.pem,
+        /etc/postfix/ecdsacerts.pem
+
+
+ +

The below examples show the legacy algorithm-specific configurations +for Postfix 3.3 and older. With Postfix ≤ 3.3, even if the key is +stored in the same file as the certificate, the file is read twice and a +(brief) race condition still exists during key rollover. While Postfix +≥ 3.4 avoids the race when the key and certificate are in the same +file, you should use the new "smtp_tls_chain_files" interface shown +above.

+

RSA key and certificate examples:

@@ -2144,7 +2281,10 @@ additional attributes are supported at this level.
The optional "ciphers", "exclude" and "protocols" attributes (available for opportunistic TLS with Postfix ≥ 2.6) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" -configuration parameters. +configuration parameters. At this level and higher, the optional +"servername" attribute (available with Postfix ≥ 3.4) overrides the +global "smtp_tls_servername" parameter, enabling per-destination +configuration of the SNI extension sent to the remote SMTP server.
encrypt
Mandatory encryption. Mail is delivered only if the remote SMTP server offers STARTTLS @@ -2830,6 +2970,9 @@ DANE TLSA records. See the postfix-tls(1) documentation for details.

The following commands (credits: Viktor Dukhovni) generate and install a 2048-bit RSA private key and 10-year self-signed certificate for the local Postfix system. This requires super-user privileges. +(By using date-specific filenames for the certificate and key files, +and updating main.cf with new filenames, a potential race condition +in which the key and certificate might not match is avoided).

diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 7833e2a3a..83060a104 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -989,7 +989,7 @@ is no maximum, it doesn't make much sense to use values above say

The only reason why the value of 2 is not the default is the way this parameter affects the delivery of mailing-list mail. In the -worst case, their delivery can take somewhere between (cost+1/cost) +worst case, delivery can take somewhere between (cost+1/cost) and (cost/cost-1) times more than if the preemptive scheduler was disabled. The default value of 5 turns out to provide reasonable message response times while making sure the mailing-list deliveries @@ -2687,7 +2687,7 @@ it easier to specify shell syntax (see example below).

If you can, avoid shell meta characters because they will force Postfix to run an expensive shell process. If you're delivering -via Procmail then running a shell won't make a noticeable difference +via "procmail" then running a shell won't make a noticeable difference in the total cost.

@@ -2826,7 +2826,7 @@ masquerade_domains = $mydomain

Optional list of user names that are not subjected to address -masquerading, even when their address matches $masquerade_domains. +masquerading, even when their addresses match $masquerade_domains.

@@ -8357,8 +8357,8 @@ earlier: "/etc/postfix/post-install set-permissions".

Display the name of the recipient table in the "User unknown" -responses. The extra detail makes trouble shooting easier but also -reveals information that is nobody elses business. +responses. The extra detail makes troubleshooting easier but also +reveals information that is nobody else's business.

@@ -9309,7 +9309,9 @@ local_header_rewrite_clients = permit_mynetworks, %PARAM smtpd_tls_cert_file

File with the Postfix SMTP server RSA certificate in PEM format. -This file may also contain the Postfix SMTP server private RSA key.

+This file may also contain the Postfix SMTP server private RSA key. +With Postfix ≥ 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter.

Public Internet MX hosts without certificates signed by a "reputable" CA must generate, and be prepared to present to most clients, a @@ -9318,15 +9320,22 @@ able to authenticate the server, but unless it is running Postfix 2.3 or similar software, it will still insist on a server certificate.

For servers that are not public Internet MX hosts, Postfix -2.3 supports configurations with no certificates. This entails the -use of just the anonymous TLS ciphers, which are not supported by -typical SMTP clients. Since such clients will not, as a rule, fall -back to plain text after a TLS handshake failure, the server will -be unable to receive email from TLS enabled clients. To avoid -accidental configurations with no certificates, Postfix 2.3 enables -certificate-less operation only when the administrator explicitly -sets "smtpd_tls_cert_file = none". This ensures that new Postfix -configurations will not accidentally run with no certificates.

+supports configurations with no certificates. This entails the use of +just the anonymous TLS ciphers, which are not supported by typical SMTP +clients. Since some clients may not fall back to plain text after a TLS +handshake failure, a certificate-less Postfix SMTP server will be unable +to receive email from some TLS-enabled clients. To avoid accidental +configurations with no certificates, Postfix enables certificate-less +operation only when the administrator explicitly sets +"smtpd_tls_cert_file = none". This ensures that new Postfix SMTP server +configurations will not accidentally enable TLS without certificates.

+ +

Note that server certificates are not optional in TLS 1.3. To run +without certificates you'd have to disable the TLS 1.3 protocol by +including '!TLSv1.3' in "smtpd_tls_protocols" and perhaps also +"smtpd_tls_mandatory_protocols". It is simpler instead to just +configure a certificate chain. Certificate-less operation is not +recommended.

Both RSA and DSA certificates are supported. When both types are present, the cipher used determines which certificate will be @@ -9346,8 +9355,8 @@ root_CA.pem > server.pem".

If you also want to verify client certificates issued by these CAs, you can add the CA certificates to the smtpd_tls_CAfile, in which -case it is not necessary to have them in the smtpd_tls_cert_file or -smtpd_tls_dcert_file.

+case it is not necessary to have them in the smtpd_tls_cert_file, +smtpd_tls_dcert_file (obsolete) or smtpd_tls_eccert_file.

A certificate supplied here must be usable as an SSL server certificate and hence pass the "openssl verify -purpose sslserver ..." test.

@@ -9364,7 +9373,9 @@ smtpd_tls_cert_file = /etc/postfix/server.pem

File with the Postfix SMTP server RSA private key in PEM format. This file may be combined with the Postfix SMTP server RSA certificate -file specified with $smtpd_tls_cert_file.

+file specified with $smtpd_tls_cert_file. With Postfix ≥ 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -9374,7 +9385,8 @@ to anyone else.

%PARAM smtpd_tls_dcert_file

File with the Postfix SMTP server DSA certificate in PEM format. -This file may also contain the Postfix SMTP server private DSA key.

+This file may also contain the Postfix SMTP server private DSA key. +The DSA algorithm is obsolete and should not be used.

See the discussion under smtpd_tls_cert_file for more details.

@@ -9391,7 +9403,8 @@ smtpd_tls_dcert_file = /etc/postfix/server-dsa.pem

File with the Postfix SMTP server DSA private key in PEM format. This file may be combined with the Postfix SMTP server DSA certificate -file specified with $smtpd_tls_dcert_file.

+file specified with $smtpd_tls_dcert_file. The DSA algorithm is obsolete +and should not be used.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -9782,9 +9795,10 @@ was fixed at 300s.

%PARAM smtp_tls_cert_file

File with the Postfix SMTP client RSA certificate in PEM format. -This file may also contain the Postfix SMTP client private RSA key, -and these may be the same as the Postfix SMTP server RSA certificate and key -file.

+This file may also contain the Postfix SMTP client private RSA key, and +these may be the same as the Postfix SMTP server RSA certificate and key +file. With Postfix ≥ 3.4 the preferred way to configure client keys +and certificates is via the "smtp_tls_chain_files" parameter.

Do not configure client certificates unless you must present client TLS certificates to one or more servers. Client certificates are @@ -9795,10 +9809,13 @@ well without them. The recommended setting is to let the defaults stand: 

 smtp_tls_cert_file =
 smtp_tls_key_file =
-smtp_tls_dcert_file =
-smtp_tls_dkey_file =
 smtp_tls_eccert_file =
 smtp_tls_eckey_file =
+# Obsolete DSA parameters
+smtp_tls_dcert_file =
+smtp_tls_dkey_file =
+# Postfix ≥ 3.4 interface
+smtp_tls_chain_files =
@@ -9813,13 +9830,19 @@ CA(s) (bottom-up order).

Example: the certificate for "client.example.com" was issued by "intermediate CA" which itself has a certificate issued by "root CA". -Create the client.pem file with "cat client_cert.pem intermediate_CA.pem -root_CA.pem > client.pem".

+As the "root" super-user create the client.pem file with:

+ +
+
+# umask 077
+# cat client_key.pem client_cert.pem intermediate_CA.pem > chain.pem 
+
+

If you also want to verify remote SMTP server certificates issued by these CAs, you can add the CA certificates to the smtp_tls_CAfile, in which case it is not necessary to have them in the smtp_tls_cert_file, -smtp_tls_dcert_file or smtp_tls_eccert_file.

+smtp_tls_dcert_file (obsolete) or smtp_tls_eccert_file.

A certificate supplied here must be usable as an SSL client certificate and hence pass the "openssl verify -purpose sslclient ..." test.

@@ -9827,7 +9850,7 @@ and hence pass the "openssl verify -purpose sslclient ..." test.

Example: 

-smtp_tls_cert_file = /etc/postfix/client.pem
+smtp_tls_cert_file = /etc/postfix/chain.pem

This feature is available in Postfix 2.2 and later.

@@ -9836,7 +9859,9 @@ smtp_tls_cert_file = /etc/postfix/client.pem

File with the Postfix SMTP client RSA private key in PEM format. This file may be combined with the Postfix SMTP client RSA certificate -file specified with $smtp_tls_cert_file.

+file specified with $smtp_tls_cert_file. With Postfix ≥ 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -9861,7 +9886,7 @@ smtp_tls_CApath instead, but note that the latter directory must be present in the chroot jail if the smtp(8) client is chrooted. This file may also be used to augment the client certificate trust chain, but it is best to include all the required certificates directly in -$smtp_tls_cert_file.

+$smtp_tls_cert_file (or, Postfix ≥ 3.4 $smtp_tls_chain_files).

Specify "smtp_tls_CAfile = /path/to/system_CA_file" to use ONLY the system-supplied default Certification Authority certificates. @@ -10170,7 +10195,8 @@ during TLS startup and shutdown handshake procedures.

File with the Postfix SMTP client DSA private key in PEM format. This file may be combined with the Postfix SMTP client DSA certificate -file specified with $smtp_tls_dcert_file.

+file specified with $smtp_tls_dcert_file. The DSA algorithm is obsolete +and should not be used.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -10182,7 +10208,8 @@ to anyone else.

%PARAM smtp_tls_dcert_file

File with the Postfix SMTP client DSA certificate in PEM format. -This file may also contain the Postfix SMTP client private DSA key.

+This file may also contain the Postfix SMTP client private DSA key. +The DSA algorithm is obsolete and should not be used.

See the discussion under smtp_tls_cert_file for more details.

@@ -12849,7 +12876,9 @@ where EC algorithms have not been disabled by the vendor.

%PARAM smtpd_tls_eccert_file

File with the Postfix SMTP server ECDSA certificate in PEM format. -This file may also contain the Postfix SMTP server private ECDSA key.

+This file may also contain the Postfix SMTP server private ECDSA key. +With Postfix ≥ 3.4 the preferred way to configure server keys and +certificates is via the "smtpd_tls_chain_files" parameter.

See the discussion under smtpd_tls_cert_file for more details.

@@ -12866,7 +12895,9 @@ compiled and linked with OpenSSL 1.0.0 or later.

File with the Postfix SMTP server ECDSA private key in PEM format. This file may be combined with the Postfix SMTP server ECDSA certificate -file specified with $smtpd_tls_eccert_file.

+file specified with $smtpd_tls_eccert_file. With Postfix ≥ 3.4 the +preferred way to configure server keys and certificates is via the +"smtpd_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -12879,7 +12910,9 @@ compiled and linked with OpenSSL 1.0.0 or later.

%PARAM smtp_tls_eccert_file

File with the Postfix SMTP client ECDSA certificate in PEM format. -This file may also contain the Postfix SMTP client ECDSA private key.

+This file may also contain the Postfix SMTP client ECDSA private key. +With Postfix ≥ 3.4 the preferred way to configure client keys and +certificates is via the "smtp_tls_chain_files" parameter.

See the discussion under smtp_tls_cert_file for more details.

@@ -12896,8 +12929,10 @@ compiled and linked with OpenSSL 1.0.0 or later.

%PARAM smtp_tls_eckey_file $smtp_tls_eccert_file

File with the Postfix SMTP client ECDSA private key in PEM format. -This file may be combined with the Postfix SMTP client ECDSA -certificate file specified with $smtp_tls_eccert_file.

+This file may be combined with the Postfix SMTP client ECDSA certificate +file specified with $smtp_tls_eccert_file. With Postfix ≥ 3.4 the +preferred way to configure client keys and certificates is via the +"smtp_tls_chain_files" parameter.

The private key must be accessible without a pass-phrase, i.e. it must not be encrypted. File permissions should grant read-only @@ -13739,7 +13774,7 @@ defers the client request only if it would otherwise be accepted. %PARAM unknown_helo_hostname_tempfail_action $reject_tempfail_action

The Postfix SMTP server's action when reject_unknown_helo_hostname -fails due to an temporary error condition. Specify "defer" to defer +fails due to a temporary error condition. Specify "defer" to defer the remote SMTP client request immediately. With the default "defer_if_permit" action, the Postfix SMTP server continues to look for opportunities to reject mail, and defers the client request @@ -14135,7 +14170,7 @@ to the configured before/after 220 greeting tests. 

 /etc/postfix/main.cf:
     postscreen_access_list = permit_mynetworks, 
-		cidr:/etc/postfix/postscreen_access.cidr
+        cidr:/etc/postfix/postscreen_access.cidr
     postscreen_blacklist_action = enforce
@@ -15104,7 +15139,9 @@ file. See smtpd_tls_ccert_verifydepth for further details.

File with the Postfix tlsproxy(8) server RSA certificate in PEM format. This file may also contain the Postfix tlsproxy(8) server -private RSA key. See smtpd_tls_cert_file for further details.

+private RSA key. See smtpd_tls_cert_file for further details. With +Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

@@ -15120,8 +15157,8 @@ for further details.

File with the Postfix tlsproxy(8) server DSA certificate in PEM format. This file may also contain the Postfix tlsproxy(8) server -private DSA key. See smtpd_tls_dcert_file for further details. -

+private DSA key. DSA is obsolete and should not be used. See +smtpd_tls_dcert_file for further details.

This feature is available in Postfix 2.8 and later.

@@ -15146,27 +15183,31 @@ result export-grade cipher suites are by default not used.

%PARAM tlsproxy_tls_dkey_file $smtpd_tls_dkey_file

File with the Postfix tlsproxy(8) server DSA private key in PEM -format. This file may be combined with the Postfix tlsproxy(8) -server DSA certificate file specified with $smtpd_tls_dcert_file. -See smtpd_tls_dkey_file for further details.

+format. This file may be combined with the Postfix tlsproxy(8) server +DSA certificate file specified with $smtpd_tls_dcert_file. DSA is +obsolete and should not be used. See smtpd_tls_dkey_file for further +details.

This feature is available in Postfix 2.8 and later.

%PARAM tlsproxy_tls_eccert_file $smtpd_tls_eccert_file -

File with the Postfix tlsproxy(8) server ECDSA certificate in -PEM format. This file may also contain the Postfix tlsproxy(8) -server private ECDSA key. See smtpd_tls_eccert_file for further -details.

+

File with the Postfix tlsproxy(8) server ECDSA certificate in PEM +format. This file may also contain the Postfix tlsproxy(8) server +private ECDSA key. See smtpd_tls_eccert_file for further details. With +Postfix ≥ 3.4 the preferred way to configure tlsproxy server keys and +certificates is via the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

%PARAM tlsproxy_tls_eckey_file $smtpd_tls_eckey_file -

File with the Postfix tlsproxy(8) server ECDSA private key in -PEM format. This file may be combined with the Postfix tlsproxy(8) -server ECDSA certificate file specified with $smtpd_tls_eccert_file. -See smtpd_tls_eckey_file for further details.

+

File with the Postfix tlsproxy(8) server ECDSA private key in PEM +format. This file may be combined with the Postfix tlsproxy(8) server +ECDSA certificate file specified with $smtpd_tls_eccert_file. See +smtpd_tls_eckey_file for further details. With Postfix ≥ 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

@@ -15198,9 +15239,11 @@ fingerprints. See smtpd_tls_fingerprint_digest for further details. %PARAM tlsproxy_tls_key_file $smtpd_tls_key_file

File with the Postfix tlsproxy(8) server RSA private key in PEM -format. This file may be combined with the Postfix tlsproxy(8) -server RSA certificate file specified with $smtpd_tls_cert_file. -See smtpd_tls_key_file for further details.

+format. This file may be combined with the Postfix tlsproxy(8) server +RSA certificate file specified with $smtpd_tls_cert_file. See +smtpd_tls_key_file for further details. With Postfix ≥ 3.4 the +preferred way to configure tlsproxy server keys and certificates is via +the "tlsproxy_tls_chain_files" parameter.

This feature is available in Postfix 2.8 and later.

@@ -16941,42 +16984,52 @@ server certificate. See smtp_tls_CApath for further details.

%PARAM tlsproxy_client_cert_file $smtp_tls_cert_file

File with the Postfix tlsproxy(8) client RSA certificate in PEM -format. See smtp_tls_cert_file for further details.

+format. See smtp_tls_cert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_key_file $smtp_tls_key_file

File with the Postfix tlsproxy(8) client RSA private key in PEM -format. See smtp_tls_key_file for further details.

+format. See smtp_tls_key_file for further details. The preferred way to +configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_dcert_file $smtp_tls_dcert_file

File with the Postfix tlsproxy(8) client DSA certificate in PEM -format. See smtp_tls_dcert_file for further details.

+format. See smtp_tls_dcert_file for further details. DSA is obsolete and +should not be used.

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_dkey_file $smtp_tls_dkey_file

File with the Postfix tlsproxy(8) client DSA private key in PEM -format. See smtp_tls_dkey_file for further details.

+format. See smtp_tls_dkey_file for further details. DSA is obsolete and +should not be used.

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_eccert_file $smtp_tls_eccert_file -

File with the Postfix tlsproxy(8) client ECDSA certificate in -PEM format. See smtp_tls_eccert_file for further details.

+

File with the Postfix tlsproxy(8) client ECDSA certificate in PEM +format. See smtp_tls_eccert_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

%PARAM tlsproxy_client_eckey_file $smtp_tls_eckey_file -

File with the Postfix tlsproxy(8) client ECDSA private key in -PEM format. See smtp_tls_eckey_file for further details.

+

File with the Postfix tlsproxy(8) client ECDSA private key in PEM +format. See smtp_tls_eckey_file for further details. The preferred way +to configure tlsproxy client keys and certificates is via the +"tlsproxy_client_chain_files" parameter.

This feature is available in Postfix 3.4 and later.

@@ -17045,3 +17098,431 @@ support. See smtp_use_tls for further details.

See smtp_enforce_tls for further details.

This feature is available in Postfix 3.4 and later.

+ +%PARAM smtpd_tls_chain_files + +

List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm-specific key and certificate file settings. When this +parameter is non-empty, the legacy parameters are ignored, and a warning +is logged if any are also non-empty.

+ +

With the proliferation of multiple private key algorithms—which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448—it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. + +

Each key must appear immediately before the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: key1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].

+ +

Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key.

+ +

The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or an configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve.

+ +

RSA is still the most widely supported algorithm. Presently (late +2018), ECDSA support is common, but not yet universal, and Ed25519 and +Ed448 support is mostly absent. Therefore, an RSA key should generally +be configured, along with any additional keys for the other algorithms +when desired.

+ +

+Example (separate files for each key and corresponding certificate chain): +

+
+
+/etc/postfix/main.cf:
+    smtpd_tls_chain_files =
+        ${config_directory}/ed25519.pem,
+        ${config_directory}/ed448.pem,
+        ${config_directory}/rsa.pem
+
+
+ +
+
+/etc/postfix/ed25519.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/ed448.pem:
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/rsa.pem:
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

+Example (all keys and certificates in a single file): +

+
+
+/etc/postfix/main.cf:
+    smtpd_tls_chain_files = ${config_directory}/chains.pem
+
+
+ +
+
+/etc/postfix/chains.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM smtp_tls_chain_files + +

List of one or more PEM files, each holding one or more private keys +directly followed by a corresponding certificate chain. The file names +are separated by commas and/or whitespace. This parameter obsoletes the +legacy algorithm-specific key and certificate file settings. When this +parameter is non-empty, the legacy parameters are ignored, and a warning +is logged if any are also non-empty.

+ +

With the proliferation of multiple private key algorithms—which, +as of OpenSSL 1.1.1, include DSA (obsolete), RSA, ECDSA, Ed25519 +and Ed448—it is increasingly impractical to use separate +parameters to configure the key and certificate chain for each +algorithm. Therefore, Postfix now supports storing multiple keys and +corresponding certificate chains in a single file or in a set of files. + +

Each key must appear immediately before the corresponding +certificate, optionally followed by additional issuer certificates that +complete the certificate chain for that key. When multiple files are +specified, they are equivalent to a single file that is concatenated +from those files in the given order. Thus, while a key must always +precede its certificate and issuer chain, it can be in a separate file, +so long as that file is listed immediately before the file that holds +the corresponding certificate chain. Once all the files are +concatenated, the sequence of PEM objects must be: key1, cert1, +[chain1], key2, cert2, [chain2], ..., keyN, certN, [chainN].

+ +

Storing the private key in the same file as the corresponding +certificate is more reliable. With the key and certificate in separate +files, there is a chance that during key rollover a Postfix process +might load a private key and certificate from separate files that don't +match. Various operational errors may even result in a persistent +broken configuration in which the certificate does not match the private +key.

+ +

The file or files must contain at most one key of each type. If, +for example, two or more RSA keys and corresponding chains are listed, +depending on the version of OpenSSL either only the last one will be +used or an configuration error may be detected. Note that while +"Ed25519" and "Ed448" are considered separate algorithms, the various +ECDSA curves (typically one of prime256v1, secp384r1 or secp521r1) are +considered as different parameters of a single "ECDSA" algorithm, so it +is not presently possible to configure keys for more than one ECDSA +curve.

+ +

+Example (separate files for each key and corresponding certificate chain): +

+
+
+/etc/postfix/main.cf:
+    smtp_tls_chain_files =
+        ${config_directory}/ed25519.pem,
+        ${config_directory}/ed448.pem,
+        ${config_directory}/rsa.pem
+
+
+ +
+
+/etc/postfix/ed25519.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/ed448.pem:
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+
+
+ +
+
+/etc/postfix/rsa.pem:
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

+Example (all keys and certificates in a single file): +

+
+
+/etc/postfix/main.cf:
+    smtp_tls_chain_files = ${config_directory}/chains.pem
+
+
+ +
+
+/etc/postfix/chains.pem:
+    -----BEGIN PRIVATE KEY-----
+    MC4CAQAwBQYDK2VwBCIEIEJfbbO4BgBQGBg9NAbIJaDBqZb4bC4cOkjtAH+Efbz3
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBKzCB3qADAgECAhQaw+rflRreYuUZBp0HuNn/e5rMZDAFBgMrZXAwFDESMBAG
+    ...
+    nC0egv51YPDWxEHom4QA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MEcCAQAwBQYDK2VxBDsEOQf+m0P+G0qi+NZ0RolyeiE5zdlPQR8h8y4jByBifpIe
+    LNler7nzHQJ1SLcOiXFHXlxp/84VZuh32A==
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIBdjCB96ADAgECAhQSv4oP972KypOZPNPF4fmsiQoRHzAFBgMrZXEwFDESMBAG
+    ...
+    pQcWsx+4J29e6YWH3Cy/CdUaexKP4RPCZDrPX7bk5C2BQ+eeYOxyThMA
+    -----END CERTIFICATE-----
+    -----BEGIN PRIVATE KEY-----
+    MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDc4QusgkahH9rL
+    ...
+    ahQkZ3+krcaJvDSMgvu0tDc=
+    -----END PRIVATE KEY-----
+    -----BEGIN CERTIFICATE-----
+    MIIC+DCCAeCgAwIBAgIUIUkrbk1GAemPCT8i9wKsTGDH7HswDQYJKoZIhvcNAQEL
+    ...
+    Rirz15HGVNTK8wzFd+nulPzwUo6dH2IU8KazmyRi7OGvpyrMlm15TRE2oyE=
+    -----END CERTIFICATE-----
+
+
+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM lmtp_tls_chain_files + +

The LMTP-specific version of the smtp_tls_chain_files configuration +parameter. See there for details.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM tlsproxy_client_chain_files $smtp_tls_chain_files + +

Files with the Postfix tlsproxy(8) client keys and certificate +chains in PEM format. See smtp_tls_chain_files for further details.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM tlsproxy_tls_chain_files $smtpd_tls_chain_files + +

Files with the Postfix tlsproxy(8) server keys and certificate +chains in PEM format. See smtpd_tls_chain_files for further details.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM tls_server_sni_maps + +

Optional lookup tables that map names received from remote SMTP +clients via the TLS Server Name Indication (SNI) extension to the +appropriate keys and certificate chains. This parameter is implemented +in the Postfix TLS library, and applies to both smtpd(8) and the SMTP +server mode of tlsproxy(8).

+ +

The lookup key is either the verbatim SNI domain name or a an +ancestor domain prefixed with a leading dot. For internationalized +domains, the lookup key must be in IDNA 2008 A-label form (as +required in the TLS SNI extension).

+ +

The mapping from an SNI domain name to a certificate chain is +typically indirect. In the input source files for "cdb", "hash", +"btree" or other tables that are converted to on-disk indexed files +via postmap(1), the value specified for each key is a list of +filenames. When postmap(1) is used with the -F option, the +generated table stores for each lookup key the base64-encoded +contents of the associated files. When querying tables via postmap +-Fq, the table value is decoded from base64, yielding the original +file content, plus a new line.

+ +

With "regexp", "pcre", "inline", "texthash", "static" and similar +tables that are interpreted at run-time, and don't have a separate +source format, the table value is again a list files, that are read-in +when the table is opened.

+ +

Thus, for example:

+ +
+
+$ postmap -Fq "" static:/etc/postfix/chain.pem | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+
+
+ +

produces the same output as:

+ +
+
+$ (cat /etc/postfix/chain.pem; echo) | openssl dgst -sha1
+(stdin)= da39a3ee5e6b4b0d3255bfef95601890afd80709
+
+
+ +

With tables whose content is managed outside of Postfix, such +as LDAP, MySQL, PostgreSQL, socketmap and tcp, the value must be a +concatenation of the desired PEM keys and certificate chains, that +is then further encoded to yield a single-line base64 string. +Creation of such tables and secure storage are outside the +responsibility of Postfix. With "socketmap" and "tcp" the data +would be transmitted in the clear. With LDAP and SQL, you should +generally use TLS to protect the sensitive data in transit.

+ +

Typically there is only private key and its chain of certificates +starting with the "leaf" certificate corresponding to that key, and +continuing with the appropriate intermediate issuer CA certificates, +with each certificate ideally followed by its issuer. Servers +that have keys and certificates for more than one algorithm (e.g. +both an RSA key and an ECDSA key, or even RSA, ECDSA and Ed25519) +can use multiple chains concatenated together, with the key always +listed before the corresponding certificates.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM smtp_tls_servername + +

Optional name to send to the remote SMTP server in the TLS Server +Name Indication (SNI) extension. The SNI extension is always on when +DANE is used to authenticate the server, and in that case the SNI name +sent is the one required by RFC7672 and this parameter is ignored.

+ +

Some SMTP servers use the received SNI name to select an appropriate +certificate chain to present to the client. While this may improve +interoperability with such servers, it may reduce interoperability with +other servers that choose to abort the connection when they don't have a +certificate chain configured for the requested name. Such servers +should select a default certificate chain and continue the handshake, +but some may not. Therefore, absent DANE, no SNI name is sent by +default.

+ +

The SNI name must be either a valid DNS hostname, or else one of the +special values hostname or nexthop, which select either the +remote hostname or the nexthop domain respectively. DNS names for SNI must be +in A-label (punycode) form. Invalid DNS names log a configuration error +warning and mail delivery is deferred.

+ +

Except when using a relayhost to forward all email, the only +sensible non-empty main.cf setting for this parameter is +hostname. Other non-empty values are only practical on a +per-destination basis via the servername attribute of the Postfix +TLS policy table. When +in doubt, leave this parameter empty, and configure per-destination SNI +as needed.

+ +

This feature is available in Postfix 3.4 and later.

+ +%PARAM lmtp_tls_servername + +

The LMTP-specific version of the smtp_tls_servername configuration +parameter. See there for details.

+ +

This feature is available in Postfix 3.4 and later.

diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 7eafc76d1..2edec94fb 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -19,6 +19,9 @@ typedef int bool; #ifdef USE_TLS #include /* OPENSSL_VERSION_NUMBER */ #include /* SN_* and NID_* macros */ +#if OPENSSL_VERSION_NUMBER < 0x1000200fUL +#error "OpenSSL releases prior to 1.0.2 are no longer supported" +#endif #endif /* @@ -1292,6 +1295,10 @@ extern bool var_smtpd_tls_req_ccert; #define DEF_SMTPD_TLS_CCERT_VD 9 extern int var_smtpd_tls_ccert_vd; +#define VAR_SMTPD_TLS_CHAIN_FILES "smtpd_tls_chain_files" +#define DEF_SMTPD_TLS_CHAIN_FILES "" +extern char *var_smtpd_tls_chain_files; + #define VAR_SMTPD_TLS_CERT_FILE "smtpd_tls_cert_file" #define DEF_SMTPD_TLS_CERT_FILE "" extern char *var_smtpd_tls_cert_file; @@ -1361,11 +1368,7 @@ extern char *var_smtpd_tls_dh512_param_file; extern char *var_smtpd_tls_dh1024_param_file; #define VAR_SMTPD_TLS_EECDH "smtpd_tls_eecdh_grade" -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL #define DEF_SMTPD_TLS_EECDH "auto" -#else -#define DEF_SMTPD_TLS_EECDH "strong" -#endif extern char *var_smtpd_tls_eecdh; #define VAR_SMTPD_TLS_LOGLEVEL "smtpd_tls_loglevel" @@ -1435,6 +1438,12 @@ extern char *var_smtp_tls_level; #define DEF_LMTP_TLS_SCERT_VD 9 extern int var_smtp_tls_scert_vd; +#define VAR_SMTP_TLS_CHAIN_FILES "smtp_tls_chain_files" +#define DEF_SMTP_TLS_CHAIN_FILES "" +#define VAR_LMTP_TLS_CHAIN_FILES "lmtp_tls_chain_files" +#define DEF_LMTP_TLS_CHAIN_FILES "" +extern char *var_smtp_tls_chain_files; + #define VAR_SMTP_TLS_CERT_FILE "smtp_tls_cert_file" #define DEF_SMTP_TLS_CERT_FILE "" #define VAR_LMTP_TLS_CERT_FILE "lmtp_tls_cert_file" @@ -1588,6 +1597,12 @@ extern char *var_smtp_tls_sec_cmatch; #define DEF_LMTP_TLS_FPT_CMATCH "" extern char *var_smtp_tls_fpt_cmatch; +#define VAR_SMTP_TLS_SNI "smtp_tls_servername" +#define DEF_SMTP_TLS_SNI "" +#define VAR_LMTP_TLS_SNI "lmtp_tls_servername" +#define DEF_LMTP_TLS_SNI "" +extern char *var_smtp_tls_sni; + #define VAR_SMTP_TLS_BLK_EARLY_MAIL_REPLY "smtp_tls_block_early_mail_reply" #define DEF_SMTP_TLS_BLK_EARLY_MAIL_REPLY 0 #define VAR_LMTP_TLS_BLK_EARLY_MAIL_REPLY "lmtp_tls_block_early_mail_reply" @@ -3215,30 +3230,20 @@ extern bool var_smtp_cname_overr; /* * TLS cipherlists */ -#ifdef USE_TLS -#if OPENSSL_VERSION_NUMBER >= 0x1000000fUL -#define PREFER_aNULL "aNULL:-aNULL:" -#else -#define PREFER_aNULL "" -#endif -#else -#define PREFER_aNULL "" -#endif - #define VAR_TLS_HIGH_CLIST "tls_high_cipherlist" -#define DEF_TLS_HIGH_CLIST PREFER_aNULL "HIGH:@STRENGTH" +#define DEF_TLS_HIGH_CLIST "aNULL:-aNULL:HIGH:@STRENGTH" extern char *var_tls_high_clist; #define VAR_TLS_MEDIUM_CLIST "tls_medium_cipherlist" -#define DEF_TLS_MEDIUM_CLIST PREFER_aNULL "HIGH:MEDIUM:+RC4:@STRENGTH" +#define DEF_TLS_MEDIUM_CLIST "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH" extern char *var_tls_medium_clist; #define VAR_TLS_LOW_CLIST "tls_low_cipherlist" -#define DEF_TLS_LOW_CLIST PREFER_aNULL "HIGH:MEDIUM:LOW:+RC4:@STRENGTH" +#define DEF_TLS_LOW_CLIST "aNULL:-aNULL:HIGH:MEDIUM:LOW:+RC4:@STRENGTH" extern char *var_tls_low_clist; #define VAR_TLS_EXPORT_CLIST "tls_export_cipherlist" -#define DEF_TLS_EXPORT_CLIST PREFER_aNULL "HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH" +#define DEF_TLS_EXPORT_CLIST "aNULL:-aNULL:HIGH:MEDIUM:LOW:EXPORT:+RC4:@STRENGTH" extern char *var_tls_export_clist; #define VAR_TLS_NULL_CLIST "tls_null_cipherlist" @@ -3295,20 +3300,8 @@ extern bool var_tls_preempt_clist; #define DEF_TLS_MULTI_WILDCARD 1 extern bool var_tls_multi_wildcard; - /* The tweak for CVE-2010-4180 is needed in some versions prior to 1.0.1 */ - /* The tweak for CVE-2005-2969 is needed in some versions prior to 1.0.0 */ -#if defined(USE_TLS) && (OPENSSL_VERSION_NUMBER < 0x1000100fUL) -#if (OPENSSL_VERSION_NUMBER < 0x1000000fUL) -#define TLS_BUG_TWEAKS "CVE-2005-2969 CVE-2010-4180" -#else -#define TLS_BUG_TWEAKS "CVE-2010-4180" -#endif -#else -#define TLS_BUG_TWEAKS "" -#endif - #define VAR_TLS_BUG_TWEAKS "tls_disable_workarounds" -#define DEF_TLS_BUG_TWEAKS TLS_BUG_TWEAKS +#define DEF_TLS_BUG_TWEAKS "" extern char *var_tls_bug_tweaks; #define VAR_TLS_SSL_OPTIONS "tls_ssl_options" @@ -3323,6 +3316,10 @@ extern char *var_tls_tkt_cipher; #define DEF_TLS_BC_PKEY_FPRINT 0 extern bool var_tls_bc_pkey_fprint; +#define VAR_TLS_SERVER_SNI_MAPS "tls_server_sni_maps" +#define DEF_TLS_SERVER_SNI_MAPS "" +extern char *var_tls_server_sni_maps; + /* * Ordered list of DANE digest algorithms. */ @@ -3844,6 +3841,10 @@ extern bool var_tlsp_tls_req_ccert; #define DEF_TLSP_TLS_CCERT_VD "$" VAR_SMTPD_TLS_CCERT_VD extern int var_tlsp_tls_ccert_vd; +#define VAR_TLSP_TLS_CHAIN_FILES "tlsproxy_tls_chain_files" +#define DEF_TLSP_TLS_CHAIN_FILES "$" VAR_SMTPD_TLS_CHAIN_FILES +extern char *var_tlsp_tls_chain_files; + #define VAR_TLSP_TLS_CERT_FILE "tlsproxy_tls_cert_file" #define DEF_TLSP_TLS_CERT_FILE "$" VAR_SMTPD_TLS_CERT_FILE extern char *var_tlsp_tls_cert_file; @@ -3946,6 +3947,10 @@ extern char *var_tlsp_clnt_logparam; #define DEF_TLSP_CLNT_SCERT_VD "$" VAR_SMTP_TLS_SCERT_VD extern int var_tlsp_clnt_scert_vd; +#define VAR_TLSP_CLNT_CHAIN_FILES "tlsproxy_client_chain_files" +#define DEF_TLSP_CLNT_CHAIN_FILES "$" VAR_SMTP_TLS_CHAIN_FILES +extern char *var_tlsp_clnt_chain_files; + #define VAR_TLSP_CLNT_CERT_FILE "tlsproxy_client_cert_file" #define DEF_TLSP_CLNT_CERT_FILE "$" VAR_SMTP_TLS_CERT_FILE extern char *var_tlsp_clnt_cert_file; @@ -3984,23 +3989,23 @@ extern char *var_tlsp_clnt_fpt_dgst; #define VAR_TLSP_CLNT_USE_TLS "tlsproxy_client_use_tls" #define DEF_TLSP_CLNT_USE_TLS "$" VAR_SMTP_USE_TLS -bool var_tlsp_clnt_use_tls; +bool var_tlsp_clnt_use_tls; #define VAR_TLSP_CLNT_ENFORCE_TLS "tlsproxy_client_enforce_tls" #define DEF_TLSP_CLNT_ENFORCE_TLS "$" VAR_SMTP_ENFORCE_TLS -bool var_tlsp_clnt_enforce_tls; +bool var_tlsp_clnt_enforce_tls; #define VAR_TLSP_CLNT_LEVEL "tlsproxy_client_level" #define DEF_TLSP_CLNT_LEVEL "$" VAR_SMTP_TLS_LEVEL -char *var_tlsp_clnt_level; +char *var_tlsp_clnt_level; #define VAR_TLSP_CLNT_PER_SITE "tlsproxy_client_per_site" #define DEF_TLSP_CLNT_PER_SITE "$" VAR_SMTP_TLS_PER_SITE -char *var_tlsp_clnt_per_site; +char *var_tlsp_clnt_per_site; #define VAR_TLSP_CLNT_POLICY "tlsproxy_client_policy" #define DEF_TLSP_CLNT_POLICY "$" VAR_SMTP_TLS_POLICY -char *var_tlsp_clnt_policy; +char *var_tlsp_clnt_policy; /* * SMTPD "reject" contact info. diff --git a/postfix/src/global/maps.c b/postfix/src/global/maps.c index 8a1dc9e88..df25e84ad 100644 --- a/postfix/src/global/maps.c +++ b/postfix/src/global/maps.c @@ -165,6 +165,14 @@ const char *maps_find(MAPS *maps, const char *name, int flags) char **map_name; const char *expansion; DICT *dict; + int rhs_is_file; + + /* + * For now, handled at this layer, rather rather than implicitly in + * dict_get(). + */ + rhs_is_file = flags & DICT_FLAG_SRC_RHS_IS_FILE; + flags &= ~DICT_FLAG_SRC_RHS_IS_FILE; /* * In case of return without map lookup (empty name or no maps). @@ -192,9 +200,23 @@ const char *maps_find(MAPS *maps, const char *name, int flags) maps->error = DICT_ERR_RETRY; return (0); } + /* Log raw value, prior to base64 decoding */ if (msg_verbose) msg_info("%s: %s: %s: %s = %s", myname, maps->title, *map_name, name, expansion); + if (rhs_is_file) { + VSTRING *unb64; + char *err; + + if ((unb64 = dict_file_from_b64(dict, expansion)) == 0) { + err = dict_file_get_error(dict); + msg_warn("table %s:%s: key %s: %s", + dict->type, dict->name, name, err); + maps->error = DICT_ERR_RETRY; + return (0); + } + expansion = vstring_str(unb64); + } return (expansion); } else if ((maps->error = dict->error) != 0) { msg_warn("%s:%s lookup error for \"%.100s\"", diff --git a/postfix/src/posttls-finger/posttls-finger.c b/postfix/src/posttls-finger/posttls-finger.c index 92ad87f9a..da825fd16 100644 --- a/postfix/src/posttls-finger/posttls-finger.c +++ b/postfix/src/posttls-finger/posttls-finger.c @@ -115,6 +115,16 @@ /* .IP "\fB-h \fIhost_lookup\fR (default: \fBdns\fR)" /* The hostname lookup methods used for the connection. See the /* documentation of smtp_host_lookup for syntax and semantics. +/* .IP "\fB-H \fIchainfiles\fR (default: \fInone\fR)\fR" +/* List of files with a sequence PEM-encoded TLS client certificate +/* chains. The list can be built-up incrementally, by specifying +/* the option multiple times, or all at once via a comma or +/* whitespace separated list of filenames. Each chain starts with +/* a private key, which is followed immediately by the +/* corresponding certificate, and optionally by additional issuer +/* certificates. Each new key begins a new chain for the +/* corresponding algorithm. This option is mutually exclusive with +/* the below \fB-k\fR and \fB-K\fR options. /* .IP "\fB-k \fIcertfile\fR (default: \fIkeyfile\fR)\fR" /* File with PEM-encoded TLS client certificate chain. This /* defaults to \fIkeyfile\fR if one is specified. @@ -226,6 +236,12 @@ /* is encountered, up to 5 times or as specified with the \fB-m\fR option. /* By default reconnection is disabled, specify a positive delay to /* enable this behavior. +/* .IP "\fB-s \fIservername\fR" +/* The server name to send with the TLS Server Name Indication (SNI) +/* extension. When the server has DANE TLSA records, this parameter +/* is ignored and the TLSA base domain is used instead. Otherwise, SNI is +/* not used by default, but can be enabled by specifying the desired value +/* with this option. /* .IP "\fB-S\fR" /* Disable SMTP; that is, connect to an LMTP server. The default port for /* LMTP over TCP is 24. Alternative ports can specified by appending @@ -460,8 +476,10 @@ typedef struct STATE { char *mdalg; /* fingerprint digest algorithm */ char *CAfile; /* Trusted public CAs */ char *CApath; /* Trusted public CAs */ + char *chains; /* TLS client certificate chain files */ char *certfile; /* TLS client certificate file */ char *keyfile; /* TLS client key file */ + char *sni; /* Server SNI name */ ARGV *match; /* match arguments */ int print_trust; /* -C option */ BIO *tls_bio; /* BIO wrapper for stdout */ @@ -769,7 +787,8 @@ static int starttls(STATE *state) log_param = "-L option", log_level = state->options.logopts, verifydepth = DEF_SMTP_TLS_SCERT_VD, - cache_type = "memory", + cache_type = TLS_MGR_SCACHE_SMTP, + chain_files = state->chains, cert_file = state->certfile, key_file = state->keyfile, dcert_file = "", @@ -785,6 +804,7 @@ static int starttls(STATE *state) nexthop = state->nexthop, host = state->hostname, namaddr = state->namaddrport, + sni = state->sni, serverid = state->addrport, helo = state->helo ? state->helo : "", protocols = state->protocols, @@ -854,12 +874,14 @@ static int starttls(STATE *state) * context attributes. */ state->tls_context = tls_proxy_context_receive(state->stream); - msg_info("%s: subject_CN=%s, issuer_CN=%s, " - "fingerprint=%s, pkey_fingerprint=%s", - state->namaddrport, state->tls_context->peer_CN, - state->tls_context->issuer_CN, - state->tls_context->peer_cert_fprint, - state->tls_context->peer_pkey_fprint); + if (state->log_mask & + (TLS_LOG_CERTMATCH | TLS_LOG_VERBOSE | TLS_LOG_PEERCERT)) + msg_info("%s: subject_CN=%s, issuer_CN=%s, " + "fingerprint=%s, pkey_fingerprint=%s", + state->namaddrport, state->tls_context->peer_CN, + state->tls_context->issuer_CN, + state->tls_context->peer_cert_fprint, + state->tls_context->peer_pkey_fprint); tls_log_summary(TLS_ROLE_CLIENT, TLS_USAGE_NEW, state->tls_context); } @@ -874,6 +896,7 @@ static int starttls(STATE *state) nexthop = state->nexthop, host = state->hostname, namaddr = state->namaddrport, + sni = state->sni, serverid = state->addrport, helo = state->helo ? state->helo : "", protocols = state->protocols, @@ -1654,11 +1677,7 @@ static int finger(STATE *state) static void ssl_cleanup(void) { -#if OPENSSL_VERSION_NUMBER >= 0x10000000L ERR_remove_thread_state(0); /* Thread-id is now a pointer */ -#else - ERR_remove_state(0); /* Deprecated with OpenSSL 1.0.0 */ -#endif ENGINE_cleanup(); CONF_modules_unload(1); ERR_free_strings(); @@ -1703,6 +1722,7 @@ static void cleanup(STATE *state) myfree(state->CAfile); myfree(state->certfile); myfree(state->keyfile); + myfree(state->sni); if (state->options.level) myfree(state->options.level); myfree(state->options.logopts); @@ -1731,13 +1751,13 @@ static void cleanup(STATE *state) static void usage(void) { #ifdef USE_TLS - fprintf(stderr, "usage: %s %s \\\n\t%s \\\n\t%s \\\n\t%s" + fprintf(stderr, "usage: %s %s \\\n\t%s \\\n\t%s \\\n\t%s \\\n\t%s" " destination [match ...]\n", var_procname, "[-acCfSvw] [-t conn_tmout] [-T cmd_tmout] [-L logopts]", "[-h host_lookup] [-l level] [-d mdalg] [-g grade] [-p protocols]", - "[-A tafile] [-F CAfile.pem] [-P CApath/] " - "[-k certfile [-K keyfile]] [-m count] [-r delay]", - "[-o name=value]"); + "[-A tafile] [-F CAfile.pem] [-P CApath/] [-s servername]", + "[ [-H chainfiles] | [-k certfile [-K keyfile]] ]", + "[-m count] [-r delay] [-o name=value]"); #else fprintf(stderr, "usage: %s [-acStTv] [-h host_lookup] [-o name=value] destination\n", var_procname); @@ -1762,6 +1782,7 @@ static void tls_init(STATE *state) log_level = state->options.logopts, verifydepth = DEF_SMTP_TLS_SCERT_VD, cache_type = "memory", + chain_files = state->chains, cert_file = state->certfile, key_file = state->keyfile, dcert_file = "", @@ -1808,13 +1829,15 @@ static void parse_options(STATE *state, int argc, char *argv[]) #define OPTS "a:ch:o:St:T:v" #ifdef USE_TLS -#define TLSOPTS "A:Cd:fF:g:k:K:l:L:m:M:p:P:r:wX" +#define TLSOPTS "A:Cd:fF:g:H:k:K:l:L:m:M:p:P:r:s:wX" state->mdalg = mystrdup("sha1"); state->CApath = mystrdup(""); state->CAfile = mystrdup(""); + state->chains = mystrdup(""); state->certfile = mystrdup(""); state->keyfile = mystrdup(""); + state->sni = mystrdup(""); state->options.tas = argv_alloc(1); state->options.logopts = 0; state->level = TLS_LEV_DANE; @@ -1877,6 +1900,18 @@ static void parse_options(STATE *state, int argc, char *argv[]) myfree(state->grade); state->grade = mystrdup(optarg); break; + case 'H': + { + char *tmp; + + if (*state->chains) + tmp = concatenate(state->chains, ", ", optarg, (char *) 0); + else + tmp = mystrdup(optarg); + myfree(state->chains); + state->chains = tmp; + } + break; case 'k': myfree(state->certfile); state->certfile = mystrdup(optarg); @@ -1927,8 +1962,13 @@ static void parse_options(STATE *state, int argc, char *argv[]) case 'r': state->reconnect = atoi(optarg); break; + case 's': + myfree(state->sni); + state->sni = mystrdup(optarg); + break; case 'w': state->wrapper_mode = 1; + break; case 'X': state->tlsproxy_mode = 1; break; @@ -1945,6 +1985,9 @@ static void parse_options(STATE *state, int argc, char *argv[]) if (state->addr_pref < 0) msg_fatal("bad '-a' option value: %s", state->options.addr_pref); + if (state->tlsproxy_mode && state->reconnect) + msg_fatal("The -X and -r options are mutually exclusive"); + /* * Select hostname lookup mechanisms. */ @@ -1954,6 +1997,10 @@ static void parse_options(STATE *state, int argc, char *argv[]) #ifdef USE_TLS + if (*state->chains && *state->certfile) + msg_fatal("When the '-H' option is used, neither the '-k'," + " nor the '-K' options may be used"); + if (state->reconnect < 0) tlsmgrmem_disable(); diff --git a/postfix/src/sendmail/sendmail.c b/postfix/src/sendmail/sendmail.c index 5f6809c3c..0f9e580b8 100644 --- a/postfix/src/sendmail/sendmail.c +++ b/postfix/src/sendmail/sendmail.c @@ -288,7 +288,7 @@ /* TROUBLE SHOOTING CONTROLS /* .ad /* .fi -/* The DEBUG_README file gives examples of how to trouble shoot a +/* The DEBUG_README file gives examples of how to troubleshoot a /* Postfix system. /* .IP "\fBdebugger_command (empty)\fR" /* The external command to execute when a Postfix daemon program is diff --git a/postfix/src/smtp/lmtp_params.c b/postfix/src/smtp/lmtp_params.c index c4e16966b..973cb5dfb 100644 --- a/postfix/src/smtp/lmtp_params.c +++ b/postfix/src/smtp/lmtp_params.c @@ -9,6 +9,7 @@ #ifdef USE_TLS VAR_LMTP_SASL_TLS_OPTS, DEF_LMTP_SASL_TLS_OPTS, &var_smtp_sasl_tls_opts, 0, 0, VAR_LMTP_SASL_TLSV_OPTS, DEF_LMTP_SASL_TLSV_OPTS, &var_smtp_sasl_tlsv_opts, 0, 0, + VAR_LMTP_TLS_CHAIN_FILES, DEF_LMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0, VAR_LMTP_TLS_CERT_FILE, DEF_LMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0, VAR_LMTP_TLS_KEY_FILE, DEF_LMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0, VAR_LMTP_TLS_DCERT_FILE, DEF_LMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0, @@ -29,6 +30,7 @@ VAR_LMTP_TLS_ECCERT_FILE, DEF_LMTP_TLS_ECCERT_FILE, &var_smtp_tls_eccert_file, 0, 0, VAR_LMTP_TLS_ECKEY_FILE, DEF_LMTP_TLS_ECKEY_FILE, &var_smtp_tls_eckey_file, 0, 0, VAR_LMTP_TLS_LOGLEVEL, DEF_LMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0, + VAR_LMTP_TLS_SNI, DEF_LMTP_TLS_SNI, &var_smtp_tls_sni, 0, 0, #endif VAR_LMTP_SASL_MECHS, DEF_LMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0, VAR_LMTP_SASL_TYPE, DEF_LMTP_SASL_TYPE, &var_smtp_sasl_type, 1, 0, diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 1477a7068..1b355ada3 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -482,6 +482,12 @@ /* Available in Postfix version 3.4 and later: /* .IP "\fBsmtp_tls_connection_reuse (no)\fR" /* Try to make multiple deliveries per TLS-encrypted connection. +/* .IP "\fBsmtp_tls_chain_files (empty)\fR" +/* List of one or more PEM files, each holding one or more private keys +/* directly followed by a corresponding certificate chain. +/* .IP "\fBsmtp_tls_servername (empty)\fR" +/* Optional name to send to the remote SMTP server in the TLS Server +/* Name Indication (SNI) extension. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi @@ -913,6 +919,7 @@ char *var_smtp_sasl_tlsv_opts; int var_smtp_starttls_tmout; char *var_smtp_tls_CAfile; char *var_smtp_tls_CApath; +char *var_smtp_tls_chain_files; char *var_smtp_tls_cert_file; char *var_smtp_tls_mand_ciph; char *var_smtp_tls_excl_ciph; @@ -934,6 +941,7 @@ char *var_smtp_tls_proto; char *var_smtp_tls_ciph; char *var_smtp_tls_eccert_file; char *var_smtp_tls_eckey_file; +char *var_smtp_tls_sni; bool var_smtp_tls_blk_early_mail_reply; bool var_smtp_tls_force_tlsa; char *var_smtp_tls_insecure_mx_policy; @@ -1224,6 +1232,8 @@ static void pre_init(char *unused_name, char **unused_argv) #ifdef USE_TLS TLS_CLIENT_INIT_PROPS props; + tls_pre_jail_init(TLS_ROLE_CLIENT); + /* * We get stronger type safety and a cleaner interface by combining * the various parameters into a single tls_client_props structure. @@ -1240,6 +1250,7 @@ static void pre_init(char *unused_name, char **unused_argv) log_level = var_smtp_tls_loglevel, verifydepth = var_smtp_tls_scert_vd, cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE), + chain_files = var_smtp_tls_chain_files, cert_file = var_smtp_tls_cert_file, key_file = var_smtp_tls_key_file, dcert_file = var_smtp_tls_dcert_file, diff --git a/postfix/src/smtp/smtp.h b/postfix/src/smtp/smtp.h index 051723423..ed3e6a526 100644 --- a/postfix/src/smtp/smtp.h +++ b/postfix/src/smtp/smtp.h @@ -97,6 +97,7 @@ typedef struct SMTP_TLS_POLICY { ARGV *matchargv; /* Cert match patterns */ DSN_BUF *why; /* Lookup error status */ TLS_DANE *dane; /* DANE TLSA digests */ + char *sni; /* Optional SNI name when not DANE */ int conn_reuse; /* enable connection reuse */ } SMTP_TLS_POLICY; @@ -131,6 +132,7 @@ extern void smtp_tls_policy_cache_flush(void); _tls_policy_init_tmp->matchargv = 0; \ _tls_policy_init_tmp->why = (w); \ _tls_policy_init_tmp->dane = 0; \ + _tls_policy_init_tmp->sni = 0; \ _tls_policy_init_tmp->conn_reuse = 0; \ } while (0) diff --git a/postfix/src/smtp/smtp_params.c b/postfix/src/smtp/smtp_params.c index 198119e10..561f6a0ad 100644 --- a/postfix/src/smtp/smtp_params.c +++ b/postfix/src/smtp/smtp_params.c @@ -9,6 +9,7 @@ #ifdef USE_TLS VAR_SMTP_SASL_TLS_OPTS, DEF_SMTP_SASL_TLS_OPTS, &var_smtp_sasl_tls_opts, 0, 0, VAR_SMTP_SASL_TLSV_OPTS, DEF_SMTP_SASL_TLSV_OPTS, &var_smtp_sasl_tlsv_opts, 0, 0, + VAR_SMTP_TLS_CHAIN_FILES, DEF_SMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0, VAR_SMTP_TLS_CERT_FILE, DEF_SMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0, VAR_SMTP_TLS_KEY_FILE, DEF_SMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0, VAR_SMTP_TLS_DCERT_FILE, DEF_SMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0, @@ -29,6 +30,7 @@ VAR_SMTP_TLS_ECCERT_FILE, DEF_SMTP_TLS_ECCERT_FILE, &var_smtp_tls_eccert_file, 0, 0, VAR_SMTP_TLS_ECKEY_FILE, DEF_SMTP_TLS_ECKEY_FILE, &var_smtp_tls_eckey_file, 0, 0, VAR_SMTP_TLS_LOGLEVEL, DEF_SMTP_TLS_LOGLEVEL, &var_smtp_tls_loglevel, 0, 0, + VAR_SMTP_TLS_SNI, DEF_SMTP_TLS_SNI, &var_smtp_tls_sni, 0, 0, VAR_SMTP_TLS_INSECURE_MX_POLICY, DEF_SMTP_TLS_INSECURE_MX_POLICY, &var_smtp_tls_insecure_mx_policy, 0, 0, #endif VAR_SMTP_SASL_MECHS, DEF_SMTP_SASL_MECHS, &var_smtp_sasl_mechs, 0, 0, diff --git a/postfix/src/smtp/smtp_proto.c b/postfix/src/smtp/smtp_proto.c index 0bac85aba..e9374778b 100644 --- a/postfix/src/smtp/smtp_proto.c +++ b/postfix/src/smtp/smtp_proto.c @@ -914,6 +914,7 @@ static int smtp_start_tls(SMTP_STATE *state) verifydepth = var_smtp_tls_scert_vd, cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE), + chain_files = var_smtp_tls_chain_files, cert_file = var_smtp_tls_cert_file, key_file = var_smtp_tls_key_file, dcert_file = var_smtp_tls_dcert_file, @@ -929,6 +930,7 @@ static int smtp_start_tls(SMTP_STATE *state) nexthop = session->tls_nexthop, host = STR(iter->host), namaddr = session->namaddrport, + sni = state->tls->sni, serverid = vstring_str(serverid), helo = session->helo, protocols = state->tls->protocols, @@ -1049,6 +1051,7 @@ static int smtp_start_tls(SMTP_STATE *state) nexthop = session->tls_nexthop, host = STR(iter->host), namaddr = session->namaddrport, + sni = state->tls->sni, serverid = vstring_str(serverid), helo = session->helo, protocols = state->tls->protocols, diff --git a/postfix/src/smtp/smtp_tls_policy.c b/postfix/src/smtp/smtp_tls_policy.c index 6415e032e..03201b9c1 100644 --- a/postfix/src/smtp/smtp_tls_policy.c +++ b/postfix/src/smtp/smtp_tls_policy.c @@ -103,6 +103,7 @@ #include #include #include +#include #include #include @@ -304,6 +305,22 @@ static void tls_policy_lookup_one(SMTP_TLS_POLICY *tls, int *site_level, tls->protocols = mystrdup(val); continue; } + /* Only one instance per policy. */ + if (!strcasecmp(name, "servername")) { + if (tls->sni) { + msg_warn("%s: attribute \"%s\" is specified multiple times", + WHERE, name); + INVALID_RETURN(tls->why, site_level); + } + if (valid_hostname(val, DONT_GRIPE)) + tls->sni = mystrdup(val); + else { + msg_warn("%s: \"%s=%s\" specifies an invalid hostname", + WHERE, name, val); + INVALID_RETURN(tls->why, site_level); + } + continue; + } /* Multiple instances per policy. */ if (!strcasecmp(name, "match")) { if (*val == 0) { @@ -369,7 +386,7 @@ static void tls_policy_lookup_one(SMTP_TLS_POLICY *tls, int *site_level, tls->conn_reuse = 0; } else { msg_warn("%s: attribute \"%s\" has bad value: \"%s\"", - WHERE, name, val); + WHERE, name, val); INVALID_RETURN(tls->why, site_level); } } @@ -560,12 +577,23 @@ static void *policy_create(const char *unused_key, void *context) return ((void *) tls); /* - * Use main.cf protocols setting if not set in per-destination table. + * Use main.cf protocols and SNI settings if not set in per-destination + * table. */ if (tls->level > TLS_LEV_NONE && tls->protocols == 0) tls->protocols = mystrdup((tls->level == TLS_LEV_MAY) ? var_smtp_tls_proto : var_smtp_tls_mand_proto); + if (tls->level > TLS_LEV_NONE && tls->sni == 0) { + if (!*var_smtp_tls_sni || valid_hostname(var_smtp_tls_sni, DONT_GRIPE)) + tls->sni = mystrdup(var_smtp_tls_sni); + else { + msg_warn("\"%s = %s\" specifies an invalid hostname", + VAR_LMTP_SMTP(TLS_SNI), var_smtp_tls_sni); + MARK_INVALID(tls->why, &tls->level); + return ((void *) tls); + } + } /* * Compute cipher grade (if set in per-destination table, else @@ -636,6 +664,8 @@ static void policy_delete(void *item, void *unused_context) if (tls->protocols) myfree(tls->protocols); + if (tls->sni) + myfree(tls->sni); if (tls->grade) myfree(tls->grade); if (tls->exclusions) diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 6d03c486a..664cc2884 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -483,6 +483,15 @@ /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" /* The prioritized list of elliptic curves supported by the Postfix /* SMTP client and server. +/* .PP +/* Available in Postfix version 3.4 and later: +/* .IP "\fBsmtpd_tls_chain_files (empty)\fR" +/* List of one or more PEM files, each holding one or more private keys +/* directly followed by a corresponding certificate chain. +/* .IP "\fBtls_server_sni_maps (empty)\fR" +/* Optional lookup tables that map names received from remote SMTP +/* clients via the TLS Server Name Indication (SNI) extension to the +/* appropriate keys and certificate chains. /* OBSOLETE STARTTLS CONTROLS /* .ad /* .fi @@ -987,7 +996,7 @@ /* fails due to a temporary error condition. /* .IP "\fBunknown_helo_hostname_tempfail_action ($reject_tempfail_action)\fR" /* The Postfix SMTP server's action when reject_unknown_helo_hostname -/* fails due to an temporary error condition. +/* fails due to a temporary error condition. /* .IP "\fBunknown_address_tempfail_action ($reject_tempfail_action)\fR" /* The Postfix SMTP server's action when reject_unknown_sender_domain /* or reject_unknown_recipient_domain fail due to a temporary error @@ -1384,6 +1393,7 @@ char *var_smtpd_tls_proto; char *var_smtpd_tls_eecdh; char *var_smtpd_tls_eccert_file; char *var_smtpd_tls_eckey_file; +char *var_smtpd_tls_chain_files; #endif @@ -6100,16 +6110,33 @@ static void pre_jail_init(char *unused_name, char **unused_argv) no_server_cert_ok = 0; cert_file = var_smtpd_tls_cert_file; } - have_server_cert = - (*cert_file || *var_smtpd_tls_dcert_file || *var_smtpd_tls_eccert_file); + have_server_cert = *cert_file != 0; + have_server_cert |= *var_smtpd_tls_eccert_file != 0; + have_server_cert |= *var_smtpd_tls_dcert_file != 0; + + if (*var_smtpd_tls_chain_files != 0) { + if (!have_server_cert) + have_server_cert = 1; + else + msg_warn("Both %s and one or more of the legacy " + " %s, %s or %s are non-empty; the legacy " + " parameters will be ignored", + VAR_SMTPD_TLS_CHAIN_FILES, + VAR_SMTPD_TLS_CERT_FILE, + VAR_SMTPD_TLS_ECCERT_FILE, + VAR_SMTPD_TLS_DCERT_FILE); + } /* Some TLS configuration errors are not show stoppers. */ if (!have_server_cert && require_server_cert) msg_warn("Need a server cert to request client certs"); if (!var_smtpd_enforce_tls && var_smtpd_tls_req_ccert) msg_warn("Can't require client certs unless TLS is required"); /* After a show-stopper error, reply with 454 to STARTTLS. */ - if (have_server_cert || (no_server_cert_ok && !require_server_cert)) + if (have_server_cert + || (no_server_cert_ok && !require_server_cert)) { + + tls_pre_jail_init(TLS_ROLE_SERVER); /* * Large parameter lists are error-prone, so we emulate a @@ -6123,6 +6150,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv) verifydepth = var_smtpd_tls_ccert_vd, cache_type = TLS_MGR_SCACHE_SMTPD, set_sessid = var_smtpd_tls_set_sessid, + chain_files = var_smtpd_tls_chain_files, cert_file = cert_file, key_file = var_smtpd_tls_key_file, dcert_file = var_smtpd_tls_dcert_file, @@ -6141,8 +6169,9 @@ static void pre_jail_init(char *unused_name, char **unused_argv) var_smtpd_tls_proto, ask_ccert = ask_client_cert, mdalg = var_smtpd_tls_fpt_dgst); - else + } else { msg_warn("No server certs available. TLS won't be enabled"); + } #endif /* USE_TLSPROXY */ #else msg_warn("TLS has been selected, but TLS support is not compiled in"); @@ -6381,6 +6410,7 @@ int main(int argc, char **argv) #ifdef USE_TLS VAR_RELAY_CCERTS, DEF_RELAY_CCERTS, &var_smtpd_relay_ccerts, 0, 0, VAR_SMTPD_SASL_TLS_OPTS, DEF_SMTPD_SASL_TLS_OPTS, &var_smtpd_sasl_tls_opts, 0, 0, + VAR_SMTPD_TLS_CHAIN_FILES, DEF_SMTPD_TLS_CHAIN_FILES, &var_smtpd_tls_chain_files, 0, 0, VAR_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CERT_FILE, &var_smtpd_tls_cert_file, 0, 0, VAR_SMTPD_TLS_KEY_FILE, DEF_SMTPD_TLS_KEY_FILE, &var_smtpd_tls_key_file, 0, 0, VAR_SMTPD_TLS_DCERT_FILE, DEF_SMTPD_TLS_DCERT_FILE, &var_smtpd_tls_dcert_file, 0, 0, diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h index 50827f58b..24e3a043b 100644 --- a/postfix/src/tls/tls.h +++ b/postfix/src/tls/tls.h @@ -84,8 +84,8 @@ extern const char *str_tls_level(int); #define ssl_cipher_stack_t STACK_OF(SSL_CIPHER) #define ssl_comp_stack_t STACK_OF(SSL_COMP) -#if (OPENSSL_VERSION_NUMBER < 0x00090700f) -#error "need OpenSSL version 0.9.7 or later" +#if (OPENSSL_VERSION_NUMBER < 0x1000200fUL) +#error "OpenSSL releases prior to 1.0.2 are no longer supported" #endif /* Backwards compatibility with OpenSSL < 1.1.0 */ @@ -93,6 +93,8 @@ extern const char *str_tls_level(int); #define OpenSSL_version_num SSLeay #define OpenSSL_version SSLeay_version #define OPENSSL_VERSION SSLEAY_VERSION +#define X509_STORE_up_ref(store) \ + CRYPTO_add(&((store)->references), 1, CRYPTO_LOCK_X509) #define X509_up_ref(x) \ CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509) #define EVP_PKEY_up_ref(k) \ @@ -128,20 +130,6 @@ extern const char *str_tls_level(int); #define tls_get_peer_dh_pubkey SSL_get_server_tmp_key #else #define tls_get_peer_dh_pubkey SSL_get_peer_tmp_key -#endif - -/* SSL_CIPHER_get_name() got constified in 0.9.7g */ -#if OPENSSL_VERSION_NUMBER >= 0x0090707fL /* constification */ -#define SSL_CIPHER_const const -#else -#define SSL_CIPHER_const -#endif - -/* d2i_X509() got constified in 0.9.8a */ -#if OPENSSL_VERSION_NUMBER >= 0x0090801fL -#define D2I_const const -#else -#define D2I_const #endif /* @@ -346,6 +334,7 @@ extern int tls_log_mask(const char *, const char *); */ struct TLS_APPL_STATE { SSL_CTX *ssl_ctx; + SSL_CTX *sni_ctx; int log_mask; char *cache_type; char *cipher_exclusions; /* Last cipher selection state */ @@ -487,6 +476,7 @@ typedef struct { const char *log_level; int verifydepth; const char *cache_type; + const char *chain_files; const char *cert_file; const char *key_file; const char *dcert_file; @@ -507,6 +497,7 @@ typedef struct { const char *nexthop; /* destination domain */ const char *host; /* MX hostname */ const char *namaddr; /* nam[addr] for logging */ + const char *sni; /* optional SNI name when not DANE */ const char *serverid; /* Session cache key */ const char *helo; /* Server name from EHLO response */ const char *protocols; /* Enabled protocols */ @@ -526,24 +517,24 @@ extern TLS_SESS_STATE *tls_client_post_connect(TLS_SESS_STATE *, tls_session_stop(ctx, (stream), (timeout), (failure), (TLScontext)) #define TLS_CLIENT_INIT_ARGS(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ - a10, a11, a12, a13) \ + a10, a11, a12, a13, a14) \ (((props)->a1), ((props)->a2), ((props)->a3), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \ - ((props)->a12), ((props)->a13), (props)) + ((props)->a12), ((props)->a13), ((props)->a14), (props)) #define TLS_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ - a10, a11, a12, a13) \ + a10, a11, a12, a13, a14) \ tls_client_init(TLS_CLIENT_INIT_ARGS(props, a1, a2, a3, a4, a5, \ - a6, a7, a8, a9, a10, a11, a12, a13)) + a6, a7, a8, a9, a10, a11, a12, a13, a14)) #define TLS_CLIENT_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ - a10, a11, a12, a13, a14, a15, a16) \ + a10, a11, a12, a13, a14, a15, a16, a17) \ tls_client_start((((props)->a1), ((props)->a2), ((props)->a3), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \ ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \ - ((props)->a16), (props))) + ((props)->a16), ((props)->a17), (props))) /* * tls_server.c @@ -554,6 +545,7 @@ typedef struct { int verifydepth; const char *cache_type; int set_sessid; + const char *chain_files; const char *cert_file; const char *key_file; const char *dcert_file; @@ -591,12 +583,13 @@ extern TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *); tls_session_stop(ctx, (stream), (timeout), (failure), (TLScontext)) #define TLS_SERVER_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ - a10, a11, a12, a13, a14, a15, a16, a17, a18, a19) \ + a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20) \ tls_server_init((((props)->a1), ((props)->a2), ((props)->a3), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \ ((props)->a12), ((props)->a13), ((props)->a14), ((props)->a15), \ - ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), (props))) + ((props)->a16), ((props)->a17), ((props)->a18), ((props)->a19), \ + ((props)->a20), (props))) #define TLS_SERVER_START(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10) \ tls_server_start((((props)->a1), ((props)->a2), ((props)->a3), \ @@ -615,6 +608,7 @@ extern const char *tls_compile_version(void); extern const char *tls_run_version(void); extern const char **tls_pkey_algorithms(void); extern void tls_log_summary(TLS_ROLE, TLS_USAGE, TLS_SESS_STATE *); +extern void tls_pre_jail_init(TLS_ROLE); #ifdef TLS_INTERNAL @@ -663,7 +657,7 @@ extern int tls_bio(int, int, TLS_SESS_STATE *, extern void tls_set_dh_from_file(const char *, int); extern DH *tls_tmp_dh_cb(SSL *, int, int); extern void tls_set_eecdh_curve(SSL_CTX *, const char *); -extern void tls_auto_eecdh_curves(SSL_CTX *); +extern void tls_auto_eecdh_curves(SSL_CTX *, const char *); /* * tls_rsa.c @@ -699,7 +693,8 @@ extern char *tls_serverid_digest(const TLS_CLIENT_START_PROPS *, long, * tls_certkey.c */ extern int tls_set_ca_certificate_info(SSL_CTX *, const char *, const char *); -extern int tls_set_my_certificate_key_info(SSL_CTX *, +extern int tls_load_pem_chain(SSL *, const char *, const char *); +extern int tls_set_my_certificate_key_info(SSL_CTX *, /* All */ const char *, /* RSA */ const char *, const char *, /* DSA */ const char *, const char *, /* ECDSA */ const char *, const char *); @@ -709,7 +704,7 @@ extern int tls_set_my_certificate_key_info(SSL_CTX *, */ extern int TLScontext_index; -extern TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *, int); +extern TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *, SSL_CTX *, int); extern TLS_SESS_STATE *tls_alloc_sess_context(int, const char *); extern void tls_free_context(TLS_SESS_STATE *); extern void tls_check_version(void); diff --git a/postfix/src/tls/tls_certkey.c b/postfix/src/tls/tls_certkey.c index 0190fb0af..1e7fbf33e 100644 --- a/postfix/src/tls/tls_certkey.c +++ b/postfix/src/tls/tls_certkey.c @@ -12,16 +12,23 @@ /* const char *CAfile; /* const char *CApath; /* -/* int tls_set_my_certificate_key_info(ctx, cert_file, key_file, +/* int tls_set_my_certificate_key_info(ctx, chain_files, +/* cert_file, key_file, /* dcert_file, dkey_file, /* eccert_file, eckey_file) /* SSL_CTX *ctx; +/* const char *chain_files; /* const char *cert_file; /* const char *key_file; /* const char *dcert_file; /* const char *dkey_file; /* const char *eccert_file; /* const char *eckey_file; +/* +/* int tls_load_pem_chain(ssl, pem, origin); +/* SSL *ssl; +/* const char *pem; +/* const char *origin; /* DESCRIPTION /* OpenSSL supports two options to specify CA certificates: /* either one file CAfile that contains all CA certificates, @@ -38,7 +45,16 @@ /* certificates and private keys for the specified TLS server /* or client context. Up to 3 pairs of key pairs (RSA, DSA and /* ECDSA) may be specified; each certificate and key pair must -/* match. The result is -1 on failure, 0 on success. +/* match. The chain_files argument makes it possible to load +/* keys and certificates for more than 3 algorithms, via either +/* a single file, or a list of multiple files. The result is -1 +/* on failure, 0 on success. +/* +/* tls_load_pem_chain() loads one or more (key, cert, [chain]) +/* triples from an in-memory PEM blob. The "origin" argument +/* is used for error logging, to identify the provenance of the +/* PEM blob. Exactly one of "ctx" or "ssl" must be non-zero, +/* and the keys and certificates will be loaded into that object. /* LICENSE /* .ad /* .fi @@ -79,6 +95,440 @@ #define TLS_INTERNAL #include +#define STATE_PEM_NOGO -2 /* Unusable object or sequence */ +#define STATE_PEM_FAIL -1 /* Error in libcrypto */ +#define STATE_PEM_DONE 0 /* End of PEM file, return value only */ +#define STATE_PEM_INIT 1 /* No PEM objects seen */ +#define STATE_PEM_PKEY 2 /* Last object was a private key */ +#define STATE_PEM_CERT 3 /* Last object was a certificate */ +#define STATE_PEM_BOTH 4 /* Unordered, key + first cert seen */ + +#define LOAD_MODE_MIXED 0 /* Key order not fixed */ +#define LOAD_MODE_MORE 1 /* Keys first, more files */ +#define LOAD_MODE_LAST 2 /* Keys first, last file */ + +typedef struct pem_load_state { + const char *origin; /* PEM chain origin description */ + const char *source; /* PEM BIO origin description */ + const char *keysrc; /* Source of last key */ + BIO *pembio; /* PEM input stream */ + SSL_CTX *ctx; /* SSL connection factory */ + SSL *ssl; /* SSL connection handle */ + EVP_PKEY *pkey; /* current key */ + X509 *cert; /* current certificate */ + x509_stack_t *chain; /* current chain */ + int keynum; /* Index of last key */ + int objnum; /* Index in current source */ + int state; /* Current state, never "DONE" */ +} pem_load_state; + +/* init_pem_load_state - fill in initial pem_load_state structure */ + +static void init_pem_load_state(pem_load_state *st, SSL_CTX *ctx, SSL *ssl, + const char *origin) +{ + st->origin = origin; + st->source = origin; + st->keysrc = 0; + st->pembio = 0; + st->ctx = ctx; + st->ssl = ssl; + st->pkey = 0; + st->cert = 0; + st->chain = 0; + st->keynum = 0; + st->objnum = 0; + st->state = STATE_PEM_INIT; +} + +/* use_chain - load cert, key and chain into ctx or ssl */ + +#if OPENSSL_VERSION_NUMBER >= 0x1010000fUL +static int use_chain(pem_load_state *st) +{ + int ret; + int replace = 0; + + /* + * With replace == 0, an error is returned if the algorithm slot is + * already taken, and a previous key + chain of the same type would be + * clobbered. + */ + if (st->ctx) + ret = SSL_CTX_use_cert_and_key(st->ctx, st->cert, st->pkey, st->chain, + replace); + else + ret = SSL_use_cert_and_key(st->ssl, st->cert, st->pkey, st->chain, + replace); + + /* + * SSL_[CTX_]_use_cert_key() uprefs all the objects in question, so we + * must free ours. + */ + X509_free(st->cert); + st->cert = 0; + EVP_PKEY_free(st->pkey); + st->pkey = 0; + sk_X509_pop_free(st->chain, X509_free); + st->chain = 0; + + return ret; +} + +#else + +/* Legacy OpenSSL 1.0.2 interface */ +static int use_chain(pem_load_state *st) +{ + int ret = 1; + +#define TRY(op, o) \ + ((st->ctx && SSL_CTX_##op(st->ctx, st->o)) || \ + (st->ssl && SSL_##op(st->ssl, st->o))) + + /* + * This ensures the cert and key have the same type and match. A similar + * check is performed in use_PrivateKey(), but only if if the key and + * cert are of the same type. + */ + if (!X509_check_private_key(st->cert, st->pkey)) + ret = 0; + + /* + * XXX: With OpenSSL 1.0.2, setting the certificate clears any previous + * mismatched key of the same type, so we don't detect conflicting chains + * for the same algorithm, and silently use the last one. + */ + + /* use_certificate() increments the refcount */ + if (ret && !TRY(use_certificate, cert)) + ret = 0; + X509_free(st->cert); + + /* use_PrivateKey() increments the refcount */ + if (ret && !TRY(use_PrivateKey, pkey)) + ret = 0; + EVP_PKEY_free(st->pkey); + + /* set0_chain() does not increment the refcount */ + if (!ret || !(ret = TRY(set0_chain, chain))) + sk_X509_pop_free(st->chain, X509_free); + + return ret; +} + +#endif + +/* load_cert - decode and load a DER-encoded X509 certificate */ + +static void load_cert(pem_load_state *st, int mode, unsigned char *buf, + long buflen) +{ + const unsigned char *p = buf; + X509 *cert = d2i_X509(0, &p, buflen); + + /* + * When expecting one or more keys, each key must precede the associated + * certicate (chain). + */ + if (mode != LOAD_MODE_MIXED && st->state == STATE_PEM_INIT) { + msg_warn("error loading chain from %s: key not first", st->source); + if (cert) + X509_free(cert); + st->state = STATE_PEM_NOGO; + return; + } + if (!cert) { + msg_warn("error loading certificate (PEM object number %d) from %s", + st->objnum, st->source); + st->state = STATE_PEM_FAIL; + return; + } + if (p - buf != buflen) { + msg_warn("error loading certificate (PEM object number %d) from %s:" + " excess data", st->objnum, st->source); + X509_free(cert); + st->state = STATE_PEM_NOGO; + return; + } + + /* + * The first certificate after a new key becomes the leaf certificate for + * that key, and the additional issuer certificte list is cleared. + * Subsequent certificates are added to the issuer chain (without an + * "upref" so they are now owne by the chain, and must not be freed). + * + * In "mixed" mode, the first certificate is either after the key, or else + * comes first. + */ + if (!st->cert) { + st->cert = cert; + } else if ((!st->chain && (st->chain = sk_X509_new_null()) == 0) + || !sk_X509_push(st->chain, cert)) { + X509_free(cert); + st->state = STATE_PEM_FAIL; + return; + } + if (st->state == STATE_PEM_INIT) { + st->state = STATE_PEM_CERT; + return; + } + if (st->state != STATE_PEM_PKEY) + return; + if (mode == LOAD_MODE_MIXED) + st->state = STATE_PEM_BOTH; + else + st->state = STATE_PEM_CERT; +} + +/* load_pkey - decode and load a DER-encoded private key */ + +static void load_pkey(pem_load_state *st, int mode, int pkey_type, + unsigned char *buf, long buflen) +{ + const char *myname = "load_pkey"; + const unsigned char *p = buf; + PKCS8_PRIV_KEY_INFO *p8; + EVP_PKEY *pkey = 0; + + /* + * Keys are either algorithm-specific, or else (ideally) algorithm + * agnostic, in which case they are wrapped as PKCS#8 objects with an + * algorithm OID. + */ + if (pkey_type != NID_undef) { + pkey = d2i_PrivateKey(pkey_type, 0, &p, buflen); + } else { + p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, buflen); + if (p8) { + pkey = EVP_PKCS82PKEY(p8); + PKCS8_PRIV_KEY_INFO_free(p8); + } + } + + /* + * Except in "mixed" mode, where a single key appears anywhere in a file + * with multiple certificates, a given key is either at the first object + * we process, or occurs after a previous key and one or more associated + * certificates. Thus, encountering a key in a state other than "INIT" + * or "CERT" is an error, except in "mixed" mode where a second key is + * ignored with a warning. + */ + switch (st->state) { + case STATE_PEM_INIT: + break; + + case STATE_PEM_CERT: + + /* + * When processing the key of a "next" chain, we're in the "CERT" + * state, and first complete the processing of the previous chain. + */ + if (mode != LOAD_MODE_MIXED && !use_chain(st)) { + msg_warn("error loading certificate chain: " + "key number %d in %s does not match the certificate", + st->keynum, st->keysrc); + st->state = STATE_PEM_FAIL; + return; + } + break; + + case STATE_PEM_PKEY: + case STATE_PEM_BOTH: + if (pkey) + EVP_PKEY_free(pkey); + + /* XXX: Legacy behaviour was silent, should we stay silent? */ + if (mode == LOAD_MODE_MIXED) { + msg_warn("ignoring 2nd key at index %d in %s after 1st at %d", + st->objnum, st->source, st->keynum); + return; + } + /* Mode != "mixed" => state == "PKEY", so back-to-back keys */ + msg_warn("error loading certificate chain: " + "key number %d in %s not followed by a certificate", + st->keynum, st->keysrc); + st->state = STATE_PEM_NOGO; + return; + + default: + msg_error("%s: internal error: bad state: %d", myname, st->state); + st->state = STATE_PEM_NOGO; + return; + } + + if (!pkey) { + msg_warn("error loading private key (PEM object number %d) from %s", + st->objnum, st->source); + st->state = STATE_PEM_FAIL; + return; + } + /* Reject unexpected data beyond the end of the DER-encoded object */ + if (p - buf != buflen) { + msg_warn("error loading private key (PEM object number %d) from %s:" + " excess data", st->objnum, st->source); + EVP_PKEY_free(pkey); + st->state = STATE_PEM_NOGO; + return; + } + /* All's well, update the state */ + st->pkey = pkey; + if (st->state == STATE_PEM_INIT) { + st->state = STATE_PEM_PKEY; + return; + } + if (st->state != STATE_PEM_CERT) + return; + if (mode == LOAD_MODE_MIXED) + st->state = STATE_PEM_BOTH; + else + st->state = STATE_PEM_PKEY; +} + +/* load_pem_object - load next pkey or cert from open BIO */ + +static int load_pem_object(pem_load_state *st, int mode) +{ + char *name = 0; + char *header = 0; + unsigned char *buf = 0; + long buflen; + int pkey_type = NID_undef; + + if (!PEM_read_bio(st->pembio, &name, &header, &buf, &buflen)) { + if (ERR_GET_REASON(ERR_peek_last_error()) != PEM_R_NO_START_LINE) + return (st->state = STATE_PEM_FAIL); + + ERR_clear_error(); + /* Clean EOF, preserve stored state for any next input file */ + return (STATE_PEM_DONE); + } + if (strcmp(name, PEM_STRING_X509) == 0 + || strcmp(name, PEM_STRING_X509_OLD) == 0) { + load_cert(st, mode, buf, buflen); + } else if (strcmp(name, PEM_STRING_PKCS8INF) == 0 + || ((pkey_type = EVP_PKEY_RSA) != NID_undef + && strcmp(name, PEM_STRING_RSA) == 0) + || ((pkey_type = EVP_PKEY_EC) != NID_undef + && strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) + || ((pkey_type = EVP_PKEY_DSA) != NID_undef + && strcmp(name, PEM_STRING_DSA) == 0)) { + load_pkey(st, mode, pkey_type, buf, buflen); + } else if (mode != LOAD_MODE_MIXED) { + msg_warn("error loading %s: unexpected PEM type: %s", st->source, name); + st->state = STATE_PEM_NOGO; + } + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(buf); + return (st->state); +} + +/* load_pem_bio - load all key/certs from bio and free the bio */ + +static int load_pem_bio(pem_load_state *st, int mode) +{ + int state = st->state; + + /* Don't report old news */ + ERR_clear_error(); + + /* + * When "mode" == LOAD_MODE_MORE, more files will be loaded after the + * current file, and final processing for the last key and chain is + * deferred. + * + * When "mode" == LOAD_MODE_LAST, this is the last file in the list, and we + * validate the final chain. + * + * When "mode" == LOAD_MODE_MIXED, this is the only file, and its key can + * occur at any location. In this case we load at most one key. + */ + for (st->objnum = 1; state > STATE_PEM_DONE; ++st->objnum) { + state = load_pem_object(st, mode); + if (state == STATE_PEM_PKEY || state == STATE_PEM_BOTH) { + if (mode != LOAD_MODE_MIXED) { + st->keynum = st->objnum; + st->keysrc = st->source; + } else if (st->keynum == 0) { + st->keynum = st->objnum; + st->keysrc = st->source; + } + } + } + /* We're responsible for unconditionally freeing the BIO */ + BIO_free(st->pembio); + + /* Success with current file, go back for more? */ + if (mode == LOAD_MODE_MORE && state >= STATE_PEM_DONE) + return 0; + + /* + * If all is well so far, complete processing for the final chain. + */ + if (st->state >= STATE_PEM_INIT) { + if (st->state == STATE_PEM_INIT) { + msg_warn("No PEM data in %s", st->origin); + st->state = STATE_PEM_NOGO; + } else if (st->state == STATE_PEM_PKEY) { + msg_warn("No certs for key number %d in %s", + st->keynum, st->keysrc); + st->state = STATE_PEM_NOGO; + } else if (mode == LOAD_MODE_MIXED && st->state == STATE_PEM_CERT) { + msg_warn("No private key found in %s", st->origin); + st->state = STATE_PEM_NOGO; + } else if (!use_chain(st)) { + msg_warn("key number %d in %s does not match next certificate", + st->keynum, st->keysrc); + st->state = STATE_PEM_FAIL; + } else { + /* use_chain() freed the key and certs, and zeroed the pointers */ + return (0); + } + } + /* Free any left-over unused keys and certs */ + EVP_PKEY_free(st->pkey); + X509_free(st->cert); + sk_X509_pop_free(st->chain, X509_free); + + switch (st->state) { + case STATE_PEM_FAIL: + tls_print_errors(); + /* FALLTHROUGH */ + default: + msg_warn("error loading private keys and certificates from: %s: %s", + st->ctx ? "disabling TLS support" : "aborting TLS handshake", + st->origin); + return (-1); + } +} + +/* load_chain_files - load sequence of (key, cert, [chain]) from files */ + +static int load_chain_files(SSL_CTX *ctx, const char *chain_files) +{ + pem_load_state st; + ARGV *files = argv_split(chain_files, CHARS_COMMA_SP); + char **filep; + int ret = 0; + int mode; + + init_pem_load_state(&st, ctx, 0, chain_files); + for (filep = files->argv; ret == 0 && *filep; ++filep) { + st.source = *filep; + if ((st.pembio = BIO_new_file(st.source, "r")) == NULL) { + msg_warn("error opening chain file: %s: %m", st.source); + st.state = STATE_PEM_NOGO; + break; + } + mode = filep[1] ? LOAD_MODE_MORE : LOAD_MODE_LAST; + /* load_pem_bio() frees the BIO */ + ret = load_pem_bio(&st, mode); + } + argv_free(files); + return (ret); +} + /* tls_set_ca_certificate_info - load Certification Authority certificates */ int tls_set_ca_certificate_info(SSL_CTX *ctx, const char *CAfile, @@ -121,9 +571,25 @@ static int set_cert_stuff(SSL_CTX *ctx, const char *cert_type, const char *key_file) { + /* + * When the certfile and keyfile are one and the same, load both in a + * single pass, avoiding potential race conditions during key rollover. + */ + if (strcmp(cert_file, key_file) == 0) { + pem_load_state st; + + init_pem_load_state(&st, ctx, 0, cert_file); + if ((st.pembio = BIO_new_file(st.source, "r")) == NULL) { + msg_warn("error opening chain file: %s: %m", st.source); + return (-1); + } + /* load_pem_bio() frees the BIO */ + return (load_pem_bio(&st, LOAD_MODE_MIXED) == 0); + } + /* * We need both the private key (in key_file) and the public key - * certificate (in cert_file). Both may specify the same file. + * certificate (in cert_file). * * Code adapted from OpenSSL apps/s_cb.c. */ @@ -154,7 +620,7 @@ static int set_cert_stuff(SSL_CTX *ctx, const char *cert_type, /* tls_set_my_certificate_key_info - load client or server certificates/keys */ -int tls_set_my_certificate_key_info(SSL_CTX *ctx, +int tls_set_my_certificate_key_info(SSL_CTX *ctx, const char *chain_files, const char *cert_file, const char *key_file, const char *dcert_file, @@ -163,15 +629,19 @@ int tls_set_my_certificate_key_info(SSL_CTX *ctx, const char *eckey_file) { + /* The "chain_files" parameter overrides all the legacy parameters */ + if (chain_files && *chain_files) + return load_chain_files(ctx, chain_files); + /* * Lack of certificates is fine so long as we are prepared to use * anonymous ciphers. */ if (*cert_file && !set_cert_stuff(ctx, "RSA", cert_file, key_file)) - return (-1); /* logged */ + return (-1); /* logged */ if (*dcert_file && !set_cert_stuff(ctx, "DSA", dcert_file, dkey_file)) return (-1); /* logged */ -#if OPENSSL_VERSION_NUMBER >= 0x1000000fL && !defined(OPENSSL_NO_ECDH) +#ifndef OPENSSL_NO_ECDH if (*eccert_file && !set_cert_stuff(ctx, "ECDSA", eccert_file, eckey_file)) return (-1); /* logged */ #else @@ -182,4 +652,25 @@ int tls_set_my_certificate_key_info(SSL_CTX *ctx, return (0); } +/* tls_load_pem_chain - load in-memory PEM client or server chain */ + +int tls_load_pem_chain(SSL *ssl, const char *pem, const char *origin) +{ + static VSTRING *obuf; + pem_load_state st; + + if (!obuf) + obuf = vstring_alloc(100); + vstring_sprintf(obuf, "SNI data for %s", origin); + init_pem_load_state(&st, 0, ssl, vstring_str(obuf)); + + if ((st.pembio = BIO_new_mem_buf(pem, -1)) == NULL) { + msg_warn("error opening memory BIO for %s", st.origin); + tls_print_errors(); + return (-1); + } + /* load_pem_bio() frees the BIO */ + return (load_pem_bio(&st, LOAD_MODE_LAST)); +} + #endif diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 3d771a494..bb9412539 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -453,6 +453,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) * uses certificates). */ if (tls_set_my_certificate_key_info(client_ctx, + props->chain_files, props->cert_file, props->key_file, props->dcert_file, @@ -482,7 +483,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) * configurable with the preferred curve negotiated via the supported * curves extension. */ - tls_auto_eecdh_curves(client_ctx); + tls_auto_eecdh_curves(client_ctx, var_tls_eecdh_auto); /* * Finally, the setup for the server certificate checking, done "by the @@ -512,7 +513,7 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) * Allocate an application context, and populate with mandatory protocol * and cipher data. */ - app_ctx = tls_alloc_app_context(client_ctx, log_mask); + app_ctx = tls_alloc_app_context(client_ctx, 0, log_mask); /* * The external session cache is implemented by the tlsmgr(8) process. @@ -873,6 +874,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) SSL_SESSION *session = 0; TLS_SESS_STATE *TLScontext; TLS_APPL_STATE *app_ctx = props->ctx; + const char *sni = 0; char *myserverid; int log_mask = app_ctx->log_mask; @@ -1003,8 +1005,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) } } #ifdef TLSEXT_MAXLEN_host_name - if (TLS_DANE_BASED(props->tls_level) - && strlen(props->host) <= TLSEXT_MAXLEN_host_name) { + if (TLS_DANE_BASED(props->tls_level)) { /* * With DANE sessions, send an SNI hint. We don't care whether the @@ -1017,19 +1018,32 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) * SMTP server). * * Since the hostname is DNSSEC-validated, it must be a DNS FQDN and - * thererefore valid for use with SNI. Failure to set a valid SNI - * hostname is a memory allocation error, and thus transient. Since - * we must not cache the session if we failed to send the SNI name, - * we have little choice but to abort. + * thererefore valid for use with SNI. */ - if (!SSL_set_tlsext_host_name(TLScontext->con, props->host)) { + sni = props->host; + } else if (props->sni && *props->sni) { + if (strcmp(props->sni, "hostname") == 0) + sni = props->host; + else if (strcmp(props->sni, "nexthop") == 0) + sni = props->nexthop; + else + sni = props->sni; + } + if (sni && strlen(sni) <= TLSEXT_MAXLEN_host_name) { + + /* + * Failure to set a valid SNI hostname is a memory allocation error, + * and thus transient. Since we must not cache the session if we + * failed to send the SNI name, we have little choice but to abort. + */ + if (!SSL_set_tlsext_host_name(TLScontext->con, sni)) { msg_warn("%s: error setting SNI hostname to: %s", props->namaddr, - props->host); + sni); tls_free_context(TLScontext); return (0); } if (log_mask & TLS_LOG_DEBUG) - msg_info("%s: SNI hostname: %s", props->namaddr, props->host); + msg_info("%s: SNI hostname: %s", props->namaddr, sni); } #endif @@ -1040,13 +1054,6 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) tls_int_seed(); (void) tls_ext_seed(var_tls_daemon_rand_bytes); - /* - * Initialize the SSL connection to connect state. This should not be - * necessary anymore since 0.9.3, but the call is still in the library - * and maintaining compatibility never hurts. - */ - SSL_set_connect_state(TLScontext->con); - /* * Connect the SSL connection with the network socket. */ @@ -1117,7 +1124,7 @@ TLS_SESS_STATE *tls_client_start(const TLS_CLIENT_START_PROPS *props) TLS_SESS_STATE *tls_client_post_connect(TLS_SESS_STATE *TLScontext, const TLS_CLIENT_START_PROPS *props) { - SSL_CIPHER_const SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; X509 *peercert; /* Turn off packet dump if only dumping the handshake */ diff --git a/postfix/src/tls/tls_dane.c b/postfix/src/tls/tls_dane.c index de7ba77ff..93f8e2a52 100644 --- a/postfix/src/tls/tls_dane.c +++ b/postfix/src/tls/tls_dane.c @@ -205,41 +205,10 @@ /* Application-specific. */ -#undef TRUST_ANCHOR_SUPPORT #undef DANE_TLSA_SUPPORT -#undef WRAP_SIGNED - -#if OPENSSL_VERSION_NUMBER >= 0x1000000fL && \ - (defined(X509_V_FLAG_PARTIAL_CHAIN) || !defined(OPENSSL_NO_ECDH)) -#define TRUST_ANCHOR_SUPPORT - -#ifndef X509_V_FLAG_PARTIAL_CHAIN -#define WRAP_SIGNED -#endif #if defined(TLSEXT_MAXLEN_host_name) && RES_USE_DNSSEC && RES_USE_EDNS0 #define DANE_TLSA_SUPPORT -#endif - -#endif /* OPENSSL_VERSION_NUMBER ... */ - -#ifdef TRUST_ANCHOR_SUPPORT -static int ta_support = 1; - -#else -static int ta_support = 0; - -#endif - -#ifdef WRAP_SIGNED -static int wrap_signed = 1; - -#else -static int wrap_signed = 0; - -#endif - -#ifdef DANE_TLSA_SUPPORT static int dane_tlsa_support = 1; #else @@ -247,8 +216,6 @@ static int dane_tlsa_support = 0; #endif -static EVP_PKEY *signkey; -static const EVP_MD *signmd; static const char *signalg; static ASN1_OBJECT *serverAuth; @@ -417,36 +384,6 @@ static int digest_pref_byid(uint8_t dane_id) return (d ? (d->pref) : (MAXDIGESTS + dane_id)); } -/* gencakey - generate interal DANE root CA key */ - -static EVP_PKEY *gencakey(void) -{ - EVP_PKEY *key = 0; - -#ifdef WRAP_SIGNED - EC_KEY *eckey; - EC_GROUP *group = 0; - - ERR_clear_error(); - - if ((eckey = EC_KEY_new()) != 0 - && (group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) != 0 - && (EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE), - EC_KEY_set_group(eckey, group)) - && EC_KEY_generate_key(eckey) - && (key = EVP_PKEY_new()) != 0 - && !EVP_PKEY_set1_EC_KEY(key, eckey)) { - EVP_PKEY_free(key); - key = 0; - } - if (group) - EC_GROUP_free(group); - if (eckey) - EC_KEY_free(eckey); -#endif /* WRAP_SIGNED */ - return (key); -} - /* dane_init - initialize DANE parameters */ static void dane_init(void) @@ -462,20 +399,18 @@ static void dane_init(void) * Add the full matching type at highest preference and then the users * configured list. * - * The most preferred digest will be used for cert signing and hashing full - * values for comparison. + * The most preferred digest will be used for hashing full values for + * comparison. */ if (add_digest(fullmtype, 0)) { save = cp = mystrdup(var_tls_dane_digests); while ((tok = mystrtok(&cp, CHARS_COMMA_SP)) != 0) { if ((d = add_digest(tok, ++digest_pref)) == 0) { signalg = 0; - signmd = 0; break; } if (digest_pref == 1) { signalg = d->mdalg; - signmd = d->md; } } myfree(save); @@ -484,17 +419,14 @@ static void dane_init(void) ERR_clear_error(); /* - * DANE TLSA support requires trust-anchor support plus working DANE - * digests. + * DANE TLSA support requires working DANE digests. */ - if (!ta_support - || (wrap_signed && (signkey = gencakey()) == 0) - || (serverAuth = OBJ_nid2obj(NID_server_auth)) == 0) { - msg_warn("cannot generate TA certificates, " - "no trust-anchor or DANE support"); + if ((serverAuth = OBJ_nid2obj(NID_server_auth)) == 0) { + msg_warn("cannot designate intermediate TA certificates, " + "no DANE support"); tls_print_errors(); - dane_tlsa_support = ta_support = 0; - } else if (signmd == 0) { + dane_tlsa_support = 0; + } else if (signalg == 0) { msg_warn("digest algorithm initializaton failed, no DANE support"); tls_print_errors(); dane_tlsa_support = 0; @@ -837,8 +769,8 @@ static int parse_tlsa_rr(DNS_RR *rr, filter_ctx *ctx) uint8_t selector; uint8_t mtype; ssize_t dlen; - D2I_const unsigned char *data; - D2I_const unsigned char *p; + const unsigned char *data; + const unsigned char *p; int iscname = strcasecmp(rr->rname, rr->qname); const char *q = (iscname) ? (rr)->qname : ""; const char *a = (iscname) ? " -> " : ""; @@ -861,7 +793,7 @@ static int parse_tlsa_rr(DNS_RR *rr, filter_ctx *ctx) selector = *ip++; mtype = *ip++; change = usmdelta(usage, selector, mtype, rr->next); - p = data = (D2I_const unsigned char *) ip; + p = data = (const unsigned char *) ip; /* * Handle digest agility for non-zero matching types. @@ -873,7 +805,6 @@ static int parse_tlsa_rr(DNS_RR *rr, filter_ctx *ctx) return (FILTER_RR_DROP); } } - /*- * Drop unsupported usages. * Note: NO SUPPORT for usages 0/1 which do not apply to SMTP. @@ -1211,10 +1142,7 @@ int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile) if (!dane_initialized) dane_init(); - if (!ta_support) { - msg_warn("trust-anchor files not supported"); - return (0); - } + /* Per-destination TA support is available even when DANE is not */ mdalg = signalg ? signalg : "sha1"; /* @@ -1233,7 +1161,7 @@ int tls_dane_load_trustfile(TLS_DANE *dane, const char *tafile) for (tacount = 0; errtype == 0 && PEM_read_bio(bp, &name, &header, &data, &len); ++tacount) { - D2I_const unsigned char *p = data; + const unsigned char *p = data; int usage = DNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION; int selector; char *digest; @@ -1350,7 +1278,7 @@ int tls_dane_match(TLS_SESS_STATE *TLScontext, int usage, static int add_ext(X509 *issuer, X509 *subject, int ext_nid, char *ext_val) { - int ret = 0; + int ret = 0; X509V3_CTX v3ctx; X509_EXTENSION *ext; @@ -1454,8 +1382,8 @@ static int set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj) X509_NAME *name = akid_issuer_name(akid); /* - * If subject's akid specifies an authority key identifier issuer name, we - * must use that. + * If subject's akid specifies an authority key identifier issuer name, + * we must use that. */ if (name) return (X509_set_issuer_name(cert, name)); @@ -1513,33 +1441,23 @@ static void wrap_key(TLS_SESS_STATE *TLScontext, int depth, ERR_clear_error(); - /* - * If key is NULL generate a self-signed root CA, with key "signkey", - * otherwise an intermediate CA signed by above. - * - * CA cert valid for +/- 30 days. - */ + /* CA cert valid for +/- 30 days. */ if (!X509_set_version(cert, 2) || !set_serial(cert, akid, subject) || !set_issuer_name(cert, akid, name) || !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L) || !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L) || !X509_set_subject_name(cert, name) - || !X509_set_pubkey(cert, key ? key : signkey) + || !X509_set_pubkey(cert, key) || !add_ext(0, cert, NID_basic_constraints, "CA:TRUE") || (key && !add_akid(cert, akid)) - || !add_skid(cert, akid) - || (wrap_signed && !X509_sign(cert, signkey, signmd))) { + || !add_skid(cert, akid)) { tls_print_errors(); msg_fatal("error generating DANE wrapper certificate"); } if (akid) AUTHORITY_KEYID_free(akid); - if (key && wrap_signed) { - wrap_key(TLScontext, depth + 1, 0, cert); - grow_chain(TLScontext, UNTRUSTED, cert); - } else - grow_chain(TLScontext, TRUSTED, cert); + grow_chain(TLScontext, TRUSTED, cert); if (cert) X509_free(cert); } @@ -1548,11 +1466,6 @@ static void wrap_key(TLS_SESS_STATE *TLScontext, int depth, static void wrap_cert(TLS_SESS_STATE *TLScontext, X509 *tacert, int depth) { - X509 *cert; - int len; - unsigned char *asn1; - unsigned char *buf; - if (TLScontext->tadepth < 0) TLScontext->tadepth = depth + 1; @@ -1560,35 +1473,8 @@ static void wrap_cert(TLS_SESS_STATE *TLScontext, X509 *tacert, int depth) msg_info("%s: depth=%d trust-anchor certificate", TLScontext->namaddr, depth); - /* - * If the TA certificate is self-issued, use it directly. - */ - if (!wrap_signed || X509_check_issued(tacert, tacert) == X509_V_OK) { - grow_chain(TLScontext, TRUSTED, tacert); - return; - } - /* Deep-copy tacert by converting to ASN.1 and back */ - len = i2d_X509(tacert, NULL); - asn1 = buf = (unsigned char *) mymalloc(len); - i2d_X509(tacert, &buf); - if (buf - asn1 != len) - msg_panic("i2d_X509 failed to encode TA certificate"); - - buf = asn1; - cert = d2i_X509(0, (D2I_const unsigned char **) &buf, len); - if (!cert || (buf - asn1) != len) - msg_panic("d2i_X509 failed to decode TA certificate"); - myfree((void *) asn1); - - grow_chain(TLScontext, UNTRUSTED, cert); - - /* Sign and wrap TA cert with internal "signkey" */ - if (!X509_sign(cert, signkey, signmd)) { - tls_print_errors(); - msg_fatal("error generating DANE wrapper certificate"); - } - wrap_key(TLScontext, depth + 1, signkey, cert); - X509_free(cert); + grow_chain(TLScontext, TRUSTED, tacert); + return; } /* ta_signed - is certificate signed by a TLSA cert or pkey */ @@ -1782,7 +1668,7 @@ static int dane_cb(X509_STORE_CTX *ctx, void *app_ctx) void tls_dane_set_callback(SSL_CTX *ctx, TLS_SESS_STATE *TLScontext) { - if (ta_support && TLS_DANE_HASTA(TLScontext->dane)) + if (TLS_DANE_HASTA(TLScontext->dane)) SSL_CTX_set_cert_verify_callback(ctx, dane_cb, (void *) TLScontext); else SSL_CTX_set_cert_verify_callback(ctx, 0, 0); @@ -1797,36 +1683,32 @@ void tls_dane_set_callback(SSL_CTX *ctx, TLS_SESS_STATE *TLScontext) #include #include -#if OPENSSL_VERSION_NUMBER < 0x10002000L -#define SSL_get0_param(s) ((s)->param) -#endif - static int verify_chain(SSL *ssl, x509_stack_t *chain, TLS_SESS_STATE *tctx) { - int ret; - X509 *cert; + int ret; + X509 *cert; X509_STORE_CTX *store_ctx; SSL_CTX *ssl_ctx = SSL_get_SSL_CTX(ssl); X509_STORE *store = SSL_CTX_get_cert_store(ssl_ctx); - int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + int store_ctx_idx = SSL_get_ex_data_X509_STORE_CTX_idx(); cert = sk_X509_value(chain, 0); if ((store_ctx = X509_STORE_CTX_new()) == NULL) { - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE); - return 0; + SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE); + return 0; } if (!X509_STORE_CTX_init(store_ctx, store, cert, chain)) { - X509_STORE_CTX_free(store_ctx); - return 0; + X509_STORE_CTX_free(store_ctx); + return 0; } X509_STORE_CTX_set_ex_data(store_ctx, store_ctx_idx, ssl); X509_STORE_CTX_set_default(store_ctx, "ssl_server"); X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), - SSL_get0_param(ssl)); + SSL_get0_param(ssl)); if (SSL_get_verify_callback(ssl)) - X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); + X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); ret = dane_cb(store_ctx, tctx); diff --git a/postfix/src/tls/tls_dh.c b/postfix/src/tls/tls_dh.c index 63ade6139..70db8e9d9 100644 --- a/postfix/src/tls/tls_dh.c +++ b/postfix/src/tls/tls_dh.c @@ -11,8 +11,9 @@ /* const char *path; /* int bits; /* -/* void tls_auto_eecdh_curves(SSL_CTX *ctx) +/* void tls_auto_eecdh_curves(ctx, configured) /* SSL_CTX *ctx; +/* char *configured; /* /* void tls_set_eecdh_curve(server_ctx, grade) /* SSL_CTX *server_ctx; @@ -34,8 +35,7 @@ /* "bits" argument must be 512 or 1024. /* /* tls_auto_eecdh_curves() enables negotiation of the most preferred curve -/* among the curves specified by the tls_eecdh_auto_curves configuration -/* parameter. +/* among the curves specified by the "configured" argument. /* /* tls_set_eecdh_curve() enables ephemeral Elliptic-Curve DH /* key exchange algorithms by instantiating in the server SSL @@ -94,7 +94,7 @@ #define TLS_INTERNAL #include #include -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) +#ifndef OPENSSL_NO_ECDH #include #endif @@ -242,9 +242,9 @@ DH *tls_tmp_dh_cb(SSL *unused_ssl, int export, int keylength) return (dh_tmp); } -void tls_auto_eecdh_curves(SSL_CTX *ctx) +void tls_auto_eecdh_curves(SSL_CTX *ctx, const char *configured) { -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL && !defined(OPENSSL_NO_ECDH) +#ifndef OPENSSL_NO_ECDH SSL_CTX *tmpctx; int *nids; int space = 5; @@ -260,7 +260,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx) return; } nids = mymalloc(space * sizeof(int)); - curves = save = mystrdup(var_tls_eecdh_auto); + curves = save = mystrdup(configured); #define RETURN do { \ myfree(save); \ myfree(nids); \ @@ -276,7 +276,7 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx) if (nid == NID_undef) nid = OBJ_ln2nid(curve); if (nid == NID_undef) { - msg_warn("ignoring unknown \"auto\" ECDHE curve \"%s\"", + msg_warn("ignoring unknown ECDHE curve \"%s\"", curve); continue; } @@ -301,11 +301,11 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx) if (n == 0) { if (unknown > 0) - msg_warn("none of the \"auto\" ECDHE curves are supported"); + msg_warn("none of the configured ECDHE curves are supported"); RETURN; } if (SSL_CTX_set1_curves(ctx, nids, n) <= 0) { - msg_warn("failed to configure \"auto\" ECDHE curves"); + msg_warn("failed to configure ECDHE curves"); tls_print_errors(); RETURN; } @@ -325,28 +325,21 @@ void tls_auto_eecdh_curves(SSL_CTX *ctx) #endif } -void tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade) -{ -#if OPENSSL_VERSION_NUMBER >= 0x1000000fUL && !defined(OPENSSL_NO_ECDH) - int nid; - EC_KEY *ecdh; - const char *curve; - int g; - #define TLS_EECDH_INVALID 0 #define TLS_EECDH_NONE 1 #define TLS_EECDH_STRONG 2 #define TLS_EECDH_ULTRA 3 -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL #define TLS_EECDH_AUTO 4 -#endif + +void tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade) +{ +#ifndef OPENSSL_NO_ECDH + int g; static NAME_CODE eecdh_table[] = { "none", TLS_EECDH_NONE, "strong", TLS_EECDH_STRONG, "ultra", TLS_EECDH_ULTRA, -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL "auto", TLS_EECDH_AUTO, -#endif 0, TLS_EECDH_INVALID, }; @@ -356,43 +349,24 @@ void tls_set_eecdh_curve(SSL_CTX *server_ctx, const char *grade) case TLS_EECDH_INVALID: msg_warn("Invalid TLS eecdh grade \"%s\": EECDH disabled", grade); return; - case TLS_EECDH_NONE: - return; case TLS_EECDH_STRONG: - curve = var_tls_eecdh_strong; - break; + tls_auto_eecdh_curves(server_ctx, var_tls_eecdh_strong); + return; case TLS_EECDH_ULTRA: - curve = var_tls_eecdh_ultra; - break; -#if OPENSSL_VERSION_NUMBER >= 0x1000200fUL - case TLS_EECDH_AUTO: - tls_auto_eecdh_curves(server_ctx); + tls_auto_eecdh_curves(server_ctx, var_tls_eecdh_ultra); return; -#endif - } - - /* - * Elliptic-Curve Diffie-Hellman parameters are either "named curves" - * from RFC 4492 section 5.1.1, or explicitly described curves over - * binary fields. OpenSSL only supports the "named curves", which provide - * maximum interoperability. The recommended curve for 128-bit - * work-factor key exchange is "prime256v1" a.k.a. "secp256r1" from - * Section 2.7 of http://www.secg.org/download/aid-386/sec2_final.pdf - */ + case TLS_EECDH_NONE: - if ((nid = OBJ_sn2nid(curve)) == NID_undef) { - msg_warn("unknown curve \"%s\": disabling EECDH support", curve); - return; - } - ERR_clear_error(); - if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0 - || SSL_CTX_set_tmp_ecdh(server_ctx, ecdh) == 0) { - EC_KEY_free(ecdh); /* OK if NULL */ - msg_warn("unable to use curve \"%s\": disabling EECDH support", curve); - tls_print_errors(); + /* + * Pretend "none" is "auto", the former is no longer supported or + * wise + */ + msg_warn("The \"none\" eecdh grade is no longer supported, " + "using \"auto\" instead"); + case TLS_EECDH_AUTO: + tls_auto_eecdh_curves(server_ctx, var_tls_eecdh_auto); return; } - EC_KEY_free(ecdh); #endif return; } diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 9460d9fd6..b89313be6 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -66,6 +66,9 @@ /* /* void tls_param_init() /* +/* void tls_pre_jail_init(TLS_ROLE) +/* TLS_ROLE role; +/* /* int tls_protocol_mask(plist) /* const char *plist; /* @@ -151,6 +154,10 @@ /* tls_param_init() loads main.cf parameters used internally in /* TLS library. Any errors are fatal. /* +/* tls_pre_jail_init() opens any tables that need to be opened before +/* entering a chroot jail. The "role" parameter must be TLS_ROLE_CLIENT +/* for clients and TLS_ROLE_SERVER for servers. Any errors are fatal. +/* /* tls_protocol_mask() returns a bitmask of excluded protocols, given /* a list (plist) of protocols to include or (preceded by a '!') exclude. /* If "plist" contains invalid protocol names, TLS_PROTOCOL_INVALID is @@ -247,12 +254,15 @@ #include #include #include +#include +#include /* * Global library. */ #include #include +#include /* * TLS library. @@ -285,6 +295,9 @@ bool var_tls_multi_wildcard; char *var_tls_mgr_service; char *var_tls_tkt_cipher; char *var_openssl_path; +char *var_tls_server_sni_maps; + +static MAPS *tls_server_sni_maps; #ifdef VAR_TLS_PREEMPT_CLIST bool var_tls_preempt_clist; @@ -752,6 +765,65 @@ void tls_param_init(void) get_mail_conf_bool_table(bool_table); } +/* tls_pre_jail_init - Load TLS related pre-jail tables */ + +void tls_pre_jail_init(TLS_ROLE role) +{ + static const CONFIG_STR_TABLE str_table[] = { + VAR_TLS_SERVER_SNI_MAPS, DEF_TLS_SERVER_SNI_MAPS, &var_tls_server_sni_maps, 0, 0, + 0, + }; + int flags; + + /* Nothing for clients at this time */ + if (role != TLS_ROLE_SERVER) + return; + + get_mail_conf_str_table(str_table); + if (*var_tls_server_sni_maps == 0) + return; + + flags = DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX | DICT_FLAG_SRC_RHS_IS_FILE; + tls_server_sni_maps = + maps_create(VAR_TLS_SERVER_SNI_MAPS, var_tls_server_sni_maps, flags); +} + +/* server_sni_callback - process client's SNI extension */ + +static int server_sni_callback(SSL *ssl, int *alert, void *arg) +{ + SSL_CTX *sni_ctx = (SSL_CTX *) arg; + const char *sni = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + const char *pem; + + if (!sni_ctx || !tls_server_sni_maps + || !sni || !*sni || !valid_hostname(sni, DONT_GRIPE)) + return SSL_TLSEXT_ERR_NOACK; + + do { + pem = maps_find(tls_server_sni_maps, sni, DICT_FLAG_SRC_RHS_IS_FILE); + } while (!pem + && !tls_server_sni_maps->error + && (sni = strchr(sni + 1, '.')) != 0); + + if (!pem) { + if (tls_server_sni_maps->error) { + msg_warn("%s: %s map lookup problem", + tls_server_sni_maps->title, sni); + *alert = SSL_AD_INTERNAL_ERROR; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + return SSL_TLSEXT_ERR_NOACK; + } + SSL_set_SSL_CTX(ssl, sni_ctx); + if (tls_load_pem_chain(ssl, pem, sni) != 0) { + /* errors already logged */ + *alert = SSL_AD_INTERNAL_ERROR; + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + return SSL_TLSEXT_ERR_OK; +} + /* tls_set_ciphers - Set SSL context cipher list */ const char *tls_set_ciphers(TLS_APPL_STATE *app_ctx, const char *context, @@ -1073,7 +1145,8 @@ void tls_log_summary(TLS_ROLE role, TLS_USAGE usage, TLS_SESS_STATE *ctx) /* tls_alloc_app_context - allocate TLS application context */ -TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, int log_mask) +TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, SSL_CTX *sni_ctx, + int log_mask) { TLS_APPL_STATE *app_ctx; @@ -1082,6 +1155,7 @@ TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, int log_mask) /* See portability note below with other memset() call. */ memset((void *) app_ctx, 0, sizeof(*app_ctx)); app_ctx->ssl_ctx = ssl_ctx; + app_ctx->sni_ctx = sni_ctx; app_ctx->log_mask = log_mask; /* See also: cache purging code in tls_set_ciphers(). */ @@ -1091,6 +1165,10 @@ TLS_APPL_STATE *tls_alloc_app_context(SSL_CTX *ssl_ctx, int log_mask) app_ctx->cache_type = 0; app_ctx->why = vstring_alloc(1); + if (tls_server_sni_maps) { + SSL_CTX_set_tlsext_servername_callback(ssl_ctx, server_sni_callback); + SSL_CTX_set_tlsext_servername_arg(ssl_ctx, (void *) sni_ctx); + } return (app_ctx); } @@ -1100,6 +1178,8 @@ void tls_free_app_context(TLS_APPL_STATE *app_ctx) { if (app_ctx->ssl_ctx) SSL_CTX_free(app_ctx->ssl_ctx); + if (app_ctx->sni_ctx) + SSL_CTX_free(app_ctx->sni_ctx); if (app_ctx->cache_type) myfree(app_ctx->cache_type); /* See also: cache purging code in tls_set_ciphers(). */ @@ -1314,7 +1394,7 @@ const char **tls_pkey_algorithms(void) #ifndef OPENSSL_NO_DSA "dsa", #endif -#if OPENSSL_VERSION_NUMBER >= 0x10000000L && !defined(OPENSSL_NO_ECDSA) +#ifndef OPENSSL_NO_ECDSA "ecdsa", #endif #ifndef OPENSSL_NO_RSA @@ -1332,25 +1412,6 @@ long tls_bug_bits(void) { long bits = SSL_OP_ALL; /* Work around all known bugs */ -#if OPENSSL_VERSION_NUMBER >= 0x00908000L && \ - OPENSSL_VERSION_NUMBER < 0x10000000L - long lib_version = OpenSSL_version_num(); - - /* - * In OpenSSL 0.9.8[ab], enabling zlib compression breaks the padding bug - * work-around, leading to false positives and failed connections. We may - * not interoperate with systems with the bug, but this is better than - * breaking on all 0.9.8[ab] systems that have zlib support enabled. - */ - if (lib_version >= 0x00908000L && lib_version <= 0x0090802fL) { - ssl_comp_stack_t *comp_methods = SSL_COMP_get_compression_methods(); - - comp_methods = SSL_COMP_get_compression_methods(); - if (comp_methods != 0 && sk_SSL_COMP_num(comp_methods) > 0) - bits &= ~SSL_OP_TLS_BLOCK_PADDING_BUG; - } -#endif - /* * Silently ignore any strings that don't appear in the tweaks table, or * hex bits that are not in SSL_OP_ALL. diff --git a/postfix/src/tls/tls_proxy.h b/postfix/src/tls/tls_proxy.h index 4cb6256d5..b60d2f71d 100644 --- a/postfix/src/tls/tls_proxy.h +++ b/postfix/src/tls/tls_proxy.h @@ -41,18 +41,18 @@ extern VSTREAM *tls_proxy_open(const char *, int, VSTREAM *, const char *, void *, void *); #define TLS_PROXY_CLIENT_INIT_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \ - a9, a10, a11, a12, a13) \ + a9, a10, a11, a12, a13, a14) \ (((props)->a1), ((props)->a2), ((props)->a3), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \ - ((props)->a12), ((props)->a13)) + ((props)->a12), ((props)->a13), (props)->a14) #define TLS_PROXY_CLIENT_START_PROPS(props, a1, a2, a3, a4, a5, a6, a7, a8, \ - a9, a10, a11, a12, a13) \ + a9, a10, a11, a12, a13, a14) \ (((props)->a1), ((props)->a2), ((props)->a3), \ ((props)->a4), ((props)->a5), ((props)->a6), ((props)->a7), \ ((props)->a8), ((props)->a9), ((props)->a10), ((props)->a11), \ - ((props)->a12), ((props)->a13)) + ((props)->a12), ((props)->a13), ((props)->a14)) extern TLS_SESS_STATE *tls_proxy_context_receive(VSTREAM *); extern void tls_proxy_context_free(TLS_SESS_STATE *); @@ -127,6 +127,7 @@ extern void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *); #define TLS_ATTR_VERIFYDEPTH "verifydepth" #define TLS_ATTR_CACHE_TYPE "cache_type" #define TLS_ATTR_SET_SESSID "set_sessid" +#define TLS_ATTR_CHAIN_FILES "chain_files" #define TLS_ATTR_CERT_FILE "cert_file" #define TLS_ATTR_KEY_FILE "key_file" #define TLS_ATTR_DCERT_FILE "dcert_file" @@ -160,6 +161,7 @@ extern void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *); #define TLS_ATTR_LOG_LEVEL "log_level" #define TLS_ATTR_VERIFYDEPTH "verifydepth" #define TLS_ATTR_CACHE_TYPE "cache_type" +#define TLS_ATTR_CHAIN_FILES "chain_files" #define TLS_ATTR_CERT_FILE "cert_file" #define TLS_ATTR_KEY_FILE "key_file" #define TLS_ATTR_DCERT_FILE "dcert_file" @@ -178,6 +180,7 @@ extern void tls_proxy_server_start_free(TLS_SERVER_START_PROPS *); #define TLS_ATTR_NEXTHOP "nexthop" #define TLS_ATTR_HOST "host" #define TLS_ATTR_NAMADDR "namaddr" +#define TLS_ATTR_SNI "sni" #define TLS_ATTR_SERVERID "serverid" #define TLS_ATTR_HELO "helo" #define TLS_ATTR_PROTOCOLS "protocols" diff --git a/postfix/src/tls/tls_proxy_client_print.c b/postfix/src/tls/tls_proxy_client_print.c index 7ed66b9de..07ec60f82 100644 --- a/postfix/src/tls/tls_proxy_client_print.c +++ b/postfix/src/tls/tls_proxy_client_print.c @@ -87,6 +87,8 @@ int tls_proxy_client_init_print(ATTR_PRINT_MASTER_FN print_fn, VSTREAM *fp, SEND_ATTR_INT(TLS_ATTR_VERIFYDEPTH, props->verifydepth), SEND_ATTR_STR(TLS_ATTR_CACHE_TYPE, STRING_OR_EMPTY(props->cache_type)), + SEND_ATTR_STR(TLS_ATTR_CHAIN_FILES, + STRING_OR_EMPTY(props->chain_files)), SEND_ATTR_STR(TLS_ATTR_CERT_FILE, STRING_OR_EMPTY(props->cert_file)), SEND_ATTR_STR(TLS_ATTR_KEY_FILE, @@ -298,6 +300,8 @@ int tls_proxy_client_start_print(ATTR_PRINT_MASTER_FN print_fn, STRING_OR_EMPTY(props->host)), SEND_ATTR_STR(TLS_ATTR_NAMADDR, STRING_OR_EMPTY(props->namaddr)), + SEND_ATTR_STR(TLS_ATTR_SNI, + STRING_OR_EMPTY(props->sni)), SEND_ATTR_STR(TLS_ATTR_SERVERID, STRING_OR_EMPTY(props->serverid)), SEND_ATTR_STR(TLS_ATTR_HELO, diff --git a/postfix/src/tls/tls_proxy_client_scan.c b/postfix/src/tls/tls_proxy_client_scan.c index 45779398f..17afbf741 100644 --- a/postfix/src/tls/tls_proxy_client_scan.c +++ b/postfix/src/tls/tls_proxy_client_scan.c @@ -103,6 +103,7 @@ void tls_proxy_client_init_free(TLS_CLIENT_INIT_PROPS *props) myfree((void *) props->log_param); myfree((void *) props->log_level); myfree((void *) props->cache_type); + myfree((void *) props->chain_files); myfree((void *) props->cert_file); myfree((void *) props->key_file); myfree((void *) props->dcert_file); @@ -126,6 +127,7 @@ int tls_proxy_client_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, VSTRING *log_param = vstring_alloc(25); VSTRING *log_level = vstring_alloc(25); VSTRING *cache_type = vstring_alloc(25); + VSTRING *chain_files = vstring_alloc(25); VSTRING *cert_file = vstring_alloc(25); VSTRING *key_file = vstring_alloc(25); VSTRING *dcert_file = vstring_alloc(25); @@ -148,6 +150,7 @@ int tls_proxy_client_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, RECV_ATTR_STR(TLS_ATTR_LOG_LEVEL, log_level), RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth), RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type), + RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files), RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file), RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file), RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file), @@ -162,6 +165,7 @@ int tls_proxy_client_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, props->log_param = vstring_export(log_param); props->log_level = vstring_export(log_level); props->cache_type = vstring_export(cache_type); + props->chain_files = vstring_export(chain_files); props->cert_file = vstring_export(cert_file); props->key_file = vstring_export(key_file); props->dcert_file = vstring_export(dcert_file); @@ -171,7 +175,7 @@ int tls_proxy_client_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, props->CAfile = vstring_export(CAfile); props->CApath = vstring_export(CApath); props->mdalg = vstring_export(mdalg); - ret = (ret == 13 ? 1 : -1); + ret = (ret == 14 ? 1 : -1); if (ret != 1) { tls_proxy_client_init_free(props); props = 0; @@ -187,10 +191,11 @@ int tls_proxy_client_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, char *tls_proxy_client_init_to_string(VSTRING *buf, TLS_CLIENT_INIT_PROPS *props) { - vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n" + vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n%s\n" "%s\n%s\n%s\n%s\n%s\n", props->log_param, props->log_level, props->verifydepth, - props->cache_type, props->cert_file, props->key_file, + props->cache_type, props->chain_files, + props->cert_file, props->key_file, props->dcert_file, props->dkey_file, props->eccert_file, props->eckey_file, props->CAfile, props->CApath, props->mdalg); @@ -257,6 +262,7 @@ void tls_proxy_client_start_free(TLS_CLIENT_START_PROPS *props) myfree((void *) props->nexthop); myfree((void *) props->host); myfree((void *) props->namaddr); + myfree((void *) props->sni); myfree((void *) props->serverid); myfree((void *) props->helo); myfree((void *) props->protocols); @@ -291,7 +297,7 @@ static int tls_proxy_client_certs_scan(ATTR_SCAN_MASTER_FN scan_fn, for (tpp = &head, n = 0; ret == 1 && n < count; n++, tpp = &tp->next) { *tpp = tp = (TLS_CERTS *) mymalloc(sizeof(*tp)); - D2I_const unsigned char *bp; + const unsigned char *bp; if (buf == 0) buf = vstring_alloc(100); @@ -306,7 +312,7 @@ static int tls_proxy_client_certs_scan(ATTR_SCAN_MASTER_FN scan_fn, ATTR_TYPE_END); /* Always construct a well-formed structure. */ if (ret == 1) { - bp = (D2I_const unsigned char *) STR(buf); + bp = (const unsigned char *) STR(buf); if (d2i_X509(&tp->cert, &bp, LEN(buf)) == 0 || LEN(buf) != ((char *) bp) - STR(buf)) { msg_warn("malformed certificate in TLS_CERTS"); @@ -350,7 +356,7 @@ static int tls_proxy_client_pkeys_scan(ATTR_SCAN_MASTER_FN scan_fn, for (tpp = &head, n = 0; ret == 1 && n < count; n++, tpp = &tp->next) { *tpp = tp = (TLS_PKEYS *) mymalloc(sizeof(*tp)); - D2I_const unsigned char *bp; + const unsigned char *bp; if (buf == 0) buf = vstring_alloc(100); @@ -365,7 +371,7 @@ static int tls_proxy_client_pkeys_scan(ATTR_SCAN_MASTER_FN scan_fn, ATTR_TYPE_END); /* Always construct a well-formed structure. */ if (ret == 1) { - bp = (D2I_const unsigned char *) STR(buf); + bp = (const unsigned char *) STR(buf); if (d2i_PUBKEY(&tp->pkey, &bp, LEN(buf)) == 0 || LEN(buf) != (char *) bp - STR(buf)) { msg_warn("malformed public key in TLS_PKEYS"); @@ -509,6 +515,7 @@ int tls_proxy_client_start_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, VSTRING *nexthop = vstring_alloc(25); VSTRING *host = vstring_alloc(25); VSTRING *namaddr = vstring_alloc(25); + VSTRING *sni = vstring_alloc(25); VSTRING *serverid = vstring_alloc(25); VSTRING *helo = vstring_alloc(25); VSTRING *protocols = vstring_alloc(25); @@ -533,6 +540,7 @@ int tls_proxy_client_start_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, RECV_ATTR_STR(TLS_ATTR_NEXTHOP, nexthop), RECV_ATTR_STR(TLS_ATTR_HOST, host), RECV_ATTR_STR(TLS_ATTR_NAMADDR, namaddr), + RECV_ATTR_STR(TLS_ATTR_SNI, sni), RECV_ATTR_STR(TLS_ATTR_SERVERID, serverid), RECV_ATTR_STR(TLS_ATTR_HELO, helo), RECV_ATTR_STR(TLS_ATTR_PROTOCOLS, protocols), @@ -548,13 +556,14 @@ int tls_proxy_client_start_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, props->nexthop = vstring_export(nexthop); props->host = vstring_export(host); props->namaddr = vstring_export(namaddr); + props->sni = vstring_export(sni); props->serverid = vstring_export(serverid); props->helo = vstring_export(helo); props->protocols = vstring_export(protocols); props->cipher_grade = vstring_export(cipher_grade); props->cipher_exclusions = vstring_export(cipher_exclusions); props->mdalg = vstring_export(mdalg); - ret = (ret == 13 ? 1 : -1); + ret = (ret == 14 ? 1 : -1); if (ret != 1) { tls_proxy_client_start_free(props); props = 0; diff --git a/postfix/src/tls/tls_proxy_server_print.c b/postfix/src/tls/tls_proxy_server_print.c index 670f84119..a0a567f73 100644 --- a/postfix/src/tls/tls_proxy_server_print.c +++ b/postfix/src/tls/tls_proxy_server_print.c @@ -78,6 +78,8 @@ int tls_proxy_server_init_print(ATTR_PRINT_MASTER_FN print_fn, VSTREAM *fp, SEND_ATTR_STR(TLS_ATTR_CACHE_TYPE, STRING_OR_EMPTY(props->cache_type)), SEND_ATTR_INT(TLS_ATTR_SET_SESSID, props->set_sessid), + SEND_ATTR_STR(TLS_ATTR_CHAIN_FILES, + STRING_OR_EMPTY(props->chain_files)), SEND_ATTR_STR(TLS_ATTR_CERT_FILE, STRING_OR_EMPTY(props->cert_file)), SEND_ATTR_STR(TLS_ATTR_KEY_FILE, diff --git a/postfix/src/tls/tls_proxy_server_scan.c b/postfix/src/tls/tls_proxy_server_scan.c index 62487d8ce..f7b3fb6d4 100644 --- a/postfix/src/tls/tls_proxy_server_scan.c +++ b/postfix/src/tls/tls_proxy_server_scan.c @@ -92,6 +92,7 @@ int tls_proxy_server_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, VSTRING *log_param = vstring_alloc(25); VSTRING *log_level = vstring_alloc(25); VSTRING *cache_type = vstring_alloc(25); + VSTRING *chain_files = vstring_alloc(25); VSTRING *cert_file = vstring_alloc(25); VSTRING *key_file = vstring_alloc(25); VSTRING *dcert_file = vstring_alloc(25); @@ -116,6 +117,7 @@ int tls_proxy_server_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, RECV_ATTR_INT(TLS_ATTR_VERIFYDEPTH, &props->verifydepth), RECV_ATTR_STR(TLS_ATTR_CACHE_TYPE, cache_type), RECV_ATTR_INT(TLS_ATTR_SET_SESSID, &props->set_sessid), + RECV_ATTR_STR(TLS_ATTR_CHAIN_FILES, chain_files), RECV_ATTR_STR(TLS_ATTR_CERT_FILE, cert_file), RECV_ATTR_STR(TLS_ATTR_KEY_FILE, key_file), RECV_ATTR_STR(TLS_ATTR_DCERT_FILE, dcert_file), @@ -135,6 +137,7 @@ int tls_proxy_server_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, props->log_param = vstring_export(log_param); props->log_level = vstring_export(log_level); props->cache_type = vstring_export(cache_type); + props->chain_files = vstring_export(chain_files); props->cert_file = vstring_export(cert_file); props->key_file = vstring_export(key_file); props->dcert_file = vstring_export(dcert_file); @@ -148,7 +151,7 @@ int tls_proxy_server_init_scan(ATTR_SCAN_MASTER_FN scan_fn, VSTREAM *fp, props->dh1024_param_file = vstring_export(dh1024_param_file); props->dh512_param_file = vstring_export(dh512_param_file); props->mdalg = vstring_export(mdalg); - ret = (ret == 19 ? 1 : -1); + ret = (ret == 20 ? 1 : -1); if (ret != 1) { tls_proxy_server_init_free(props); props = 0; @@ -164,6 +167,7 @@ void tls_proxy_server_init_free(TLS_SERVER_INIT_PROPS *props) myfree((void *) props->log_param); myfree((void *) props->log_level); myfree((void *) props->cache_type); + myfree((void *) props->chain_files); myfree((void *) props->cert_file); myfree((void *) props->key_file); myfree((void *) props->dcert_file); diff --git a/postfix/src/tls/tls_rsa.c b/postfix/src/tls/tls_rsa.c index c440b1e9f..67f2a2eeb 100644 --- a/postfix/src/tls/tls_rsa.c +++ b/postfix/src/tls/tls_rsa.c @@ -76,7 +76,6 @@ RSA *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength) export ? "" : "non-", keylength); return 0; } -#if OPENSSL_VERSION_NUMBER >= 0x10000000L if (rsa_tmp == 0) { BIGNUM *e = BN_new(); @@ -88,11 +87,6 @@ RSA *tls_tmp_rsa_cb(SSL *unused_ssl, int export, int keylength) if (e) BN_free(e); } -#else - if (rsa_tmp == 0) - rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL); -#endif - return (rsa_tmp); } diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 4a6fce27d..9d4760022 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -164,15 +164,8 @@ */ static const char server_session_id_context[] = "Postfix/TLS"; -#if OPENSSL_VERSION_NUMBER >= 0x1000000fL #define GET_SID(s, v, lptr) ((v) = SSL_SESSION_get_id((s), (lptr))) -#else /* Older OpenSSL releases */ -#define GET_SID(s, v, lptr) \ - do { (v) = (s)->session_id; *(lptr) = (s)->session_id_length; } while (0) - -#endif /* OPENSSL_VERSION_NUMBER */ - /* OpenSSL 1.1.0 bitrot */ #if OPENSSL_VERSION_NUMBER >= 0x10100000L typedef const unsigned char *session_id_t; @@ -306,9 +299,7 @@ static int new_server_session_cb(SSL *ssl, SSL_SESSION *session) /* ticket_cb - configure tls session ticket encrypt/decrypt context */ -#if defined(SSL_OP_NO_TICKET) \ - && !defined(OPENSSL_NO_TLSEXT) \ - && OPENSSL_VERSION_NUMBER >= 0x0090808fL +#if defined(SSL_OP_NO_TICKET) && !defined(OPENSSL_NO_TLSEXT) static int ticket_cb(SSL *con, unsigned char name[], unsigned char iv[], EVP_CIPHER_CTX * ctx, HMAC_CTX * hctx, int create) @@ -350,6 +341,8 @@ static int ticket_cb(SSL *con, unsigned char name[], unsigned char iv[], TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) { SSL_CTX *server_ctx; + SSL_CTX *sni_ctx; + X509_STORE *cert_store; long off = 0; int verify_flags = SSL_VERIFY_NONE; int cachable; @@ -449,15 +442,24 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) tls_print_errors(); return (0); } + sni_ctx = SSL_CTX_new(TLS_server_method()); + if (sni_ctx == 0) { + SSL_CTX_free(server_ctx); + msg_warn("cannot allocate server SNI SSL_CTX: disabling TLS support"); + tls_print_errors(); + return (0); + } #ifdef SSL_SECOP_PEER /* Backwards compatible security as a base for opportunistic TLS. */ SSL_CTX_set_security_level(server_ctx, 0); + SSL_CTX_set_security_level(sni_ctx, 0); #endif /* * See the verify callback in tls_verify.c */ SSL_CTX_set_verify_depth(server_ctx, props->verifydepth + 1); + SSL_CTX_set_verify_depth(sni_ctx, props->verifydepth + 1); /* * The session cache is implemented by the tlsmgr(8) server. @@ -482,11 +484,10 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) /* * Add SSL_OP_NO_TICKET when the timeout is zero or library support is - * incomplete. The SSL_CTX_set_tlsext_ticket_key_cb feature was added in - * OpenSSL 0.9.8h, while SSL_NO_TICKET was added in 0.9.8f. + * incomplete. */ #ifdef SSL_OP_NO_TICKET -#if !defined(OPENSSL_NO_TLSEXT) && OPENSSL_VERSION_NUMBER >= 0x0090808fL +#ifndef OPENSSL_NO_TLSEXT ticketable = (*var_tls_tkt_cipher && scache_timeout > 0 && !(off & SSL_OP_NO_TICKET)); if (ticketable) { @@ -537,18 +538,21 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) * this could trigger inter-operability issues, the client should not * offer ciphers it implements poorly, but this hasn't stopped some * vendors from getting it wrong. - * - * XXX: Given OpenSSL's security history, nobody should still be using - * 0.9.7, let alone 0.9.6 or earlier. Warning added to TLS_README.html. */ if (var_tls_preempt_clist) SSL_CTX_set_options(server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE); + /* Done with server_ctx options, clone to sni_ctx */ + SSL_CTX_clear_options(sni_ctx, ~0); + SSL_CTX_set_options(sni_ctx, SSL_CTX_get_options(server_ctx)); + /* * Set the call-back routine to debug handshake progress. */ - if (log_mask & TLS_LOG_DEBUG) + if (log_mask & TLS_LOG_DEBUG) { SSL_CTX_set_info_callback(server_ctx, tls_info_callback); + SSL_CTX_set_info_callback(sni_ctx, tls_info_callback); + } /* * Load the CA public key certificates for both the server cert and for @@ -565,9 +569,18 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) props->CAfile, props->CApath) < 0) { /* tls_set_ca_certificate_info() already logs a warning. */ SSL_CTX_free(server_ctx); /* 200411 */ + SSL_CTX_free(sni_ctx); return (0); } + /* + * Upref and share the cert store. Sadly we can't yet use + * SSL_CTX_set1_cert_store(3) which was added in OpenSSL 1.1.0. + */ + cert_store = SSL_CTX_get_cert_store(server_ctx); + X509_STORE_up_ref(cert_store); + SSL_CTX_set_cert_store(sni_ctx, cert_store); + /* * Load the server public key certificate and private key from file and * check whether the cert matches the key. We can use RSA certificates @@ -581,6 +594,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) * changed in the cipher setup. */ if (tls_set_my_certificate_key_info(server_ctx, + props->chain_files, props->cert_file, props->key_file, props->dcert_file, @@ -589,6 +603,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) props->eckey_file) < 0) { /* tls_set_my_certificate_key_info() already logs a warning. */ SSL_CTX_free(server_ctx); /* 200411 */ + SSL_CTX_free(sni_ctx); return (0); } @@ -603,6 +618,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) * directly used. */ SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb); + SSL_CTX_set_tmp_rsa_callback(sni_ctx, tls_tmp_rsa_cb); #endif /* @@ -614,6 +630,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) * will not abort but just log the error message. */ SSL_CTX_set_tmp_dh_callback(server_ctx, tls_tmp_dh_cb); + SSL_CTX_set_tmp_dh_callback(sni_ctx, tls_tmp_dh_cb); if (*props->dh1024_param_file != 0) tls_set_dh_from_file(props->dh1024_param_file, 1024); if (*props->dh512_param_file != 0) @@ -624,6 +641,7 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) * with any remaining key-exchange algorithms. */ tls_set_eecdh_curve(server_ctx, props->eecdh_grade); + tls_set_eecdh_curve(sni_ctx, props->eecdh_grade); /* * If we want to check client certificates, we have to indicate it in @@ -649,15 +667,36 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE; SSL_CTX_set_verify(server_ctx, verify_flags, tls_verify_certificate_callback); - if (*props->CAfile) - SSL_CTX_set_client_CA_list(server_ctx, - SSL_load_client_CA_file(props->CAfile)); + SSL_CTX_set_verify(sni_ctx, verify_flags, + tls_verify_certificate_callback); + if (props->ask_ccert && *props->CAfile) { + STACK_OF(X509_NAME) *calist = SSL_load_client_CA_file(props->CAfile); + + if (calist == 0) { + /* Not generally critical */ + msg_warn("error loading client CA names from: %s", + props->CAfile); + tls_print_errors(); + } + SSL_CTX_set_client_CA_list(server_ctx, calist); + + if (calist != 0 && sk_X509_NAME_num(calist) > 0) { + calist = SSL_dup_CA_list(calist); + + if (calist == 0) { + msg_warn("error duplicating client CA names for SNI"); + tls_print_errors(); + } else { + SSL_CTX_set_client_CA_list(sni_ctx, calist); + } + } + } /* * Initialize our own TLS server handle, before diving into the details * of TLS session cache management. */ - app_ctx = tls_alloc_app_context(server_ctx, log_mask); + app_ctx = tls_alloc_app_context(server_ctx, sni_ctx, log_mask); if (cachable || ticketable || props->set_sessid) { @@ -789,13 +828,6 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props) tls_int_seed(); (void) tls_ext_seed(var_tls_daemon_rand_bytes); - /* - * Initialize the SSL connection to accept state. This should not be - * necessary anymore since 0.9.3, but the call is still in the library - * and maintaining compatibility never hurts. - */ - SSL_set_accept_state(TLScontext->con); - /* * Connect the SSL connection with the network socket. */ @@ -862,7 +894,7 @@ TLS_SESS_STATE *tls_server_start(const TLS_SERVER_START_PROPS *props) TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext) { - SSL_CIPHER_const SSL_CIPHER *cipher; + const SSL_CIPHER *cipher; X509 *peer; char buf[CCERT_BUFSIZ]; diff --git a/postfix/src/tls/tls_session.c b/postfix/src/tls/tls_session.c index b73ee385f..112b89df0 100644 --- a/postfix/src/tls/tls_session.c +++ b/postfix/src/tls/tls_session.c @@ -152,18 +152,13 @@ VSTRING *tls_session_passivate(SSL_SESSION *session) SSL_SESSION *tls_session_activate(const char *session_data, int session_data_len) { -#if (OPENSSL_VERSION_NUMBER < 0x0090707fL) -#define BOGUS_CONST -#else -#define BOGUS_CONST const -#endif SSL_SESSION *session; - BOGUS_CONST unsigned char *ptr; + const unsigned char *ptr; /* * Activate the SSL_SESSION object. */ - ptr = (BOGUS_CONST unsigned char *) session_data; + ptr = (const unsigned char *) session_data; session = d2i_SSL_SESSION((SSL_SESSION **) 0, &ptr, session_data_len); if (!session) tls_print_errors(); diff --git a/postfix/src/tlsproxy/tlsproxy.c b/postfix/src/tlsproxy/tlsproxy.c index 05253ec7e..c5b101d12 100644 --- a/postfix/src/tlsproxy/tlsproxy.c +++ b/postfix/src/tlsproxy/tlsproxy.c @@ -93,11 +93,11 @@ /* File with the Postfix \fBtlsproxy\fR(8) server DSA private key in PEM /* format. /* .IP "\fBtlsproxy_tls_eccert_file ($smtpd_tls_eccert_file)\fR" -/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in -/* PEM format. +/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA certificate in PEM +/* format. /* .IP "\fBtlsproxy_tls_eckey_file ($smtpd_tls_eckey_file)\fR" -/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in -/* PEM format. +/* File with the Postfix \fBtlsproxy\fR(8) server ECDSA private key in PEM +/* format. /* .IP "\fBtlsproxy_tls_eecdh_grade ($smtpd_tls_eecdh_grade)\fR" /* The Postfix \fBtlsproxy\fR(8) server security grade for ephemeral /* elliptic-curve Diffie-Hellman (EECDH) key exchange. @@ -137,6 +137,15 @@ /* Available in Postfix version 2.11 and later: /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. +/* .PP +/* Available in Postfix version 3.4 and later: +/* .IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR" +/* Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate +/* chains in PEM format. +/* .IP "\fBtls_server_sni_maps (empty)\fR" +/* Optional lookup tables that map names received from remote SMTP +/* clients via the TLS Server Name Indication (SNI) extension to the +/* appropriate keys and certificate chains. /* TLS CLIENT CONTROLS /* .ad /* .fi @@ -154,6 +163,9 @@ /* Directory with PEM format Certification Authority certificates /* that the Postfix \fBtlsproxy\fR(8) client uses to verify a remote TLS /* server certificate. +/* .IP "\fBtlsproxy_client_chain_files ($smtp_tls_chain_files)\fR" +/* Files with the Postfix \fBtlsproxy\fR(8) client keys and certificate +/* chains in PEM format. /* .IP "\fBtlsproxy_client_cert_file ($smtp_tls_cert_file)\fR" /* File with the Postfix \fBtlsproxy\fR(8) client RSA certificate in PEM /* format. @@ -167,11 +179,11 @@ /* File with the Postfix \fBtlsproxy\fR(8) client DSA private key in PEM /* format. /* .IP "\fBtlsproxy_client_eccert_file ($smtp_tls_eccert_file)\fR" -/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in -/* PEM format. +/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA certificate in PEM +/* format. /* .IP "\fBtlsproxy_client_eckey_file ($smtp_tls_eckey_file)\fR" -/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in -/* PEM format. +/* File with the Postfix \fBtlsproxy\fR(8) client ECDSA private key in PEM +/* format. /* .IP "\fBtlsproxy_client_fingerprint_digest ($smtp_tls_fingerprint_digest)\fR" /* The message digest algorithm used to construct remote TLS server /* certificate fingerprints. @@ -316,6 +328,7 @@ bool var_smtpd_tls_ask_ccert; bool var_smtpd_tls_req_ccert; bool var_smtpd_tls_set_sessid; char *var_smtpd_relay_ccerts; +char *var_smtpd_tls_chain_files; char *var_smtpd_tls_cert_file; char *var_smtpd_tls_key_file; char *var_smtpd_tls_dcert_file; @@ -343,6 +356,7 @@ bool var_tlsp_enforce_tls; bool var_tlsp_tls_ask_ccert; bool var_tlsp_tls_req_ccert; bool var_tlsp_tls_set_sessid; +char *var_tlsp_tls_chain_files; char *var_tlsp_tls_cert_file; char *var_tlsp_tls_key_file; char *var_tlsp_tls_dcert_file; @@ -370,6 +384,7 @@ int var_tlsp_watchdog; */ char *var_smtp_tls_loglevel; int var_smtp_tls_scert_vd; +char *var_smtp_tls_chain_files; char *var_smtp_tls_cert_file; char *var_smtp_tls_key_file; char *var_smtp_tls_dcert_file; @@ -388,6 +403,7 @@ char *var_smtp_tls_policy; char *var_tlsp_clnt_loglevel; char *var_tlsp_clnt_logparam; int var_tlsp_clnt_scert_vd; +char *var_tlsp_clnt_chain_files; char *var_tlsp_clnt_cert_file; char *var_tlsp_clnt_key_file; char *var_tlsp_clnt_dcert_file; @@ -1010,9 +1026,9 @@ static void tlsp_get_fd_event(int event, void *context) * Macro for readability. */ #define TLSP_CLIENT_INIT(props, a1, a2, a3, a4, a5, a6, a7, a8, a9, \ - a10, a11, a12, a13) \ + a10, a11, a12, a13, a14) \ tlsp_client_init(TLS_CLIENT_INIT_ARGS((props), a1, a2, a3, a4, \ - a5, a6, a7, a8, a9, a10, a11, a12, a13)) + a5, a6, a7, a8, a9, a10, a11, a12, a13, a14)) /* tlsp_client_init - initialize a TLS client engine */ @@ -1053,7 +1069,8 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) else if ((tlsp_pre_jail_client_props_key == 0 || strcmp(tlsp_pre_jail_client_props_key, key) != 0) - && (NOT_EMPTY(init_props->cert_file) + && (NOT_EMPTY(init_props->chain_files) + || NOT_EMPTY(init_props->cert_file) || NOT_EMPTY(init_props->key_file) || NOT_EMPTY(init_props->dcert_file) || NOT_EMPTY(init_props->dkey_file) @@ -1061,10 +1078,10 @@ static TLS_APPL_STATE *tlsp_client_init(TLS_CLIENT_INIT_PROPS *init_props) || NOT_EMPTY(init_props->eckey_file) || NOT_EMPTY(init_props->CAfile) || NOT_EMPTY(init_props->CApath))) { - msg_warn("tls_client_init request with key_file='%s' dkey_file='%s' " - "eckey_file='%s' differs from tlsproxy_client_* settings", - init_props->key_file, init_props->dkey_file, - init_props->eckey_file); + msg_warn("tls_client_init request with chain_files='%s' key_file='%s' " + "dkey_file='%s' eckey_file='%s' differs from tlsproxy client " + "settings", init_props->chain_files, init_props->key_file, + init_props->dkey_file, init_props->eckey_file); msg_warn("to avoid this warning, 1) identify the SMTP client that is " "making this tls_client_init request, 2) configure a " "custom tlsproxy service with tlsproxy_client_* settings " @@ -1331,13 +1348,27 @@ static void pre_jail_init(char *unused_name, char **unused_argv) have_server_cert = (*cert_file || *var_tlsp_tls_dcert_file || *var_tlsp_tls_eccert_file); + if (*var_tlsp_tls_chain_files != 0) { + if (!have_server_cert) + have_server_cert = 1; + else + msg_warn("Both %s and one or more of the legacy " + " %s, %s or %s are non-empty; the legacy " + " parameters will be ignored", + VAR_TLSP_TLS_CHAIN_FILES, + VAR_TLSP_TLS_CERT_FILE, + VAR_TLSP_TLS_ECCERT_FILE, + VAR_TLSP_TLS_DCERT_FILE); + } /* Some TLS configuration errors are not show stoppers. */ if (!have_server_cert && require_server_cert) msg_warn("Need a server cert to request client certs"); if (!var_tlsp_enforce_tls && var_tlsp_tls_req_ccert) msg_warn("Can't require client certs unless TLS is required"); /* After a show-stopper error, log a warning. */ - if (have_server_cert || (no_server_cert_ok && !require_server_cert)) + if (have_server_cert || (no_server_cert_ok && !require_server_cert)) { + + tls_pre_jail_init(TLS_ROLE_SERVER); /* * Large parameter lists are error-prone, so we emulate a language @@ -1350,6 +1381,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv) verifydepth = var_tlsp_tls_ccert_vd, cache_type = TLS_MGR_SCACHE_SMTPD, set_sessid = var_tlsp_tls_set_sessid, + chain_files = var_tlsp_tls_chain_files, cert_file = cert_file, key_file = var_tlsp_tls_key_file, dcert_file = var_tlsp_tls_dcert_file, @@ -1368,8 +1400,9 @@ static void pre_jail_init(char *unused_name, char **unused_argv) var_tlsp_tls_proto, ask_ccert = ask_client_cert, mdalg = var_tlsp_tls_fpt_dgst); - else + } else { msg_warn("No server certs available. TLS can't be enabled"); + } /* * To maintain sanity, allow partial SSL_write() operations, and allow @@ -1460,6 +1493,8 @@ static void pre_jail_init(char *unused_name, char **unused_argv) if (clnt_use_tls || var_tlsp_clnt_per_site[0] || var_tlsp_clnt_policy[0]) { TLS_CLIENT_INIT_PROPS props; + tls_pre_jail_init(TLS_ROLE_CLIENT); + /* * We get stronger type safety and a cleaner interface by combining * the various parameters into a single tls_client_props structure. @@ -1473,6 +1508,7 @@ static void pre_jail_init(char *unused_name, char **unused_argv) log_level = var_tlsp_clnt_loglevel, verifydepth = var_tlsp_clnt_scert_vd, cache_type = TLS_MGR_SCACHE_SMTP, + chain_files = var_tlsp_clnt_chain_files, cert_file = var_tlsp_clnt_cert_file, key_file = var_tlsp_clnt_key_file, dcert_file = var_tlsp_clnt_dcert_file, @@ -1544,6 +1580,7 @@ int main(int argc, char **argv) 0, }; static const CONFIG_STR_TABLE compat_str_table[] = { + VAR_SMTPD_TLS_CHAIN_FILES, DEF_SMTPD_TLS_CHAIN_FILES, &var_smtpd_tls_chain_files, 0, 0, VAR_SMTPD_TLS_CERT_FILE, DEF_SMTPD_TLS_CERT_FILE, &var_smtpd_tls_cert_file, 0, 0, VAR_SMTPD_TLS_KEY_FILE, DEF_SMTPD_TLS_KEY_FILE, &var_smtpd_tls_key_file, 0, 0, VAR_SMTPD_TLS_DCERT_FILE, DEF_SMTPD_TLS_DCERT_FILE, &var_smtpd_tls_dcert_file, 0, 0, @@ -1564,6 +1601,7 @@ int main(int argc, char **argv) VAR_SMTPD_TLS_FPT_DGST, DEF_SMTPD_TLS_FPT_DGST, &var_smtpd_tls_fpt_dgst, 1, 0, VAR_SMTPD_TLS_LOGLEVEL, DEF_SMTPD_TLS_LOGLEVEL, &var_smtpd_tls_loglevel, 0, 0, VAR_SMTPD_TLS_LEVEL, DEF_SMTPD_TLS_LEVEL, &var_smtpd_tls_level, 0, 0, + VAR_SMTP_TLS_CHAIN_FILES, DEF_SMTP_TLS_CHAIN_FILES, &var_smtp_tls_chain_files, 0, 0, VAR_SMTP_TLS_CERT_FILE, DEF_SMTP_TLS_CERT_FILE, &var_smtp_tls_cert_file, 0, 0, VAR_SMTP_TLS_KEY_FILE, DEF_SMTP_TLS_KEY_FILE, &var_smtp_tls_key_file, 0, 0, VAR_SMTP_TLS_DCERT_FILE, DEF_SMTP_TLS_DCERT_FILE, &var_smtp_tls_dcert_file, 0, 0, @@ -1580,6 +1618,7 @@ int main(int argc, char **argv) 0, }; static const CONFIG_STR_TABLE str_table[] = { + VAR_TLSP_TLS_CHAIN_FILES, DEF_TLSP_TLS_CHAIN_FILES, &var_tlsp_tls_chain_files, 0, 0, VAR_TLSP_TLS_CERT_FILE, DEF_TLSP_TLS_CERT_FILE, &var_tlsp_tls_cert_file, 0, 0, VAR_TLSP_TLS_KEY_FILE, DEF_TLSP_TLS_KEY_FILE, &var_tlsp_tls_key_file, 0, 0, VAR_TLSP_TLS_DCERT_FILE, DEF_TLSP_TLS_DCERT_FILE, &var_tlsp_tls_dcert_file, 0, 0, @@ -1602,6 +1641,7 @@ int main(int argc, char **argv) VAR_TLSP_TLS_LEVEL, DEF_TLSP_TLS_LEVEL, &var_tlsp_tls_level, 0, 0, VAR_TLSP_CLNT_LOGLEVEL, DEF_TLSP_CLNT_LOGLEVEL, &var_tlsp_clnt_loglevel, 0, 0, VAR_TLSP_CLNT_LOGPARAM, DEF_TLSP_CLNT_LOGPARAM, &var_tlsp_clnt_logparam, 0, 0, + VAR_TLSP_CLNT_CHAIN_FILES, DEF_TLSP_CLNT_CHAIN_FILES, &var_tlsp_clnt_chain_files, 0, 0, VAR_TLSP_CLNT_CERT_FILE, DEF_TLSP_CLNT_CERT_FILE, &var_tlsp_clnt_cert_file, 0, 0, VAR_TLSP_CLNT_KEY_FILE, DEF_TLSP_CLNT_KEY_FILE, &var_tlsp_clnt_key_file, 0, 0, VAR_TLSP_CLNT_DCERT_FILE, DEF_TLSP_CLNT_DCERT_FILE, &var_tlsp_clnt_dcert_file, 0, 0,