README_FILES/COMPATIBILITY_README


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254

PPoossttffiixx BBaacckkwwaarrddss--CCoommppaattiibbiilliittyy SSaaffeettyy NNeett

-------------------------------------------------------------------------------

PPuurrppoossee ooff tthhiiss ddooccuummeenntt

Postfix 3.0 introduces a safety net that runs Postfix programs with backwards-
compatible default settings after an upgrade. The safety net will log a warning
whenever a "new" default setting could have an negative effect on your mail
flow.

This document provides information on the following topics:

  * Detailed descriptions of Postfix backwards-compatibility warnings.

  * What backwards-compatible settings you may have to make permanent in
    main.cf or master.cf.

  * How to turn off Postfix backwards-compatibility warnings.

OOvveerrvviieeww

With backwards compatibility turned on, Postfix logs a message whenever a
backwards-compatible default setting may be required for continuity of service.
Based on this logging the system administrator can decide if any backwards-
compatible settings need to be made permanent in main.cf or master.cf, before
turning off the backwards-compatibility safety net as described at the end of
this document.

The following messages may be logged:

  * Using backwards-compatible default setting append_dot_mydomain=yes

  * Using backwards-compatible default setting chroot=y

  * Using backwards-compatible default setting smtpd_relay_restrictions =
    (empty)

  * Using backwards-compatible default setting mynetworks_style=subnet

  * Using backwards-compatible default setting relay_domains=$mydestination

  * Using backwards-compatible default setting smtputf8_enable=no

If such a message is logged in the context of a legitimate request, the system
administrator should make the backwards-compatible setting permanent in main.cf
or master.cf, as detailed in the sections that follow.

When no more backwards-compatible settings need to be made permanent, the
system administrator should turn off the backwards-compatibility safety net as
described at the end of this document.

UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg aappppeenndd__ddoott__mmyyddoommaaiinn==yyeess

The append_dot_mydomain default value has changed from "yes" to "no". This
could result in unexpected non-delivery of email after Postfix is updated from
an older version. The backwards-compatibility safety net is designed to prevent
such surprises.

As long as the append_dot_mydomain parameter is left at its implicit default
value, and the compatibility_level setting is less than 1, Postfix may log one
of the following messages:

  * Messages about missing "localhost" in mydestination or other address class:

        postfix/trivial-rewrite[14777]: using backwards-compatible
            default setting append_dot_mydomain=yes to rewrite
            "localhost" to "localhost.example.com"; please add
            "localhost" to mydestination or other address class

    If Postfix logs the above message, add "localhost" to mydestination (or
    virtual_alias_domains, virtual_mailbox_domains, or relay_domains) and
    execute the command "ppoossttffiixx rreellooaadd".

  * Messages about incomplete domains in email addresses:

        postfix/trivial-rewrite[25835]: using backwards-compatible
            default setting append_dot_mydomain=yes to rewrite "foo" to
            "foo.example.com"

    If Postfix logs the above message for domains different from "localhost",
    and the sender cannot be changed to use complete domain names in email
    addresses, then the system administrator should make the backwards-
    compatible setting "append_dot_mydomain = yes" permanent in main.cf:

        # ppoossttccoonnff aappppeenndd__ddoott__mmyyddoommaaiinn==yyeess
        # ppoossttffiixx rreellooaadd

UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg cchhrroooott==yy

The master.cf chroot default value has changed from "y" (yes) to "n" (no). The
new default avoids the need for copies of system files under the Postfix queue
directory. However, sites with strict security requirements may want to keep
the chroot feature enabled after updating Postfix from an older version. The
backwards-compatibility safety net is designed allow the administrator to
choose if they want to keep the old behavior.

As long as a master.cf chroot field is left at its implicit default value, and
the compatibility_level setting is less than 1, Postfix may log the following
message while it reads the master.cf file:

    postfix/master[27664]: /etc/postfix/master.cf: line 72: using
        backwards-compatible default setting chroot=y

If this service should remain chrooted, then the system administrator should
make the backwards-compatible setting "chroot = y" permanent in master.cf. For
example, to update the chroot setting for the "smtp inet" service:

    # ppoossttccoonnff --FF ssmmttpp//iinneett//cchhrroooott==yy
    # ppoossttffiixx rreellooaadd

UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss == ((eemmppttyy))

The smtpd_relay_restrictions feature was introduced with Postfix version 2.10,
as a safety mechanism for configuration errors in smtpd_recipient_restrictions
that could make Postfix an open relay.

The smtpd_relay_restrictions implicit default setting forbids mail to remote
destinations from clients that don't match permit_mynetworks or
permit_sasl_authenticated. This could result in unexpected 'Relay access
denied' errors after Postfix is updated from an older Postfix version. The
backwards-compatibility safety net is designed to prevent such surprises.

When the compatibility_level less than 1, and the smtpd_relay_restrictions
parameter is left at its implicit default setting, Postfix may log the
following message:

    postfix/smtpd[38463]: using backwards-compatible default setting
        "smtpd_relay_restrictions = (empty)" to avoid "Relay access
        denied" error for recipient "user@example.com" from client
        "host.example.net[10.0.0.2]"

If this request should not be blocked, then the system administrator should
make the backwards-compatible setting "smtpd_relay_restrictions=" (i.e. empty)
permanent in main.cf:

    # ppoossttccoonnff ssmmttppdd__rreellaayy__rreessttrriiccttiioonnss==
    # ppoossttffiixx rreellooaadd

UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett

The mynetworks_style default value has changed from "subnet" to "host". This
parameter is used to implement the "permit_mynetworks" feature. The change
could in unexpected 'access denied' errors after Postfix is updated from an
older version. The backwards-compatibility safety net is designed to prevent
such surprises.

As long as the mynetworks and mynetworks_style parameters are left at their
implicit default values, and the compatibility_level setting is less than 2,
the Postfix SMTP server may log one of the following messages:

    postfix/smtpd[17375]: using backwards-compatible default setting
        mynetworks_style=subnet to permit request from client
        "foo.example.com[10.1.1.1]"

    postfix/postscreen[24982]: using backwards-compatible default
        setting mynetworks_style=subnet to permit request from client
        "10.1.1.1"

If the client request should not be rejected, then the system administrator
should make the backwards-compatible setting "mynetworks_style = subnet"
permanent in main.cf:

    # ppoossttccoonnff mmyynneettwwoorrkkss__ssttyyllee==ssuubbnneett
    # ppoossttffiixx rreellooaadd

UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg rreellaayy__ddoommaaiinnss==$$mmyyddeessttiinnaattiioonn

The relay_domains default value has changed from "$mydestination" to the empty
value. This could result in unexpected 'Relay access denied' errors or ETRN
errors after Postfix is updated from an older version. The backwards-
compatibility safety net is designed to prevent such surprises.

As long as the relay_domains parameter is left at its implicit default value,
and the compatibility_level setting is less than 2, Postfix may log one of the
following messages.

  * Messages about accepting mail for a remote domain:

        postfix/smtpd[19052]: using backwards-compatible default setting
            relay_domains=$mydestination to accept mail for domain
            "foo.example.com"

        postfix/smtpd[19052]: using backwards-compatible default setting
            relay_domains=$mydestination to accept mail for address
            "user@foo.example.com"

  * Messages about providing ETRN service for a remote domain:

        postfix/smtpd[19138]: using backwards-compatible default setting
            relay_domains=$mydestination to flush mail for domain
            "bar.example.com"

        postfix/smtp[13945]: using backwards-compatible default setting
            relay_domains=$mydestination to update fast-flush logfile for
            domain "bar.example.com"

If Postfix should continue to accept mail for that domain or continue to
provide ETRN service for that domain, then the system administrator should make
the backwards-compatible setting "relay_domains = $mydestination" permanent in
main.cf:

    # ppoossttccoonnff ''rreellaayy__ddoommaaiinnss==$$mmyyddeessttiinnaattiioonn''
    # ppoossttffiixx rreellooaadd

Note: quotes are required as indicated above.

Instead of $mydestination, it may be better to specify an explicit list of
domain names.

UUssiinngg bbaacckkwwaarrddss--ccoommppaattiibbllee ddeeffaauulltt sseettttiinngg ssmmttppuuttff88__eennaabbllee==nnoo

The smtputf8_enable default value has changed from "no" to "yes. With the new
"yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients
that don't request SMTPUTF8 support, after Postfix is updated from an older
version. The backwards-compatibility safety net is designed to prevent such
surprises.

As long as the smtputf8_enable parameter is left at its implicit default value,
and the compatibility_level setting is less than 1, Postfix logs a warning each
time an SMTP command uses a non-ASCII address localpart without requesting
SMTPUTF8 support:

    postfix/smtpd[27560]: using backwards-compatible default setting
        smtputf8_enable=no to accept non-ASCII sender address
        "??@example.org" from localhost[127.0.0.1]

    postfix/smtpd[27560]: using backwards-compatible default setting
        smtputf8_enable=no to accept non-ASCII recipient address
        "??@example.com" from localhost[127.0.0.1]

If the address should not be rejected, and the client cannot be updated to use
SMTPUTF8, then the system administrator should make the backwards-compatible
setting "smtputf8_enable = no" permanent in main.cf:

    # ppoossttccoonnff ssmmttppuuttff88__eennaabbllee==nnoo
    # ppoossttffiixx rreellooaadd

TTuurrnniinngg ooffff tthhee bbaacckkwwaarrddss--ccoommppaattiibbiilliittyy ssaaffeettyy nneett

Backwards compatibility is turned off by updating the compatibility_level
setting in main.cf.

    # ppoossttccoonnff ccoommppaattiibbiilliittyy__lleevveell==NN
    # ppoossttffiixx rreellooaadd

For N specify the number that is logged in your postfix(1) warning message:

    warning: To disable backwards compatibility use "postconf
    compatibility_level=N" and "postfix reload"

Sites that don't care about backwards compatibility may set
"compatibility_level = 9999" at their own risk.