src/oqmgr/ Old queue manager
src/pickup/ Local pickup
src/pipe/ Pipe delivery
+ src/postlogd/ Syslog alternative, logs to file or stdout
src/postscreen/ Zombie blocker
src/proxymap/ Table lookup proxy agent
src/qmgr/ Queue manager
src/smtpd/ SMTP server
src/spawn/ Run non-Postfix server
src/tlsmgr/ TLS session keys and random pool
- src/tlsproxy/ TLS proxy for postscreen
+ src/tlsproxy/ TLS proxy for postscreen and outbound connection reuse
src/trivial-rewrite/ Address rewriting and resolving
src/verify/ address verification service
src/virtual/ virtual mailbox-only delivery agent
20120330
- Workaround: specify "\c" at the start of an smtp_reject_footer
+ Workaround: specify "\c" at the start of an smtpd_reject_footer
template to suppress the line break between the reply text
and the footer text. Files: global/smtp_reply_footer.c,
proto/postconf.proto.
20180812
- Feature: smtp_reject_footer_maps (as well as the postscreen
+ Feature: smtpd_reject_footer_maps (as well as the postscreen
variant postscreen_reject_footer_maps). This is indexed
with the SMTP server response text, and overrides the footer
- specified with smtp_reject_footer. Files: global/mail_params.h,
+ specified with smtpd_reject_footer. Files: global/mail_params.h,
mantools/postlink, postscreen/postscreen.c,
postscreen/postscreen_send.c, postscreen/postscreen_smtpd.c,
proto/postconf.proto, smtpd/smtpd.c, smtpd/smtpd_chat.c.
Debugging: tlsproxy(8) now logs more details about unexpected
configuration differences between the Postfix SMTP client
and the tlsproxy(8) daemon.
+
+20190210
+
+ Documentation: Postfix 3.4.0 RELEASE NOTES.
+
+ Documentation: added BDAT_README.
+
+ Documentation: global TLS settings. Files: mantools/postlink,
+ smtp/smtp.c, tlsproxy/tlsproxy.c.
* ADDRESS_CLASS_README: Address Classes
* CONNECTION_CACHE_README: Connection cache howto
* DSN_README: Postfix DSN support
+ * BDAT_README: Postfix BDAT (CHUNKING) support
* PACKAGE_README: Guidelines for Package Builders
* SCHEDULER_README: Queue Scheduler
* XCLIENT_README: XCLIENT Command
--- /dev/null
+P\bPo\bos\bst\btf\bfi\bix\bx B\bBD\bDA\bAT\bT (\b(C\bCH\bHU\bUN\bNK\bKI\bIN\bNG\bG)\b) s\bsu\bup\bpp\bpo\bor\brt\bt
+
+-------------------------------------------------------------------------------
+
+O\bOv\bve\ber\brv\bvi\bie\bew\bw
+
+Postfix SMTP server supports RFC 3030 CHUNKING (the BDAT command) without
+BINARYMIME, in both smtpd(8) and postscreen(8). It is enabled by default.
+
+Topics covered in this document:
+
+ * Disabling BDAT support
+ * Impact on existing configurations
+ * Example SMTP session
+ * Benefits of CHUNKING (BDAT) support without BINARYMIME
+ * Downsides of CHUNKING (BDAT) support
+
+D\bDi\bis\bsa\bab\bbl\bli\bin\bng\bg B\bBD\bDA\bAT\bT s\bsu\bup\bpp\bpo\bor\brt\bt
+
+BDAT support is enabled by default. To disable BDAT support globally:
+
+ /etc/postfix/main.cf:
+ # The logging alternative:
+ smtpd_discard_ehlo_keywords = chunking
+ # The non-logging alternative:
+ smtpd_discard_ehlo_keywords = chunking, silent_discard
+
+Specify '-o smtpd_discard_ehlo_keywords=' in master.cf for the submission and
+smtps services, if you have clients that benefit from CHUNKING support.
+
+I\bIm\bmp\bpa\bac\bct\bt o\bon\bn e\bex\bxi\bis\bst\bti\bin\bng\bg c\bco\bon\bnf\bfi\big\bgu\bur\bra\bat\bti\bio\bon\bns\bs
+
+ * There are no changes for smtpd_mumble_restrictions, smtpd_proxy_filter,
+ smtpd_milters, or for postscreen settings, except for the above mentioned
+ option to suppress the SMTP server's CHUNKING service announcement.
+
+ * There are no changes in the Postfix queue file content, no changes for
+ down-stream SMTP servers or after-queue content filters, and no changes in
+ the envelope or message content that Milters will receive.
+
+E\bEx\bxa\bam\bmp\bpl\ble\be S\bSM\bMT\bTP\bP s\bse\bes\bss\bsi\bio\bon\bn
+
+The main differences are that the Postfix SMTP server announces "CHUNKING"
+support in the EHLO response, and that instead of sending one DATA request, the
+remote SMTP client may send one or more BDAT requests. In the example below,
+"S:" indicates server responses, and "C:" indicates client requests (bold
+font).
+
+ S: 220 server.example.com
+ C: E\bEH\bHL\bLO\bO c\bcl\bli\bie\ben\bnt\bt.\b.e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm
+ S: 250-server.example.com
+ S: 250-PIPELINING
+ S: 250-SIZE 153600000
+ S: 250-VRFY
+ S: 250-ETRN
+ S: 250-STARTTLS
+ S: 250-AUTH PLAIN LOGIN
+ S: 250-ENHANCEDSTATUSCODES
+ S: 250-8BITMIME
+ S: 250-DSN
+ S: 250-SMTPUTF8
+ S: 250 CHUNKING
+ C: M\bMA\bAI\bIL\bL F\bFR\bRO\bOM\bM:\b:<\b<s\bse\ben\bnd\bde\ber\br@\b@e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm>\b>
+ S: 250 2.1.0 Ok
+ C: R\bRC\bCP\bPT\bT T\bTO\bO:\b:<\b<r\bre\bec\bci\bip\bpi\bie\ben\bnt\bt@\b@e\bex\bxa\bam\bmp\bpl\ble\be.\b.c\bco\bom\bm>\b>
+ S: 250 2.1.5 Ok
+ C: B\bBD\bDA\bAT\bT 1\b10\b00\b00\b00\b0
+ C: .\b..\b.f\bfo\bol\bll\blo\bow\bwe\bed\bd b\bby\by 1\b10\b00\b00\b00\b0 b\bby\byt\bte\bes\bs.\b..\b..\b.
+ S: 250 2.0.0 Ok: 10000 bytes
+ C: B\bBD\bDA\bAT\bT 1\b12\b23\b3
+ C: .\b..\b.f\bfo\bol\bll\blo\bow\bwe\bed\bd b\bby\by 1\b12\b23\b3 b\bby\byt\bte\bes\bs.\b..\b..\b.
+ S: 250 2.0.0 Ok: 123 bytes
+ C: B\bBD\bDA\bAT\bT 0\b0 L\bLA\bAS\bST\bT
+ S: 250 2.0.0 Ok: 10123 bytes queued as 41yYhh41qmznjbD
+ C: Q\bQU\bUI\bIT\bT
+ S: 221 2.0.0 Bye
+
+Internally in Postfix, there is no difference between mail that was received
+with BDAT or with DATA. Postfix smtpd_mumble_restrictions, policy delegation
+queries, smtpd_proxy_filter and Milters all behave as if Postfix received (MAIL
++ RCPT + DATA + end-of-data). However, Postfix will log BDAT-related failures
+as "xxx after BDAT" to avoid complicating troubleshooting (xxx = 'lost
+connection' or 'timeout'), and will log a warning when a client sends a
+malformed BDAT command.
+
+B\bBe\ben\bne\bef\bfi\bit\bts\bs o\bof\bf C\bCH\bHU\bUN\bNK\bKI\bIN\bNG\bG (\b(B\bBD\bDA\bAT\bT)\b) s\bsu\bup\bpp\bpo\bor\brt\bt w\bwi\bit\bth\bho\bou\but\bt B\bBI\bIN\bNA\bAR\bRY\bYM\bMI\bIM\bME\bE
+
+Support for CHUNKING (BDAT) was added to improve interoperability with some
+clients, a benefit that would reportedly exist even without Postfix support for
+BINARYMIME. Since June 2018, Wietse's mail server has received BDAT commands
+from a variety of systems.
+
+Postfix does not support BINARYMIME at this time because:
+
+ * BINARYMIME support would require moderately invasive changes to Postfix, to
+ support email content that is not line-oriented. With BINARYMIME, the
+ Content-Length: message header specifies the length of content that may or
+ may not have line boundaries. Without BINARYMIME support, email RFCs
+ require that binary content is base64-encoded, and formatted as lines of
+ text.
+
+ * For delivery to non-BINARYMIME systems including UNIX mbox, the available
+ options are to convert binary content into 8bit text, one of the 7bit forms
+ (base64 or quoted-printable), or to return email as undeliverable. Any
+ conversion would obviously break digital signatures, so conversion would
+ have to happen before signing.
+
+D\bDo\bow\bwn\bns\bsi\bid\bde\bes\bs o\bof\bf C\bCH\bHU\bUN\bNK\bKI\bIN\bNG\bG (\b(B\bBD\bDA\bAT\bT)\b) s\bsu\bup\bpp\bpo\bor\brt\bt
+
+The RFC 3030 authors did not specify any limitations on how clients may
+pipeline commands (i.e. send commands without waiting for a server response).
+If a server announces PIPELINING support, like Postfix does, then a remote SMTP
+client can pipeline all commands following EHLO, for example, MAIL/RCPT/BDAT/
+BDAT/MAIL/RCPT/BDAT, without ever having to wait for a server response. This
+means that with BDAT, the Postfix SMTP server cannot distinguish between a
+well-behaved client and a spambot, based on their command pipelining behavior.
+If you require "reject_unauth_pipelining" to block spambots, then turn off
+Postfix's CHUNKING announcement as described above.
+
+In RFC 4468, the authors write that a client may pipeline commands, and that
+after sending BURL LAST or BDAT LAST, a client must wait for the server's
+response. But as this text does not appear in RFC 3030 which defines BDAT, is
+it a useless restriction that Postfix will not enforce.
+
-This is the Postfix 3.4 (experimental) release.
+This is the Postfix 3.5 (experimental) release.
-The stable Postfix release is called postfix-3.3.x where 3=major
-release number, 3=minor release number, x=patchlevel. The stable
+The stable Postfix release is called postfix-3.4.x where 3=major
+release number, 4=minor release number, x=patchlevel. The stable
release never changes except for patches that address bugs or
emergencies. Patches change the patchlevel and the release date.
New features are developed in snapshot releases. These are called
-postfix-3.4-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+postfix-3.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
mm=month, dd=day). Patches are never issued for snapshot releases;
instead, a new snapshot is released.
The mail_release_date configuration parameter (format: yyyymmdd)
specifies the release date of a stable release or snapshot release.
-If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3
+If you upgrade from Postfix 3.3 or earlier, read RELEASE_NOTES-3.4
before proceeding.
License change
more recent Eclipse Public License 2.0. Recipients can choose to take
the software under the license of their choice. Those who are more
comfortable with the IPL can continue with that license.
-
-Incompatible changes with snapshot 20190126-nonprod
-====================================================
-
-This introduces a new master.cf service 'postlog' with type
-'unix-dgram' that is used by the new postlogd(8) daemon. The
-'unix-dgram' service type is not supported by older Postfix versions.
-Before backing out to an older version, edit the master.cf file and
-remove the postlog entry.
-
-Major changes with snapshot 20190126-nonprod
-============================================
-
-Support for logging to file or stdout, instead of using syslog.
-
-- Logging to file solves a usability problem for MacOS, and
- eliminates multiple problems with systemd-based systems.
-
-- Logging to stdout is useful when Postfix runs in a container, as
- it eliminates a syslogd dependency.
-
-See MAILLOG_README for configuration examples and logfile rotation.
-
-Incompatible changes with snapshot 20190106
-===========================================
-
-Postfix 3.4 drops support for OpenSSL 1.0.1 (end-of-life December
-31, 2016) and earlier releases.
-
-Major changes with snapshot 20190106
-====================================
-
-SNI support in the Postfix SMTP server, the Postfix SMTP client,
-and in the tlsproxy daemon (both server and client roles). See the
-postconf(5) documentation for the new tls_server_sni_maps and
-smtp_tls_servername parameters.
-
-Support for files that contain multiple (key, certificate, trust
-chain) instances. This was required to implement server-side SNI
-table lookups, but it also eliminates the need for separate cert/key
-files for RSA, DSA, Elliptic Curve, and so on. The file format is
-documented in the TLS_README sections "Server-side certificate and
-private key configuration" and "Client-side certificate and private
-key configuration", and in the postconf(5) documentation for the
-parameters smtp_tls_chain_files, smtpd_tls_chain_files,
-tlsproxy_client_chain_files, and tlsproxy_tls_chain_files.
-
-Note: the command "postfix tls" does not yet support the new
-consolidated certificate chain format. If you switch to the new
-format, you'll need to manage your keys and certificates directly,
-rather than via postfix-tls(1).
-
-Major changes with snapshot 20180826
-====================================
-
-Postfix SMTP server support for RFC 3030 CHUNKING (the BDAT command)
-without BINARYMIME, in both smtpd(8) and postscreen(8).
-
-To disable the SMTP server's CHUNKING support:
-
-/etc/postfix/main.cf:
- # The logging alternative:
- smtpd_discard_ehlo_keywords = chunking
- # The non-logging alternative:
- smtpd_discard_ehlo_keywords = chunking, silent_discard
-
-Be sure to specify '-o smtpd_discard_ehlo_keywords=' in master.cf
-for the submission and smtps services, in case you have clients
-that benefit from CHUNKING support.
-
-Impact on existing configurations:
-----------------------------------
-
-- There are no changes for smtpd_mumble_restrictions, smtpd_proxy_filter,
- smtpd_milters, or for postscreen settings, except for the additional
- option to suppress the SMTP server's CHUNKING service announcement.
-
-- There are no changes in the Postfix queue file content, no changes
- for down-stream SMTP servers or after-queue content filters, and
- no changes in the envelope or message content that Milters will
- receive.
-
-Example SMTP session
---------------------
-
-The main differences are that the Postfix SMTP server announces
-"CHUNKING" support in the EHLO response, and that instead of sending
-one DATA request, the remote SMTP client may send one or more BDAT
-requests. In the example below, "S:" indicates server responses,
-and "C:" indicates client requests.
-
- S: 220 server.example.com
- C: EHLO client.example.com
- S: 250-server.example.com
- S: 250-PIPELINING
- S: 250-SIZE 153600000
- S: 250-VRFY
- S: 250-ETRN
- S: 250-STARTTLS
- S: 250-AUTH PLAIN LOGIN
- S: 250-ENHANCEDSTATUSCODES
- S: 250-8BITMIME
- S: 250-DSN
- S: 250-SMTPUTF8
- S: 250 CHUNKING
- C: MAIL FROM:<sender@example.com>
- S: 250 2.1.0 Ok
- C: RCPT TO:<recipient@example.com>
- S: 250 2.1.5 Ok
- C: BDAT 10000
- C: ..followed by 10000 bytes...
- S: 250 2.0.0 Ok: 10000 bytes
- C: BDAT 123
- C: ..followed by 123 bytes...
- S: 250 2.0.0 Ok: 123 bytes
- C: BDAT 0 LAST
- S: 250 2.0.0 Ok: 10123 bytes queued as 41yYhh41qmznjbD
- C: QUIT
- S: 221 2.0.0 Bye
-
-Internally in Postfix, there is no difference between mail that was
-received with BDAT or with DATA. Postfix smtpd_mumble_restrictions,
-policy delegation queries, smtpd_proxy_filter and Milters all behave
-as if Postfix received (MAIL + RCPT + DATA + end-of-data). However,
-Postfix will log BDAT-related failures as "xxx after BDAT" to avoid
-complicating troubleshooting (xxx = 'lost connection' or 'timeout'),
-and will log a warning when a client sends a malformed BDAT command.
-
-Benefits of CHUNKING (BDAT) support without BINARYMIME:
--------------------------------------------------------
-
-Support for CHUNKING (BDAT) was added to improve interoperability
-with some clients, a benefit that would reportedly exist even without
-Postfix support for BINARYMIME.
-
-Postfix does not support BINARYMIME at this time because:
-
-- BINARYMIME support would require moderately invasive changes to
- support email content that is not line-oriented. With BINARYMIME,
- the Content-Length: header specifies the length of arbitrary
- content that has no line boundaries. Without BINARYMIME, binary
- content is base64-encoded, and formatted as lines of text.
-
-- There is no conversion of BINARYMIME to a line-oriented 8BITMIME
- form that is compatible with legacy systems including UNIX mbox.
- The available options are to convert binary content into one of
- the 7bit forms (base64 or quoted-printable), or to return email
- as undeliverable. Any conversion would break digital signatures,
- so it would have to happen before signing.
-
-Downsides of CHUNKING (BDAT) support:
--------------------------------------
-
-The RFC 3030 authors did not specify any limitations on how clients
-may pipeline commands (i.e. send commands without waiting for a
-server response). If a server announces PIPELINING support, like
-Postfix does, then a remote SMTP client can pipeline all commands
-following EHLO, for example, MAIL/RCPT/BDAT/BDAT/MAIL/RCPT/BDAT,
-without ever having to wait for a server response. This means that
-with BDAT, the Postfix SMTP server cannot distinguish between a
-well-behaved client and a spambot, based on their command pipelining
-behavior. If you require "reject_unauth_pipelining" to block spambots,
-turn off the CHUNKING support announcement as described above.
-
-Incompatible change with snapshot 20180701
-==========================================
-
-To avoid performance loss under load, the tlsproxy(8) daemon now
-requires a zero process limit in master.cf (this setting is provided
-with the default master.cf file). As tlsproxy(8) processes become
-too busy handling TLS connections, more processes will automatically
-be added. By default, a tlsproxy(8) process will retire after several
-hours.
-
-To set the tlsproxy process limit to zero:
-
-# postconf -F tlsproxy/unix/process_limit=0
-# postfix reload
-
-Major changes with snapshot 20180617
-====================================
-
-Preliminary Postfix SMTP client support for multiple deliveries per
-TLS-encrypted connection. This is primarily to improve mail delivery
-performance for destinations that throttle clients when they don't
-combine deliveries.
-
-This feature is enabled with "smtp_tls_connection_reuse=yes" in
-main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
-It supports all Postfix TLS security levels including dane and
-dane-only.
-
-The implementation of TLS connection reuse relies on the same
-scache(8) service as used for delivering plaintext SMTP mail, the
-same tlsproxy(8) daemon as used by the postscreen(8) service for
-inbound connections, and relies on the same hints from the qmgr(8)
-daemon. It reuses the configuration parameters described in
-CONNECTION_CACHE_README.
-
-The following illustrates how TLS connections are reused:
-
- Initial plaintext SMTP handshake:
- smtp(8) -> remote SMTP server
-
- Reused SMTP/TLS connection, or new SMTP/TLS connection:
- smtp(8) -> tlsproxy(8) -> remote SMTP server
-
- Cached SMTP/TLS connection:
- scache(8) -> tlsproxy(8) -> remote SMTP server
-
-There are a few refinements planned:
-
-- Log the TLS properties every time a connection is reused.
- Currently, the properties are logged when a TLS session is created.
--- /dev/null
+This is the Postfix 3.4 (stable) release.
+
+The stable Postfix release is called postfix-3.4.x where 3=major
+release number, 4=minor release number, x=patchlevel. The stable
+release never changes except for patches that address bugs or
+emergencies. Patches change the patchlevel and the release date.
+
+New features are developed in snapshot releases. These are called
+postfix-3.5-yyyymmdd where yyyymmdd is the release date (yyyy=year,
+mm=month, dd=day). Patches are never issued for snapshot releases;
+instead, a new snapshot is released.
+
+The mail_release_date configuration parameter (format: yyyymmdd)
+specifies the release date of a stable release or snapshot release.
+
+If you upgrade from Postfix 3.2 or earlier, read RELEASE_NOTES-3.3
+before proceeding.
+
+License change
+---------------
+
+This software is distributed with a dual license: in addition to the
+historical IBM Public License 1.0, it is now also distributed with the
+more recent Eclipse Public License 2.0. Recipients can choose to take
+the software under the license of their choice. Those who are more
+comfortable with the IPL can continue with that license.
+
+Summary of changes
+------------------
+
+Incompatible changes, bdat support, containers, database support,
+logging, safety, tls connection pooling, tls support, usability,
+
+Incompatible changes
+--------------------
+
+[Incompat 20180826] The Postfix SMTP server announces CHUNKING (BDAT
+command) by default. In the unlikely case that this breaks some
+important remote SMTP client, disable the feature as follows:
+
+/etc/postfix/main.cf:
+ # The logging alternative:
+ smtpd_discard_ehlo_keywords = chunking
+ # The non-logging alternative:
+ smtpd_discard_ehlo_keywords = chunking, silent_discard
+
+See BDAT_README for more.
+
+[Incompat 20190126] This introduces a new master.cf service 'postlog'
+with type 'unix-dgram' that is used by the new postlogd(8) daemon.
+Before backing out to an older Postfix version, edit the master.cf
+file and remove the postlog entry.
+
+[Incompat 20190106] Postfix 3.4 drops support for OpenSSL 1.0.1
+(end-of-life was December 31, 2016) and all earlier releases.
+
+[Incompat 20180701] To avoid performance loss under load, the
+tlsproxy(8) daemon now requires a zero process limit in master.cf
+(this setting is provided with the default master.cf file). By
+default, a tlsproxy(8) process will retire after several hours.
+
+To set the tlsproxy process limit to zero:
+
+# postconf -F tlsproxy/unix/process_limit=0
+# postfix reload
+
+Major changes - bdat support
+--------------------
+
+[Feature 20180826] Postfix SMTP server support for RFC 3030 CHUNKING
+(the BDAT command) without BINARYMIME, in both smtpd(8) and
+postscreen(8). This has no effect on Milters, smtpd_mumble_restrictions,
+and smtpd_proxy_filter. See BDAT_README for more.
+
+Major changes - containers
+--------------------------
+
+[Feature 20190126] Support for logging to file or stdout, instead
+of using syslog.
+
+- Logging to file solves a usability problem for MacOS, and
+ eliminates multiple problems with systemd-based systems.
+
+- Logging to stdout is useful when Postfix runs in a container, as
+ it eliminates a syslogd dependency.
+
+See MAILLOG_README for configuration examples and logfile rotation.
+
+[Feature 20180422] Better handling of undocumented(!) Linux behavior
+whether or not signals are delivered to a PID=1 process.
+
+Major changes - database support
+--------------------------------
+
+[Feature 20181105] Support for (key, list of filenames) in map
+source text.
+
+- Currently, this feature is used only by tls_server_sni_maps.
+
+- When a map is created from source with "postmap -F maptype:mapname",
+ the command processes each key as usual and processes each value
+ as a list of filenames, concatenates the content of those files
+ (with one newline character in-between files), and stores an entry
+ with (key, base64-encoded result).
+
+- When a map is queried with "postmap -F -q ...", the command
+ base64-decodes each value. It reports an error when a value is
+ not in base64 form.
+
+ This "postmap -F -q ..." behavior also works when querying the
+ memory-resident map types cidr:, inline:, pcre:, randmap:, regexp:,
+ and static:. Postfix reads the files specified as table values,
+ stores base64-encoded content, and base64-decodes content upon
+ table lookup.
+
+ Internally, Postfix will turn on this behavior for lookups (not
+ updates) when a map is opened with the DICT_FLAG_RHS_IS_FILE flag.
+
+Major changes - logging
+-----------------------
+
+[Feature 20190126] Support for logging to file or stdout, instead
+of using syslog.
+
+- Logging to file solves a usability problem for MacOS, and
+ eliminates multiple problems with systemd-based systems.
+
+- Logging to stdout is useful when Postfix runs in a container, as
+ it eliminates a syslogd dependency.
+
+See MAILLOG_README for configuration examples and logfile rotation.
+
+Major changes - safety
+----------------------
+
+[Feature 20180623] Automatic retirement: dnsblog(8) and tlsproxy(8) process
+will now voluntarily retire after after max_idle*max_use, or some
+sane limit if either limit is disabled. Without this, a process
+could stay busy for days or more.
+
+Major changes - tls connection pooling
+--------------------------------------
+
+[Feature 20180617] Postfix SMTP client support for multiple deliveries
+per TLS-encrypted connection. This is primarily to improve mail
+delivery performance for destinations that throttle clients when
+they don't combine deliveries.
+
+This feature is enabled with "smtp_tls_connection_reuse=yes" in
+main.cf, or with "tls_connection_reuse=yes" in smtp_tls_policy_maps.
+It supports all Postfix TLS security levels including dane and
+dane-only.
+
+The implementation of TLS connection reuse relies on the same
+scache(8) service as used for delivering plaintext SMTP mail, the
+same tlsproxy(8) daemon as used by the postscreen(8) service for
+inbound connections, and relies on the same hints from the qmgr(8)
+daemon. It reuses the configuration parameters described in
+CONNECTION_CACHE_README.
+
+The Postfix SMTP client now logs whether an SMTP-over-TLS connection
+is newly established ("TLS connection established") or whether the
+connection is reused ("TLS connection reused").
+
+The following illustrates how TLS connections are reused:
+
+ Initial plaintext SMTP handshake:
+ smtp(8) -> remote SMTP server
+
+ Reused SMTP/TLS connection, or new SMTP/TLS connection:
+ smtp(8) -> tlsproxy(8) -> remote SMTP server
+
+ Cached SMTP/TLS connection:
+ scache(8) -> tlsproxy(8) -> remote SMTP server
+
+Major changes - tls support
+---------------------------
+
+[Feature 20190106] SNI support in the Postfix SMTP server, the
+Postfix SMTP client, and in the tlsproxy(8) daemon (both server and
+client roles). See the postconf(5) documentation for the new
+tls_server_sni_maps and smtp_tls_servername parameters.
+
+[Feature 20190106] Support for files that contain multiple (key,
+certificate, trust chain) instances. This was required to implement
+server-side SNI table lookups, but it also eliminates the need for
+separate cert/key files for RSA, DSA, Elliptic Curve, and so on.
+The file format is documented in the TLS_README sections "Server-side
+certificate and private key configuration" and "Client-side certificate
+and private key configuration", and in the postconf(5) documentation
+for the parameters smtp_tls_chain_files, smtpd_tls_chain_files,
+tlsproxy_client_chain_files, and tlsproxy_tls_chain_files.
+
+Note: the command "postfix tls" does not yet support the new
+consolidated certificate chain format. If you switch to the new
+format, you'll need to manage your keys and certificates directly,
+rather than via postfix-tls(1).
+
+Major changes - usability
+-------------------------
+
+[Feature 20180812] Support for smtpd_reject_footer_maps (as well
+as the postscreen variant postscreen_reject_footer_maps) for more
+informative reject messages. This is indexed with the Postfix SMTP
+server response text, and overrides the footer specified with
+smtpd_reject_footer. One will want to use a pcre: or regexp: map
+with this.
+
Wish list:
- Move tls_proxy_client_scan.c _to_string() function
- to tls_proxy_client_misc.c.
+ Things to do before the stable release:
- In tlsproxy, include parameter names in the diffs between
- expected and client properties. This requires a function
- tls_proxy_client_init_with_names_to_string().
+ Spell-check, double-word check, HTML validator check,
+ mantools/missing-proxy-read-maps check.
+
+ Disable -DSNAPSHOT and -DNONPROD in makedefs.
make tls_pre_jail_init() safe by design for use in programs
that implement both clients and servers.
- postfix rotate-log command: mv postfix.log postfix.log.$(date
- +%Y%M%d-%H%M%S) to avoid data loss if called repeatedly.
-
In smtpd(8) and postscreen(8), set the ehlo_discard_mask
to ~0 so that STARTTLS, BDAT, DSN, etc. work only for clients
that send EHLO.
In postscreen, don't fork after 'postfix reload' when
psc_check_queue_length (and psc_post_queue_length?) is zero.
- Things to do before the stable release:
-
- Spell-check, double-word check, HTML validator check,
- mantools/missing-proxy-read-maps check.
-
- Disable -DSNAPSHOT and -DNONPROD in makedefs.
-
After I/O error, store errno in VSTREAM object before errno
may be overwritten.
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix BDAT (CHUNKING) support</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+BDAT (CHUNKING) support</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> Postfix SMTP server supports <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> CHUNKING (the BDAT command)
+without BINARYMIME, in both <a href="smtpd.8.html">smtpd(8)</a> and <a href="postscreen.8.html">postscreen(8)</a>. It is enabled
+by default. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#disable"> Disabling BDAT support</a>
+
+<li><a href="#impact"> Impact on existing configurations</a>
+
+<li><a href="#example"> Example SMTP session</a>
+
+<li> <a href="#benefits">Benefits of CHUNKING (BDAT) support without BINARYMIME</a>
+
+<li> <a href="#downsides">Downsides of CHUNKING (BDAT) support</a>
+
+</ul>
+
+<h2> <a name="disable"> Disabling BDAT support </a> </h2>
+
+<p> BDAT support is enabled by default. To disable BDAT support
+globally: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/<a href="postconf.5.html">main.cf</a>:
+ # The logging alternative:
+ <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking
+ # The non-logging alternative:
+ <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking, silent_discard
+</pre>
+</blockquote>
+
+<p> Specify '-o <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>=' in <a href="master.5.html">master.cf</a>
+for the submission and smtps services, if you have clients
+that benefit from CHUNKING support. </p>
+
+<h2> <a name="impact"> Impact on existing configurations </a> </h2>
+
+<ul>
+
+<li> <p> There are no changes for smtpd_mumble_restrictions,
+<a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>, <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>, or for postscreen settings,
+except for the above mentioned option to suppress the SMTP server's
+CHUNKING service announcement. </p>
+
+<li> <p> There are no changes in the Postfix queue file content,
+no changes for down-stream SMTP servers or after-queue content
+filters, and no changes in the envelope or message content that
+Milters will receive. </p>
+
+</ul>
+
+<h2> <a name="example"> Example SMTP session</a> </h2>
+
+<p> The main differences are that the Postfix SMTP server announces
+"CHUNKING" support in the EHLO response, and that instead of sending
+one DATA request, the remote SMTP client may send one or more BDAT
+requests. In the example below, "S:" indicates server responses,
+and "C:" indicates client requests (bold font). </p>
+
+<blockquote>
+<pre>
+ S: 220 server.example.com
+ C: <b>EHLO client.example.com</b>
+ S: 250-server.example.com
+ S: 250-PIPELINING
+ S: 250-SIZE 153600000
+ S: 250-VRFY
+ S: 250-ETRN
+ S: 250-STARTTLS
+ S: 250-AUTH PLAIN LOGIN
+ S: 250-ENHANCEDSTATUSCODES
+ S: 250-8BITMIME
+ S: 250-DSN
+ S: 250-SMTPUTF8
+ S: 250 CHUNKING
+ C: <b>MAIL FROM:<sender@example.com></b>
+ S: 250 2.1.0 Ok
+ C: <b>RCPT TO:<recipient@example.com></b>
+ S: 250 2.1.5 Ok
+ C: <b>BDAT 10000</b>
+ C: <b>..followed by 10000 bytes...</b>
+ S: 250 2.0.0 Ok: 10000 bytes
+ C: <b>BDAT 123</b>
+ C: <b>..followed by 123 bytes...</b>
+ S: 250 2.0.0 Ok: 123 bytes
+ C: <b>BDAT 0 LAST</b>
+ S: 250 2.0.0 Ok: 10123 bytes queued as 41yYhh41qmznjbD
+ C: <b>QUIT</b>
+ S: 221 2.0.0 Bye
+</pre>
+</blockquote>
+
+<p> Internally in Postfix, there is no difference between mail that
+was received with BDAT or with DATA. Postfix smtpd_mumble_restrictions,
+policy delegation queries, <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> and Milters all behave
+as if Postfix received (MAIL + RCPT + DATA + end-of-data). However,
+Postfix will log BDAT-related failures as "xxx after BDAT" to avoid
+complicating troubleshooting (xxx = 'lost connection' or 'timeout'),
+and will log a warning when a client sends a malformed BDAT command.
+</p>
+
+<h2> <a name="benefits">Benefits of CHUNKING (BDAT) support without
+BINARYMIME</a> </h2>
+
+<p> Support for CHUNKING (BDAT) was added to improve interoperability
+with some clients, a benefit that would reportedly exist even without
+Postfix support for BINARYMIME. Since June 2018, Wietse's mail
+server has received BDAT commands from a variety of systems. </p>
+
+<p> Postfix does not support BINARYMIME at this time because: </p>
+
+<ul>
+
+<li> <p> BINARYMIME support would require moderately invasive
+changes to Postfix, to support email content that is not line-oriented.
+With BINARYMIME, the Content-Length: message header specifies the
+length of content that may or may not have line boundaries. Without
+BINARYMIME support, email RFCs require that binary content is
+base64-encoded, and formatted as lines of text. </p>
+
+<li> <p> For delivery to non-BINARYMIME systems including UNIX mbox,
+the available options are to convert binary content into 8bit text,
+one of the 7bit forms (base64 or quoted-printable), or to return
+email as undeliverable. Any conversion would obviously break digital
+signatures, so conversion would have to happen before signing. </p>
+
+</ul>
+
+<h2> <a name="downsides">Downsides of CHUNKING (BDAT) support</a>
+</h2>
+
+<p> The <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> authors did not specify any limitations on how
+clients may pipeline commands (i.e. send commands without waiting
+for a server response). If a server announces PIPELINING support,
+like Postfix does, then a remote SMTP client can pipeline all
+commands following EHLO, for example, MAIL/RCPT/BDAT/BDAT/MAIL/RCPT/BDAT,
+without ever having to wait for a server response. This means that
+with BDAT, the Postfix SMTP server cannot distinguish between a
+well-behaved client and a spambot, based on their command pipelining
+behavior. If you require "<a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>" to block spambots,
+then turn off Postfix's CHUNKING announcement as described above.
+</p>
+
+<p> In <a href="http://tools.ietf.org/html/rfc4468">RFC 4468</a>, the authors write that a client may pipeline
+commands, and that after sending BURL LAST or BDAT LAST, a client
+must wait for the server's response. But as this text does not
+appear in <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> which defines BDAT, is it a useless restriction
+that Postfix will not enforce. </p>
+
+</body>
+
+</html>
<li> <a href="DSN_README.html"> Postfix DSN support </a>
+<li> <a href="BDAT_README.html"> Postfix BDAT (CHUNKING) support </a>
+
<li> <a href="PACKAGE_README.html"> Guidelines for Package Builders
</a>
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
List or bit-mask of OpenSSL bug work-arounds to disable.
+ Available in Postfix version 2.11-3.1:
+
+ <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
+ Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+
+ <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
+ Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+ digests of trust-anchors with certificate usage "2".
+
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor certificates
+ Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a hostname is
+ Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
- Request that the Postfix SMTP client connects using the legacy
+ Request that the Postfix SMTP client connects using the legacy
SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (dane)</b>
- The TLS policy for MX hosts with "secure" TLSA records when the
- nexthop destination security level is <b>dane</b>, but the MX record
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.4 and later:
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
- List of one or more PEM files, each holding one or more private
+ List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
- Optional name to send to the remote SMTP server in the TLS
+ Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
<b>transport_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A transport-specific override for the default_destination_con-
+ A transport-specific override for the default_destination_con-
currency_limit parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>transport_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
+ The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
+ Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail system receives
+ The network interface addresses that this mail system receives
mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The network interface addresses that this mail system receives
+ The network interface addresses that this mail system receives
mail on by way of a proxy or network address translation unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
<b><a href="postconf.5.html#maillog_file">log_file</a></b> (also, logging to stdout would interfere with the operation of
some of these programs). These programs can log to <a href="postlogd.8.html"><b>postlogd</b>(8)</a> if they
are run by the super-user, or if their executable file has set-gid per-
- mission. Do not set this permis
ion on programs other than <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
+ mission. Do not set this permis
sion on programs other than <a href="postdrop.1.html"><b>postdrop</b>(1)</a>
and <a href="postqueue.1.html"><b>postqueue</b>(1)</a>.
<b>CONFIGURATION PARAMETERS</b>
<b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
List or bit-mask of OpenSSL bug work-arounds to disable.
+ Available in Postfix version 2.11-3.1:
+
+ <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
+ Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+
+ <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
+ Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+ digests of trust-anchors with certificate usage "2".
+
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_tls_trust_anchor_file">smtp_tls_trust_anchor_file</a> (empty)</b>
- Zero or more PEM-format files with trust-anchor certificates
+ Zero or more PEM-format files with trust-anchor certificates
and/or public keys.
<b><a href="postconf.5.html#smtp_tls_force_insecure_host_tlsa_lookup">smtp_tls_force_insecure_host_tlsa_lookup</a> (no)</b>
- Lookup the associated DANE TLSA RRset even when a hostname is
+ Lookup the associated DANE TLSA RRset even when a hostname is
not an alias and its address records lie in an unsigned zone.
<b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
Available in Postfix version 3.0 and later:
<b><a href="postconf.5.html#smtp_tls_wrappermode">smtp_tls_wrappermode</a> (no)</b>
- Request that the Postfix SMTP client connects using the legacy
+ Request that the Postfix SMTP client connects using the legacy
SMTPS protocol instead of using the STARTTLS command.
Available in Postfix version 3.1 and later:
<b><a href="postconf.5.html#smtp_tls_dane_insecure_mx_policy">smtp_tls_dane_insecure_mx_policy</a> (dane)</b>
- The TLS policy for MX hosts with "secure" TLSA records when the
- nexthop destination security level is <b>dane</b>, but the MX record
+ The TLS policy for MX hosts with "secure" TLSA records when the
+ nexthop destination security level is <b>dane</b>, but the MX record
was found via an "insecure" MX lookup.
Available in Postfix version 3.4 and later:
Try to make multiple deliveries per TLS-encrypted connection.
<b><a href="postconf.5.html#smtp_tls_chain_files">smtp_tls_chain_files</a> (empty)</b>
- List of one or more PEM files, each holding one or more private
+ List of one or more PEM files, each holding one or more private
keys directly followed by a corresponding certificate chain.
<b><a href="postconf.5.html#smtp_tls_servername">smtp_tls_servername</a> (empty)</b>
- Optional name to send to the remote SMTP server in the TLS
+ Optional name to send to the remote SMTP server in the TLS
Server Name Indication (SNI) extension.
<b>OBSOLETE STARTTLS CONTROLS</b>
- The following configuration parameters exist for compatibility with
- Postfix versions before 2.3. Support for these will be removed in a
+ The following configuration parameters exist for compatibility with
+ Postfix versions before 2.3. Support for these will be removed in a
future release.
<b><a href="postconf.5.html#smtp_use_tls">smtp_use_tls</a> (no)</b>
- Opportunistic mode: use TLS when a remote SMTP server announces
+ Opportunistic mode: use TLS when a remote SMTP server announces
STARTTLS support, otherwise send the mail in the clear.
<b><a href="postconf.5.html#smtp_enforce_tls">smtp_enforce_tls</a> (no)</b>
- Enforcement mode: require that remote SMTP servers use TLS
+ Enforcement mode: require that remote SMTP servers use TLS
encryption, and never send mail in the clear.
<b><a href="postconf.5.html#smtp_tls_enforce_peername">smtp_tls_enforce_peername</a> (yes)</b>
- With mandatory TLS encryption, require that the remote SMTP
- server hostname matches the information in the remote SMTP
+ With mandatory TLS encryption, require that the remote SMTP
+ server hostname matches the information in the remote SMTP
server certificate.
<b><a href="postconf.5.html#smtp_tls_per_site">smtp_tls_per_site</a> (empty)</b>
- Optional lookup tables with the Postfix SMTP client TLS usage
- policy by next-hop destination and by remote SMTP server host-
+ Optional lookup tables with the Postfix SMTP client TLS usage
+ policy by next-hop destination and by remote SMTP server host-
name.
<b><a href="postconf.5.html#smtp_tls_cipherlist">smtp_tls_cipherlist</a> (empty)</b>
- Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
+ Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
cipher list.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#smtp_connect_timeout">smtp_connect_timeout</a> (30s)</b>
- The Postfix SMTP client time limit for completing a TCP connec-
+ The Postfix SMTP client time limit for completing a TCP connec-
tion, or zero (use the operating system built-in time limit).
<b><a href="postconf.5.html#smtp_helo_timeout">smtp_helo_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the HELO or EHLO
- command, and for receiving the initial remote SMTP server
+ The Postfix SMTP client time limit for sending the HELO or EHLO
+ command, and for receiving the initial remote SMTP server
response.
<b><a href="postconf.5.html#lmtp_lhlo_timeout">lmtp_lhlo_timeout</a> (300s)</b>
mand, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_mail_timeout">smtp_mail_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the MAIL FROM
+ The Postfix SMTP client time limit for sending the MAIL FROM
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_rcpt_timeout">smtp_rcpt_timeout</a> (300s)</b>
- The Postfix SMTP client time limit for sending the SMTP RCPT TO
+ The Postfix SMTP client time limit for sending the SMTP RCPT TO
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_init_timeout">smtp_data_init_timeout</a> (120s)</b>
- The Postfix SMTP client time limit for sending the SMTP DATA
+ The Postfix SMTP client time limit for sending the SMTP DATA
command, and for receiving the remote SMTP server response.
<b><a href="postconf.5.html#smtp_data_xfer_timeout">smtp_data_xfer_timeout</a> (180s)</b>
- The Postfix SMTP client time limit for sending the SMTP message
+ The Postfix SMTP client time limit for sending the SMTP message
content.
<b><a href="postconf.5.html#smtp_data_done_timeout">smtp_data_done_timeout</a> (600s)</b>
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtp_mx_address_limit">smtp_mx_address_limit</a> (5)</b>
- The maximal number of MX (mail exchanger) IP addresses that can
- result from Postfix SMTP client mail exchanger lookups, or zero
+ The maximal number of MX (mail exchanger) IP addresses that can
+ result from Postfix SMTP client mail exchanger lookups, or zero
(no limit).
<b><a href="postconf.5.html#smtp_mx_session_limit">smtp_mx_session_limit</a> (2)</b>
- The maximal number of SMTP sessions per delivery request before
- the Postfix SMTP client gives up or delivers to a fall-back
+ The maximal number of SMTP sessions per delivery request before
+ the Postfix SMTP client gives up or delivers to a fall-back
<a href="postconf.5.html#relayhost">relay host</a>, or zero (no limit).
<b><a href="postconf.5.html#smtp_rset_timeout">smtp_rset_timeout</a> (20s)</b>
Available in Postfix version 2.2 and earlier:
<b><a href="postconf.5.html#lmtp_cache_connection">lmtp_cache_connection</a> (yes)</b>
- Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
+ Keep
Postfix LMTP client connections open for up to $<a href="postconf.5.html#max_idle">max_idle</a>
seconds.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtp_connection_cache_destinations">smtp_connection_cache_destinations</a> (empty)</b>
- Permanently enable SMTP connection caching for the specified
+ Permanently enable SMTP connection caching for the specified
destinations.
<b><a href="postconf.5.html#smtp_connection_cache_on_demand">smtp_connection_cache_on_demand</a> (yes)</b>
- Temporarily enable SMTP connection caching while a destination
+ Temporarily enable SMTP connection caching while a destination
has a high volume of mail in the <a href="QSHAPE_README.html#active_queue">active queue</a>.
<b><a href="postconf.5.html#smtp_connection_reuse_time_limit">smtp_connection_reuse_time_limit</a> (300s)</b>
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#connection_cache_protocol_timeout">connection_cache_protocol_timeout</a> (5s)</b>
- Time limit for connection cache connect, send or receive opera-
+ Time limit for connection cache connect, send or receive opera-
tions.
Available in Postfix version 2.9 and later:
<b><a href="postconf.5.html#smtp_per_record_deadline">smtp_per_record_deadline</a> (no)</b>
- Change the behavior of the smtp_*_timeout time limits, from a
- time limit per read or write system call, to a time limit to
- send or receive a complete record (an SMTP command line, SMTP
- response line, SMTP message content line, or TLS protocol mes-
+ Change the behavior of the smtp_*_timeout time limits, from a
+ time limit per read or write system call, to a time limit to
+ send or receive a complete record (an SMTP command line, SMTP
+ response line, SMTP message content line, or TLS protocol mes-
sage).
Available in Postfix version 2.11 and later:
<b><a href="postconf.5.html#smtp_connection_reuse_count_limit">smtp_connection_reuse_count_limit</a> (0)</b>
- When SMTP connection caching is enabled, the number of times
- that an SMTP session may be reused before it is closed, or zero
+ When SMTP connection caching is enabled, the number of times
+ that an SMTP session may be reused before it is closed, or zero
(no limit).
Available in Postfix version 3.4 and later:
<b>transport_destination_concurrency_limit ($<a href="postconf.5.html#default_destination_concurrency_limit">default_destination_concur</a>-</b>
<b><a href="postconf.5.html#default_destination_concurrency_limit">rency_limit</a>)</b>
- A transport-specific override for the default_destination_con-
+ A transport-specific override for the default_destination_con-
currency_limit parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>transport_destination_recipient_limit ($<a href="postconf.5.html#default_destination_recipient_limit">default_destination_recipi</a>-</b>
<b><a href="postconf.5.html#default_destination_recipient_limit">ent_limit</a>)</b>
A transport-specific override for the <a href="postconf.5.html#default_destination_recipient_limit">default_destination_recip</a>-
- <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
+ <a href="postconf.5.html#default_destination_recipient_limit">ient_limit</a>
parameter value, where <i>transport</i> is the <a href="master.5.html">master.cf</a>
name of the message delivery transport.
<b>SMTPUTF8 CONTROLS</b>
Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
<b><a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> (yes)</b>
- Enable preliminary SMTPUTF8 support for the protocols described
+ Enable preliminary SMTPUTF8 support for the protocols described
in <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a>..6533.
<b><a href="postconf.5.html#smtputf8_autodetect_classes">smtputf8_autodetect_classes</a> (sendmail, verify)</b>
- Detect that a message requires SMTPUTF8 support for the speci-
+ Detect that a message requires SMTPUTF8 support for the speci-
fied mail origin classes.
Available in Postfix version 3.2 and later:
<b><a href="postconf.5.html#enable_idna2003_compatibility">enable_idna2003_compatibility</a> (no)</b>
- Enable 'transitional' compatibility between IDNA2003 and
- IDNA2008, when converting UTF-8 domain names to/from the ASCII
+ Enable 'transitional' compatibility between IDNA2003 and
+ IDNA2008, when converting UTF-8 domain names to/from the ASCII
form that is used for DNS lookups.
<b>TROUBLE SHOOTING CONTROLS</b>
<b><a href="postconf.5.html#debug_peer_level">debug_peer_level</a> (2)</b>
- The increment in verbose logging level when a remote client or
+ The increment in verbose logging level when a remote client or
server matches a pattern in the <a href="postconf.5.html#debug_peer_list">debug_peer_list</a> parameter.
<b><a href="postconf.5.html#debug_peer_list">debug_peer_list</a> (empty)</b>
- Optional list of remote client or server hostname or network
+ Optional list of remote client or server hostname or network
address patterns that cause the verbose logging level to
increase by the amount specified in $<a href="postconf.5.html#debug_peer_level">debug_peer_level</a>.
<b><a href="postconf.5.html#error_notice_recipient">error_notice_recipient</a> (postmaster)</b>
- The recipient of postmaster notifications about mail delivery
+ The recipient of postmaster notifications about mail delivery
problems that are caused by policy, resource, software or proto-
col errors.
<b><a href="postconf.5.html#internal_mail_filter_classes">internal_mail_filter_classes</a> (empty)</b>
- What categories of Postfix-generated mail are subject to
- before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
+ What categories of Postfix-generated mail are subject to
+ before-queue
content inspection by <a href="postconf.5.html#non_smtpd_milters">non_smtpd_milters</a>,
<a href="postconf.5.html#header_checks">header_checks</a> and <a href="postconf.5.html#body_checks">body_checks</a>.
<b><a href="postconf.5.html#notify_classes">notify_classes</a> (resource, software)</b>
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#best_mx_transport">best_mx_transport</a> (empty)</b>
- Where the Postfix SMTP client should deliver mail when it
+ Where the Postfix SMTP client should deliver mail when it
detects a "mail loops back to myself" error condition.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
- The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
+ The default location of the Postfix <a href="postconf.5.html">main.cf</a> and <a href="master.5.html">master.cf</a> con-
figuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
- How much time a Postfix daemon process may take to handle a
+ How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
<b><a href="postconf.5.html#delay_logging_resolution_limit">delay_logging_resolution_limit</a> (2)</b>
- The maximal number of digits after the decimal point when log-
+ The maximal number of digits after the decimal point when log-
ging sub-second delay values.
<b><a href="postconf.5.html#disable_dns_lookups">disable_dns_lookups</a> (no)</b>
Disable DNS lookups in the Postfix SMTP and LMTP clients.
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> (all)</b>
- The network interface addresses that this mail system receives
+ The network interface addresses that this mail system receives
mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (all)</b>
- The Internet protocols Postfix will attempt to use when making
+ The Internet protocols Postfix will attempt to use when making
or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
- The time limit for sending or receiving information over an
+ The time limit for sending or receiving information over an
internal communication channel.
<b><a href="postconf.5.html#lmtp_assume_final">lmtp_assume_final</a> (no)</b>
- When a remote LMTP server announces no DSN support, assume that
- the server performs final delivery, and send "delivered" deliv-
+ When a remote LMTP server announces no DSN support, assume that
+ the server performs final delivery, and send "delivered" deliv-
ery status notifications instead of "relayed".
<b><a href="postconf.5.html#lmtp_tcp_port">lmtp_tcp_port</a> (24)</b>
The default TCP port that the Postfix LMTP client connects to.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
- The maximum amount of time that an idle Postfix daemon process
+ The maximum amount of time that an idle Postfix daemon process
waits for an incoming connection before terminating voluntarily.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The process name of a Postfix command or daemon process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
- The network interface addresses that this mail system receives
+ The network interface addresses that this mail system receives
mail on by way of a proxy or network address translation unit.
<b><a href="postconf.5.html#smtp_address_preference">smtp_address_preference</a> (any)</b>
The address type ("ipv6", "ipv4" or "any") that the Postfix SMTP
- client will try first, when a destination has IPv6 and IPv4
+ client will try first, when a destination has IPv6 and IPv4
addresses with equal MX preference.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv4 connection.
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
- An optional numerical network address that the Postfix SMTP
+ An optional numerical network address that the Postfix SMTP
client should bind to when making an IPv6 connection.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (see 'postconf -d' output)</b>
- A prefix that is prepended to the process name in syslog
+ A prefix that is prepended to the process name in syslog
records, so that, for example, "smtpd" becomes "prefix/smtpd".
Available with Postfix 2.2 and earlier:
Available with Postfix 3.0 and later:
<b><a href="postconf.5.html#smtp_address_verify_target">smtp_address_verify_target</a> (rcpt)</b>
- In the context of email address verification, the SMTP protocol
+ In the context of email address verification, the SMTP protocol
stage that determines whether an email address is deliverable.
Available with Postfix 3.1 and later:
<b>README FILES</b>
<a href="ADDRESS_CLASS_README.html">ADDRESS_CLASS_README</a>, blocking unknown hosted or relay recipients
- <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a> Postfix address manipulation
+ <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, Postfix address manipulation
+ <a href="BDAT_README.html">BDAT_README</a>, Postfix CHUNKING support
<a href="FILTER_README.html">FILTER_README</a>, external after-queue content filter
<a href="LOCAL_RECIPIENT_README.html">LOCAL_RECIPIENT_README</a>, blocking unknown local recipients
<a href="MILTER_README.html">MILTER_README</a>, before-queue mail filter applications
The text below provides only a parameter summary. See <a href="postconf.5.html"><b>postconf</b>(5)</a> for
more details including examples.
-<b>STARTTLS SUPPORT CONTROLS</b>
+<b>STARTTLS GLOBAL CONTROLS</b>
+ The following settings are global and therefore cannot be overruled by
+ information specified in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request.
+
+ <b><a href="postconf.5.html#tls_append_default_CA">tls_append_default_CA</a> (no)</b>
+ Append the system-supplied default Certification Authority cer-
+ tificates to the ones specified with *_tls_CApath or
+ *_tls_CAfile.
+
+ <b><a href="postconf.5.html#tls_daemon_random_bytes">tls_daemon_random_bytes</a> (32)</b>
+ The number of pseudo-random bytes that an <a href="smtp.8.html"><b>smtp</b>(8)</a> or <a href="smtpd.8.html"><b>smtpd</b>(8)</a>
+ process requests from the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> server in order to seed its
+ internal pseudo random number generator (PRNG).
+
+ <b><a href="postconf.5.html#tls_high_cipherlist">tls_high_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "high" grade ciphers.
+
+ <b><a href="postconf.5.html#tls_medium_cipherlist">tls_medium_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "medium" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_low_cipherlist">tls_low_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "low" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_export_cipherlist">tls_export_cipherlist</a> (see 'postconf -d' output)</b>
+ The OpenSSL cipherlist for "export" or higher grade ciphers.
+
+ <b><a href="postconf.5.html#tls_null_cipherlist">tls_null_cipherlist</a> (eNULL:!aNULL)</b>
+ The OpenSSL cipherlist for "NULL" grade ciphers that provide
+ authentication without encryption.
+
+ <b><a href="postconf.5.html#tls_eecdh_strong_curve">tls_eecdh_strong_curve</a> (prime256v1)</b>
+ The elliptic curve used by the Postfix SMTP server for sensibly
+ strong ephemeral ECDH key exchange.
+
+ <b><a href="postconf.5.html#tls_eecdh_ultra_curve">tls_eecdh_ultra_curve</a> (secp384r1)</b>
+ The elliptic curve used by the Postfix SMTP server for maximally
+ strong ephemeral ECDH key exchange.
+
+ <b><a href="postconf.5.html#tls_disable_workarounds">tls_disable_workarounds</a> (see 'postconf -d' output)</b>
+ List or bit-mask of OpenSSL bug work-arounds to disable.
+
+ <b><a href="postconf.5.html#tls_preempt_cipherlist">tls_preempt_cipherlist</a> (no)</b>
+ With SSLv3 and later, use the Postfix SMTP server's cipher pref-
+ erence order instead of the remote client's cipher preference
+ order.
+
+ Available in Postfix version 2.9 and later:
+
+ <b><a href="postconf.5.html#tls_legacy_public_key_fingerprint">tls_legacy_public_key_fingerprints</a> (no)</b>
+ A temporary migration aid for sites that use certificate <i>pub-</i>
+ <i>lic-key</i> fingerprints with Postfix 2.9.0..2.9.5, which use an
+ incorrect algorithm.
+
+ Available in Postfix version 2.11-3.1:
+
+ <b><a href="postconf.5.html#tls_dane_digest_agility">tls_dane_digest_agility</a> (on)</b>
+ Configure <a href="http://tools.ietf.org/html/rfc7671">RFC7671</a> DANE TLSA digest algorithm agility.
+
+ <b><a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">tls_dane_trust_anchor_digest_enable</a> (yes)</b>
+ Enable support for <a href="http://tools.ietf.org/html/rfc6698">RFC 6698</a> (DANE TLSA) DNS records that contain
+ digests of trust-anchors with certificate usage "2".
+
+ Available in Postfix version 2.11 and later:
+
+ <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
+ The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
+
+ Available in Postfix version 3.0 and later:
+
+ <b><a href="postconf.5.html#tls_session_ticket_cipher">tls_session_ticket_cipher</a> (Postfix</b> ><b>= 3.0: aes-256-cbc, Postfix</b> < <b>3.0:</b>
+ <b>aes-128-cbc)</b>
+ Algorithm used to encrypt <a href="http://tools.ietf.org/html/rfc5077">RFC5077</a> TLS session tickets.
+
+ <b><a href="postconf.5.html#openssl_path">openssl_path</a> (openssl)</b>
+ The location of the OpenSSL command line program <b>openssl</b>(1).
+
+ Available in Postfix version 3.2 and later:
+
+ <b><a href="postconf.5.html#tls_eecdh_auto_curves">tls_eecdh_auto_curves</a> (see 'postconf -d' output)</b>
+ The prioritized list of elliptic curves supported by the Postfix
+ SMTP client and server.
+
+ Available in Postfix version 3.4 and later:
+
+ <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b>
+ Optional lookup tables that map names received from remote SMTP
+ clients via the TLS Server Name Indication (SNI) extension to
+ the appropriate keys and certificate chains.
+
+<b>STARTTLS SERVER CONTROLS</b>
+ These settings are clones of Postfix SMTP server settings. They allow
+ <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
+ the Postfix SMTP server, before dropping privileges, so that the key
+ files can be kept read-only for root. These settings can currently not
+ be overruled by information in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request, but that
+ limitation may be removed in a future version.
+
<b><a href="postconf.5.html#tlsproxy_tls_CAfile">tlsproxy_tls_CAfile</a> ($<a href="postconf.5.html#smtpd_tls_CAfile">smtpd_tls_CAfile</a>)</b>
- A file containing (PEM format) CA certificates of root CAs
+ A file containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or inter-
mediate CA certificates.
<b><a href="postconf.5.html#tlsproxy_tls_CApath">tlsproxy_tls_CApath</a> ($<a href="postconf.5.html#smtpd_tls_CApath">smtpd_tls_CApath</a>)</b>
- A directory containing (PEM format) CA certificates of root CAs
+ A directory containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or inter-
mediate CA certificates.
<b><a href="postconf.5.html#tlsproxy_tls_always_issue_session_ids">tlsproxy_tls_always_issue_session_ids</a> ($<a href="postconf.5.html#smtpd_tls_always_issue_session_ids">smtpd_tls_always_issue_ses</a>-</b>
<b><a href="postconf.5.html#smtpd_tls_always_issue_session_ids">sion_ids</a>)</b>
- Force the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server to issue a TLS session id,
+ Force the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server to issue a TLS session id,
even when TLS session caching is turned off.
<b><a href="postconf.5.html#tlsproxy_tls_ask_ccert">tlsproxy_tls_ask_ccert</a> ($<a href="postconf.5.html#smtpd_tls_ask_ccert">smtpd_tls_ask_ccert</a>)</b>
The verification depth for remote SMTP client certificates.
<b><a href="postconf.5.html#tlsproxy_tls_cert_file">tlsproxy_tls_cert_file</a> ($<a href="postconf.5.html#smtpd_tls_cert_file">smtpd_tls_cert_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA certificate in PEM
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA certificate in PEM
format.
<b><a href="postconf.5.html#tlsproxy_tls_ciphers">tlsproxy_tls_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_ciphers">smtpd_tls_ciphers</a>)</b>
will use with opportunistic TLS encryption.
<b><a href="postconf.5.html#tlsproxy_tls_dcert_file">tlsproxy_tls_dcert_file</a> ($<a href="postconf.5.html#smtpd_tls_dcert_file">smtpd_tls_dcert_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA certificate in PEM
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA certificate in PEM
format.
<b><a href="postconf.5.html#tlsproxy_tls_dh1024_param_file">tlsproxy_tls_dh1024_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh1024_param_file">smtpd_tls_dh1024_param_file</a>)</b>
- File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
should use with non-export EDH ciphers.
<b><a href="postconf.5.html#tlsproxy_tls_dh512_param_file">tlsproxy_tls_dh512_param_file</a> ($<a href="postconf.5.html#smtpd_tls_dh512_param_file">smtpd_tls_dh512_param_file</a>)</b>
- File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
+ File with DH parameters that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server
should use with export-grade EDH ciphers.
<b><a href="postconf.5.html#tlsproxy_tls_dkey_file">tlsproxy_tls_dkey_file</a> ($<a href="postconf.5.html#smtpd_tls_dkey_file">smtpd_tls_dkey_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA private key in PEM
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server DSA private key in PEM
format.
<b><a href="postconf.5.html#tlsproxy_tls_eccert_file">tlsproxy_tls_eccert_file</a> ($<a href="postconf.5.html#smtpd_tls_eccert_file">smtpd_tls_eccert_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA certificate in
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA certificate in
PEM format.
<b><a href="postconf.5.html#tlsproxy_tls_eckey_file">tlsproxy_tls_eckey_file</a> ($<a href="postconf.5.html#smtpd_tls_eckey_file">smtpd_tls_eckey_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA private key in
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server ECDSA private key in
PEM format.
<b><a href="postconf.5.html#tlsproxy_tls_eecdh_grade">tlsproxy_tls_eecdh_grade</a> ($<a href="postconf.5.html#smtpd_tls_eecdh_grade">smtpd_tls_eecdh_grade</a>)</b>
- The Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server security grade for ephemeral
+ The Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server security grade for ephemeral
elliptic-curve Diffie-Hellman (EECDH) key exchange.
<b><a href="postconf.5.html#tlsproxy_tls_exclude_ciphers">tlsproxy_tls_exclude_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_exclude_ciphers">smtpd_tls_exclude_ciphers</a>)</b>
- List
of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
+ List
of ciphers or cipher types to exclude from the <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a>
server cipher list at all TLS security levels.
<b><a href="postconf.5.html#tlsproxy_tls_fingerprint_digest">tlsproxy_tls_fingerprint_digest</a> ($<a href="postconf.5.html#smtpd_tls_fingerprint_digest">smtpd_tls_fingerprint_digest</a>)</b>
- The message digest algorithm to construct remote SMTP
+ The message digest algorithm to construct remote SMTP
client-certificate fingerprints.
<b><a href="postconf.5.html#tlsproxy_tls_key_file">tlsproxy_tls_key_file</a> ($<a href="postconf.5.html#smtpd_tls_key_file">smtpd_tls_key_file</a>)</b>
- File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA private key in PEM
+ File with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server RSA private key in PEM
format.
<b><a href="postconf.5.html#tlsproxy_tls_loglevel">tlsproxy_tls_loglevel</a> ($<a href="postconf.5.html#smtpd_tls_loglevel">smtpd_tls_loglevel</a>)</b>
- Enable additional Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server logging of TLS
+ Enable additional Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server logging of TLS
activity.
<b><a href="postconf.5.html#tlsproxy_tls_mandatory_ciphers">tlsproxy_tls_mandatory_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_ciphers">smtpd_tls_mandatory_ciphers</a>)</b>
<b><a href="postconf.5.html#tlsproxy_tls_mandatory_exclude_ciphers">tlsproxy_tls_mandatory_exclude_ciphers</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">smtpd_tls_manda</a>-</b>
<b><a href="postconf.5.html#smtpd_tls_mandatory_exclude_ciphers">tory_exclude_ciphers</a>)</b>
- Additional list of ciphers or cipher types to exclude from the
+ Additional list of ciphers or cipher types to exclude from the
<a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server cipher list at mandatory TLS security levels.
<b><a href="postconf.5.html#tlsproxy_tls_mandatory_protocols">tlsproxy_tls_mandatory_protocols</a> ($<a href="postconf.5.html#smtpd_tls_mandatory_protocols">smtpd_tls_mandatory_protocols</a>)</b>
with mandatory TLS encryption.
<b><a href="postconf.5.html#tlsproxy_tls_protocols">tlsproxy_tls_protocols</a> ($<a href="postconf.5.html#smtpd_tls_protocols">smtpd_tls_protocols</a>)</b>
- List of TLS protocols that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server will
+ List of TLS protocols that the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server will
exclude or include with opportunistic TLS encryption.
<b><a href="postconf.5.html#tlsproxy_tls_req_ccert">tlsproxy_tls_req_ccert</a> ($<a href="postconf.5.html#smtpd_tls_req_ccert">smtpd_tls_req_ccert</a>)</b>
- With mandatory TLS encryption, require a trusted remote SMTP
+ With mandatory TLS encryption, require a trusted remote SMTP
client certificate in order to allow TLS connections to proceed.
<b><a href="postconf.5.html#tlsproxy_tls_security_level">tlsproxy_tls_security_level</a> ($<a href="postconf.5.html#smtpd_tls_security_level">smtpd_tls_security_level</a>)</b>
- The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server;
+ The SMTP TLS security level for the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server;
when a non-empty value is specified, this overrides the obsolete
parameters <a href="postconf.5.html#smtpd_use_tls">smtpd_use_tls</a> and <a href="postconf.5.html#smtpd_enforce_tls">smtpd_enforce_tls</a>.
- Available in Postfix version 2.11 and later:
-
- <b><a href="postconf.5.html#tlsmgr_service_name">tlsmgr_service_name</a> (tlsmgr)</b>
- The name of the <a href="tlsmgr.8.html"><b>tlsmgr</b>(8)</a> service entry in <a href="master.5.html">master.cf</a>.
-
- Available in Postfix version 3.4 and later:
-
<b><a href="postconf.5.html#tlsproxy_tls_chain_files">tlsproxy_tls_chain_files</a> ($<a href="postconf.5.html#smtpd_tls_chain_files">smtpd_tls_chain_files</a>)</b>
- Files with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server keys and certificate
+ Files with the Postfix <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> server keys and certificate
chains in PEM format.
- <b><a href="postconf.5.html#tls_server_sni_maps">tls_server_sni_maps</a> (empty)</b>
- Optional lookup tables that map names received from remote SMTP
- clients via the TLS Server Name Indication (SNI) extension to
- the appropriate keys and certificate chains.
-
-<b>TLS CLIENT CONTROLS</b>
- These parameters are clones of SMTP client settings. They allow
+<b>STARTTLS CLIENT CONTROLS</b>
+ These settings are clones of Postfix SMTP client settings. They allow
<a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> to load the same certificate and private key information as
- the SMTP client, before dropping privileges, so that the key files can
- be kept read-only for root.
+ the Postfix SMTP client, before dropping privileges, so that the key
+ files can be kept read-only for root. Some settings may be overruled by
+ information in a <a href="tlsproxy.8.html"><b>tlsproxy</b>(8)</a> client request.
Available in Postfix version 3.4 and later:
with the operation of some of these programs). These programs
can log to \fBpostlogd\fR(8) if they are run by the super\-user,
or if their executable file has set\-gid permission. Do not
-set this permision on programs other than \fBpostdrop\fR(1)
+set this permission on programs other than \fBpostdrop\fR(1)
and \fBpostqueue\fR(1).
.SH "CONFIGURATION PARAMETERS"
.na
.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
List or bit\-mask of OpenSSL bug work\-arounds to disable.
.PP
+Available in Postfix version 2.11\-3.1:
+.IP "\fBtls_dane_digest_agility (on)\fR"
+Configure RFC7671 DANE TLSA digest algorithm agility.
+.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
+Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+digests of trust\-anchors with certificate usage "2".
+.PP
Available in Postfix version 2.11 and later:
.IP "\fBsmtp_tls_trust_anchor_file (empty)\fR"
Zero or more PEM\-format files with trust\-anchor certificates
.na
.nf
ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
-ADDRESS_REWRITING_README Postfix address manipulation
+ADDRESS_REWRITING_README, Postfix address manipulation
+BDAT_README, Postfix CHUNKING support
FILTER_README, external after\-queue content filter
LOCAL_RECIPIENT_README, blocking unknown local recipients
MILTER_README, before\-queue mail filter applications
The text below provides only a parameter summary. See
\fBpostconf\fR(5) for more details including examples.
-.SH "STARTTLS SUPPORT CONTROLS"
+.SH "STARTTLS GLOBAL CONTROLS"
.na
.nf
.ad
.fi
+The following settings are global and therefore cannot be
+overruled by information specified in a \fBtlsproxy\fR(8)
+client request.
+.IP "\fBtls_append_default_CA (no)\fR"
+Append the system\-supplied default Certification Authority
+certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
+.IP "\fBtls_daemon_random_bytes (32)\fR"
+The number of pseudo\-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
+process requests from the \fBtlsmgr\fR(8) server in order to seed its
+internal pseudo random number generator (PRNG).
+.IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "high" grade ciphers.
+.IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "medium" or higher grade ciphers.
+.IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "low" or higher grade ciphers.
+.IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+The OpenSSL cipherlist for "export" or higher grade ciphers.
+.IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
+The OpenSSL cipherlist for "NULL" grade ciphers that provide
+authentication without encryption.
+.IP "\fBtls_eecdh_strong_curve (prime256v1)\fR"
+The elliptic curve used by the Postfix SMTP server for sensibly
+strong
+ephemeral ECDH key exchange.
+.IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR"
+The elliptic curve used by the Postfix SMTP server for maximally
+strong
+ephemeral ECDH key exchange.
+.IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
+List or bit\-mask of OpenSSL bug work\-arounds to disable.
+.IP "\fBtls_preempt_cipherlist (no)\fR"
+With SSLv3 and later, use the Postfix SMTP server's cipher
+preference order instead of the remote client's cipher preference
+order.
+.PP
+Available in Postfix version 2.9 and later:
+.IP "\fBtls_legacy_public_key_fingerprints (no)\fR"
+A temporary migration aid for sites that use certificate
+\fIpublic\-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use
+an incorrect algorithm.
+.PP
+Available in Postfix version 2.11\-3.1:
+.IP "\fBtls_dane_digest_agility (on)\fR"
+Configure RFC7671 DANE TLSA digest algorithm agility.
+.IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
+Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+digests of trust\-anchors with certificate usage "2".
+.PP
+Available in Postfix version 2.11 and later:
+.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
+The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+.PP
+Available in Postfix version 3.0 and later:
+.IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes\-256\-cbc, Postfix < 3.0: aes\-128\-cbc)\fR"
+Algorithm used to encrypt RFC5077 TLS session tickets.
+.IP "\fBopenssl_path (openssl)\fR"
+The location of the OpenSSL command line program \fBopenssl\fR(1).
+.PP
+Available in Postfix version 3.2 and later:
+.IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
+The prioritized list of elliptic curves supported by the Postfix
+SMTP client and server.
+.PP
+Available in Postfix version 3.4 and later:
+.IP "\fBtls_server_sni_maps (empty)\fR"
+Optional lookup tables that map names received from remote SMTP
+clients via the TLS Server Name Indication (SNI) extension to the
+appropriate keys and certificate chains.
+.SH "STARTTLS SERVER CONTROLS"
+.na
+.nf
+.ad
+.fi
+These settings are clones of Postfix SMTP server settings.
+They allow \fBtlsproxy\fR(8) to load the same certificate
+and private key information as the Postfix SMTP server,
+before dropping privileges, so that the key files can be
+kept read\-only for root. These settings can currently not
+be overruled by information in a \fBtlsproxy\fR(8) client
+request, but that limitation may be removed in a future
+version.
.IP "\fBtlsproxy_tls_CAfile ($smtpd_tls_CAfile)\fR"
A file containing (PEM format) CA certificates of root CAs
trusted to sign either remote SMTP client certificates or intermediate
The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server;
when a non\-empty value is specified, this overrides the obsolete
parameters smtpd_use_tls and smtpd_enforce_tls.
-.PP
-Available in Postfix version 2.11 and later:
-.IP "\fBtlsmgr_service_name (tlsmgr)\fR"
-The name of the \fBtlsmgr\fR(8) service entry in master.cf.
-.PP
-Available in Postfix version 3.4 and later:
.IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR"
Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
chains in PEM format.
-.IP "\fBtls_server_sni_maps (empty)\fR"
-Optional lookup tables that map names received from remote SMTP
-clients via the TLS Server Name Indication (SNI) extension to the
-appropriate keys and certificate chains.
-.SH "TLS CLIENT CONTROLS"
+.SH "STARTTLS CLIENT CONTROLS"
.na
.nf
.ad
.fi
-These parameters are clones of SMTP client settings. They
-allow \fBtlsproxy\fR(8) to load the same certificate and
-private key information as the SMTP client, before dropping
-privileges, so that the key files can be kept read\-only for
-root.
+These settings are clones of Postfix SMTP client settings.
+They allow \fBtlsproxy\fR(8) to load the same certificate
+and private key information as the Postfix SMTP client,
+before dropping privileges, so that the key files can be
+kept read\-only for root. Some settings may be overruled by
+information in a \fBtlsproxy\fR(8) client request.
.PP
Available in Postfix version 3.4 and later:
.IP "\fBtlsproxy_client_CAfile ($smtp_tls_CAfile)\fR"
s;\btls_session_ticket_cipher\b;<a href="postconf.5.html#tls_session_ticket_cipher">$&</a>;g;
s;\btls_server_sni_maps\b;<a href="postconf.5.html#tls_server_sni_maps">$&</a>;g;
s;\btls_ssl_options\b;<a href="postconf.5.html#tls_ssl_options">$&</a>;g;
+ s;\btls_dane_digest_agility\b;<a href="postconf.5.html#tls_dane_digest_agility">$&</a>;g;
+ s;\btls_dane_trust_anchor_digest_enable\b;<a href="postconf.5.html#tls_dane_trust_anchor_digest_enable">$&</a>;g;
s;\bfrozen_delivered_to\b;<a href="postconf.5.html#frozen_delivered_to">$&</a>;g;
s;\breset_owner_alias\b;<a href="postconf.5.html#reset_owner_alias">$&</a>;g;
--- /dev/null
+<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+
+<head>
+
+<title>Postfix BDAT (CHUNKING) support</title>
+
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+
+</head>
+
+<body>
+
+<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
+BDAT (CHUNKING) support</h1>
+
+<hr>
+
+<h2>Overview </h2>
+
+<p> Postfix SMTP server supports RFC 3030 CHUNKING (the BDAT command)
+without BINARYMIME, in both smtpd(8) and postscreen(8). It is enabled
+by default. </p>
+
+<p> Topics covered in this document: </p>
+
+<ul>
+
+<li><a href="#disable"> Disabling BDAT support</a>
+
+<li><a href="#impact"> Impact on existing configurations</a>
+
+<li><a href="#example"> Example SMTP session</a>
+
+<li> <a href="#benefits">Benefits of CHUNKING (BDAT) support without BINARYMIME</a>
+
+<li> <a href="#downsides">Downsides of CHUNKING (BDAT) support</a>
+
+</ul>
+
+<h2> <a name="disable"> Disabling BDAT support </a> </h2>
+
+<p> BDAT support is enabled by default. To disable BDAT support
+globally: </p>
+
+<blockquote>
+<pre>
+/etc/postfix/main.cf:
+ # The logging alternative:
+ smtpd_discard_ehlo_keywords = chunking
+ # The non-logging alternative:
+ smtpd_discard_ehlo_keywords = chunking, silent_discard
+</pre>
+</blockquote>
+
+<p> Specify '-o smtpd_discard_ehlo_keywords=' in master.cf
+for the submission and smtps services, if you have clients
+that benefit from CHUNKING support. </p>
+
+<h2> <a name="impact"> Impact on existing configurations </a> </h2>
+
+<ul>
+
+<li> <p> There are no changes for smtpd_mumble_restrictions,
+smtpd_proxy_filter, smtpd_milters, or for postscreen settings,
+except for the above mentioned option to suppress the SMTP server's
+CHUNKING service announcement. </p>
+
+<li> <p> There are no changes in the Postfix queue file content,
+no changes for down-stream SMTP servers or after-queue content
+filters, and no changes in the envelope or message content that
+Milters will receive. </p>
+
+</ul>
+
+<h2> <a name="example"> Example SMTP session</a> </h2>
+
+<p> The main differences are that the Postfix SMTP server announces
+"CHUNKING" support in the EHLO response, and that instead of sending
+one DATA request, the remote SMTP client may send one or more BDAT
+requests. In the example below, "S:" indicates server responses,
+and "C:" indicates client requests (bold font). </p>
+
+<blockquote>
+<pre>
+ S: 220 server.example.com
+ C: <b>EHLO client.example.com</b>
+ S: 250-server.example.com
+ S: 250-PIPELINING
+ S: 250-SIZE 153600000
+ S: 250-VRFY
+ S: 250-ETRN
+ S: 250-STARTTLS
+ S: 250-AUTH PLAIN LOGIN
+ S: 250-ENHANCEDSTATUSCODES
+ S: 250-8BITMIME
+ S: 250-DSN
+ S: 250-SMTPUTF8
+ S: 250 CHUNKING
+ C: <b>MAIL FROM:<sender@example.com></b>
+ S: 250 2.1.0 Ok
+ C: <b>RCPT TO:<recipient@example.com></b>
+ S: 250 2.1.5 Ok
+ C: <b>BDAT 10000</b>
+ C: <b>..followed by 10000 bytes...</b>
+ S: 250 2.0.0 Ok: 10000 bytes
+ C: <b>BDAT 123</b>
+ C: <b>..followed by 123 bytes...</b>
+ S: 250 2.0.0 Ok: 123 bytes
+ C: <b>BDAT 0 LAST</b>
+ S: 250 2.0.0 Ok: 10123 bytes queued as 41yYhh41qmznjbD
+ C: <b>QUIT</b>
+ S: 221 2.0.0 Bye
+</pre>
+</blockquote>
+
+<p> Internally in Postfix, there is no difference between mail that
+was received with BDAT or with DATA. Postfix smtpd_mumble_restrictions,
+policy delegation queries, smtpd_proxy_filter and Milters all behave
+as if Postfix received (MAIL + RCPT + DATA + end-of-data). However,
+Postfix will log BDAT-related failures as "xxx after BDAT" to avoid
+complicating troubleshooting (xxx = 'lost connection' or 'timeout'),
+and will log a warning when a client sends a malformed BDAT command.
+</p>
+
+<h2> <a name="benefits">Benefits of CHUNKING (BDAT) support without
+BINARYMIME</a> </h2>
+
+<p> Support for CHUNKING (BDAT) was added to improve interoperability
+with some clients, a benefit that would reportedly exist even without
+Postfix support for BINARYMIME. Since June 2018, Wietse's mail
+server has received BDAT commands from a variety of systems. </p>
+
+<p> Postfix does not support BINARYMIME at this time because: </p>
+
+<ul>
+
+<li> <p> BINARYMIME support would require moderately invasive
+changes to Postfix, to support email content that is not line-oriented.
+With BINARYMIME, the Content-Length: message header specifies the
+length of content that may or may not have line boundaries. Without
+BINARYMIME support, email RFCs require that binary content is
+base64-encoded, and formatted as lines of text. </p>
+
+<li> <p> For delivery to non-BINARYMIME systems including UNIX mbox,
+the available options are to convert binary content into 8bit text,
+one of the 7bit forms (base64 or quoted-printable), or to return
+email as undeliverable. Any conversion would obviously break digital
+signatures, so conversion would have to happen before signing. </p>
+
+</ul>
+
+<h2> <a name="downsides">Downsides of CHUNKING (BDAT) support</a>
+</h2>
+
+<p> The RFC 3030 authors did not specify any limitations on how
+clients may pipeline commands (i.e. send commands without waiting
+for a server response). If a server announces PIPELINING support,
+like Postfix does, then a remote SMTP client can pipeline all
+commands following EHLO, for example, MAIL/RCPT/BDAT/BDAT/MAIL/RCPT/BDAT,
+without ever having to wait for a server response. This means that
+with BDAT, the Postfix SMTP server cannot distinguish between a
+well-behaved client and a spambot, based on their command pipelining
+behavior. If you require "reject_unauth_pipelining" to block spambots,
+then turn off Postfix's CHUNKING announcement as described above.
+</p>
+
+<p> In RFC 4468, the authors write that a client may pipeline
+commands, and that after sending BURL LAST or BDAT LAST, a client
+must wait for the server's response. But as this text does not
+appear in RFC 3030 which defines BDAT, is it a useless restriction
+that Postfix will not enforce. </p>
+
+</body>
+
+</html>
../html/ADDRESS_VERIFICATION_README.html \
../html/BACKSCATTER_README.html \
../html/BASIC_CONFIGURATION_README.html \
+ ../html/BDAT_README.html \
../html/BUILTIN_FILTER_README.html \
../html/CDB_README.html \
../html/COMPATIBILITY_README.html \
../README_FILES/ADDRESS_VERIFICATION_README \
../README_FILES/BACKSCATTER_README \
../README_FILES/BASIC_CONFIGURATION_README \
+ ../README_FILES/BDAT_README \
../README_FILES/BUILTIN_FILTER_README \
../README_FILES/CDB_README \
../README_FILES/COMPATIBILITY_README \
../html/BASIC_CONFIGURATION_README.html: BASIC_CONFIGURATION_README.html
$(DETAB) $? | $(POSTLINK) >$@
+../html/BDAT_README.html: BDAT_README.html
+ $(DETAB) $? | $(POSTLINK) >$@
+
../html/BUILTIN_FILTER_README.html: BUILTIN_FILTER_README.html
$(DETAB) $? | $(POSTLINK) >$@
../README_FILES/BASIC_CONFIGURATION_README: BASIC_CONFIGURATION_README.html
$(DETAB) $? | $(HT2READ) >$@
+../README_FILES/BDAT_README: BDAT_README.html
+ $(DETAB) $? | $(HT2READ) >$@
+
../README_FILES/BUILTIN_FILTER_README: BUILTIN_FILTER_README.html
$(DETAB) $? | $(HT2READ) >$@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
-#define MAIL_RELEASE_DATE "20190209"
-#define MAIL_VERSION_NUMBER "3.4"
+#define MAIL_RELEASE_DATE "20190210"
+#define MAIL_VERSION_NUMBER "3.5"
#ifdef SNAPSHOT
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
+/*
+/* Wietse Venema
+/* Google, Inc.
+/* 111 8th Avenue
+/* New York, NY 10011, USA
/*--*/
/* System libraries. */
/* with the operation of some of these programs). These programs
/* can log to \fBpostlogd\fR(8) if they are run by the super-user,
/* or if their executable file has set-gid permission. Do not
-/* set this permision on programs other than \fBpostdrop\fR(1)
+/* set this permission on programs other than \fBpostdrop\fR(1)
/* and \fBpostqueue\fR(1).
/* CONFIGURATION PARAMETERS
/* .ad
/* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
/* List or bit-mask of OpenSSL bug work-arounds to disable.
/* .PP
+/* Available in Postfix version 2.11-3.1:
+/* .IP "\fBtls_dane_digest_agility (on)\fR"
+/* Configure RFC7671 DANE TLSA digest algorithm agility.
+/* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
+/* Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+/* digests of trust-anchors with certificate usage "2".
+/* .PP
/* Available in Postfix version 2.11 and later:
/* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR"
/* Zero or more PEM-format files with trust-anchor certificates
/* .na
/* .nf
/* ADDRESS_CLASS_README, blocking unknown hosted or relay recipients
-/* ADDRESS_REWRITING_README Postfix address manipulation
+/* ADDRESS_REWRITING_README, Postfix address manipulation
+/* BDAT_README, Postfix CHUNKING support
/* FILTER_README, external after-queue content filter
/* LOCAL_RECIPIENT_README, blocking unknown local recipients
/* MILTER_README, before-queue mail filter applications
extern int tls_proxy_client_init_scan(ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
extern void tls_proxy_client_init_free(TLS_CLIENT_INIT_PROPS *);
extern char *tls_proxy_client_init_to_string(VSTRING *, TLS_CLIENT_INIT_PROPS *);
+extern char *tls_proxy_client_init_with_names_to_string(VSTRING *, TLS_CLIENT_INIT_PROPS *);
extern int tls_proxy_client_start_print(ATTR_PRINT_MASTER_FN, VSTREAM *, int, void *);
extern int tls_proxy_client_start_scan(ATTR_SCAN_MASTER_FN, VSTREAM *, int, void *);
/* char *tls_proxy_client_param_with_names_to_string(buf, params)
/* VSTRING *buf;
/* TLS_CLIENT_PARAMS *params;
+/*
+/* char *tls_proxy_client_init_to_string(buf, init_props)
+/* VSTRING *buf;
+/* TLS_CLIENT_INIT_PROPS *init_props;
/* DESCRIPTION
/* tls_proxy_client_param_from_config() initializes a TLS_CLIENT_PARAMS
/* structure from configuration parameters and returns its
/* tls_proxy_client_param_to_string() produces a lookup key
/* that is unique for the TLS_CLIENT_PARAMS member values.
/*
-/* tls_proxy_client_param_with_names_to_string() TODO produces a
-/* string with "name = value\n" for each TLS_CLIENT_PARAMS member.
-/* This may be useful for reporting differences between
+/* tls_proxy_client_param_with_names_to_string() produces a
+/* string with "name = value\n" for each TLS_CLIENT_PARAMS
+/* member. This may be useful for reporting differences between
/* TLS_CLIENT_PARAMS instances.
+/*
+/* tls_proxy_client_init_to_string() produces a lookup key
+/* that is unique for the properties received by
+/* tls_proxy_client_init_scan().
+/*
+/* tls_proxy_client_init_with_names_to_string() produces a
+/* string with "name = value\n" for each TLS_CLIENT_INIT_PROPS
+/* member. This may be useful for reporting differences between
+/* TLS_CLIENT_INIT_PROPS instances.
/* LICENSE
/* .ad
/* .fi
return (vstring_str(buf));
}
+/* tls_proxy_client_init_to_string - serialize to string */
+
+char *tls_proxy_client_init_to_string(VSTRING *buf,
+ TLS_CLIENT_INIT_PROPS *props)
+{
+ vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n%s\n"
+ "%s\n%s\n%s\n%s\n%s\n", props->log_param,
+ props->log_level, props->verifydepth,
+ props->cache_type, props->chain_files,
+ props->cert_file, props->key_file,
+ props->dcert_file, props->dkey_file,
+ props->eccert_file, props->eckey_file,
+ props->CAfile, props->CApath, props->mdalg);
+ return (vstring_str(buf));
+}
+
+/* tls_proxy_client_init_with_names_to_string - serialize to string */
+
+char *tls_proxy_client_init_with_names_to_string(VSTRING *buf,
+ TLS_CLIENT_INIT_PROPS *props)
+{
+ vstring_sprintf(buf, "%s = %s\n%s = %s\n%s = %d\n%s = %s\n%s = %s\n"
+ "%s = %s\n%s = %s\n%s = %s\n%s = %s\n%s = %s\n"
+ "%s = %s\n%s = %s\n%s = %s\n%s = %s\n",
+ TLS_ATTR_LOG_PARAM, props->log_param,
+ TLS_ATTR_LOG_LEVEL, props->log_level,
+ TLS_ATTR_VERIFYDEPTH, props->verifydepth,
+ TLS_ATTR_CACHE_TYPE, props->cache_type,
+ TLS_ATTR_CHAIN_FILES, props->chain_files,
+ TLS_ATTR_CERT_FILE, props->cert_file,
+ TLS_ATTR_KEY_FILE, props->key_file,
+ TLS_ATTR_DCERT_FILE, props->dcert_file,
+ TLS_ATTR_DKEY_FILE, props->dkey_file,
+ TLS_ATTR_ECCERT_FILE, props->eccert_file,
+ TLS_ATTR_ECKEY_FILE, props->eckey_file,
+ TLS_ATTR_CAFILE, props->CAfile,
+ TLS_ATTR_CAPATH, props->CApath,
+ TLS_ATTR_MDALG, props->mdalg);
+ return (vstring_str(buf));
+}
+
#endif
/* int flags;
/* void *ptr;
/*
-/* char *tls_proxy_client_init_to_string(buf, init_props)
-/* VSTRING *buf;
-/* TLS_CLIENT_INIT_PROPS *init_props;
-/*
/* void tls_proxy_client_init_free(init_props)
/* TLS_CLIENT_INIT_PROPS *init_props;
/*
/* scan routine. tls_proxy_client_init_scan() is meant to be passed
/* as a call-back function to attr_scan(), as shown below.
/*
-/* tls_proxy_client_init_to_string() produces a lookup key
-/* that is unique for the properties received by
-/* tls_proxy_client_init_scan().
-/*
/* tls_proxy_client_init_free() destroys a TLS_CLIENT_INIT_PROPS
/* structure that was created by tls_proxy_client_init_scan().
/*
return (ret);
}
-/* tls_proxy_client_init_to_string - serialize to string */
-
-char *tls_proxy_client_init_to_string(VSTRING *buf,
- TLS_CLIENT_INIT_PROPS *props)
-{
- vstring_sprintf(buf, "%s\n%s\n%d\n%s\n%s\n%s\n%s\n%s\n%s\n"
- "%s\n%s\n%s\n%s\n%s\n", props->log_param,
- props->log_level, props->verifydepth,
- props->cache_type, props->chain_files,
- props->cert_file, props->key_file,
- props->dcert_file, props->dkey_file,
- props->eccert_file, props->eckey_file,
- props->CAfile, props->CApath, props->mdalg);
- return (vstring_str(buf));
-}
-
/* tls_proxy_client_certs_free - destroy TLS_PKEYS from stream */
static void tls_proxy_client_certs_free(TLS_CERTS *tp)
/*
/* The text below provides only a parameter summary. See
/* \fBpostconf\fR(5) for more details including examples.
-/* STARTTLS SUPPORT CONTROLS
+/* STARTTLS GLOBAL CONTROLS
/* .ad
/* .fi
+/* The following settings are global and therefore cannot be
+/* overruled by information specified in a \fBtlsproxy\fR(8)
+/* client request.
+/* .IP "\fBtls_append_default_CA (no)\fR"
+/* Append the system-supplied default Certification Authority
+/* certificates to the ones specified with *_tls_CApath or *_tls_CAfile.
+/* .IP "\fBtls_daemon_random_bytes (32)\fR"
+/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
+/* process requests from the \fBtlsmgr\fR(8) server in order to seed its
+/* internal pseudo random number generator (PRNG).
+/* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
+/* The OpenSSL cipherlist for "high" grade ciphers.
+/* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
+/* The OpenSSL cipherlist for "medium" or higher grade ciphers.
+/* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
+/* The OpenSSL cipherlist for "low" or higher grade ciphers.
+/* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
+/* The OpenSSL cipherlist for "export" or higher grade ciphers.
+/* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
+/* The OpenSSL cipherlist for "NULL" grade ciphers that provide
+/* authentication without encryption.
+/* .IP "\fBtls_eecdh_strong_curve (prime256v1)\fR"
+/* The elliptic curve used by the Postfix SMTP server for sensibly
+/* strong
+/* ephemeral ECDH key exchange.
+/* .IP "\fBtls_eecdh_ultra_curve (secp384r1)\fR"
+/* The elliptic curve used by the Postfix SMTP server for maximally
+/* strong
+/* ephemeral ECDH key exchange.
+/* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
+/* List or bit-mask of OpenSSL bug work-arounds to disable.
+/* .IP "\fBtls_preempt_cipherlist (no)\fR"
+/* With SSLv3 and later, use the Postfix SMTP server's cipher
+/* preference order instead of the remote client's cipher preference
+/* order.
+/* .PP
+/* Available in Postfix version 2.9 and later:
+/* .IP "\fBtls_legacy_public_key_fingerprints (no)\fR"
+/* A temporary migration aid for sites that use certificate
+/* \fIpublic-key\fR fingerprints with Postfix 2.9.0..2.9.5, which use
+/* an incorrect algorithm.
+/* .PP
+/* Available in Postfix version 2.11-3.1:
+/* .IP "\fBtls_dane_digest_agility (on)\fR"
+/* Configure RFC7671 DANE TLSA digest algorithm agility.
+/* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
+/* Enable support for RFC 6698 (DANE TLSA) DNS records that contain
+/* digests of trust-anchors with certificate usage "2".
+/* .PP
+/* Available in Postfix version 2.11 and later:
+/* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
+/* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
+/* .PP
+/* Available in Postfix version 3.0 and later:
+/* .IP "\fBtls_session_ticket_cipher (Postfix >= 3.0: aes-256-cbc, Postfix < 3.0: aes-128-cbc)\fR"
+/* Algorithm used to encrypt RFC5077 TLS session tickets.
+/* .IP "\fBopenssl_path (openssl)\fR"
+/* The location of the OpenSSL command line program \fBopenssl\fR(1).
+/* .PP
+/* Available in Postfix version 3.2 and later:
+/* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
+/* The prioritized list of elliptic curves supported by the Postfix
+/* SMTP client and server.
+/* .PP
+/* Available in Postfix version 3.4 and later:
+/* .IP "\fBtls_server_sni_maps (empty)\fR"
+/* Optional lookup tables that map names received from remote SMTP
+/* clients via the TLS Server Name Indication (SNI) extension to the
+/* appropriate keys and certificate chains.
+/* STARTTLS SERVER CONTROLS
+/* .ad
+/* .fi
+/* These settings are clones of Postfix SMTP server settings.
+/* They allow \fBtlsproxy\fR(8) to load the same certificate
+/* and private key information as the Postfix SMTP server,
+/* before dropping privileges, so that the key files can be
+/* kept read-only for root. These settings can currently not
+/* be overruled by information in a \fBtlsproxy\fR(8) client
+/* request, but that limitation may be removed in a future
+/* version.
/* .IP "\fBtlsproxy_tls_CAfile ($smtpd_tls_CAfile)\fR"
/* A file containing (PEM format) CA certificates of root CAs
/* trusted to sign either remote SMTP client certificates or intermediate
/* The SMTP TLS security level for the Postfix \fBtlsproxy\fR(8) server;
/* when a non-empty value is specified, this overrides the obsolete
/* parameters smtpd_use_tls and smtpd_enforce_tls.
-/* .PP
-/* Available in Postfix version 2.11 and later:
-/* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
-/* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
-/* .PP
-/* Available in Postfix version 3.4 and later:
/* .IP "\fBtlsproxy_tls_chain_files ($smtpd_tls_chain_files)\fR"
/* Files with the Postfix \fBtlsproxy\fR(8) server keys and certificate
/* chains in PEM format.
-/* .IP "\fBtls_server_sni_maps (empty)\fR"
-/* Optional lookup tables that map names received from remote SMTP
-/* clients via the TLS Server Name Indication (SNI) extension to the
-/* appropriate keys and certificate chains.
-/* TLS CLIENT CONTROLS
+/* STARTTLS CLIENT CONTROLS
/* .ad
/* .fi
-/* These parameters are clones of SMTP client settings. They
-/* allow \fBtlsproxy\fR(8) to load the same certificate and
-/* private key information as the SMTP client, before dropping
-/* privileges, so that the key files can be kept read-only for
-/* root.
+/* These settings are clones of Postfix SMTP client settings.
+/* They allow \fBtlsproxy\fR(8) to load the same certificate
+/* and private key information as the Postfix SMTP client,
+/* before dropping privileges, so that the key files can be
+/* kept read-only for root. Some settings may be overruled by
+/* information in a \fBtlsproxy\fR(8) client request.
/* .PP
/* Available in Postfix version 3.4 and later:
/* .IP "\fBtlsproxy_client_CAfile ($smtp_tls_CAfile)\fR"
static TLS_APPL_STATE *tlsp_client_ctx;
static bool tlsp_pre_jail_done;
static int ask_client_cert;
+static char *tlsp_pre_jail_client_param_key; /* pre-jail global params */
+static char *tlsp_pre_jail_client_init_key; /* pre-jail init props */
/*
* TLS per-client status.
*/
-static HTABLE *tlsp_client_app_cache;
-static BH_TABLE *tlsp_params_mismatch_filter;
-static char *tlsp_pre_jail_client_param_key;
-static char *tlsp_pre_jail_client_init_key;
+static HTABLE *tlsp_client_app_cache; /* per-client init props */
+static BH_TABLE *tlsp_params_mismatch_filter; /* per-client nag filter */
/*
* Error handling: if a function detects an error, then that function is
/*
* Use one TLS_APPL_STATE object for all requests that specify the same
* TLS_CLIENT_INIT_PROPS. Each TLS_APPL_STATE owns an SSL_CTX, which is
- * expensive to create.
+ * expensive to create. Bug: TLS_CLIENT_PARAMS are not used when creating
+ * a TLS_APPL_STATE instance.
*
* First, compute the TLS_APPL_STATE cache lookup key. Save a copy of the
- * TLS_CLIENT_PARAMS and TLSPROXY_CLIENT_INIT_PROPS settings from the
- * pre-jail internal request.
+ * pre-jail request TLS_CLIENT_PARAMS and TLSPROXY_CLIENT_INIT_PROPS
+ * settings, so that we can detect post-jail requests that do not match.
*/
param_buf = vstring_alloc(100);
- param_key = tls_proxy_client_param_to_string(param_buf, tls_params);
+ param_key = tls_proxy_client_param_with_names_to_string(
+ param_buf, tls_params);
init_buf = vstring_alloc(100);
- init_key = tls_proxy_client_init_to_string(init_buf, init_props);
+ init_key = tls_proxy_client_init_with_names_to_string(
+ init_buf, init_props);
if (tlsp_pre_jail_done == 0) {
if (tlsp_pre_jail_client_param_key != 0
|| tlsp_pre_jail_client_init_key != 0)
/*
* Log a warning if a post-jail request uses unexpected TLS_CLIENT_PARAMS
- * settings. These differences are problematic because TLS_CLIENT_PARAMS
- * settings are unfortunately not passed to tls_client_init(). Only the
- * init_props settings are used.
+ * settings. Bug: TLS_CLIENT_PARAMS settings are not used when creating a
+ * TLS_APPL_STATE instance; this makes a mismatch of TLS_CLIENT_PARAMS
+ * settings problematic.
*/
if (tlsp_pre_jail_done
&& !been_here_fixed(tlsp_params_mismatch_filter, param_key)
/*
* Before creating a TLS_APPL_STATE instance, log a warning if a
* post-jail request differs from the saved pre-jail request AND the
- * request specifies file/directory pathname arguments. Requests
- * containing pathnames are problematic after chroot (pathname
- * resolution) and after dropping privileges (key files must be root
- * read-only).
+ * post-jail request specifies file/directory pathname arguments.
+ * Unexpected requests containing pathnames are problematic after
+ * chroot (pathname resolution) and after dropping privileges (key
+ * files must be root read-only). Unexpected requests are not a
+ * problem as long as they contain no pathnames (for example a
+ * tls_loglevel change).
*
* We could eliminate some of this complication by adding code that
* opens a cert/key lookup table at pre-jail time, and by reading
tlsp_pre_jail_done = 1;
/*
- * Unfortunately TLS_CLIENT_PARAMS attributes correspond to global state
- * and can therefore not be used when creating TLS_APPL_STATE instances,
- * but we can warn about attribute mismatches.
+ * Bug: TLS_CLIENT_PARAMS attributes are not used when creating a
+ * TLS_APPL_STATE instance; we can only warn about attribute mismatches.
*/
tlsp_params_mismatch_filter = been_here_init(BH_BOUND_NONE, BH_FLAG_NONE);
}
projects / thirdparty / postfix.git / commitdiff
