From: Wietse Venema Date: Tue, 10 Jul 2007 05:00:00 +0000 (-0500) Subject: postfix-2.4.4-RC2 X-Git-Tag: v2.4.4-RC2^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bbc7d74947fcb07fd72242abf37874ce49c2c1db;p=thirdparty%2Fpostfix.git postfix-2.4.4-RC2 --- diff --git a/postfix/HISTORY b/postfix/HISTORY index 8c8350ede..a8b995270 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -13491,3 +13491,21 @@ Apologies for any names omitted. by different Milter applications. Problem was triggered by Jose-Marcio Martins da Cruz. Also simplified the handling of queue file update errors. File: milter/milter8.c. + +20070614 + + Workaround: some non-Cyrus SASL SMTP servers require SASL + login without authzid (authoriZation ID), i.e. the client + must send only the authcid (authentiCation ID) + the authcid's + password. In this case the server is supposed to derive + the authzid from the authcid. This works as expected when + authenticating to a Cyrus SASL SMTP server. To get the old + behavior specify "send_cyrus_sasl_authzid = yes", in which + case Postfix sends the (authzid, authcid, password), with + the authzid equal to the authcid. File: xsasl/xsasl_cyrus_client.c. + +20070619 + + Portability: /dev/poll support for Solaris chroot jail setup + scripts. Files: examples/chroot-setup/Solaris8, + examples/chroot-setup/Solaris10. diff --git a/postfix/README_FILES/SASL_README b/postfix/README_FILES/SASL_README index ee39ad617..0da74447e 100644 --- a/postfix/README_FILES/SASL_README +++ b/postfix/README_FILES/SASL_README @@ -356,20 +356,20 @@ bold font. 250-ETRN 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 250 8BITMIME - AAUUTTHH PPLLAAIINN ddGGVVzzddAABB00ZZXXNN00AAHHRRllcc33RRwwYYXXNNzz + AAUUTTHH PPLLAAIINN AAHHRRllcc33QQAAddGGVVzzddHHBBhhcc33MM== 235 Authentication successful -Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded form of -username\0username\0password (the \0 is a null byte). The example above is for -a user named `test' with password `testpass'. +Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded form of +\0username\0password (the \0 is a null byte). The example above is for a user +named `test' with password `testpass'. In order to generate base64 encoded authentication information you can use one of the following commands: - % printf 'username\0username\0password' | mmencode + % printf '\0username\0password' | mmencode % perl -MMIME::Base64 -e \ - 'print encode_base64("username\0username\0password");' + 'print encode_base64("\0username\0password");' The mmencode command is part of the metamail software. MIME::Base64 is available from http://www.cpan.org/. diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index e56972d73..ecbe12960 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -11,6 +11,19 @@ instead, a new snapshot is released. The mail_release_date configuration parameter (format: yyyymmdd) specifies the release date of a stable release or snapshot release. +Incompatibility with Postfix 2.4.4 +================================== + +By default, the Cyrus SASL client no longer sends an authoriZation +ID (authzid); it sends only the authentiCation ID (authcid) plus +the authcid's password. Specify "send_cyrus_sasl_authzid = yes" to +get the old behavior, which is to send the (authzid, authcid, +password), with the authzid equal to the authcid. This workaround +for non-Cyrus SASL servers is back-ported from Postfix 2.5. + +Release notes for Postfix 2.4.0 +=============================== + Major changes - critical ------------------------ diff --git a/postfix/examples/chroot-setup/Solaris10 b/postfix/examples/chroot-setup/Solaris10 index a815218f9..8647d9a8c 100644 --- a/postfix/examples/chroot-setup/Solaris10 +++ b/postfix/examples/chroot-setup/Solaris10 @@ -61,6 +61,7 @@ more=" /dev/tcp6 /dev/udp /dev/tcp +/dev/poll /dev/rawip /dev/ticlts /dev/ticotsord @@ -71,6 +72,7 @@ more=" /devices/pseudo/tcp6@0:tcp6 /devices/pseudo/udp@0:udp /devices/pseudo/tcp@0:tcp +/devices/pseudo/poll@0:poll /devices/pseudo/icmp@0:icmp /devices/pseudo/tl@0:ticlts /devices/pseudo/tl@0:ticotsord diff --git a/postfix/examples/chroot-setup/Solaris8 b/postfix/examples/chroot-setup/Solaris8 index dd749466d..973e7310e 100644 --- a/postfix/examples/chroot-setup/Solaris8 +++ b/postfix/examples/chroot-setup/Solaris8 @@ -61,6 +61,7 @@ more=" /dev/tcp6 /dev/udp /dev/tcp +/dev/poll /dev/rawip /dev/ticlts /dev/ticotsord @@ -71,6 +72,7 @@ more=" /devices/pseudo/tcp6@0:tcp6 /devices/pseudo/udp@0:udp /devices/pseudo/tcp@0:tcp +/devices/pseudo/poll@0:poll /devices/pseudo/icmp@0:icmp /devices/pseudo/tl@0:ticlts /devices/pseudo/tl@0:ticotsord diff --git a/postfix/html/SASL_README.html b/postfix/html/SASL_README.html index 3824e7de2..baad855f5 100644 --- a/postfix/html/SASL_README.html +++ b/postfix/html/SASL_README.html @@ -537,13 +537,13 @@ client is shown in bold font.

250-ETRN 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 250 8BITMIME -AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz +AUTH PLAIN AHRlc3QAdGVzdHBhc3M= 235 Authentication successful -

Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded -form of username\0username\0password (the \0 is a null byte). The +

Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded +form of \0username\0password (the \0 is a null byte). The example above is for a user named `test' with password `testpass'.

@@ -552,14 +552,14 @@ you can use one of the following commands: 

-% printf 'username\0username\0password' | mmencode 
+% printf '\0username\0password' | mmencode 
 
 % perl -MMIME::Base64 -e \
-    'print encode_base64("username\0username\0password");'
+    'print encode_base64("\0username\0password");'
diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index d991668be..c00a1ea8d 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -253,11 +253,19 @@ SMTP(8) SMTP(8) will ignore in the LHLO response from a remote LMTP server. + Available in Postfix version 2.4.4 and later: + + send_cyrus_sasl_authzid (no) + When authenticating to a SASL server with the + default setting "no", send no authoriZation ID + (authzid); send only the authentiCation ID (auth- + cid) plus the authcid's password. + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) @@ -272,90 +280,90 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- + Send the non-standard XFORWARD command when the + Postfix SMTP server EHLO response announces XFOR- WARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, + Optional SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender address when sender-dependent authentica- tion is enabled. smtp_sasl_security_options (noplaintext, noanonymous) - SASL security options; as of Postfix 2.3 the list - of available features depends on the SASL client - implementation that is selected with + SASL security options; as of Postfix 2.3 the list + of available features depends on the SASL client + implementation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- + If non-empty, a Postfix SMTP client filter for the + remote SMTP server's list of offered SASL mecha- nisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Post- - fix SMTP client; this is available only with SASL - authentication, and disables SMTP connection - caching to ensure that mail from different senders + fix SMTP client; this is available only with SASL + authentication, and disables SMTP connection + caching to ensure that mail from different senders will use the appropriate credentials. smtp_sasl_path (empty) - Implementation-specific information that is passed - through to the SASL plug-in implementation that is + Implementation-specific information that is passed + through to the SASL plug-in implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client + The SASL plug-in type that the Postfix SMTP client should use for authentication. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) The default SMTP TLS security level for the Postfix - SMTP client; when a non-empty value is specified, - this overrides the obsolete parameters + SMTP client; when a non-empty value is specified, + this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. smtp_sasl_tls_security_options ($smtp_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- + Time limit for Postfix SMTP client write and read + operations during TLS startup and shutdown hand- shake procedures. smtp_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP client + The file with the certificate of the certification + authority (CA) that issued the Postfix SMTP client certificate. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to + Directory with PEM format certificate authority + certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -364,43 +372,43 @@ SMTP(8) SMTP(8) levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the SMTP client cipher list at manda- + Additional list of ciphers or cipher types to + exclude from the SMTP client cipher list at manda- tory TLS security levels. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled + Log the hostname of a remote SMTP server that + offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) Optional lookup tables with the Postfix SMTP client TLS security policy by next-hop destination; when a - non-empty value is specified, this overrides the + non-empty value is specified, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (SSLv3, TLSv1) - List of TLS protocols that the Postfix SMTP client + List of TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_scert_verifydepth (5) - The verification depth for remote SMTP server cer- + The verification depth for remote SMTP server cer- tificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) @@ -408,7 +416,7 @@ SMTP(8) SMTP(8) for the "secure" TLS security level. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP client TLS session cache. smtp_tls_session_cache_timeout (3600s) @@ -420,9 +428,9 @@ SMTP(8) SMTP(8) for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist @@ -434,7 +442,7 @@ SMTP(8) SMTP(8) ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) @@ -442,40 +450,40 @@ SMTP(8) SMTP(8) ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.4 and later: smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions with a verified server certificate. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- + The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send + Opportunistic mode: use TLS when a remote SMTP + server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the + Enforcement mode: require that remote SMTP servers + use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the + With mandatory TLS encryption, require that the remote SMTP server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop destination and by + TLS usage policy by next-hop destination and by remote SMTP server hostname. smtp_tls_cipherlist (empty) @@ -485,27 +493,27 @@ SMTP(8) SMTP(8) RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery + The maximal number of parallel deliveries to the + same destination via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per delivery via + The maximal number of recipients per delivery via the smtp message delivery transport. smtp_connect_timeout (30s) - The SMTP client time limit for completing a TCP + The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The SMTP client time limit for sending the HELO or - EHLO command, and for receiving the initial server + The SMTP client time limit for sending the HELO or + EHLO command, and for receiving the initial server response. lmtp_lhlo_timeout (300s) - The LMTP client time limit for sending the LHLO + The LMTP client time limit for sending the LHLO command, and for receiving the initial server response. @@ -514,30 +522,30 @@ SMTP(8) SMTP(8) command, and for receiving the server response. smtp_mail_timeout (300s) - The SMTP client time limit for sending the MAIL - FROM command, and for receiving the server + The SMTP client time limit for sending the MAIL + FROM command, and for receiving the server response. smtp_rcpt_timeout (300s) - The SMTP client time limit for sending the SMTP - RCPT TO command, and for receiving the server + The SMTP client time limit for sending the SMTP + RCPT TO command, and for receiving the server response. smtp_data_init_timeout (120s) - The SMTP client time limit for sending the SMTP - DATA command, and for receiving the server + The SMTP client time limit for sending the SMTP + DATA command, and for receiving the server response. smtp_data_xfer_timeout (180s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP ".", and for receiving the server response. smtp_quit_timeout (300s) - The SMTP client time limit for sending the QUIT + The SMTP client time limit for sending the QUIT command, and for receiving the server response. Available in Postfix version 2.1 and later: @@ -548,12 +556,12 @@ SMTP(8) SMTP(8) lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before giving up or delivering to a fall- + The maximal number of SMTP sessions per delivery + request before giving up or delivering to a fall- back relay host, or zero (no limit). smtp_rset_timeout (20s) - The SMTP client time limit for sending the RSET + The SMTP client time limit for sending the RSET command, and for receiving the server response. Available in Postfix version 2.2 and earlier: @@ -565,11 +573,11 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. @@ -579,62 +587,62 @@ SMTP(8) SMTP(8) smtp_connection_cache_time_limit (2s) When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept + of time that an unused SMTP client socket is kept open before it is closed. Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or + Time limit for connection cache connect, send or receive operations. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by + What categories of Postfix-generated mail are sub- + ject to before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal + The maximal number of digits after the decimal point when logging sub-second delay values. disable_dns_lookups (no) - Disable DNS lookups in the Postfix SMTP and LMTP + Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) @@ -642,7 +650,7 @@ SMTP(8) SMTP(8) tem receives mail on. inet_protocols (ipv4) - The Internet protocols Postfix will attempt to use + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) @@ -650,75 +658,75 @@ SMTP(8) SMTP(8) over an internal communication channel. lmtp_tcp_port (24) - The default TCP port that the Postfix LMTP client + The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. smtp_bind_address (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an + An optional numerical network address that the + Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an + An optional numerical network address that the + Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) - The hostname to send in the SMTP EHLO or HELO com- + The hostname to send in the SMTP EHLO or HELO com- mand. lmtp_lhlo_name ($myhostname) The hostname to send in the LMTP LHLO command. smtp_host_lookup (dns) - What mechanisms when the Postfix SMTP client uses + What mechanisms when the Postfix SMTP client uses to look up a host's IP address. smtp_randomize_addresses (yes) - Randomize the order of equal-preference MX host + Randomize the order of equal-preference MX host addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". Available with Postfix 2.2 and earlier: fallback_relay (empty) - Optional list of relay hosts for SMTP destinations + Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay hosts for SMTP destinations + Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. SEE ALSO @@ -736,7 +744,7 @@ SMTP(8) SMTP(8) TLS_README, Postfix STARTTLS howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 3f5413544..c799d1f4a 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -6686,6 +6686,23 @@ The name of the directory with example Postfix configuration files.

+ + +
send_cyrus_sasl_authzid +(default: no)
+ +

When authenticating to a SASL server with the default setting +"no", send no authoriZation ID (authzid); send only the authentiCation +ID (authcid) plus the authcid's password.

+ +

The non-default setting "yes" enables the behavior of older +Postfix versions. These always send an authzid that is equal to +the authcid, but this causes inter-operability problems with some +SMTP servers.

+ +

This feature is available in Postfix 2.4.4 and later.

+ +
sender_based_routing diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index d991668be..c00a1ea8d 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -253,11 +253,19 @@ SMTP(8) SMTP(8) will ignore in the LHLO response from a remote LMTP server. + Available in Postfix version 2.4.4 and later: + + send_cyrus_sasl_authzid (no) + When authenticating to a SASL server with the + default setting "no", send no authoriZation ID + (authzid); send only the authentiCation ID (auth- + cid) plus the authcid's password. + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: disable_mime_output_conversion (no) - Disable the conversion of 8BITMIME format to 7BIT + Disable the conversion of 8BITMIME format to 7BIT format. mime_boundary_length_limit (2048) @@ -272,90 +280,90 @@ SMTP(8) SMTP(8) Available in Postfix version 2.1 and later: smtp_send_xforward_command (no) - Send the non-standard XFORWARD command when the - Postfix SMTP server EHLO response announces XFOR- + Send the non-standard XFORWARD command when the + Postfix SMTP server EHLO response announces XFOR- WARD support. SASL AUTHENTICATION CONTROLS smtp_sasl_auth_enable (no) - Enable SASL authentication in the Postfix SMTP + Enable SASL authentication in the Postfix SMTP client. smtp_sasl_password_maps (empty) - Optional SMTP client lookup tables with one user- - name:password entry per remote hostname or domain, + Optional SMTP client lookup tables with one user- + name:password entry per remote hostname or domain, or sender address when sender-dependent authentica- tion is enabled. smtp_sasl_security_options (noplaintext, noanonymous) - SASL security options; as of Postfix 2.3 the list - of available features depends on the SASL client - implementation that is selected with + SASL security options; as of Postfix 2.3 the list + of available features depends on the SASL client + implementation that is selected with smtp_sasl_type. Available in Postfix version 2.2 and later: smtp_sasl_mechanism_filter (empty) - If non-empty, a Postfix SMTP client filter for the - remote SMTP server's list of offered SASL mecha- + If non-empty, a Postfix SMTP client filter for the + remote SMTP server's list of offered SASL mecha- nisms. Available in Postfix version 2.3 and later: smtp_sender_dependent_authentication (no) Enable sender-dependent authentication in the Post- - fix SMTP client; this is available only with SASL - authentication, and disables SMTP connection - caching to ensure that mail from different senders + fix SMTP client; this is available only with SASL + authentication, and disables SMTP connection + caching to ensure that mail from different senders will use the appropriate credentials. smtp_sasl_path (empty) - Implementation-specific information that is passed - through to the SASL plug-in implementation that is + Implementation-specific information that is passed + through to the SASL plug-in implementation that is selected with smtp_sasl_type. smtp_sasl_type (cyrus) - The SASL plug-in type that the Postfix SMTP client + The SASL plug-in type that the Postfix SMTP client should use for authentication. STARTTLS SUPPORT CONTROLS - Detailed information about STARTTLS configuration may be + Detailed information about STARTTLS configuration may be found in the TLS_README document. smtp_tls_security_level (empty) The default SMTP TLS security level for the Postfix - SMTP client; when a non-empty value is specified, - this overrides the obsolete parameters + SMTP client; when a non-empty value is specified, + this overrides the obsolete parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. smtp_sasl_tls_security_options ($smtp_sasl_secu- rity_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions. smtp_starttls_timeout (300s) - Time limit for Postfix SMTP client write and read - operations during TLS startup and shutdown hand- + Time limit for Postfix SMTP client write and read + operations during TLS startup and shutdown hand- shake procedures. smtp_tls_CAfile (empty) - The file with the certificate of the certification - authority (CA) that issued the Postfix SMTP client + The file with the certificate of the certification + authority (CA) that issued the Postfix SMTP client certificate. smtp_tls_CApath (empty) - Directory with PEM format certificate authority - certificates that the Postfix SMTP client uses to + Directory with PEM format certificate authority + certificates that the Postfix SMTP client uses to verify a remote SMTP server certificate. smtp_tls_cert_file (empty) - File with the Postfix SMTP client RSA certificate + File with the Postfix SMTP client RSA certificate in PEM format. smtp_tls_mandatory_ciphers (medium) - The minimum TLS cipher grade that the Postfix SMTP + The minimum TLS cipher grade that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_exclude_ciphers (empty) @@ -364,43 +372,43 @@ SMTP(8) SMTP(8) levels. smtp_tls_mandatory_exclude_ciphers (empty) - Additional list of ciphers or cipher types to - exclude from the SMTP client cipher list at manda- + Additional list of ciphers or cipher types to + exclude from the SMTP client cipher list at manda- tory TLS security levels. smtp_tls_dcert_file (empty) - File with the Postfix SMTP client DSA certificate + File with the Postfix SMTP client DSA certificate in PEM format. smtp_tls_dkey_file ($smtp_tls_dcert_file) - File with the Postfix SMTP client DSA private key + File with the Postfix SMTP client DSA private key in PEM format. smtp_tls_key_file ($smtp_tls_cert_file) - File with the Postfix SMTP client RSA private key + File with the Postfix SMTP client RSA private key in PEM format. smtp_tls_loglevel (0) - Enable additional Postfix SMTP client logging of + Enable additional Postfix SMTP client logging of TLS activity. smtp_tls_note_starttls_offer (no) - Log the hostname of a remote SMTP server that - offers STARTTLS, when TLS is not already enabled + Log the hostname of a remote SMTP server that + offers STARTTLS, when TLS is not already enabled for that server. smtp_tls_policy_maps (empty) Optional lookup tables with the Postfix SMTP client TLS security policy by next-hop destination; when a - non-empty value is specified, this overrides the + non-empty value is specified, this overrides the obsolete smtp_tls_per_site parameter. smtp_tls_mandatory_protocols (SSLv3, TLSv1) - List of TLS protocols that the Postfix SMTP client + List of TLS protocols that the Postfix SMTP client will use with mandatory TLS encryption. smtp_tls_scert_verifydepth (5) - The verification depth for remote SMTP server cer- + The verification depth for remote SMTP server cer- tificates. smtp_tls_secure_cert_match (nexthop, dot-nexthop) @@ -408,7 +416,7 @@ SMTP(8) SMTP(8) for the "secure" TLS security level. smtp_tls_session_cache_database (empty) - Name of the file containing the optional Postfix + Name of the file containing the optional Postfix SMTP client TLS session cache. smtp_tls_session_cache_timeout (3600s) @@ -420,9 +428,9 @@ SMTP(8) SMTP(8) for the "verify" TLS security level. tls_daemon_random_bytes (32) - The number of pseudo-random bytes that an smtp(8) - or smtpd(8) process requests from the tlsmgr(8) - server in order to seed its internal pseudo random + The number of pseudo-random bytes that an smtp(8) + or smtpd(8) process requests from the tlsmgr(8) + server in order to seed its internal pseudo random number generator (PRNG). tls_high_cipherlist @@ -434,7 +442,7 @@ SMTP(8) SMTP(8) ciphers. tls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH) - The OpenSSL cipherlist for "LOW" or higher grade + The OpenSSL cipherlist for "LOW" or higher grade ciphers. tls_export_cipherlist (ALL:+RC4:@STRENGTH) @@ -442,40 +450,40 @@ SMTP(8) SMTP(8) ciphers. tls_null_cipherlist (eNULL:!aNULL) - The OpenSSL cipherlist for "NULL" grade ciphers + The OpenSSL cipherlist for "NULL" grade ciphers that provide authentication without encryption. Available in Postfix version 2.4 and later: smtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options) - The SASL authentication security options that the - Postfix SMTP client uses for TLS encrypted SMTP + The SASL authentication security options that the + Postfix SMTP client uses for TLS encrypted SMTP sessions with a verified server certificate. OBSOLETE STARTTLS CONTROLS - The following configuration parameters exist for compati- + The following configuration parameters exist for compati- bility with Postfix versions before 2.3. Support for these will be removed in a future release. smtp_use_tls (no) - Opportunistic mode: use TLS when a remote SMTP - server announces STARTTLS support, otherwise send + Opportunistic mode: use TLS when a remote SMTP + server announces STARTTLS support, otherwise send the mail in the clear. smtp_enforce_tls (no) - Enforcement mode: require that remote SMTP servers - use TLS encryption, and never send mail in the + Enforcement mode: require that remote SMTP servers + use TLS encryption, and never send mail in the clear. smtp_tls_enforce_peername (yes) - With mandatory TLS encryption, require that the + With mandatory TLS encryption, require that the remote SMTP server hostname matches the information in the remote SMTP server certificate. smtp_tls_per_site (empty) Optional lookup tables with the Postfix SMTP client - TLS usage policy by next-hop destination and by + TLS usage policy by next-hop destination and by remote SMTP server hostname. smtp_tls_cipherlist (empty) @@ -485,27 +493,27 @@ SMTP(8) SMTP(8) RESOURCE AND RATE CONTROLS smtp_destination_concurrency_limit ($default_destina- tion_concurrency_limit) - The maximal number of parallel deliveries to the - same destination via the smtp message delivery + The maximal number of parallel deliveries to the + same destination via the smtp message delivery transport. smtp_destination_recipient_limit ($default_destina- tion_recipient_limit) - The maximal number of recipients per delivery via + The maximal number of recipients per delivery via the smtp message delivery transport. smtp_connect_timeout (30s) - The SMTP client time limit for completing a TCP + The SMTP client time limit for completing a TCP connection, or zero (use the operating system built-in time limit). smtp_helo_timeout (300s) - The SMTP client time limit for sending the HELO or - EHLO command, and for receiving the initial server + The SMTP client time limit for sending the HELO or + EHLO command, and for receiving the initial server response. lmtp_lhlo_timeout (300s) - The LMTP client time limit for sending the LHLO + The LMTP client time limit for sending the LHLO command, and for receiving the initial server response. @@ -514,30 +522,30 @@ SMTP(8) SMTP(8) command, and for receiving the server response. smtp_mail_timeout (300s) - The SMTP client time limit for sending the MAIL - FROM command, and for receiving the server + The SMTP client time limit for sending the MAIL + FROM command, and for receiving the server response. smtp_rcpt_timeout (300s) - The SMTP client time limit for sending the SMTP - RCPT TO command, and for receiving the server + The SMTP client time limit for sending the SMTP + RCPT TO command, and for receiving the server response. smtp_data_init_timeout (120s) - The SMTP client time limit for sending the SMTP - DATA command, and for receiving the server + The SMTP client time limit for sending the SMTP + DATA command, and for receiving the server response. smtp_data_xfer_timeout (180s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP message content. smtp_data_done_timeout (600s) - The SMTP client time limit for sending the SMTP + The SMTP client time limit for sending the SMTP ".", and for receiving the server response. smtp_quit_timeout (300s) - The SMTP client time limit for sending the QUIT + The SMTP client time limit for sending the QUIT command, and for receiving the server response. Available in Postfix version 2.1 and later: @@ -548,12 +556,12 @@ SMTP(8) SMTP(8) lookups, or zero (no limit). smtp_mx_session_limit (2) - The maximal number of SMTP sessions per delivery - request before giving up or delivering to a fall- + The maximal number of SMTP sessions per delivery + request before giving up or delivering to a fall- back relay host, or zero (no limit). smtp_rset_timeout (20s) - The SMTP client time limit for sending the RSET + The SMTP client time limit for sending the RSET command, and for receiving the server response. Available in Postfix version 2.2 and earlier: @@ -565,11 +573,11 @@ SMTP(8) SMTP(8) Available in Postfix version 2.2 and later: smtp_connection_cache_destinations (empty) - Permanently enable SMTP connection caching for the + Permanently enable SMTP connection caching for the specified destinations. smtp_connection_cache_on_demand (yes) - Temporarily enable SMTP connection caching while a + Temporarily enable SMTP connection caching while a destination has a high volume of mail in the active queue. @@ -579,62 +587,62 @@ SMTP(8) SMTP(8) smtp_connection_cache_time_limit (2s) When SMTP connection caching is enabled, the amount - of time that an unused SMTP client socket is kept + of time that an unused SMTP client socket is kept open before it is closed. Available in Postfix version 2.3 and later: connection_cache_protocol_timeout (5s) - Time limit for connection cache connect, send or + Time limit for connection cache connect, send or receive operations. TROUBLE SHOOTING CONTROLS debug_peer_level (2) - The increment in verbose logging level when a - remote client or server matches a pattern in the + The increment in verbose logging level when a + remote client or server matches a pattern in the debug_peer_list parameter. debug_peer_list (empty) - Optional list of remote client or server hostname - or network address patterns that cause the verbose - logging level to increase by the amount specified + Optional list of remote client or server hostname + or network address patterns that cause the verbose + logging level to increase by the amount specified in $debug_peer_level. error_notice_recipient (postmaster) - The recipient of postmaster notifications about - mail delivery problems that are caused by policy, + The recipient of postmaster notifications about + mail delivery problems that are caused by policy, resource, software or protocol errors. internal_mail_filter_classes (empty) - What categories of Postfix-generated mail are sub- - ject to before-queue content inspection by + What categories of Postfix-generated mail are sub- + ject to before-queue content inspection by non_smtpd_milters, header_checks and body_checks. notify_classes (resource, software) - The list of error classes that are reported to the + The list of error classes that are reported to the postmaster. MISCELLANEOUS CONTROLS best_mx_transport (empty) - Where the Postfix SMTP client should deliver mail + Where the Postfix SMTP client should deliver mail when it detects a "mail loops back to myself" error condition. config_directory (see 'postconf -d' output) - The default location of the Postfix main.cf and + The default location of the Postfix main.cf and master.cf configuration files. daemon_timeout (18000s) - How much time a Postfix daemon process may take to - handle a request before it is terminated by a + How much time a Postfix daemon process may take to + handle a request before it is terminated by a built-in watchdog timer. delay_logging_resolution_limit (2) - The maximal number of digits after the decimal + The maximal number of digits after the decimal point when logging sub-second delay values. disable_dns_lookups (no) - Disable DNS lookups in the Postfix SMTP and LMTP + Disable DNS lookups in the Postfix SMTP and LMTP clients. inet_interfaces (all) @@ -642,7 +650,7 @@ SMTP(8) SMTP(8) tem receives mail on. inet_protocols (ipv4) - The Internet protocols Postfix will attempt to use + The Internet protocols Postfix will attempt to use when making or accepting connections. ipc_timeout (3600s) @@ -650,75 +658,75 @@ SMTP(8) SMTP(8) over an internal communication channel. lmtp_tcp_port (24) - The default TCP port that the Postfix LMTP client + The default TCP port that the Postfix LMTP client connects to. max_idle (100s) - The maximum amount of time that an idle Postfix - daemon process waits for an incoming connection + The maximum amount of time that an idle Postfix + daemon process waits for an incoming connection before terminating voluntarily. max_use (100) - The maximal number of incoming connections that a - Postfix daemon process will service before termi- + The maximal number of incoming connections that a + Postfix daemon process will service before termi- nating voluntarily. process_id (read-only) - The process ID of a Postfix command or daemon + The process ID of a Postfix command or daemon process. process_name (read-only) - The process name of a Postfix command or daemon + The process name of a Postfix command or daemon process. proxy_interfaces (empty) The network interface addresses that this mail sys- - tem receives mail on by way of a proxy or network + tem receives mail on by way of a proxy or network address translation unit. smtp_bind_address (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an + An optional numerical network address that the + Postfix SMTP client should bind to when making an IPv4 connection. smtp_bind_address6 (empty) - An optional numerical network address that the - Postfix SMTP client should bind to when making an + An optional numerical network address that the + Postfix SMTP client should bind to when making an IPv6 connection. smtp_helo_name ($myhostname) - The hostname to send in the SMTP EHLO or HELO com- + The hostname to send in the SMTP EHLO or HELO com- mand. lmtp_lhlo_name ($myhostname) The hostname to send in the LMTP LHLO command. smtp_host_lookup (dns) - What mechanisms when the Postfix SMTP client uses + What mechanisms when the Postfix SMTP client uses to look up a host's IP address. smtp_randomize_addresses (yes) - Randomize the order of equal-preference MX host + Randomize the order of equal-preference MX host addresses. syslog_facility (mail) The syslog facility of Postfix logging. syslog_name (postfix) - The mail system name that is prepended to the - process name in syslog records, so that "smtpd" + The mail system name that is prepended to the + process name in syslog records, so that "smtpd" becomes, for example, "postfix/smtpd". Available with Postfix 2.2 and earlier: fallback_relay (empty) - Optional list of relay hosts for SMTP destinations + Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. Available with Postfix 2.3 and later: smtp_fallback_relay ($fallback_relay) - Optional list of relay hosts for SMTP destinations + Optional list of relay hosts for SMTP destinations that can't be found or that are unreachable. SEE ALSO @@ -736,7 +744,7 @@ SMTP(8) SMTP(8) TLS_README, Postfix STARTTLS howto LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 60ac612d5..3603d302e 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -3711,6 +3711,17 @@ next-hop host, recipient) triple. This feature is available in Postfix 2.0 and later. .SH sample_directory (default: /etc/postfix) The name of the directory with example Postfix configuration files. +.SH send_cyrus_sasl_authzid (default: no) +When authenticating to a SASL server with the default setting +"no", send no authoriZation ID (authzid); send only the authentiCation +ID (authcid) plus the authcid's password. +.PP +The non-default setting "yes" enables the behavior of older +Postfix versions. These always send an authzid that is equal to +the authcid, but this causes inter-operability problems with some +SMTP servers. +.PP +This feature is available in Postfix 2.4.4 and later. .SH sender_based_routing (default: no) This parameter should not be used. It was replaced by sender_dependent_relayhost_maps in Postfix version 2.3. diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index f1c2bca62..c882a0930 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -226,6 +226,12 @@ from a remote LMTP server. A case insensitive list of LHLO keywords (pipelining, starttls, auth, etc.) that the LMTP client will ignore in the LHLO response from a remote LMTP server. +.PP +Available in Postfix version 2.4.4 and later: +.IP "\fBsend_cyrus_sasl_authzid (no)\fR" +When authenticating to a SASL server with the default setting +"no", send no authoriZation ID (authzid); send only the authentiCation +ID (authcid) plus the authcid's password. .SH "MIME PROCESSING CONTROLS" .na .nf diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index 4088d6982..b4771d943 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -364,6 +364,7 @@ while (<>) { s;\bresolve_dequoted_address\b;$&;g; s;\brewrite_service_name\b;$&;g; s;\bsample_directory\b;$&;g; + s;\bsend_cyrus_sasl_authzid\b;$&;g; s;\bsender_based_routing\b;$&;g; s;\bsender_bcc_maps\b;$&;g; s;\bsender_canonical_classes\b;$&;g; diff --git a/postfix/proto/SASL_README.html b/postfix/proto/SASL_README.html index fd3441892..c63db76d5 100644 --- a/postfix/proto/SASL_README.html +++ b/postfix/proto/SASL_README.html @@ -537,13 +537,13 @@ client is shown in bold font.

250-ETRN 250-AUTH DIGEST-MD5 PLAIN CRAM-MD5 250 8BITMIME -AUTH PLAIN dGVzdAB0ZXN0AHRlc3RwYXNz +AUTH PLAIN AHRlc3QAdGVzdHBhc3M= 235 Authentication successful -

Instead of dGVzdAB0ZXN0AHRlc3RwYXNz, specify the base64 encoded -form of username\0username\0password (the \0 is a null byte). The +

Instead of AHRlc3QAdGVzdHBhc3M=, specify the base64 encoded +form of \0username\0password (the \0 is a null byte). The example above is for a user named `test' with password `testpass'.

@@ -552,14 +552,14 @@ you can use one of the following commands: 

-% printf 'username\0username\0password' | mmencode 
+% printf '\0username\0password' | mmencode 
 
 % perl -MMIME::Base64 -e \
-    'print encode_base64("username\0username\0password");'
+    'print encode_base64("\0username\0password");'
diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index a42ea22d6..c592b9a03 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -10572,3 +10572,16 @@ configuration parameter. See there for details.

configuration parameter. See there for details.

This feature is available in Postfix 2.4 and later.

+ +%PARAM send_cyrus_sasl_authzid no + +

When authenticating to a SASL server with the default setting +"no", send no authoriZation ID (authzid); send only the authentiCation +ID (authcid) plus the authcid's password.

+ +

The non-default setting "yes" enables the behavior of older +Postfix versions. These always send an authzid that is equal to +the authcid, but this causes inter-operability problems with some +SMTP servers.

+ +

This feature is available in Postfix 2.4.4 and later.

diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index 85fadf3e9..bf4252df1 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -106,6 +106,7 @@ /* int var_oldlog_compat; /* int var_delay_max_res; /* char *var_int_filt_classes; +/* int var_cyrus_sasl_authzid; /* /* void mail_params_init() /* @@ -275,6 +276,7 @@ int var_verify_neg_cache; int var_oldlog_compat; int var_delay_max_res; char *var_int_filt_classes; +int var_cyrus_sasl_authzid; const char null_format_string[1] = ""; @@ -543,6 +545,7 @@ void mail_params_init() VAR_VERIFY_NEG_CACHE, DEF_VERIFY_NEG_CACHE, &var_verify_neg_cache, VAR_OLDLOG_COMPAT, DEF_OLDLOG_COMPAT, &var_oldlog_compat, VAR_HELPFUL_WARNINGS, DEF_HELPFUL_WARNINGS, &var_helpful_warnings, + VAR_CYRUS_SASL_AUTHZID, DEF_CYRUS_SASL_AUTHZID, &var_cyrus_sasl_authzid, 0, }; const char *cp; diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 4c3c3f3ca..64b639ca2 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -1532,6 +1532,10 @@ extern char *var_lmtp_sasl_path; */ #define PERMIT_SASL_AUTH "permit_sasl_authenticated" +#define VAR_CYRUS_SASL_AUTHZID "send_cyrus_sasl_authzid" +#define DEF_CYRUS_SASL_AUTHZID 0 +extern int var_cyrus_sasl_authzid; + /* * LMTP client. Timeouts inspired by RFC 1123. The LMTP recipient limit * determines how many recipient addresses the LMTP client sends along with diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 7ec6309ed..ced987d86 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,8 +20,8 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20070614" -#define MAIL_VERSION_NUMBER "2.4.4-RC1" +#define MAIL_RELEASE_DATE "20070710" +#define MAIL_VERSION_NUMBER "2.4.4-RC2" #ifdef SNAPSHOT # define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 9a69f2adc..40ffcade5 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -204,6 +204,12 @@ /* A case insensitive list of LHLO keywords (pipelining, starttls, /* auth, etc.) that the LMTP client will ignore in the LHLO response /* from a remote LMTP server. +/* .PP +/* Available in Postfix version 2.4.4 and later: +/* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" +/* When authenticating to a SASL server with the default setting +/* "no", send no authoriZation ID (authzid); send only the authentiCation +/* ID (authcid) plus the authcid's password. /* MIME PROCESSING CONTROLS /* .ad /* .fi diff --git a/postfix/src/xsasl/xsasl_cyrus_client.c b/postfix/src/xsasl/xsasl_cyrus_client.c index 4e525e031..b84cd1fa0 100644 --- a/postfix/src/xsasl/xsasl_cyrus_client.c +++ b/postfix/src/xsasl/xsasl_cyrus_client.c @@ -329,7 +329,8 @@ XSASL_CLIENT *xsasl_cyrus_client_create(XSASL_CLIENT_IMPL *unused_impl, if ((sasl_status = SASL_CLIENT_NEW(service, server, NULL_CLIENT_ADDR, NULL_SERVER_ADDR, - custom_callbacks, NULL_SECFLAGS, + var_cyrus_sasl_authzid ? custom_callbacks : + custom_callbacks + 1, NULL_SECFLAGS, &sasl_conn)) != SASL_OK) { msg_warn("per-session SASL client initialization: %s", xsasl_cyrus_strerror(sasl_status));