Postfix
Backwards-Compatibility Safety NetPostfix
Backwards-Compatibility Safety NetPostfix 3.0 introduces a safety net that runs Postfix programs with backwards-compatible default settings after an upgrade. The safety net will log a warning whenever a "new" default setting could have an negative effect on your mail flow.
This document provides information on the following topics:
Detailed descriptions of Postfix backwards-compatibility warnings.
What backwards-compatible settings you may have to make permanent in main.cf or master.cf.
How to turn off Postfix backwards-compatibility warnings.
With backwards compatibility turned on, Postfix logs a message whenever a backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net as described at the end of this document.
The following messages may be logged:
Using backwards-compatible default setting append_dot_mydomain=yes
Using backwards-compatible default setting smtpd_relay_restrictions = (empty)
Using backwards-compatible default setting mynetworks_style=subnet
Using backwards-compatible default setting relay_domains=$mydestination
Using backwards-compatible default setting smtputf8_enable=no
If such a message is logged in the context of a legitimate request, the system administrator should make the backwards-compatible setting permanent in main.cf or master.cf, as detailed in the sections that follow.
When no more backwards-compatible settings need to be made permanent, the system administrator should turn off the backwards-compatibility safety net as described at the end of this document.
The append_dot_mydomain default value has changed from "yes" to "no". This could result in unexpected non-delivery of email after Postfix is updated from an older version. The backwards-compatibility safety net is designed to prevent such surprises.
As long as the append_dot_mydomain parameter is left at its implicit default value, and the compatibility_level setting is less than 1, Postfix may log one of the following messages:
Messages about missing "localhost" in mydestination or other address class:
postfix/trivial-rewrite[14777]: using backwards-compatible
default setting append_dot_mydomain=yes to rewrite
"localhost" to "localhost.example.com"; please add
"localhost" to mydestination or other address class
If Postfix logs the above message, add "localhost" to mydestination (or virtual_alias_domains, virtual_mailbox_domains, or relay_domains) and execute the command "postfix reload".
Messages about incomplete domains in email addresses:
postfix/trivial-rewrite[25835]: using backwards-compatible
default setting append_dot_mydomain=yes to rewrite "foo" to
"foo.example.com"
If Postfix logs the above message for domains different from "localhost", and the sender cannot be changed to use complete domain names in email addresses, then the system administrator should make the backwards-compatible setting "append_dot_mydomain = yes" permanent in main.cf:
# postconf append_dot_mydomain=yes # postfix reload
The master.cf chroot default value has changed from "y" (yes) to "n" (no). The new default avoids the need for copies of system files under the Postfix queue directory. However, sites with strict security requirements may want to keep the chroot feature enabled after updating Postfix from an older version. The backwards-compatibility safety net is designed allow the administrator to choose if they want to keep the old behavior.
As long as a master.cf chroot field is left at its implicit default value, and the compatibility_level setting is less than 1, Postfix may log the following message while it reads the master.cf file:
postfix/master[27664]: /etc/postfix/master.cf: line 72: using
backwards-compatible default setting chroot=y
If this service should remain chrooted, then the system administrator should make the backwards-compatible setting "chroot = y" permanent in master.cf. For example, to update the chroot setting for the "smtp inet" service:
# postconf -F smtp/inet/chroot=y # postfix reload
The smtpd_relay_restrictions feature was introduced with Postfix version 2.10, as a safety mechanism for configuration errors in smtpd_recipient_restrictions that could make Postfix an open relay.
The smtpd_relay_restrictions implicit default setting forbids mail to remote destinations from clients that don't match permit_mynetworks or permit_sasl_authenticated. This could result in unexpected 'Relay access denied' errors after Postfix is updated from an older Postfix version. The backwards-compatibility safety net is designed to prevent such surprises.
When the compatibility_level less than 1, and the smtpd_relay_restrictions parameter is left at its implicit default setting, Postfix may log the following message:
postfix/smtpd[38463]: using backwards-compatible default setting
"smtpd_relay_restrictions = (empty)" to avoid "Relay access
denied" error for recipient "user@example.com" from client
"host.example.net[10.0.0.2]"
If this request should not be blocked, then the system administrator should make the backwards-compatible setting "smtpd_relay_restrictions=" (i.e. empty) permanent in main.cf:
# postconf smtpd_relay_restrictions= # postfix reload
The mynetworks_style default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could in unexpected 'access denied' errors after Postfix is updated from an older version. The backwards-compatibility safety net is designed to prevent such surprises.
As long as the mynetworks and mynetworks_style parameters are left at their implicit default values, and the compatibility_level setting is less than 2, the Postfix SMTP server may log one of the following messages:
postfix/smtpd[17375]: using backwards-compatible default setting
mynetworks_style=subnet to permit request from client
"foo.example.com[10.1.1.1]"
postfix/postscreen[24982]: using backwards-compatible default
setting mynetworks_style=subnet to permit request from client
"10.1.1.1"
If the client request should not be rejected, then the system administrator should make the backwards-compatible setting "mynetworks_style = subnet" permanent in main.cf:
# postconf mynetworks_style=subnet # postfix reload
The relay_domains default value has changed from "$mydestination" to the empty value. This could result in unexpected 'Relay access denied' errors or ETRN errors after Postfix is updated from an older version. The backwards-compatibility safety net is designed to prevent such surprises.
As long as the relay_domains parameter is left at its implicit default value, and the compatibility_level setting is less than 2, Postfix may log one of the following messages.
Messages about accepting mail for a remote domain:
postfix/smtpd[19052]: using backwards-compatible default setting
relay_domains=$mydestination to accept mail for domain
"foo.example.com"
postfix/smtpd[19052]: using backwards-compatible default setting
relay_domains=$mydestination to accept mail for address
"user@foo.example.com"
Messages about providing ETRN service for a remote domain:
postfix/smtpd[19138]: using backwards-compatible default setting
relay_domains=$mydestination to flush mail for domain
"bar.example.com"
postfix/smtp[13945]: using backwards-compatible default setting
relay_domains=$mydestination to update fast-flush logfile for
domain "bar.example.com"
If Postfix should continue to accept mail for that domain or continue to provide ETRN service for that domain, then the system administrator should make the backwards-compatible setting "relay_domains = $mydestination" permanent in main.cf:
# postconf 'relay_domains=$mydestination' # postfix reload
Note: quotes are required as indicated above.
Instead of $mydestination, it may be better to specify an explicit list of domain names.
The smtputf8_enable default value has changed from "no" to "yes. With the new "yes" setting, the Postfix SMTP server rejects non-ASCII addresses from clients that don't request SMTPUTF8 support, after Postfix is updated from an older version. The backwards-compatibility safety net is designed to prevent such surprises.
As long as the smtputf8_enable parameter is left at its implicit default value, and the compatibility_level setting is less than 1, Postfix logs a warning each time an SMTP command uses a non-ASCII address localpart without requesting SMTPUTF8 support:
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII sender address
"??@example.org" from localhost[127.0.0.1]
postfix/smtpd[27560]: using backwards-compatible default setting
smtputf8_enable=no to accept non-ASCII recipient address
"??@example.com" from localhost[127.0.0.1]
If the address should not be rejected, and the client cannot be updated to use SMTPUTF8, then the system administrator should make the backwards-compatible setting "smtputf8_enable = no" permanent in main.cf:
# postconf smtputf8_enable=no # postfix reload
Backwards compatibility is turned off by updating the compatibility_level setting in main.cf.
# postconf compatibility_level=N # postfix reload
For N specify the number that is logged in your postfix(1) warning message:
warning: To disable backwards compatibility use "postconf compatibility_level=N" and "postfix reload"
Sites that don't care about backwards compatibility may set "compatibility_level = 9999" at their own risk.