diff options
Diffstat (limited to 'proto')
36 files changed, 2248 insertions, 459 deletions
diff --git a/proto/ADDRESS_CLASS_README.html b/proto/ADDRESS_CLASS_README.html index 7a30535..5deac11 100644 --- a/proto/ADDRESS_CLASS_README.html +++ b/proto/ADDRESS_CLASS_README.html @@ -52,20 +52,25 @@ address classes are very important for the operation of Postfix. </p> <ul> <li> <p> The list of domains that are a member of that address -class: for example, all local domains, or all relay domains. </p> +class. </p> + +<p> Examples: all local domains, or all relay domains. </p> + +<li> <p> The default delivery transport for domains in that address +class. </p> + +<p> Examples: local_transport or relay_transport (these point +to services defined in master.cf). </p> -<li> <p> The default delivery transport for that address class. For -example, the local, -virtual or relay delivery transport (delivery transports are defined -in master.cf). This helps to keep Postfix configurations simple, -by avoiding the need for explicit routing information in transport -maps. </p> +<p> Benefit: this avoids the need for explicit routing information +in transport maps. </p> <li> <p> The list of valid recipient addresses for that address -class. The Postfix SMTP server rejects invalid recipients with -"User unknown in <name of address class here> table". This -helps to keep the Postfix queue free of undeliverable MAILER-DAEMON -messages. </p> +class. </p> + +<p> Benefit: the Postfix SMTP server rejects an invalid recipient +with "User unknown in <name of address class> table", and +avoids sending a MAILER-DAEMON message with backscatter spam. </p> </ul> @@ -92,12 +97,12 @@ This domain class also includes mail for <i>user@[ipaddress]</i> when the IP address is listed with the inet_interfaces or proxy_interfaces parameters. </p> -<li> <p> Valid recipient addresses are listed with the local_recipient_maps -parameter, as described in LOCAL_RECIPIENT_README. The Postfix SMTP -server rejects invalid recipients with "User unknown in local -recipient table". If the local_recipient_maps parameter value is -empty, then the Postfix SMTP server accepts any address in the -local domain class. </p> +<li> <p> Valid recipient addresses for those domains are +listed with the local_recipient_maps parameter, as described in +LOCAL_RECIPIENT_README. The Postfix SMTP server rejects invalid recipients +with "User unknown in local recipient table". If the local_recipient_maps +parameter value is empty, then the Postfix SMTP server accepts any +address in the local domain class. </p> <li> <p> The mail delivery transport is specified with the local_transport parameter. The default value is <b>local:$myhostname</b> @@ -111,21 +116,25 @@ class. </p> <ul> <li> <p> Purpose: hosted domains where each recipient address is -aliased to an address in a different domain, for example, a local -UNIX system account or a remote address. A +aliased to an address in a different domain class, for example, a +local UNIX system account or a remote address. A virtual alias example is given in the VIRTUAL_README file. </p> <li> <p> Domain names are listed in virtual_alias_domains. The default value is $virtual_alias_maps for Postfix 1.1 compatibility. </p> -<li> <p> Valid recipient addresses are listed with the virtual_alias_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in virtual alias table". The default value is -$virtual_maps for Postfix 1.1 compatibility. </p> +<li> <p> Valid recipient addresses for those domains are listed with the +virtual_alias_maps parameter. The Postfix SMTP server rejects invalid +recipients with "User unknown in virtual alias table". The default +value is $virtual_maps for Postfix 1.1 compatibility. </p> -<li> <p> There is no mail delivery transport parameter. Every -address must be aliased to an address in some other domain. </p> +<blockquote ><p> Note: for historical reasons, virtual_alias_maps +apply to recipients in all domain classes, not only the virtual +alias domain class. </p> </blockquote> + +<li> <p> There is no configurable mail delivery transport. Every +address must be aliased to an address in some other domain class. </p> </ul> @@ -136,18 +145,19 @@ class. </p> <li> <p> Purpose: final delivery for hosted domains where each recipient address can have its own mailbox, and where users do not -need to have a UNIX system account. A virtual mailbox example is +need to have a UNIX system account. A virtual mailbox example is given in the VIRTUAL_README file. </p> <li> <p> Domain names are listed with the virtual_mailbox_domains parameter. The default value is $virtual_mailbox_maps for Postfix 1.1 compatibility. </p> -<li> <p> Valid recipient addresses are listed with the virtual_mailbox_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in virtual mailbox table". If this parameter value -is empty, the Postfix SMTP server accepts all recipients for domains -listed in $virtual_mailbox_domains. </p> +<li> <p> Valid recipient addresses for those domains are listed +with the virtual_mailbox_maps parameter. The Postfix SMTP server +rejects invalid recipients with "User unknown in virtual mailbox +table". If this parameter value is empty, the Postfix SMTP server +accepts all recipients for domains listed in $virtual_mailbox_domains. +</p> <li> <p> The mail delivery transport is specified with the virtual_transport parameter. The default value is <b>virtual</b> @@ -169,11 +179,12 @@ file. </p> <li> <p> Domain names are listed with the relay_domains parameter. </p> -<li> <p> Valid recipient addresses are listed with the relay_recipient_maps -parameter. The Postfix SMTP server rejects invalid recipients with -"User unknown in relay recipient table". If this parameter value -is empty, the Postfix SMTP server accepts all recipients for domains -listed with the relay_domains parameter. </p> +<li> <p> Valid recipient addresses for those domains are listed +with the relay_recipient_maps parameter. The Postfix SMTP server +rejects invalid recipients with "User unknown in relay recipient +table". If this parameter value is empty, the Postfix SMTP server +accepts all recipients for domains listed with the relay_domains +parameter. </p> <li> <p> The mail delivery transport is specified with the relay_transport parameter. The default value is <b>relay</b> which diff --git a/proto/ADDRESS_REWRITING_README.html b/proto/ADDRESS_REWRITING_README.html index c858410..631a7d3 100644 --- a/proto/ADDRESS_REWRITING_README.html +++ b/proto/ADDRESS_REWRITING_README.html @@ -94,9 +94,7 @@ as invalid </a> <ul> -<li> <a href="#resolve"> Resolve address to destination </a> - -<li> <a href="#transport"> Mail transport switch </a> +<li> <a href="#resolve"> Resolve address to (transport, next-hop destination) </a> <li> <a href="#relocated"> Relocated users table </a> @@ -312,8 +310,8 @@ find what you need. </p> <table border="1"> <tr> <th nowrap> Address manipulation </th> <th nowrap> Scope </th> -<th> Daemon </th> <th nowrap> Global turn-on control </th> <th nowrap> Selective -turn-off control </th> </tr> +<th> Daemon </th> <th nowrap> Turn-on controls </th> <th nowrap> +Turn-off controls </th> </tr> <tr> <td> <a href="#standard"> Rewrite addresses to standard form</a> </td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> @@ -340,13 +338,12 @@ sender_bcc_maps, recipient_bcc_maps </td> <td> receive_override_options nowrap> all mail </td> <td> cleanup(8) </td> <td> virtual_alias_maps </td> <td> receive_override_options </td> </tr> -<tr> <td> <a href="#resolve"> Resolve address to destination </a> -</td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> -<td> none </td> <td> none </td> </tr> - -<tr> <td> <a href="#transport"> Mail transport switch</a> </td> -<td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td> -transport_maps </td> <td> none </td> </tr> +<tr> <td> <a href="#resolve"> Resolve address to (transport, next-hop +destination) </a> </td> <td nowrap> all mail </td> <td> +trivial-<br>rewrite(8) </td> <td> local_transport, virtual_transport, +relay_transport, default_transport, relayhost, +sender_dependent_relayhost_maps, sender_dependent_default_transport_maps +</td> <td> content_filter </td> </tr> <tr> <td> <a href="#relocated"> Relocated users table</a> </td> <td nowrap> all mail </td> <td> trivial-<br>rewrite(8) </td> <td> @@ -774,6 +771,11 @@ may be a more appropriate vehicle. See the VIRTUAL_README document for an overview of methods to host virtual domains with Postfix. </p> +<p> Note: virtual aliasing (virtual_alias_maps) applies to all +recipients: local(8), virtual, and remote. <!-- wrap filler --> +This is unlike local aliasing (alias_maps) which applies only to +local(8) recipients. </p> + <p> Virtual aliasing is disabled by default. To enable, edit the virtual_alias_maps parameter in the main.cf file and specify one or more lookup tables, separated by whitespace or @@ -833,9 +835,8 @@ trivial-rewrite(8) server. </p> <ul> -<li> <a href="#resolve"> Resolve address to destination </a> - -<li> <a href="#transport"> Mail transport switch</a> +<li> <a href="#resolve"> Resolve address to (transport, next-hop +destination) </a> <li> <a href="#relocated"> Relocated users table</a> @@ -873,67 +874,108 @@ via the local(8) delivery agent: </p> step in more detail, with specific examples or with pointers to documentation with examples. </p> -<h3> <a name="resolve"> Resolve address to destination </a> </h3> +<h3> <a name="resolve"> Resolve address to (transport, next-hop +destination) </a> </h3> <p> The Postfix qmgr(8) queue manager selects new mail from the -incoming queue or old mail from the deferred queue, and asks the -trivial-rewrite(8) address rewriting and resolving daemon where it -should be delivered. </p> +incoming queue or old mail from the deferred queue. First it +looks for overrides: </p> + +<ul> -<p> As of version 2.0, Postfix distinguishes four major address -classes. Each class has its own list of domain names, and each -class has its own default delivery method, as shown in the table -below. See the ADDRESS_CLASS_README document for the fine details. -Postfix versions before 2.0 only distinguish between local delivery -and everything else. </p> +<li> <p> The REDIRECT action in access(5), header_checks(5) or +body_checks(5) overrides all recipients of the message, and overrides +a content_filter setting, and FILTER action in access(5), +header_checks(5) or body_checks(5). The REDIRECT action was implemented +as a short-cut to retaliate for abuse. </p> + +<li> <p> A content_filter setting and FILTER action in access(5), +header_checks(5) or body_checks(5) provide their own (transport, +next-hop destination) information. This bypasses all the steps that +are described in the remainder of this section. </p> + +</ul> + +<p> When there is no content filter override, the qmgr(8) queue +manager asks the trivial-rewrite(8) address rewriting and resolving +daemon for each recipient how to deliver it (which message delivery +transport) and where to deliver it (what next-hop destination). </p> + +<p> As of version 2.0, Postfix distinguishes four major domain +classes. Each class has its own list of recipient domain names, and +each class has its own delivery method, as shown in the table below. +See the ADDRESS_CLASS_README document for the fine details. Postfix +versions before 2.0 only distinguish between local delivery and +everything else. </p> + +<p> Note that the table does not match recipients against +virtual_alias_domains. The reason is that all valid recipients in +a virtual alias domain must be aliased to an address in a different +domain. All other recipients in a virtual alias domain are by +definition undeliverable, and do not need to be considered here. +</p> <blockquote> <table border="1"> -<tr><th align="left">Destination domain list </th> <th -align="left">Default delivery method </th> <th>Availability -</th> </tr> +<tr> <th align="left">Domain class</th> <th align="left">Recipient +domain match </th> <th> Delivery method </th> <th>Availability </th> +</tr> -<tr><td>$mydestination, $inet_interfaces, $proxy_interfaces </td> -<td>$local_transport </td> <td>Postfix 1.0</td></tr> +<tr><td>Local</td> <td>mydestination, inet_interfaces, proxy_interfaces +</td> <td>local_transport </td> <td>Postfix 1.0</td></tr> -<tr><td>$virtual_mailbox_domains </td> <td>$virtual_transport </td> -<td>Postfix 2.0</td> </tr> +<tr><td>Virtual mailbox</td> <td>virtual_mailbox_domains </td> +<td>virtual_transport </td> <td>Postfix 2.0</td> </tr> -<tr><td>$relay_domains </td> <td>$relay_transport </td> <td>Postfix -2.0</td> </tr> +<tr><td>Relay</td> <td>relay_domains </td> <td>relay_transport +</td> <td>Postfix 2.0</td> </tr> -<tr><td>none </td> <td>$default_transport </td> <td>Postfix 1.0</td> -</tr> +<tr><td>Default</td><td> none </td> <td>default_transport </td> +<td>Postfix 1.0</td> </tr> </table> </blockquote> -<h3> <a name="transport"> Mail transport switch </a> </h3> +<p> The delivery methods in the above table may include a next-hop +destination in addition to a delivery transport. This may override +the next-hop destination that is by default taken from the recipient +domain. </p> -<p> Once the trivial-rewrite(8) daemon has determined a default -delivery method it searches the optional transport(5) table for -information that overrides the message destination and/or delivery -method. Typical use of the transport(5) table is to send mail to -a system -that is not connected to the Internet, or to use a special SMTP -client configuration for destinations that have special requirements. -See, for example, the STANDARD_CONFIGURATION_README and UUCP_README -documents, and the examples in the transport(5) manual page. </p> +<p> Over time, features have been added to override the above +transport and/or next-hop destination information. The following +table lists where a transport or next-hop destination may be taken +from, depending on the recipient domain class. </p> -<p> Transport table lookups are disabled by default. To enable, -edit the transport_maps parameter in the main.cf file and specify -one or more lookup tables, separated by whitespace or commas. </p> +<blockquote> -<p> Example: </p> +<table border="1"> + +<tr> <th>Domain class</th> <th>Transport sources (in order of +descending precedence)</th> <th> Next hop sources (in order of +descending precedence)</th> </tr> + +<tr> <td> Local </td> <td> transport_maps, local_transport</td> +<td> transport_maps, local_transport, recipient domain</td> </tr> + +<tr> <td> Virtual mailbox </td> <td> transport_maps, +virtual_transport</td> <td> transport_maps, virtual_transport, +recipient domain</td> </tr> + +<tr> <td> Relay </td> <td> transport_maps, relay_transport</td> +<td> transport_maps, relay_transport, sender_dependent_relayhost_maps, +relayhost, recipient domain</td> </tr> + +<tr> <td> Default </td> <td> transport_maps, +sender_dependent_default_transport_maps, default_transport</td> +<td> transport_maps, sender_dependent_default_transport_maps, +default_transport, sender_dependent_relayhost_maps, relayhost, +recipient domain</td> </tr> + +</table> -<blockquote> -<pre> -/etc/postfix/main.cf: - transport_maps = hash:/etc/postfix/transport -</pre> </blockquote> <h3> <a name="relocated"> Relocated users table </a> </h3> @@ -1019,6 +1061,11 @@ direct mail for standard aliases such as postmaster to real people. The table can also be used to map "Firstname.Lastname" addresses to login names. </p> +<p> Note: local aliasing (alias_maps) applies only to local(8) +recipients. This is unlike virtual aliasing (virtual_alias_maps) +which applies to all recipients: local(8), virtual, and remote. +</p> + <p> Alias lookups are enabled by default. The default configuration depends on the operating system environment, but it is typically one of the following: </p> diff --git a/proto/COMPATIBILITY_README.html b/proto/COMPATIBILITY_README.html index e4e91e1..9f88927 100644 --- a/proto/COMPATIBILITY_README.html +++ b/proto/COMPATIBILITY_README.html @@ -61,24 +61,24 @@ default setting append_dot_mydomain=yes </a> </p> <li> <p> <a href="#chroot"> Using backwards-compatible default setting chroot=y</a> </p> +<li><p> <a href="#relay_restrictions"> Using backwards-compatible +default setting "smtpd_relay_restrictions = (empty)"</a> </p> + +<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible +default setting smtputf8_enable=no</a> </p> + </ul> <p> Logged with compatibility_level < 2: </p> <ul> -<li><p> <a href="#relay_restrictions"> Using backwards-compatible -default setting "smtpd_relay_restrictions = (empty)"</a> </p> - <li> <p> <a href="#mynetworks_style"> Using backwards-compatible default setting mynetworks_style=subnet </a> </p> <li> <p> <a href="#relay_domains"> Using backwards-compatible default setting relay_domains=$mydestination </a> </p> -<li> <p> <a href="#smtputf8_enable"> Using backwards-compatible -default setting smtputf8_enable=no</a> </p> - </ul> <p> Logged with compatibility_level < 3.6: </p> @@ -241,6 +241,48 @@ administrator should make the backwards-compatible setting </pre> </blockquote> +<h2> <a name="smtputf8_enable"> Using backwards-compatible default +setting smtputf8_enable=no</a> </h2> + +<p> The smtputf8_enable default value has changed from "no" to "yes". +With the new "yes" setting, the Postfix SMTP server rejects non-ASCII +addresses from clients that don't request SMTPUTF8 support, after +Postfix is updated from an older version. The backwards-compatibility +safety net is designed to prevent such surprises. </p> + +<p> As long as the smtputf8_enable parameter is left at its implicit +default value, and the compatibility_level setting is +less than 1, Postfix logs a warning each time an SMTP command uses a +non-ASCII address localpart without requesting SMTPUTF8 support: </p> + +<blockquote> +<pre> +postfix/smtpd[27560]: using backwards-compatible default setting + smtputf8_enable=no to accept non-ASCII sender address + "??@example.org" from localhost[127.0.0.1] +</pre> +</blockquote> + +<blockquote> +<pre> +postfix/smtpd[27560]: using backwards-compatible default setting + smtputf8_enable=no to accept non-ASCII recipient address + "??@example.com" from localhost[127.0.0.1] +</pre> +</blockquote> + +<p> If the address should not be rejected, and the client cannot +be updated to use SMTPUTF8, then the system administrator should +make the backwards-compatible setting "smtputf8_enable = no" permanent +in main.cf: + +<blockquote> +<pre> +# <b>postconf smtputf8_enable=no</b> +# <b>postfix reload</b> +</pre> +</blockquote> + <h2> <a name="mynetworks_style"> Using backwards-compatible default setting mynetworks_style=subnet</a> </h2> @@ -352,48 +394,6 @@ administrator should make the backwards-compatible setting <p> Instead of $mydestination, it may be better to specify an explicit list of domain names. </p> -<h2> <a name="smtputf8_enable"> Using backwards-compatible default -setting smtputf8_enable=no</a> </h2> - -<p> The smtputf8_enable default value has changed from "no" to "yes". -With the new "yes" setting, the Postfix SMTP server rejects non-ASCII -addresses from clients that don't request SMTPUTF8 support, after -Postfix is updated from an older version. The backwards-compatibility -safety net is designed to prevent such surprises. </p> - -<p> As long as the smtputf8_enable parameter is left at its implicit -default value, and the compatibility_level setting is -less than 1, Postfix logs a warning each time an SMTP command uses a -non-ASCII address localpart without requesting SMTPUTF8 support: </p> - -<blockquote> -<pre> -postfix/smtpd[27560]: using backwards-compatible default setting - smtputf8_enable=no to accept non-ASCII sender address - "??@example.org" from localhost[127.0.0.1] -</pre> -</blockquote> - -<blockquote> -<pre> -postfix/smtpd[27560]: using backwards-compatible default setting - smtputf8_enable=no to accept non-ASCII recipient address - "??@example.com" from localhost[127.0.0.1] -</pre> -</blockquote> - -<p> If the address should not be rejected, and the client cannot -be updated to use SMTPUTF8, then the system administrator should -make the backwards-compatible setting "smtputf8_enable = no" permanent -in main.cf: - -<blockquote> -<pre> -# <b>postconf smtputf8_enable=no</b> -# <b>postfix reload</b> -</pre> -</blockquote> - <h2> <a name="smtpd_digest"> Using backwards-compatible default setting smtpd_tls_fingerprint_digest=md5</a> </h2> diff --git a/proto/DATABASE_README.html b/proto/DATABASE_README.html index 2302cc3..e9d0c18 100644 --- a/proto/DATABASE_README.html +++ b/proto/DATABASE_README.html @@ -59,7 +59,7 @@ documentation: </p> alias_maps = hash:/etc/postfix/aliases (local aliasing) header_checks = regexp:/etc/postfix/header_checks (content filtering) transport_maps = hash:/etc/postfix/transport (routing table) - virtual_alias_maps = hash:/etc/postfix/virtual (address rewriting) + virtual_alias_maps = hash:/etc/postfix/virtual (virtual aliasing) </pre> </blockquote> @@ -349,6 +349,11 @@ ldap_table(5). </dd> <dd> Memcache database client. Configuration details are given in memcache_table(5). </dd> +<dt> <b>mongodb</b> (read-only) </dt> + +<dd> MongoDB database client. Configuration details are given in +mongodb_table(5), with examples in MONGODB_README. </dd> + <dt> <b>mysql</b> (read-only) </dt> <dd> MySQL database client. Configuration details are given in diff --git a/proto/DEPRECATION_README.html b/proto/DEPRECATION_README.html new file mode 100644 index 0000000..1ded555 --- /dev/null +++ b/proto/DEPRECATION_README.html @@ -0,0 +1,411 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> + +<html> + +<head> + +<title>Postfix Replacements for Deprecated Features </title> + +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<link rel='stylesheet' type='text/css' href='postfix-doc.css'> + +</head> + +<body> + +<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix +Replacements for Deprecated Features</h1> + +<hr> + +<h2>Purpose of this document </h2> + +<p> This document describes Postfix features that are deprecated +(will be removed) or that have already been removed. It also has +tips for making an existing Postfix configuration more future-proof. +</p> + +<p> Overview: </p> + +<ul> + +<li> <a href="#why"> Why deprecate? </a> + +<li> <a href="#process"> Deprecation process </a> + +<li> <a href="#features"> Deprecated features </a> + +</ul> + +<h2> <a name="why"> Why deprecate? </a> </h2> + +<p> Sometimes, a Postfix feature needs to be replaced with a different +one. To give an example: </p> + +<ul> + +<li> <p> The initial Postfix TLS implementation used multiple boolean +parameters: one parameter to enable opportunistic TLS (for example, +"smtp_enforce_tls = yes") and one parameter to enable mandatory TLS +(for example, "smtp_require_tls = yes"). </p> + +<li> <p> As we added support more features such as fingerprint, +dane, and so on, we decided not to add more boolean parameters. +Instead we introduced one configuration parameter to select from +multiple deployment models (for example, smtp_tls_security_level = +may | encrypt | dane, etc...). </p> + +</ul> + +<!-- + +<p> Over time it has become clear that 'level' is too rigid, so this may +have to change again. Wietse and Viktor have been discussing a way to +specify a range with minimum properties that are required (e.g., encrypt) +and nice-to-have properties if they are available (dane or mta-sts). </p> + +--> + +<p> Having both the "old" and "new" way to configure Postfix is +convenient for existing Postfix installations, because their +configuration does not break after an upgrade to a new version. +Unfortunately, there are also disadvantages. Having multiple ways +to do similar things is not only confusing for newcomers, it also +makes Postfix harder to change. </p> + +<h2> <a name="process"> Deprecation process </a> </h2> + +<p> The basic process steps are: </p> + +<ol> + +<li> <p> Inform humans that a feature will be removed, and suggest +replacements, in logging and documentation. </p> + +<li> <p> Remove the feature, and update logging and documentation. </p> + +</ol> + +<p> Disclaimer: it has taken 20 years for some features to be +removed. This past is not a guarantee for the future. </p> + +<h2> <a name="features"> Deprecated features </a> </h2> + +<p> The table summarizes removed or deprecated features and +replacements. Click on the "obsolete feature" name for a more +detailed description. </p> + +<blockquote> + +<table border="1"> + +<tr> <th> Obsolete feature name </th> <th> Warning as <br> of version +</th> <th> Removed <br> in version </th> <th> Replacement </th> +</tr> + +<tr> <td> <a href="#disable_dns_lookups"> disable_dns_lookups </a> +</td> <td align="center"> 3.9 </td> <td align="center"> - </td> +<td> smtp_dns_support_level </td> </tr> + +<tr> <td> <a href="#xxx_enforce_tls"> <i>xxx</i>_use_tls </a> </td> +<td align="center"> 3.9 </td> <td align="center"> - </td> <td> +<i>xxx</i>_tls_security_level </td> </tr> + +<tr> <td> <a href="#xxx_enforce_tls"> <i>xxx</i>_enforce_tls </a> +</td> <td align="center"> 3.9 </td> <td align="center"> - </td> +<td> <i>xxx</i>_tls_security_level </td> </tr> + +<tr> <td> <a href="#xxx_per_site"> <i>xxx</i>_per_site </a> </td> +<td align="center"> 3.9 </td> <td align="center"> - </td> <td> +<i>xxx</i>_policy_maps </td> </tr> + +<tr> <td> <a href="#smtpd_tls_dh1024_param_file"> +smtpd_tls_dh1024_param_file </a> </td> <td align="center"> 3.9 </td> +<td align="center"> - </td> <td> do not specify (leave at default) +</td> </tr> + +<tr> <td> <a href="#smtpd_tls_eecdh_grade"> smtpd_tls_eecdh_grade +</a> </td> <td align="center"> 3.9 </td> <td align="center"> - </td> +<td> do not specify (leave at default) </td> </tr> + +<tr> <td> <a href="#permit_mx_backup"> permit_mx_backup </a> </td> +<td align="center"> 3.9 </td> <td align="center"> - </td> <td> +relay_domains </td> </tr> + +<tr> <td> <a href="#check_relay_domains"> check_relay_domains </a> +</td> <td align="center"> 2.2 </td> <td align="center"> 3.9 </td> +<td> permit_mynetworks, reject_unauth_destination </td> </tr> + +<tr> <td> <a href="#reject_maps_rbl"> reject_maps_rbl </a> </td> +<td align="center"> 2.1 </td> <td align="center"> 3.9 </td> <td> +reject_rbl_client </td> </tr> + +<tr> <td> <a href="#permit_naked_ip_address"> permit_naked_ip_address +</a> </td> <td align="center"> 2.0 </td> <td align="center"> 3.9 +</td> <td> permit_mynetworks, permit_sasl_authenticated </td> </tr> + +</table> + +</blockquote> + +<h3> <a name="disable_dns_lookups"> Obsolete DNS on/off configuration +</a> </h3> + +<p> The postconf(1) command logs the following: </p> + +<ul> + +<li> support for parameter "disable_dns_lookups" will be removed; instead, specify "smtp_dns_support_level" + +</ul> + +<p> Replace obsolete configuration with its replacement: </p> + +<blockquote> + +<table border="1"> + +<tr> <th width="33%"> Goal </th> <th width="33%"> Obsolete configuration +</th> <th> Replacement configuration </th> </tr> + +<tr> <td> To disable DNS lookups in the Postfix SMTP/LMTP client +</td> <td> disable_dns_lookups = yes </td> <td> smtp_dns_support_level += disabled </td> </tr> + +<tr> <td> To enable DNS lookups in the Postfix SMTP/LMTP client </td> <td> +disable_dns_lookups = no </td> <td> +Leave smtp_dns_support_level at the implicit default which is empty, unless +you need a higher support level such as DNSSEC. </td> </tr> + +</table> + +</blockquote> + +<h3> <a name="xxx_use_tls"> Obsolete opportunistic TLS configuration +</a> </h3> + +<p> The postconf(1) command logs one of the following: </p> + +<ul> + +<li> support for parameter "lmtp_use_tls" will be removed; instead, specify "lmtp_tls_security_level" + +<li> support for parameter "smtp_use_tls" will be removed; instead, specify "smtp_tls_security_level" + +<li> support for parameter "smtpd_use_tls" will be removed; instead, specify "smtpd_tls_security_level" + +</ul> + +<p> There are similarly-named parameters and warnings for postscreen(8) +and tlsproxy(8), but those parameters should rarely be specified +by hand. </p> + +<p> Replace obsolete configuration with its replacement: </p> + +<blockquote> + +<table border="1"> + +<tr> <th width="33%"> Goal </th> <th width="33%"> Obsolete configuration </th> <th> Replacement configuration </th> </tr> + +<tr> <td> To turn off TLS </td> <td> <i>xxx</i>_use_tls = no </td> +<td> <i>xxx</i>_security_level = none </td> </tr> + +<tr> <td> To turn on opportunistic TLS </td> <td> <i>xxx</i>_use_tls += yes </td> <td> <i>xxx</i>_security_level = may </td> </tr> + +</table> + +</blockquote> + +<h3> <a name="xxx_enforce_tls"> Obsolete mandatory TLS configuration +</a> </h3> + +<p> The postconf(1) command logs one of the following: </p> + +<ul> + +<li> support for parameter "lmtp_enforce_tls" will be removed; instead, specify "lmtp_tls_security_level" + +<li> support for parameter "smtp_enforce_tls" will be removed; instead, specify "smtp_tls_security_level" + +<li> support for parameter "smtpd_enforce_tls" will be removed; instead, specify "smtpd_tls_security_level" + +</ul> + +<p> There are similarly-named parameters and warnings for postscreen(8) +and tlsproxy(8), but those parameters should rarely be specified +by hand. </p> + +<p> Replace obsolete configuration with its replacement: </p> + +<blockquote> + +<table border="1"> + +<tr> <th width="33%"> Goal </th> <th width="33%"> Obsolete configuration </th> <th> Replacement configuration </th> </tr> + +<tr> <td> To turn off mandatory TLS </td> <td> <i>xxx</i>_enforce_tls += no </td> <td> <i>xxx</i>_security_level = may </td> </tr> + +<tr> <td> To turn on mandatory TLS </td> <td> <i>xxx</i>_enforce_tls += yes </td> <td> <i>xxx</i>_security_level = encrypt </td> </tr> + +</table> + +</blockquote> + +<h3> <a name="xxx_per_site"> Obsolete TLS policy table configuration +</a> </h3> + +<p> The postconf(1) command logs one of the following: </p> + +<ul> + +<li> support for parameter "lmtp_tls_per_site" will be removed; +instead, specify "lmtp_tls_policy_maps" + +<li> support for parameter "smtp_tls_per_site" will be removed; +instead, specify "smtp_tls_policy_maps" + +</ul> + +<p> There is similarly-named parameter and warning for tlsproxy(8), +but that parameter should rarely be specified by hand. </p> + +<p> Unfortunately, this is more than a name change: the table format +has changed too, as has the table search process. There is no simple +conversion of the obsolete form to its replacement. </p> + +<h3> <a name="check_relay_domains"> check_relay_domains </a> </h3> + +<p> Depending on the Postfix version, the Postfix SMTP daemon logs +following warning: </p> + +<ul> + +<li> support for restriction "check_relay_domains" has been removed +in Postfix 3.9"; instead, specify "reject_unauth_destination" + +<li> support for restriction "check_relay_domains" will be removed +from Postfix; use "reject_unauth_destination" instead + +</ul> + +<p> This feature was removed because it would relay based on the +client domain name, which is not robust. </p> + +<p> Recommended configuration to prevent an "open relay" problem +with the SMTP service on port 25: +</p> + +<blockquote> +<pre> +main.cf: + smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination + ...other restrictions... +</pre> +</blockquote> + +<p> Or equivalent in smtpd_relay_restrictions. </p> + +<h3> <a name="permit_mx_backup"> permit_mx_backup</a> </h3> + +<p> The Postfix version 3.9 and later SMTP daemon logs the following +warning: </p> + +<ul> + +<li> support for restriction "permit_mx_backup" will be removed +from Postfix; instead, specify "relay_domains" + +</ul> + +<p> This feature will be removed because it is too difficult to +configure recipient address validation, making Postfix a source of +backscatter bounces. </p> + +<p> To specify the domains that Postfix will provide MX backup +service for, see <a href="STANDARD_CONFIGURATION_README.html#backup"> +Configuring Postfix as primary or backup MX host for a remote +site</a>. </p> + +<h3> <a name="reject_maps_rbl"> reject_maps_rbl</a> </h3> + +<p> Depending on the Postfix version, the SMTP daemon logs one of +the following warnings: </p> + +<ul> + +<li> support for restriction "reject_maps_rbl" has been removed in +Postfix 3.9"; instead, specify "reject_rbl_client domain-name" + +<li> support for restriction "reject_maps_rbl" will be removed from +Postfix; use "reject_rbl_client domain-name" instead + +</ul> + +<p> This feature was replaced because "MAPS RBL" is the name of a +specific reputation service. The reject_rbl_client feature provides +a superset of the reject_maps_rbl functionality. </p> + +<p> Recommended configuration: </p> + +<blockquote> +<pre> +main.cf: + smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination + reject_rbl_client <i>domain-name</i> + ...other restrictions... +</pre> +</blockquote> + +<p> Where <i>domain-name</i> is the domain name of a DNS reputation service. </p> + +<h3> <a name="permit_naked_ip_address"> permit_naked_ip_address</a> </h3> + +<p> Depending on the Postfix version, the SMTP daemon logs one of +the following warnings: </p> + +<ul> + +<li> support for restriction "permit_naked_ip_address" has been +removed in Postfix 3.9"; instead, specify "permit_mynetworks" or +"permit_sasl_authenticated" + +<li> restriction permit_naked_ip_address is deprecated. Use +permit_mynetworks or permit_sasl_authenticated instead + +</ul> + +<p> This feature was removed because it was easy to get a false +match when smtpd_recipient_restrictions was intended to match a +remote SMTP client IP address. </p> + +<p> Recommended configuration: </p> + +<blockquote> +<pre> +main.cf: + smtpd_recipient_restrictions = + permit_mynetworks, + permit_sasl_authenticated, + reject_unauth_destination + reject_rbl_client <i>domain-name</i> + ...other restrictions... +</pre> +</blockquote> + +<p> That is, no restriction on HELO or EHLO syntax. Such restrictions +ar rarely useful nowadays. + +</body> + +</html> diff --git a/proto/INSTALL.html b/proto/INSTALL.html index 4686f03..50249b2 100644 --- a/proto/INSTALL.html +++ b/proto/INSTALL.html @@ -605,6 +605,9 @@ describe how to build Postfix with support for optional features: <tr> <td> LDAP database</td> <td>LDAP_README</td> <td> Postfix 1.0 </td> </tr> +<tr> <td> MongoDB database</td> <td>MONGODB_README</td> <td> Postfix +3.9 </td> </tr> + <tr> <td> MySQL database</td> <td>MYSQL_README</td> <td> Postfix 1.0 </td> </tr> diff --git a/proto/LOCAL_RECIPIENT_README.html b/proto/LOCAL_RECIPIENT_README.html index a06b81f..2cb3fb2 100644 --- a/proto/LOCAL_RECIPIENT_README.html +++ b/proto/LOCAL_RECIPIENT_README.html @@ -57,7 +57,8 @@ all names or addresses of local recipients. A recipient address is local when its domain matches $mydestination, $inet_interfaces or $proxy_interfaces. If a local username or address is not listed in $local_recipient_maps, then the Postfix SMTP server will reject -the address with "User unknown in local recipient table". </p> +the address with "User unknown in local recipient table". Other +Postfix interfaces may still accept an "unknown" recipient. </p> <p> The default setting, shown below, assumes that you use the default Postfix local(8) delivery agent for local delivery, where diff --git a/proto/MAILLOG_README.html b/proto/MAILLOG_README.html index da1c1a8..13c1091 100644 --- a/proto/MAILLOG_README.html +++ b/proto/MAILLOG_README.html @@ -63,10 +63,16 @@ Postfix version. </p> /var/log/postfix.log. See also the "<a href="#logrotate">Logfile rotation</a>" section below for logfile management. </p> +<p> In the example below, specifying maillog_file_permissions is +optional (Postfix 3.9 and later). The default value is 0600, i.e., +only the super-user can access the file; the value 0644 also +adds 'group' and 'other' read access. </p> + <blockquote> <pre> # postfix stop # postconf maillog_file=/var/log/postfix.log +# postconf maillog_file_permissions=0644 # (Postfix 3.9 and later) # postfix start </pre> </blockquote> @@ -124,6 +130,10 @@ old logfile. </p> program is configured with the maillog_file_compressor parameter (default: gzip). </p> +<li> <p> The next time it logs an event, postlogd(8) will create a +new logfile, with permissions specified with the maillog_file_permissions +parameter (default: 0600). </p> + </ul> <p> Notes: </p> diff --git a/proto/MILTER_README.html b/proto/MILTER_README.html index d40d24c..9f9833b 100644 --- a/proto/MILTER_README.html +++ b/proto/MILTER_README.html @@ -630,7 +630,7 @@ main.cf: items separated by space or comma. There is one difference: clients </a></h3> <p> The smtpd_milter_maps feature supports different Milter settings -for different client IP addresses. Lookup results override the the +for different client IP addresses. Lookup results override the global smtpd_milters setting, and have the same syntax. For example, to disable Milter settings for local address ranges: </p> diff --git a/proto/MONGODB_README.html b/proto/MONGODB_README.html new file mode 100644 index 0000000..f5e1d5f --- /dev/null +++ b/proto/MONGODB_README.html @@ -0,0 +1,263 @@ +<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Postfix MongoDB Howto</title> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +</head> +<body> +<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix MongoDB Howto</h1> +<hr> + +<h2>MongoDB Support in Postfix</h2> + +<p> Postfix can use MongoDB as a source for any of its lookups: +aliases(5), virtual(5), canonical(5), etc. This allows you to keep +information for your mail service in a replicated noSQL database +with fine-grained access controls. By not storing it locally on the +mail server, the administrators can maintain it from anywhere, and +the users can control whatever bits of it you think appropriate. +You can have multiple mail servers using the same information, +without the hassle and delay of having to copy it to each. </p> + +<p> Topics covered in this document:</p> + +<ul> +<li><a href="#build">Building Postfix with MongoDB support</a> +<li><a href="#config">Configuring MongoDB lookups</a> +<li><a href="#example_virtual">Example: virtual alias maps</a> +<li><a href="#example_mailing_list">Example: Mailing lists</a> +<li><a href="#example_projections">Example: MongoDB projections</a> +<li><a href="#feedback">Feedback</a> +<li><a href="#credits">Credits</a> +</ul> + +<h2><a name="build">Building Postfix with MongoDB support</a></h2> + +<p>These instructions assume that you build Postfix from source +code as described in the INSTALL document. Some modification may +be required if you build Postfix from a vendor-specific source +package. </p> + +<p>The Postfix MongoDB client requires the <b>mongo-c-driver</b> +library. This can be built from source code from <a +href="https://github.com/mongodb/mongo-c-driver/releases">the +mongod-c project</a>, or this can be installed as a binary package +from your OS distribution, typically named <b>mongo-c-driver</b>, +<b>mongo-c-driver-devel</b> or <b>libmongoc-dev</b>. +Installing the mongo-c-driver library may also install <b>libbson</b> +as a dependency. </p> + +<p> To build Postfix with mongodb map support, add to the CCARGS +environment variable the options -DHAS_MONGODB and -I for the +directory containing the mongodb headers, and specify the AUXLIBS_MONGODB +with the libmongoc and libbson libraries, for example:</p> + +<blockquote> +<pre> +% make tidy +% make -f Makefile.init makefiles \ + CCARGS="$CCARGS -DHAS_MONGODB -I/usr/include/libmongoc-1.0 \ + -I/usr/include/libbson-1.0" \ + AUXLIBS_MONGODB="-lmongoc-1.0 -lbson-1.0" +</pre> +</blockquote> + +<p>The 'make tidy' command is needed only if you have previously +built Postfix without MongoDB support. </p> + +<p>If your MongoDB shared library is in a directory that the RUN-TIME +linker does not know about, add a "-Wl,-R,/path/to/directory" option +after "-lbson-1.0". Then, just run 'make'.</p> + +<h2><a name="config">Configuring MongoDB lookups</a></h2> + +<p> In order to use MongoDB lookups, define a MongoDB source as a +table lookup in main.cf, for example: </p> + +<blockquote> +<pre> +alias_maps = hash:/etc/aliases, proxy:mongodb:/etc/postfix/mongo-aliases.cf +</pre> +</blockquote> + +<p> The file /etc/postfix/mongo-aliases.cf can specify a number of +parameters. For a complete description, see the mongodb_table(5) +manual page. </p> + +<h2><a name="example_virtual">Example: virtual(5) alias maps</a></h2> + +<p> Here's a basic example for using MongoDB to look up virtual(5) +aliases. Assume that in main.cf, you have: </p> + +<blockquote> +<pre> +virtual_alias_maps = hash:/etc/postfix/virtual_aliases, + proxy:mongodb:/etc/postfix/mongo-virtual-aliases.cf +</pre> +</blockquote> + +<p> and in mongodb:/etc/postfix/mongo-virtual-aliases.cf you have: </p> + +<blockquote> +<pre> +uri = mongodb+srv://user_name:password@some_server +dbname = mail +collection = mailbox +query_filter = {"$or": [{"username":"%s"}, {"alias.address": "%s"}], "active": 1} +result_attribute = username +</pre> +</blockquote> + +<p>This example assumes mailbox names are stored in a MongoDB backend, +in a format like:</p> + +<blockquote> +<pre> +{ "username": "user@example.com", + "alias": [ + {"address": "admin@example.com"}, + {"address": "abuse@example.com"} + ], + "active": 1 +} +</pre> +</blockquote> + +<p>Upon receiving mail for "admin@example.com" that isn't found in the +/etc/postfix/virtual_aliases database, Postfix will search the +MongoDB server/cluster listening at port 27017 on some_server. It +will connect using the provided credentials, and search for any +entries whose username is, or alias field has "admin@example.com". +It will return the username attribute of those found, and build a +list of their email addresses. </p> + +<p> Notes: </p> + +<ul> + +<li><p> As with <b>projection</b> (see below), the Postfix mongodb +client automatically removes the top-level '_id' field from a +result_attribute result. </p> </li> + +<li><p> The Postfix mongodb client will only parse result fields +with data types UTF8, INT32, INT64 and ARRAY. Other fields will be +ignored, with a warning in the logs. </p> </li> + +</ul> + +<h2><a name="example_mailing_list">Example: Mailing lists</a></h2> + +<p>When it comes to mailing lists, one way of implementing one would +be as below:</p> + +<blockquote> +<pre> +{ "name": "dev@example.com", "active": 1, "address": + [ "hamid@example.com", "wietse@example.com", "viktor@example.com" ] } +</pre> +</blockquote> + +<p>using the filter below, will result in a comma separated string +with all email addresses in this list. </p> + +<blockquote> +<pre> +query_filter = {"name": "%s", "active": 1} +result_attribute = address +</pre> +</blockquote> + +<p> Notes: </p> + +<ul> + +<li><p> As with <b>projection</b> (see below), the Postfix mongodb +client automatically removes the top-level '_id' field from a +result_attribute result. </p> </li> + +<li><p> The Postfix mongodb client will only parse result fields +with data types UTF8, INT32, INT64 and ARRAY. Other fields will be +ignored, with a warning in the logs. </p> </li> + +</ul> + +<h2><a name="example_projections">Example: advanced projections</a></h2> + +<p>This module also supports the use of more complex MongoDB +projections. There may be some use cases where operations such as +concatenation are necessary to be performed on the data retrieved +from the database. Although it is encouraged to keep the database +design simple enough so this is not necessary, postfix supports the +use of MongoDB projections to achieve the goal. </p> + +<p>Consider the example below:</p> + +<blockquote> +<pre> +{ "username": "user@example.com", + "local_part": "user", + "domain": "example.com", + "alias": [ + {"address": "admin@example.com"}, + {"address": "abuse@example.com"} + ], + "active": 1 +} +</pre> +</blockquote> + +<p>virtual_mailbox_maps can be created using below parameters in a +mongodb:/etc/postfix/mongo-virtual-mailboxes.cf file:</p> + +<blockquote> +<pre> +uri = mongodb+srv://user_name:password@some_server +dbname = mail +collection = mailbox +query_filter = {"$or": [{"username":"%s"}, {"alias.address": "%s"}], "active": 1} +projection = { "mail_path": {"$concat": ["$domain", "/", "$local_part"]} } +</pre> +</blockquote> + +<p>This will return 'example.com/user' path built from the database fields. </p> + +<p>A couple of considerations when using projections:</p> + +<ul> + +<li><p>As with <b>result_attribute</b>, the Postfix mongodb client +automatically removes the top-level '_id' field from a projection +result. </p></li> + +<li><p> The Postfix mongodb client will only parse fields with data +types UTF8, INT32, INT64 and ARRAY. Other fields will be ignored, +with a warning in the logs. It is suggested to exclude any unnecessary +fields when using a projection. </p></li> + +</ul> + +<h2><a name="feedback">Feedback</a></h2> + +<p> If you have questions, send them to postfix-users@postfix.org. +Please include relevant information about your Postfix setup: +MongoDB-related output from postconf, which libraries you built +with, and such. If your question involves your database contents, +please include the applicable bits of some database entries. </p> + +<h2><a name="credits">Credits</a></h2> + +<ul> + +<li> Stephan Ferraro (Aionda GmbH) implemented an early version of the +Postfix MongoDB client. + +<li> Hamid Maadani (Dextrous Technologies, LLC) added support for +projections and %<i>letter</i> interpolation, and added documentation. + +<li> Wietse Venema adopted and restructured the code and documentation. + +</ul> + +</body> + +</html> diff --git a/proto/Makefile.in b/proto/Makefile.in index 511bd44..f02ab14 100644 --- a/proto/Makefile.in +++ b/proto/Makefile.in @@ -19,6 +19,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \ ../html/CONTENT_INSPECTION_README.html \ ../html/DATABASE_README.html ../html/DB_README.html \ ../html/DEBUG_README.html \ + ../html/DEPRECATION_README.html \ ../html/DSN_README.html \ ../html/ETRN_README.html ../html/FILTER_README.html \ ../html/FORWARD_SECRECY_README.html \ @@ -30,6 +31,7 @@ HTML = ../html/ADDRESS_CLASS_README.html \ ../html/LMDB_README.html \ ../html/MEMCACHE_README.html \ ../html/MILTER_README.html \ + ../html/MONGODB_README.html \ ../html/MULTI_INSTANCE_README.html \ ../html/MYSQL_README.html ../html/NFS_README.html \ ../html/OVERVIEW.html \ @@ -68,6 +70,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \ ../README_FILES/DATABASE_README ../README_FILES/DB_README \ ../README_FILES/DEBUG_README \ ../README_FILES/DSN_README \ + ../README_FILES/DEPRECATION_README \ ../README_FILES/ETRN_README ../README_FILES/FILTER_README \ ../README_FILES/FORWARD_SECRECY_README \ ../README_FILES/INSTALL ../README_FILES/IPV6_README \ @@ -78,6 +81,7 @@ README = ../README_FILES/ADDRESS_CLASS_README \ ../README_FILES/LMDB_README \ ../README_FILES/MEMCACHE_README \ ../README_FILES/MILTER_README \ + ../README_FILES/MONGODB_README \ ../README_FILES/MULTI_INSTANCE_README \ ../README_FILES/MYSQL_README ../README_FILES/NFS_README \ ../README_FILES/OVERVIEW \ @@ -198,6 +202,9 @@ clobber: ../html/DEBUG_README.html: DEBUG_README.html $(DETAB) $? | $(POSTLINK) >$@ +../html/DEPRECATION_README.html: DEPRECATION_README.html + $(DETAB) $? | $(POSTLINK) >$@ + ../html/DSN_README.html: DSN_README.html $(DETAB) $? | $(POSTLINK) >$@ @@ -240,6 +247,9 @@ clobber: ../html/MILTER_README.html: MILTER_README.html $(DETAB) $? | $(POSTLINK) >$@ +../html/MONGODB_README.html: MONGODB_README.html + $(DETAB) $? | $(POSTLINK) >$@ + ../html/MULTI_INSTANCE_README.html: MULTI_INSTANCE_README.html $(DETAB) $? | $(POSTLINK) >$@ @@ -381,6 +391,9 @@ clobber: ../README_FILES/DSN_README: DSN_README.html $(DETAB) $? | $(HT2READ) >$@ +../README_FILES/DEPRECATION_README: DEPRECATION_README.html + $(DETAB) $? | $(HT2READ) >$@ + ../README_FILES/ETRN_README: ETRN_README.html $(DETAB) $? | $(HT2READ) >$@ @@ -420,6 +433,9 @@ clobber: ../README_FILES/MILTER_README: MILTER_README.html $(DETAB) $? | $(HT2READ) >$@ +../README_FILES/MONGODB_README: MONGODB_README.html + $(DETAB) $? | $(HT2READ) >$@ + ../README_FILES/MULTI_INSTANCE_README: MULTI_INSTANCE_README.html $(DETAB) $? | $(HT2READ) >$@ diff --git a/proto/POSTSCREEN_README.html b/proto/POSTSCREEN_README.html index eb9c9f5..afd5cd3 100644 --- a/proto/POSTSCREEN_README.html +++ b/proto/POSTSCREEN_README.html @@ -120,7 +120,7 @@ of time to deliver spam before their IP address becomes denylisted. To speed up spam deliveries, zombies make compromises in their SMTP protocol implementation. For example, they speak before their turn, or they ignore responses from SMTP servers and continue sending -mail even when the server tells them to go away. </p> +commands even when the server tells them to go away. </p> <p> postscreen(8) uses a variety of measurements to recognize zombies. First, postscreen(8) determines if the remote SMTP client @@ -159,7 +159,7 @@ overhead for legitimate clients. </p> <h2> <a name="quick">Quick tests before everything else</a> </h2> -<p> Before engaging in SMTP-level tests. postscreen(8) queries a +<p> Before engaging in SMTP-level tests, postscreen(8) queries a number of local deny and allowlists. These tests speed up the handling of known clients. </p> diff --git a/proto/TLS_README.html b/proto/TLS_README.html index a390566..d6fe51b 100644 --- a/proto/TLS_README.html +++ b/proto/TLS_README.html @@ -2266,82 +2266,124 @@ describe the corresponding table syntax: </p> additional attributes are supported at this level. </dd> <dt><b>may</b></dt> <dd><a href="#client_tls_may">Opportunistic TLS</a>. -The optional "ciphers", "exclude" and "protocols" attributes -(available for opportunistic TLS with Postfix ≥ 2.6) override the -"smtp_tls_ciphers", "smtp_tls_exclude_ciphers" and "smtp_tls_protocols" -configuration parameters. At this level and higher, the optional -"servername" attribute (available with Postfix ≥ 3.4) overrides the -global "smtp_tls_servername" parameter, enabling per-destination -configuration of the SNI extension sent to the remote SMTP server. </dd> +The optional "ciphers", "exclude", and "protocols" attributes (available +for opportunistic TLS with Postfix ≥ 2.6) and "connection_reuse" +attribute (Postfix ≥ 3.4) override the "smtp_tls_ciphers", +"smtp_tls_exclude_ciphers", "smtp_tls_protocols", and +"smtp_tls_connection_reuse" configuration parameters. At this level and +higher, the optional "servername" attribute (available with Postfix ≥ +3.4) overrides the global "smtp_tls_servername" parameter, enabling +per-destination configuration of the SNI extension sent to the remote +SMTP server. The optional "enable_rpk" attribute (Postfix ≥ 3.9) +overrides the main.cf smtp_tls_enable_rpk parameter. When opportunistic +TLS handshakes fail, Postfix retries the connection with TLS disabled. +This allows mail delivery to sites with non-interoperable TLS +implementations.</dd> <dt><b>encrypt</b></dt> <dd><a href="#client_tls_encrypt"> Mandatory encryption</a>. -Mail is delivered only if the remote SMTP server offers STARTTLS -and the TLS handshake succeeds. At this level and higher, the optional +Mail is delivered only if the remote SMTP server offers STARTTLS and the +TLS handshake succeeds. At this level and higher, the optional "protocols" attribute overrides the main.cf smtp_tls_mandatory_protocols -parameter, the optional "ciphers" attribute overrides the -main.cf smtp_tls_mandatory_ciphers parameter, and the optional -"exclude" attribute (Postfix ≥ 2.6) overrides the main.cf -smtp_tls_mandatory_exclude_ciphers parameter. </dd> +parameter, the optional "ciphers" attribute overrides the main.cf +smtp_tls_mandatory_ciphers parameter, the optional "exclude" attribute +(Postfix ≥ 2.6) overrides the main.cf +smtp_tls_mandatory_exclude_ciphers parameter, and the optional +"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. The optional "enable_rpk" attribute +(Postfix ≥ 3.9) overrides the main.cf smtp_tls_enable_rpk parameter. +</dd> <dt><b>dane</b></dt> <dd><a href="#client_tls_dane">Opportunistic DANE TLS</a>. The TLS policy for the destination is obtained via TLSA records in -DNSSEC. If no TLSA records are found, the effective security level -used is <a href="#client_tls_may">may</a>. If TLSA records are -found, but none are usable, the effective security level is <a -href="#client_tls_encrypt">encrypt</a>. When usable TLSA records -are obtained for the remote SMTP server, SSLv2+3 are automatically -disabled (see smtp_tls_mandatory_protocols), and the server certificate -must match the TLSA records. RFC 7672 (DANE) TLS authentication -and DNSSEC support is available with Postfix 2.11 and later. </dd> +DNSSEC. If no TLSA records are found, the effective security level used +is <a href="#client_tls_may">may</a>. If TLSA records are found, but +none are usable, the effective security level is <a +href="#client_tls_encrypt">encrypt</a>. When usable TLSA records are +obtained for the remote SMTP server, the server certificate must match +the TLSA records (and the SNI name is unconditionally set to the TLSA +<i>base domain</i>). RFC 7672 (DANE) TLS authentication and DNSSEC +support is available with Postfix 2.11 and later. The optional +"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. When the effective security level +used is <a href="#client_tls_may">may</a>, the optional "ciphers", +"exclude", and "protocols" attributes (Postfix ≥ 2.6) override the +"smtp_tls_ciphers", "smtp_tls_exclude_ciphers", and "smtp_tls_protocols" +configuration parameters. When the effective security level used is <a +href="#client_tls_encrypt">encrypt</a>, the optional "ciphers", +"exclude", and "protocols" attributes (Postfix ≥ 2.6) override the +"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and +"smtp_tls_mandatory_protocols" configuration parameters. </dd> <dt><b>dane-only</b></dt> <dd><a href="#client_tls_dane">Mandatory DANE TLS</a>. The TLS policy for the destination is obtained via TLSA records in -DNSSEC. If no TLSA records are found, or none are usable, no -connection is made to the server. When usable TLSA records are -obtained for the remote SMTP server, SSLv2+3 are automatically disabled -(see smtp_tls_mandatory_protocols), and the server certificate must -match the TLSA records. RFC 7672 (DANE) TLS authentication and -DNSSEC support is available with Postfix 2.11 and later. </dd> +DNSSEC. If no TLSA records are found, or none are usable, no connection +is made to the server. When usable TLSA records are obtained for the +remote SMTP server, the server certificate must match the TLSA records. +RFC 7672 (DANE) TLS authentication and DNSSEC support is available with +Postfix 2.11 and later. The optional "ciphers", "exclude", and +"protocols" attributes (Postfix ≥ 2.6) override the +"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and +"smtp_tls_mandatory_protocols" configuration parameters. The optional +"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. </dd> <dt><b>fingerprint</b></dt> <dd><a href="#client_tls_fprint">Certificate -fingerprint verification.</a> Available with Postfix 2.5 and -later. At this security level, there are no trusted Certification -Authorities. The certificate trust chain, expiration date, ... are -not checked. Instead, the optional <b>match</b> attribute, or else -the main.cf <b>smtp_tls_fingerprint_cert_match</b> parameter, lists -the server certificate fingerprints or public key fingerprints -(Postfix 2.9 and later). The -digest algorithm used to calculate fingerprints is selected by the -<b>smtp_tls_fingerprint_digest</b> parameter. Multiple fingerprints can -be combined with a "|" delimiter in a single match attribute, or multiple -match attributes can be employed. The ":" character is not used as a -delimiter as it occurs between each pair of fingerprint (hexadecimal) -digits. </dd> +fingerprint verification.</a> Available with Postfix 2.5 and later. At +this security level, there are no trusted Certification Authorities. The +certificate trust chain, expiration date, ... are not checked. Instead, +the optional "match" attribute, or else the main.cf +<b>smtp_tls_fingerprint_cert_match</b> parameter, lists the certificate +fingerprints or the public key fingerprints (Postfix 2.9 and later) of +acceptable server certificates. The digest algorithm used to calculate +the fingerprint is selected by the <b>smtp_tls_fingerprint_digest</b> +parameter. Multiple fingerprints can be combined with a "|" delimiter in +a single match attribute, or multiple match attributes can be employed. +The ":" character is not used as a delimiter as it occurs between each +pair of fingerprint (hexadecimal) digits. The optional "ciphers", +"exclude", and "protocols" attributes (Postfix ≥ 2.6) override the +"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and +"smtp_tls_mandatory_protocols" configuration parameters. The optional +"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. The optional "enable_rpk" +attribute (Postfix ≥ 3.9) overrides the main.cf smtp_tls_enable_rpk +parameter. </dd> <dt><b>verify</b></dt> <dd><a href="#client_tls_verify">Mandatory -server certificate verification</a>. Mail is delivered only if the -TLS handshake succeeds, if the remote SMTP server certificate can -be validated (not expired or revoked, and signed by a trusted -Certification Authority), and if the server certificate name matches -the optional "match" attribute (or the main.cf smtp_tls_verify_cert_match -parameter value when no optional "match" attribute is specified). -With Postfix ≥ 2.11 the "tafile" attribute optionally modifies -trust chain verification in the same manner as the -"smtp_tls_trust_anchor_file" parameter. The "tafile" attribute -may be specified multiple times to load multiple trust-anchor -files. </dd> +server certificate verification</a>. Mail is delivered only if the TLS +handshake succeeds, the remote SMTP server certificate chain can be +validated, and a DNS name in the certificate matches the specified match +criteria. At this security level, DNS MX lookups are presumed to be +secure enough, and the name verified in the server certificate is +potentially obtained via unauthenticated DNS MX lookups. The server +certificate name must match either the optional "match" attribute, or +else the main.cf smtp_tls_verify_cert_match parameter value. With +Postfix ≥ 2.11 the "tafile" attribute optionally modifies trust chain +verification in the same manner as the "smtp_tls_trust_anchor_file" +parameter. The "tafile" attribute may be specified multiple times to +load multiple trust-anchor files. The optional "connection_reuse" +attribute (Postfix ≥ 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. </dd> <dt><b>secure</b></dt> <dd><a href="#client_tls_secure">Secure certificate -verification.</a> Mail is delivered only if the TLS handshake succeeds, -and DNS forgery resistant remote SMTP certificate verification succeeds -(not expired or revoked, and signed by a trusted Certification Authority), -and if the server certificate name matches the optional "match" attribute -(or the main.cf smtp_tls_secure_cert_match parameter value when no optional -"match" attribute is specified). With Postfix ≥ 2.11 the "tafile" -attribute optionally modifies trust chain verification in the same manner -as the "smtp_tls_trust_anchor_file" parameter. The "tafile" attribute -may be specified multiple times to load multiple trust-anchor -files. </dd> +verification.</a> +Mail is delivered only if the TLS handshake succeeds, the remote SMTP +server certificate chain can be validated, and a DNS name in the +certificate matches the specified match criteria. At this security +level, DNS MX lookups, though potentially used to determine the +candidate next-hop gateway IP addresses, are <b>not</b> presumed to be +secure enough for TLS peername verification. Instead, the default name +verified in the server certificate is obtained directly from the +next-hop, or is explicitly specified via the optional "match" attribute +which overrides the main.cf smtp_tls_secure_cert_match parameter. The +optional "ciphers", "exclude", and "protocols" attributes (Postfix ≥ +2.6) override the "smtp_tls_mandatory_ciphers", +"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols" +configuration parameters. With Postfix ≥ 2.11 the "tafile" attribute +optionally modifies trust chain verification in the same manner as the +"smtp_tls_trust_anchor_file" parameter. The "tafile" attribute may be +specified multiple times to load multiple trust-anchor files. The +optional "connection_reuse" attribute (Postfix ≥ 3.4) overrides the +main.cf smtp_tls_connection_reuse parameter. </dd> </dl> diff --git a/proto/access b/proto/access index 0fe2a89..a3787a3 100644 --- a/proto/access +++ b/proto/access @@ -52,7 +52,7 @@ # .IP "multi-line text" # A logical line starts with non-whitespace text. A line that # starts with whitespace continues a logical line. -# EMAIL ADDRESS PATTERNS +# EMAIL ADDRESS PATTERNS IN INDEXED TABLES # .ad # .fi # With lookups from indexed files such as DB or DBM, or from networked @@ -85,7 +85,7 @@ # (e.g., \fIuser+foo\fR@\fIdomain\fR), the lookup order becomes: # \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR, \fIdomain\fR, # \fIuser+foo\fR@, and \fIuser\fR@. -# HOST NAME/ADDRESS PATTERNS +# HOST NAME/ADDRESS PATTERNS IN INDEXED TABLES # .ad # .fi # With lookups from indexed files such as DB or DBM, or from networked diff --git a/proto/aliases b/proto/aliases index d2d3f19..f48a00b 100644 --- a/proto/aliases +++ b/proto/aliases @@ -7,9 +7,13 @@ # .fi # \fBnewaliases\fR # DESCRIPTION -# The \fBaliases\fR(5) table provides a system-wide mechanism to -# redirect mail for local recipients. The redirections are -# processed by the Postfix \fBlocal\fR(8) delivery agent. +# The optional \fBaliases\fR(5) table (alias_maps) redirects +# mail for local recipients. The redirections are processed +# by the Postfix \fBlocal\fR(8) delivery agent. +# +# This is unlike \fBvirtual\fR(5) aliasing (virtual_alias_maps) +# which applies to all recipients: local(8), virtual, and remote, +# and which is implemented by the \fBcleanup\fR(8) daemon. # # Normally, the \fBaliases\fR(5) table is specified as a text file # that serves as input to the \fBpostalias\fR(1) command. The @@ -149,7 +153,9 @@ # The alias databases for \fBlocal\fR(8) delivery that are updated with # "\fBnewaliases\fR" or with "\fBsendmail -bi\fR". # .IP "\fBalias_maps (see 'postconf -d' output)\fR" -# The alias databases that are used for \fBlocal\fR(8) delivery. +# Optional lookup tables with aliases that apply only to \fBlocal\fR(8) +# recipients; this is unlike virtual_alias_maps that apply to all +# recipients: \fBlocal\fR(8), virtual, and remote. # .IP "\fBallow_mail_to_commands (alias, forward)\fR" # Restrict \fBlocal\fR(8) mail delivery to external commands. # .IP "\fBallow_mail_to_files (alias, forward)\fR" diff --git a/proto/canonical b/proto/canonical index 6364d3e..5ffc8d1 100644 --- a/proto/canonical +++ b/proto/canonical @@ -207,17 +207,14 @@ # .PP # Other parameters of interest: # .IP "\fBinet_interfaces (all)\fR" -# The network interface addresses that this mail system receives -# mail on. +# The local network interface addresses that this mail system +# receives mail on. # .IP "\fBlocal_header_rewrite_clients (permit_inet_interfaces)\fR" -# Rewrite message header addresses in mail from these clients and -# update incomplete addresses with the domain name in $myorigin or -# $mydomain; either don't rewrite message headers from other clients -# at all, or rewrite message headers and update incomplete addresses -# with the domain specified in the remote_header_rewrite_domain -# parameter. +# Rewrite or add message headers in mail from these clients, +# updating incomplete addresses with the domain name in $myorigin or +# $mydomain, and adding missing headers. # .IP "\fBproxy_interfaces (empty)\fR" -# The network interface addresses that this mail system receives mail +# The remote network interface addresses that this mail system receives mail # on by way of a proxy or network address translation unit. # .IP "\fBmasquerade_classes (envelope_sender, header_sender, header_recipient)\fR" # What addresses are subject to address masquerading. @@ -239,9 +236,10 @@ # \fIlistname\fR-request address localparts when the recipient_delimiter # is set to "-". # .IP "\fBremote_header_rewrite_domain (empty)\fR" -# Don't rewrite message headers from remote clients at all when -# this parameter is empty; otherwise, rewrite message headers and -# append the specified domain name to incomplete addresses. +# Rewrite or add message headers in mail from remote clients if +# the remote_header_rewrite_domain parameter value is non-empty, +# updating incomplete addresses with the domain specified in the +# remote_header_rewrite_domain parameter, and adding missing headers. # SEE ALSO # cleanup(8), canonicalize and enqueue mail # postmap(1), Postfix lookup table manager diff --git a/proto/generic b/proto/generic index fdeb1ea..dc0ad41 100644 --- a/proto/generic +++ b/proto/generic @@ -188,10 +188,10 @@ # .PP # Other parameters of interest: # .IP "\fBinet_interfaces (all)\fR" -# The network interface addresses that this mail system receives -# mail on. +# The local network interface addresses that this mail system +# receives mail on. # .IP "\fBproxy_interfaces (empty)\fR" -# The network interface addresses that this mail system receives mail +# The remote network interface addresses that this mail system receives mail # on by way of a proxy or network address translation unit. # .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" # The list of domains that are delivered via the $local_transport diff --git a/proto/header_checks b/proto/header_checks index 1aa6f5a..9a6b55c 100644 --- a/proto/header_checks +++ b/proto/header_checks @@ -418,34 +418,24 @@ # CONFIGURATION PARAMETERS # .ad # .fi -# .IP \fBbody_checks\fR -# Lookup tables with content filter rules for message body lines. -# These filters see one physical line at a time, in chunks of -# at most \fB$line_length_limit\fR bytes. -# .IP \fBbody_checks_size_limit\fP -# The amount of content per message body segment (attachment) that is -# subjected to \fB$body_checks\fR filtering. -# .IP \fBheader_checks\fR -# .IP "\fBmime_header_checks\fR (default: \fB$header_checks\fR)" -# .IP "\fBnested_header_checks\fR (default: \fB$header_checks\fR)" -# Lookup tables with content filter rules for message header lines: -# respectively, these are applied to the initial message headers -# (not including MIME headers), to the MIME headers anywhere in -# the message, and to the initial headers of attached messages. -# .sp -# Note: these filters see one logical message header at a time, even -# when a message header spans multiple lines. Message headers that -# are longer than \fB$header_size_limit\fR characters are truncated. -# .IP \fBdisable_mime_input_processing\fR -# While receiving mail, give no special treatment to MIME related -# message headers; all text after the initial message headers is -# considered to be part of the message body. This means that -# \fBheader_checks\fR is applied to all the initial message headers, -# and that \fBbody_checks\fR is applied to the remainder of the -# message. -# .sp -# Note: when used in this manner, \fBbody_checks\fR will process -# a multi-line message header one line at a time. +# .IP "\fBbody_checks (empty)\fR" +# Optional lookup tables for content inspection as specified in +# the \fBbody_checks\fR(5) manual page. +# .IP "\fBbody_checks_size_limit (51200)\fR" +# How much text in a message body segment (or attachment, if you +# prefer to use that term) is subjected to body_checks inspection. +# .IP "\fBheader_checks (empty)\fR" +# Optional lookup tables for content inspection of primary non-MIME +# message headers, as specified in the \fBheader_checks\fR(5) manual page. +# .IP "\fBmime_header_checks ($header_checks)\fR" +# Optional lookup tables for content inspection of MIME related +# message headers, as described in the \fBheader_checks\fR(5) manual page. +# .IP "\fBnested_header_checks ($header_checks)\fR" +# Optional lookup tables for content inspection of non-MIME message +# headers in attached messages, as described in the \fBheader_checks\fR(5) +# manual page. +# .IP "\fBdisable_mime_input_processing (no)\fR" +# Turn off MIME processing while receiving mail. # EXAMPLES # .ad # .fi diff --git a/proto/master b/proto/master index 28040b6..67477fd 100644 --- a/proto/master +++ b/proto/master @@ -219,10 +219,16 @@ # .IP \fB-v\fR # Increase the verbose logging level. Specify multiple \fB-v\fR # options to make a Postfix daemon process increasingly verbose. -# .IP "Other command-line arguments" +# .IP "\fBCommand-line arguments that start with {\fR" +# With Postfix 3.0 and later specify "{" and "}" around command +# arguments that start with "{". The outer "{" and "}" are +# removed from the input, together with any leading or trailing +# whitespace. +# .IP "\fBOther command-line arguments\fR" # Specify "{" and "}" around command arguments that contain -# whitespace (Postfix 3.0 and later). Whitespace -# after "{" and before "}" is ignored. +# whitespace (Postfix 3.0 and later). The outer "{" and "}" +# are removed from the input, together with any leading or +# trailing whitespace. # SEE ALSO # master(8), process manager # postconf(5), configuration parameters diff --git a/proto/mongodb_table b/proto/mongodb_table new file mode 100644 index 0000000..81dfc8e --- /dev/null +++ b/proto/mongodb_table @@ -0,0 +1,240 @@ +#++ +# NAME +# mongodb_table 5 +# SUMMARY +# Postfix MongoDB client configuration +# SYNOPSIS +# \fBpostmap -q "\fIstring\fB" mongodb:/etc/postfix/\fIfilename\fR +# +# \fBpostmap -q - mongodb:/etc/postfix/\fIfilename\fB <\fIinputfile\fR +# DESCRIPTION +# The Postfix mail system uses optional tables for address +# rewriting or mail routing. These tables are usually in +# \fBdbm\fR or \fBdb\fR format. +# +# Alternatively, lookup tables can be specified as MongoDB +# databases. In order to use MongoDB lookups, define a MongoDB +# source as a lookup table in main.cf, for example: +# .nf +# alias_maps = mongodb:/etc/postfix/mongodb-aliases.cf +# .fi +# +# In this example, the file /etc/postfix/mongodb-aliases.cf +# has the same format as the Postfix main.cf file, and can +# specify the parameters described below. It is also possible +# to have the configuration in main.cf; see "OBSOLETE MAIN.CF +# PARAMETERS" below. +# +# It is strongly recommended to use proxy:mongodb, in order +# to reduce the number of database connections. For example: +# .nf +# alias_maps = proxy:mongodb:/etc/postfix/mongodb-aliases.cf +# .fi +# +# Note: when using proxy:mongodb:/\fIfile\fR, the file must +# be readable by the unprivileged postfix user (specified +# with the Postfix mail_owner configuration parameter). +# MONGODB PARAMETERS +# .ad +# .fi +# .IP "\fBuri\fR" +# The URI of mongo server/cluster that Postfix will try to +# connect to and query from. Please see +# .nf +# https://www.mongodb.com/docs/manual/reference/connection-string/ +# .fi +# +# Example: +# .nf +# uri = mongodb+srv://user:pass@loclhost:27017/mail +# .fi +# .IP "\fBdbname\fR" +# Name of the database to read the information from. +# Example: +# .nf +# dbname = mail +# .fi +# .IP "\fBcollection\fR" +# Name of the collection (table) to read the information from. +# Example: +# .nf +# collection = mailbox +# .fi +# .IP "\fBquery_filter\fR" +# The MongoDB query template used to search the database, +# where \fB%s\fR is a substitute for the email address that +# Postfix is trying to resolve. Please see: +# .nf +# https://www.mongodb.com/docs/manual/tutorial/query-documents/ +# .fi +# +# Example: +# .nf +# query_filter = {"$or": [{"username": "%s"}, {"alias.address": "%s"}], "active": 1} +# .fi +# +# This parameter supports the following '%' expansions: +# .RS +# .IP "\fB%%\fR" +# This is replaced by a literal '%' character. +# .IP "\fB%s\fR" +# This is replaced by the input key. The %s must appear in +# quotes, because all Postfix queries are strings containing +# (parts from) a domain or email address. Postfix makes no +# numerical queries. +# .IP "\fB%u\fR" +# When the input key is an address of the form user@domain, +# \fB%u\fR is replaced by the local part of the address. +# Otherwise, \fB%u\fR is replaced by the entire search string. +# .IP "\fB%d\fR" +# When the input key is an address of the form user@domain, +# \fB%d\fR is replaced by the domain part of the address. +# .IP "\fB%[1-9]\fR" +# The patterns %1, %2, ... %9 are replaced by the corresponding +# most significant component of the input key's domain. If +# the input key is \fIuser@mail.example.com\fR, then %1 is +# \fBcom\fR, %2 is \fBexample\fR and %3 is \fBmail\fR. +# .RE +# .IP +# In the above substitutions, characters will be quoted as +# required by RFC 4627. For example, each double quote or +# backslash character will be escaped with a backslash +# characacter. +# .IP "\fBprojection\fR" +# Advanced MongoDB query projections. Please see: +# .nf +# https://www.mongodb.com/docs/manual/tutorial/project-fields-from-query-results/ +# .fi +# +# .RS +# .IP \(bu +# If \fBprojection\fR is non-empty, then \fBresult_attribute\fR +# must be empty. +# .IP \(bu +# This implementation can extract information only from result +# fields that have type \fBstring\fR (UTF8), \fBinteger\fR +# (int32, int64) and \fBarray\fR. Other result fields will +# be ignored with a warning. Please see: +# .nf +# https://mongoc.org/libbson/current/bson_type_t.html +# .fi +# .IP \(bu +# As with \fBresult_attribute\fR, the top-level _id field +# (type OID) is automatically removed from projection results. +# .RE +# .IP "\fBresult_attribute\fR" +# Comma or whitespace separated list with the names of fields +# to be returned in a lookup result. +# +# .RS +# .IP \(bu +# If \fBresult_attribute\fR is non-empty, then \fBprojection\fR +# must be empty. +# .IP \(bu +# As with \fBprojection\fR, the top-level _id field (type +# OID) is automatically removed from lookup results. +# .RE +# .IP "\fBresult_format (default: \fB%s\fR)\fR" +# Format template applied to the result from \fBprojection\fR +# or \fBresult_attribute\fR. Most commonly used to append (or +# prepend) text to the result. This parameter supports the +# following '%' expansions: +# .RS +# .IP "\fB%%\fR" +# This is replaced by a literal '%' character. +# .IP "\fB%s\fR" +# This is replaced by the value of the result attribute. When +# result is empty it is skipped. +# .IP "\fB%u\fR +# When the result attribute value is an address of the form +# user@domain, \fB%u\fR is replaced by the local part of the +# address. When the result has an empty localpart it is +# skipped. +# .IP "\fB%d\fR" +# When a result attribute value is an address of the form +# user@domain, \fB%d\fR is replaced by the domain part of the +# attribute value. When the result is unqualified it is +# skipped. +# .IP "\fB%[SUD1-9]\fR" +# The upper-case and decimal digit expansions interpolate the +# parts of the input key rather than the result. Their behavior +# is identical to that described with \fBquery_filter\fR, and +# in fact because the input key is known in advance, lookups +# whose key does not contain all the information specified +# in the result template are suppressed and return no results. +# .RE +# .IP +# For example, using "result_format = smtp:[%s]" allows one +# to use a mailHost attribute as the basis of a transport(5) +# table. After applying the result format, multiple values +# are concatenated as comma separated strings. The expansion_limit +# parameter explained below allows one to restrict the number +# of values in the result, which is especially useful for +# maps that should return a single value. +# +# The default value \fB%s\fR specifies that each +# attribute value should be used as is. +# +# NOTE: DO NOT put quotes around the result format! The result +# is not a JSON string. +# .IP "\fBdomain (default: no domain list)\fR" +# This is a list of domain names, paths to files, or "type:table" +# databases. When specified, only fully qualified search keys +# with a *non-empty* localpart and a matching domain are +# eligible for lookup: 'user' lookups, bare domain lookups +# and "@domain" lookups are not performed. This can significantly +# reduce the query load on the backend database. Example: +# .nf +# domain = postfix.org, hash:/etc/postfix/searchdomains +# .fi +# .IP "\fBexpansion_limit (default: 0)\fR" +# A limit on the total number of result elements returned (as +# a comma separated list) by a lookup against the map. A +# setting of zero disables the limit. Lookups fail with a +# temporary error if the limit is exceeded. Setting the limit +# to 1 ensures that lookups do not return multiple values. +# OBSOLETE MAIN.CF PARAMETERS +# .ad +# .fi +# MongoDB parameters can also be defined in main.cf. Specify +# as MongoDB source a name that doesn't begin with a slash +# or a dot. The MongoDB parameters will then be accessible +# as the name you've given the source in its definition, an +# underscore, and the name of the parameter. For example, if +# a map is specified as "mongodb:\fImongodb_source\fR", the +# "uri" parameter would be defined in main.cf as +# "\fImongodb_source\fR_uri". +# +# Note: with this form, passwords are written in main.cf, +# which is normally world-readable, and '$' in a mongodb +# parameter setting needs to be written as '$$'. +# SEE ALSO +# postmap(1), Postfix lookup table maintenance +# postconf(5), configuration parameters +# README FILES +# .ad +# .fi +# Use "\fBpostconf readme_directory\fR" or "\fBpostconf +# html_directory\fR" to locate this information. +# .na +# .nf +# DATABASE_README, Postfix lookup table overview +# MONGODB_README, Postfix MONGODB client guide +# LICENSE +# .ad +# .fi +# The Secure Mailer license must be distributed with this software. +# HISTORY +# MongoDB support was introduced with Postfix version 3.9. +# AUTHOR(S) +# Hamid Maadani (hamid@dexo.tech) +# Dextrous Technologies, LLC +# +# Edited by: +# Wietse Venema +# porcupine.org +# +# Based on prior work by: +# Stephan Ferraro +# Aionda GmbH +#-- diff --git a/proto/mysql_table b/proto/mysql_table index a018e58..31e626f 100644 --- a/proto/mysql_table +++ b/proto/mysql_table @@ -79,6 +79,24 @@ # .nf # dbname = customer_database # .fi +# .IP "\fBcharset (default: utf8mb4)\fR" +# The default MySQL client character set; this also implies +# the collation order. +# +# This parameter is available with Postfix 3.9 and later. +# With earlier Postfix versions, the default was chosen by +# the MySQL implementation (\fButf8mb4\fR as of MySQL 8.0, +# \fBlatin1\fR historically). +# .IP "\fBidle_interval (default: 60)\fR" +# The number of seconds after which an idle database connection +# will be closed. +# +# This feature is available in Postfix 3.9 and later. +# .IP "\fBretry_interval (default: 60)\fR" +# The number of seconds that a database connection will be +# skipped after an error. +# +# This feature is available in Postfix 3.9 and later. # .IP "\fBquery\fR" # The SQL query template used to search the database, where \fB%s\fR # is a substitute for the address Postfix is trying to resolve, diff --git a/proto/pcre_table b/proto/pcre_table index 0f58c2b..e4c6607 100644 --- a/proto/pcre_table +++ b/proto/pcre_table @@ -190,9 +190,14 @@ # # Postfix parses the result as if it is a file in /etc/postfix. # -# Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep -# Postfix from trying to do \fI$name\fR expansion as it -# evaluates a parameter value. +# Note: if an inlined rule contains \fB$\fR, specify \fB$$\fR +# to keep Postfix from trying to do \fI$name\fR expansion as +# it evaluates a parameter value. +# +# Note: when using \fI$name\fR inside an inlined pattern, use +# \eQ\fI$name\fR\eE to disable metacharacters such as '.' in +# the \fI$name\fR expansion. Otherwise, the pattern may have +# unexpected matches. # EXAMPLE SMTPD ACCESS MAP # # Protect your outgoing majordomo exploders # /^(?!owner-)(.*)-outgoing@(.*)/ 550 Use ${1}@${2} instead diff --git a/proto/pgsql_table b/proto/pgsql_table index 0a2897a..b4364fb 100644 --- a/proto/pgsql_table +++ b/proto/pgsql_table @@ -80,10 +80,21 @@ # .nf # encoding = UTF8 # .fi +# # Historically, the database client was hard coded to use # LATIN1 in an attempt to disable multibyte character support. # # This feature is available in Postfix 3.8 and later. +# .IP "\fBidle_interval (default: 60)\fR" +# The number of seconds after which an idle database connection +# will be closed. +# +# This feature is available in Postfix 3.9 and later. +# .IP "\fBretry_interval (default: 60)\fR" +# The number of seconds that a database connection will be +# skipped after an error. +# +# This feature is available in Postfix 3.9 and later. # .IP "\fBquery\fR" # The SQL query template used to search the database, where \fB%s\fR # is a substitute for the address Postfix is trying to resolve, diff --git a/proto/postconf.proto b/proto/postconf.proto index f52f37f..d13719b 100644 --- a/proto/postconf.proto +++ b/proto/postconf.proto @@ -489,8 +489,14 @@ alias_database = hash:/etc/mail/aliases %PARAM alias_maps see "postconf -d" output <p> -The alias databases that are used for local(8) delivery. See -aliases(5) for syntax details. +Optional lookup tables with aliases that apply only to local(8) +recipients; this is unlike virtual_alias_maps that apply to all +recipients: local(8), virtual, and remote. +The table format and lookups are documented in aliases(5). For an +overview of Postfix address manipulations see the ADDRESS_REWRITING_README +document. </p> + +<p> Specify zero or more "type:name" lookup tables, separated by whitespace or comma. Tables will be searched in the specified order until a match is found. @@ -1315,19 +1321,30 @@ name of the message delivery transport. <p> The default mail delivery transport and next-hop destination for -destinations that do not match $mydestination, $inet_interfaces, +the default domain class: recipient domains that do not match +$mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, -or $relay_domains. This information can be overruled with the -sender_dependent_default_transport_maps parameter and with the -transport(5) table. </p> +or $relay_domains. This information will not be used when +sender_dependent_default_transport_maps returns a result, and may +be overridden with the transport(5) table. </p> -<p> -In order of decreasing precedence, the nexthop destination is taken -from $sender_dependent_default_transport_maps, $default_transport, -$sender_dependent_relayhost_maps, $relayhost, or from the recipient -domain. +<p> For recipient domains in the default domain class: <p> + +<ul> + +<li> <p> In order of decreasing precedence, the delivery transport +is taken from 1) $transport_maps, 2) +$sender_dependent_default_transport_maps or $default_transport. </p> +<li> <p> In order of decreasing precedence, the nexthop destination +is taken from 1) $transport_maps, 2) +$sender_dependent_default_transport_maps or $default_transport, 3) +$sender_dependent_relayhost_maps or $relayhost or the recipient +domain. </p> + +</ul> + <p> Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> is the name of a mail delivery transport defined in master.cf. @@ -1766,7 +1783,7 @@ forward_expansion_filter parameter. </p> <dd>The address extension delimiter that was found in the recipient address (Postfix 2.11 and later), or the 'first' delimiter specified with the system-wide recipient address extension delimiter (Postfix -3.5.22, 3.5.12, 3.7.8, 3.8.3 and later). Historically, this was +3.5.22, 3.6.12, 3.7.8, 3.8.3 and later). Historically, this was always the system-wide recipient address extension delimiter (Postfix 2.10 and earlier). </dd> @@ -1999,12 +2016,17 @@ Specify 0 to disable the feature. Valid delays are 0..10. %PARAM inet_interfaces all -<p> The local network interface addresses that this mail system receives -mail on. Specify "all" to receive mail on all network -interfaces (default), and "loopback-only" to receive mail -on loopback network interfaces only (Postfix version 2.2 and later). The -parameter also controls delivery of mail to <tt>user@[ip.address]</tt>. -</p> +<p> The local network interface addresses that this mail system +receives mail on. Specify "all" to receive mail on all network +interfaces (default), "loopback-only" to receive mail on loopback +network interfaces only (Postfix version 2.2 and later), or zero +or more IPv4 or IPv6 addresses (IPv6 is supported in Postfix version +2.2 and later). The parameter also controls whether Postfix will +accept mail for <tt>user@[ip.address]</tt>, and prevents Postfix +from delivering mail to a host that has equal or larger MX preference. +Specify an empty value if Postfix does not receive mail over the +network, or if all network listeners have an explicit IP address +in master.cf. </p> <p> Note 1: you need to stop and start Postfix when this parameter changes. @@ -2013,22 +2035,44 @@ Note 1: you need to stop and start Postfix when this parameter changes. <p> Note 2: address information may be enclosed inside <tt>[]</tt>, but this form is not required here. </p> -<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address -that is not a loopback address, the Postfix SMTP client will use -this address as the IP source address for outbound mail. Support -for IPv6 is available in Postfix version 2.2 and later. </p> +<p> When smtp_bind_address and/or smtp_bind_address6 are not +specified, the inet_interfaces setting may constrain the source IP +address for an outbound SMTP or LMTP connection as described below. +</p> -<p> -On a multi-homed firewall with separate Postfix instances listening on the -"inside" and "outside" interfaces, this can prevent each instance from -being able to reach remote SMTP servers on the "other side" of the -firewall. Setting -smtp_bind_address to 0.0.0.0 avoids the potential problem for -IPv4, and setting smtp_bind_address6 to :: solves the problem -for IPv6. </p> +<p> The following text is specific to SMTP and IPv4. The same +reasoning applies to the IPv6 protocol, and to the Postfix LMTP +client. To disable IPv4 or IPv6 support in the Postfix SMTP and +LMTP client, use inet_protocols. </p> + +<ul> + +<li> <p> When inet_interfaces specifies one IPv4 address, and that +is not a loopback address, the Postfix SMTP client uses that as the +source address for outbound IPv4 connections. </p> + +<li> <p> Otherwise, the Postfix SMTP client does not constrain the +source IPv4 address, and connects using a system-chosen source IPv4 +address. This includes the cases where inet_interfaces is empty, +where it specifies <b>all</b>, or where it contains no IPv4 address, +one IPv4 address that is a loopback address, or multiple IPv4 +addresses. </p> + +</ul> + +<p> A Postfix SMTP client may fail to reach some remote SMTP servers +when the client source IP address is constrained explicitly with +smtp_bind_address or smtp_bind_address6, or implicitly with +inet_interfaces. This can happen when Postfix runs on a multi-homed +system such as a firewall, the Postfix SMTP source client IP address +is constrained to one specific network interface, and the remote +SMTP server must be reached through a different interface. Setting +smtp_bind_address to 0.0.0.0 avoids the potential problem for IPv4, +and setting smtp_bind_address6 to :: solves the problem for IPv6. +</p> <p> -A better solution for multi-homed firewalls is to leave inet_interfaces +A better solution for multi-homed systems is to leave inet_interfaces at the default value and instead use explicit IP addresses in the master.cf SMTP server definitions. This preserves the Postfix SMTP client's @@ -2056,7 +2100,7 @@ inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) inet_interfaces = 192.168.1.2, 127.0.0.1 </pre> -%PARAM inet_protocols see 'postconf -d output' +%PARAM inet_protocols see 'postconf -d' output <p> The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" @@ -2427,8 +2471,8 @@ until a match is found. <p> If this parameter is non-empty (the default), then the Postfix SMTP -server will reject mail for unknown local users. -</p> +server will reject mail for unknown local users. Other Postfix +interfaces may still accept an "unknown" recipient. </p> <p> To turn off local recipient checking in the Postfix SMTP server, @@ -2689,6 +2733,11 @@ and later.</dd> <dd>The domain part of the recipient address. </dd> +<dt><b>ENVID</b></dt> + +<dd>The optional RFC 3461 envelope ID. Available in Postfix version +3.9 and later</dd> + <dt><b>EXTENSION</b></dt> <dd>The optional address extension. </dd> @@ -3849,13 +3898,31 @@ This feature is available in Postfix 2.0 and later. %PARAM relayhost <p> -The next-hop destination(s) for non-local mail; overrides non-local -domains in recipient addresses. This information is overruled with -relay_transport, sender_dependent_default_transport_maps, -default_transport, sender_dependent_relayhost_maps -and with the transport(5) table. +The next-hop destination(s) for non-local mail; takes precedence +over non-local domains in recipient addresses. This information +will not be used when the sender matches $sender_dependent_relayhost_maps. </p> +<p> In order of decreasing precedence: </p> + +<ul> + +<li> <p> For recipient domains in the relay domain address class +(domains matching $relay_domains), the nexthop destination is taken +from 1) $transport_maps, 2) $relay_transport, 3) +$sender_dependent_relayhost_maps or $relayhost or the recipient +domain. <p> + +<li> <p> For recipient domains in the default domain address class +(domains that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains), the nexthop destination is taken from 1) +$transport_maps, 2) $sender_dependent_default_transport_maps or +$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost +or the recipient domain. </p> + +</ul> + <p> On an intranet, specify the organizational domain name. If your internal DNS uses no MX records, specify the name of the intranet @@ -3863,11 +3930,12 @@ gateway host instead. </p> <p> -In the case of SMTP or LMTP delivery, specify one or more destinations -in the form of a domain name, hostname, hostname:port, [hostname]:port, -[hostaddress] or [hostaddress]:port, separated by comma or whitespace. -The form [hostname] turns off MX lookups. Multiple destinations are -supported in Postfix 3.5 and later. +In the case of SMTP delivery, specify one or more destinations in +the form of a domain name, hostname, hostname:service, [hostname]:service, +[hostaddress] or [hostaddress]:service, separated by comma or whitespace. +The form [hostname] turns off MX or SRV lookups. Multiple destinations +are supported in Postfix 3.5 and later. Each destination is tried +in the specified order. </p> <p> @@ -4628,6 +4696,9 @@ If no username:password entry is found, then the Postfix SMTP client will not attempt to authenticate to the remote host. </p> +<p> Use smtp_sasl_password_result_delimiter to specify an +alternative separator between username and password. </p> + <p> The Postfix SMTP client opens the lookup table before going to chroot jail, so you can leave the password file in /etc/postfix. @@ -4639,6 +4710,19 @@ whitespace or comma. Tables will be searched in the specified order until a match is found. </p> +%PARAM lmtp_sasl_password_result_delimiter : + +<p> The LMTP-specific version of the smtp_sasl_password_result_delimiter +configuration parameter. See there for details. </p> + +%PARAM smtp_sasl_password_result_delimiter : + +<p> The delimiter between username and password in sasl_passwd_maps lookup +results. Specify one non-whitespace character that does not appear in +the username. </p> + +<p> This feature is available in Postfix ≥ 3.9. </p> + %PARAM smtp_sasl_security_options noplaintext, noanonymous <p> Postfix SMTP client SASL security options; as of Postfix 2.3 @@ -5219,9 +5303,8 @@ pubkey_fingerprint } } </dd> <dt><b><a name="check_client_access">check_client_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> -<dd>Search the specified access database for the client hostname, -parent domains, client IP address, or networks obtained by stripping -least significant octets. See the access(5) manual page for details. </dd> +<dd>Search the specified access database for the client hostname +or IP address. See the access(5) manual page for details. </dd> <dt><b><a name="check_client_a_access">check_client_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> @@ -5252,8 +5335,7 @@ available in Postfix 2.7 and later. </dd> <dt><b><a name="check_reverse_client_hostname_access">check_reverse_client_hostname_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> <dd>Search the specified access database for the unverified reverse -client hostname, parent domains, client IP address, or networks -obtained by stripping least significant octets. See the access(5) +client hostname or IP address. See the access(5) manual page for details. Note: a result of "OK" is not allowed for safety reasons. Instead, use DUNNO in order to exclude specific hosts from denylists. This feature is available in Postfix 2.6 @@ -5726,8 +5808,8 @@ received with the ETRN command. <dt><b><a name="check_etrn_access">check_etrn_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> -<dd>Search the specified access database for the ETRN domain name -or its parent domains. See the access(5) manual page for details. +<dd>Search the specified access database for the ETRN domain name. +See the access(5) manual page for details. </dd> </dl> @@ -5842,7 +5924,7 @@ received with the HELO or EHLO command. <dt><b><a name="check_helo_access">check_helo_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> <dd>Search the specified access(5) database for the HELO or EHLO -hostname or parent domains, and execute the corresponding action. +hostname, and execute the corresponding action. Note: specify "smtpd_helo_required = yes" to fully enforce this restriction (without "smtpd_helo_required = yes", a client can simply skip check_helo_access by not sending HELO or EHLO). </dd> @@ -6137,8 +6219,7 @@ that is received with the RCPT TO command. <dt><b><a name="check_recipient_access">check_recipient_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> <dd>Search the specified access(5) database for the resolved RCPT -TO address, domain, parent domains, or localpart@, and execute the -corresponding action. </dd> +TO address, and execute the corresponding action. </dd> <dt><b><a name="check_recipient_a_access">check_recipient_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> @@ -6388,7 +6469,7 @@ The same restrictions are available as documented under smtpd_recipient_restrictions. </p> -<p> This feature is available in Postix 2.10 and later. </p> +<p> This feature is available in Postfix 2.10 and later. </p> %CLASS sasl-auth SASL Authentication @@ -6652,8 +6733,7 @@ received with the MAIL FROM command. <dt><b><a name="check_sender_access">check_sender_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> <dd>Search the specified access(5) database for the MAIL FROM -address, domain, parent domains, or localpart@, and execute the -corresponding action. </dd> +address, and execute the corresponding action. </dd> <dt><b><a name="check_sender_a_access">check_sender_a_access</a> <i><a href="DATABASE_README.html">type:table</a></i></b></dt> @@ -6967,7 +7047,14 @@ while accessing the Postfix main.cf configuration file. <p> Optional lookup tables with mappings from recipient address to (message delivery transport, next-hop destination). See transport(5) -for details. +for syntax details. +</p> + +<p> This information may override the message delivery transport +and/or next-hop destination that are specified with $local_transport, +$virtual_transport, $relay_transport, $default_transport, +$sender_dependent_relayhost_maps, $relayhost, +$sender_dependent_default_transport_maps, or the recipient domain. </p> <p> @@ -7224,8 +7311,10 @@ This feature is available in Postfix 2.1 and later. %PARAM virtual_alias_maps $virtual_maps <p> -Optional lookup tables that alias specific mail addresses or domains -to other local or remote addresses. The table format and lookups +Optional lookup tables with aliases that apply to all recipients: +local(8), virtual, and remote; this is unlike alias_maps that apply +only to local(8) recipients. +The table format and lookups are documented in virtual(5). For an overview of Postfix address manipulations see the ADDRESS_REWRITING_README document. </p> @@ -8457,13 +8546,24 @@ configure or operate a specific Postfix subsystem or feature. <p> The default mail delivery transport and next-hop destination for -remote delivery to domains listed with $relay_domains. In order of -decreasing precedence, the nexthop destination is taken from -$relay_transport, $sender_dependent_relayhost_maps, $relayhost, or -from the recipient domain. This information can be overruled with -the transport(5) table. +the relay domain address class: recipient domains that match +$relay_domains. </p> + +<p> For recipient domains in the relay domain address class: </p> + +<ul> + +<li> <p> In order of decreasing precedence, the message delivery +transport is taken from 1) $transport_maps, 2) $relay_transport. </p> +<li> <p> In order of decreasing precedence, the nexthop destination +is taken from 1) $transport_maps, 2) $relay_transport, 3) +$sender_dependent_relayhost_maps or $relayhost or the recipient +domain. </p> + +</ul> + <p> Specify a string of the form <i>transport:nexthop</i>, where <i>transport</i> is the name of a mail delivery transport defined in master.cf. @@ -9698,7 +9798,9 @@ if client certificate verification is not required. With Postfix 2.8 and earlier, log the summary message, peer certificate summary information and unconditionally log trust-chain verification errors. </dd> -<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> +<dt> </dt> <dd> 2 Also enable verbose logging in the Postfix TLS +library, log session cache operations, and enable OpenSSL logging +of the progress of the SSL handshake. </dd> <dt> </dt> <dd> 3 Also log hexadecimal and ASCII dump of TLS negotiation process. </dd> @@ -9733,6 +9835,9 @@ but do not require that clients use TLS encryption. </p> STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead. </p> + <p> This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead. </p> @@ -9749,6 +9854,9 @@ server. This option is therefore off by default. </p> STARTTLS due to insufficient privileges to access the server private key. This is intended behavior. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +smtpd_tls_security_level instead. </p> + <p> This feature is available in Postfix 2.2 and later. With Postfix 2.3 and later use smtpd_tls_security_level instead. </p> @@ -10179,7 +10287,9 @@ verification errors if server certificate verification is not required. With Postfix 2.8 and earlier, log the summary message and unconditionally log trust-chain verification errors. </dd> -<dt> </dt> <dd> 2 Also log levels during TLS negotiation. </dd> +<dt> </dt> <dd> 2 Also enable verbose logging in the Postfix TLS +library, log session cache operations, and enable OpenSSL logging +of the progress of the SSL handshake. </dd> <dt> </dt> <dd> 3 Also log the hexadecimal and ASCII dump of the TLS negotiation process. </dd> @@ -10330,11 +10440,13 @@ lookup key, and overrides the global smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername settings. </dd> <dt> MAY </dt> <dd> Try to use TLS if the server announces support, -otherwise use an unencrypted connection. This has less precedence +otherwise use an unencrypted connection; after a failed TLS handshake +or TLS session, fall back to plaintext if the message has spent +minimal_backoff_time in the mail queue. This level has less precedence than a more specific result (including <b>NONE</b>) from the alternate host or next-hop lookup key, and has less precedence than the more specific global "smtp_enforce_tls = yes" or "smtp_tls_enforce_peername -= yes". </dd> += yes". </dd> <dt> MUST_NOPEERMATCH </dt> <dd> Require TLS encryption, but do not require that the remote SMTP server hostname matches the information @@ -10703,9 +10815,28 @@ is placed into the Postfix configuration directory. </p> setting. The tables are searched by the envelope sender address and @domain. A lookup result of DUNNO terminates the search without overriding the global relayhost parameter setting (Postfix 2.6 and -later). This information is overruled with relay_transport, -sender_dependent_default_transport_maps, default_transport and with -the transport(5) table. </p> +later). </p> + +<p> In order of decreasing precedence: </p> + +<ul> + +<li> <p> For recipient domains in the relay domain address class +(domains matching $relay_domains), the nexthop destination is taken +from 1) $transport_maps, 2) $relay_transport, 3) +$sender_dependent_relayhost_maps or $relayhost or the recipient +domain. </p> + +<li> <p> For recipient domains in the default domain address class +(domains that do not match mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +$relay_domains), the nexthop destination is taken from 1) +$transport_maps, 2) $sender_dependent_default_transport_maps or +$default_transport, 3) $sender_dependent_relayhost_maps or $relayhost +or the recipient domain. </p> + +</ul> + <p> Specify zero or more "type:name" lookup tables, separated by @@ -10868,6 +10999,9 @@ configuration parameter. See there for details. </p> <p> The LMTP-specific version of the smtp_tls_per_site configuration parameter. See there for details. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_policy_maps instead. </p> + <p> This feature is available in Postfix 2.3 and later. </p> %PARAM lmtp_generic_maps @@ -10973,6 +11107,9 @@ configuration parameter. See there for details. </p> <p> The LMTP-specific version of the smtp_use_tls configuration parameter. See there for details. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead. </p> + <p> This feature is available in Postfix 2.3 and later. </p> %PARAM lmtp_enforce_tls no @@ -10980,6 +11117,9 @@ parameter. See there for details. </p> <p> The LMTP-specific version of the smtp_enforce_tls configuration parameter. See there for details. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +lmtp_tls_security_level instead. </p> + <p> This feature is available in Postfix 2.3 and later. </p> %PARAM lmtp_tls_security_level @@ -11350,28 +11490,35 @@ security are: </p> <dd>Opportunistic TLS. Since sending in the clear is acceptable, demanding stronger than default TLS security merely reduces interoperability. The optional "ciphers", "exclude", and "protocols" -attributes (available for opportunistic TLS with Postfix ≥ 2.6) -and "connection_reuse" attribute (Postfix ≥ 3.4) override the +attributes (available for opportunistic TLS with Postfix ≥ 2.6) and +"connection_reuse" attribute (Postfix ≥ 3.4) override the "smtp_tls_ciphers", "smtp_tls_exclude_ciphers", "smtp_tls_protocols", -and -"smtp_tls_connection_reuse" configuration parameters. In the policy table, -multiple ciphers, protocols or excluded ciphers must be separated by colons, -as attribute values may not contain whitespace or commas. When opportunistic -TLS handshakes fail, Postfix retries the connection with TLS disabled. -This allows mail delivery to sites with non-interoperable TLS -implementations.</dd> +and "smtp_tls_connection_reuse" configuration parameters. In the policy +table, multiple ciphers, protocols or excluded ciphers must be separated +by colons, as attribute values may not contain whitespace or commas. At +this level and higher, the optional "servername" attribute (available +with Postfix ≥ 3.4) overrides the global "smtp_tls_servername" +parameter, enabling per-destination configuration of the SNI extension +sent to the remote SMTP server. The optional "enable_rpk" attribute +(Postfix ≥ 3.9) overrides the main.cf smtp_tls_enable_rpk parameter. +When opportunistic TLS handshakes fail, Postfix retries the connection +with TLS disabled. This allows mail delivery to sites with +non-interoperable TLS implementations.</dd> <dt><b><a href="TLS_README.html#client_tls_encrypt">encrypt</a></b></dt> -<dd>Mandatory TLS encryption. At this level -and higher, the optional "protocols" attribute overrides the main.cf +<dd>Mandatory TLS encryption. Mail is delivered only if the remote SMTP +server offers STARTTLS and the TLS handshake succeeds. At this level and +higher, the optional "protocols" attribute overrides the main.cf smtp_tls_mandatory_protocols parameter, the optional "ciphers" attribute -overrides the main.cf smtp_tls_mandatory_ciphers parameter, the -optional "exclude" attribute (Postfix ≥ 2.6) overrides the main.cf +overrides the main.cf smtp_tls_mandatory_ciphers parameter, the optional +"exclude" attribute (Postfix ≥ 2.6) overrides the main.cf smtp_tls_mandatory_exclude_ciphers parameter, and the optional -"connection_reuse" attribute (Postfix ≥ 3.4) overrides the -main.cf smtp_tls_connection_reuse parameter. In the policy table, -multiple ciphers, protocols or excluded ciphers must be separated by colons, -as attribute values may not contain whitespace or commas. </dd> +"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf +smtp_tls_connection_reuse parameter. In the policy table, multiple +ciphers, protocols or excluded ciphers must be separated by colons, as +attribute values may not contain whitespace or commas. The optional +"enable_rpk" attribute (Postfix ≥ 3.9) overrides the main.cf +smtp_tls_enable_rpk parameter. </dd> <dt><b><a href="TLS_README.html#client_tls_dane">dane</a></b></dt> <dd>Opportunistic DANE TLS. The TLS policy for the destination is @@ -11416,10 +11563,10 @@ configuration parameters. The optional "connection_reuse" attribute verification. Available with Postfix 2.5 and later. At this security level, there are no trusted Certification Authorities. The certificate trust chain, expiration date, ... are not checked. Instead, -the optional "match" attribute, or else the main.cf +the optional policy table "match" attribute, or else the main.cf <b>smtp_tls_fingerprint_cert_match</b> parameter, lists the certificate -fingerprints or the public key fingerprint (Postfix 2.9 and later) -of the valid server certificate. The digest +fingerprints or the public key fingerprints (Postfix 2.9 and later) +of acceptable server certificates. The digest algorithm used to calculate the fingerprint is selected by the <b>smtp_tls_fingerprint_digest</b> parameter. Multiple fingerprints can be combined with a "|" delimiter in a single match attribute, or multiple @@ -11430,45 +11577,58 @@ digits. The optional "ciphers", "exclude", and "protocols" attributes "smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols" configuration parameters. The optional "connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf smtp_tls_connection_reuse -parameter. </dd> +parameter. The optional "enable_rpk" attribute (Postfix ≥ 3.9) +overrides the main.cf smtp_tls_enable_rpk parameter. </dd> <dt><b><a href="TLS_README.html#client_tls_verify">verify</a></b></dt> -<dd>Mandatory TLS verification. At this security -level, DNS MX lookups are trusted to be secure enough, and the name -verified in the server certificate is usually obtained indirectly via -unauthenticated DNS MX lookups. The optional "match" attribute overrides -the main.cf smtp_tls_verify_cert_match parameter. In the policy table, -multiple match patterns and strategies must be separated by colons. -In practice explicit control over matching is more common with the -"secure" policy, described below. The optional "ciphers", "exclude", -and "protocols" attributes (Postfix ≥ 2.6) override the -"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and -"smtp_tls_mandatory_protocols" configuration parameters. The optional -"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf -smtp_tls_connection_reuse parameter. </dd> +<dd>Mandatory TLS verification. Mail is delivered only if the TLS +handshake succeeds, the remote SMTP server certificate chain can be +validated, and a DNS name in the certificate matches the specified match +criteria. At this security level, DNS MX lookups are presumed to be +secure enough, and the name verified in the server certificate is +potentially obtained via unauthenticated DNS MX lookups. The optional +"match" attribute overrides the main.cf smtp_tls_verify_cert_match +parameter. In the policy table, multiple match patterns and strategies +must be separated by colons. In practice explicit control over matching +is more common with the "secure" policy, described below. The optional +"ciphers", "exclude", and "protocols" attributes (Postfix ≥ 2.6) +override the "smtp_tls_mandatory_ciphers", +"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols" +configuration parameters. With Postfix ≥ 2.11 the optional "tafile" +policy table attribute modifies trust chain verification in the same +manner as the "smtp_tls_trust_anchor_file" parameter. The "tafile" +attribute may be specified multiple times to load multiple trust-anchor +files. The optional "connection_reuse" attribute (Postfix ≥ 3.4) +overrides the main.cf smtp_tls_connection_reuse parameter. </dd> <dt><b><a href="TLS_README.html#client_tls_secure">secure</a></b></dt> -<dd>Secure-channel TLS. At this security level, DNS -MX lookups, though potentially used to determine the candidate next-hop -gateway IP addresses, are <b>not</b> trusted to be secure enough for TLS -peername verification. Instead, the default name verified in the server -certificate is obtained directly from the next-hop, or is explicitly -specified via the optional "match" attribute which overrides the -main.cf smtp_tls_secure_cert_match parameter. In the policy table, -multiple match patterns and strategies must be separated by colons. -The match attribute is most useful when multiple domains are supported by -a common server: the policy entries for additional domains specify matching -rules for the primary domain certificate. While transport table overrides -that route the secondary domains to the primary nexthop also allow secure -verification, they risk delivery to the wrong destination when domains -change hands or are re-assigned to new gateways. With the "match" -attribute approach, routing is not perturbed, and mail is deferred if -verification of a new MX host fails. The optional "ciphers", "exclude", -and "protocols" attributes (Postfix ≥ 2.6) override the -"smtp_tls_mandatory_ciphers", "smtp_tls_mandatory_exclude_ciphers", and -"smtp_tls_mandatory_protocols" configuration parameters. The optional -"connection_reuse" attribute (Postfix ≥ 3.4) overrides the main.cf -smtp_tls_connection_reuse parameter. </dd> +<dd>Secure certificate verification. Mail is delivered only if the TLS +handshake succeeds, the remote SMTP server certificate chain can be +validated, and a DNS name in the certificate matches the specified match +criteria. At this security level, DNS MX lookups, though potentially +used to determine the candidate next-hop gateway IP addresses, are +<b>not</b> presumed to be secure enough for TLS peername verification. +Instead, the default name verified in the server certificate is obtained +directly from the next-hop, or is explicitly specified via the optional +"match" attribute which overrides the main.cf smtp_tls_secure_cert_match +parameter. In the policy table, multiple match patterns and strategies +must be separated by colons. The match attribute is most useful when +multiple domains are supported by a common server: the policy entries +for additional domains specify matching rules for the primary domain +certificate. While transport table overrides that route the secondary +domains to the primary nexthop also allow secure verification, they risk +delivery to the wrong destination when domains change hands or are +re-assigned to new gateways. With the "match" attribute approach, +routing is not perturbed, and mail is deferred if verification of a new +MX host fails. The optional "ciphers", "exclude", and "protocols" +attributes (Postfix ≥ 2.6) override the "smtp_tls_mandatory_ciphers", +"smtp_tls_mandatory_exclude_ciphers", and "smtp_tls_mandatory_protocols" +configuration parameters. With Postfix ≥ 2.11 the "tafile" attribute +optionally modifies trust chain verification in the same manner as the +"smtp_tls_trust_anchor_file" parameter. The "tafile" attribute may be +specified multiple times to load multiple trust-anchor files. The +optional "connection_reuse" attribute (Postfix ≥ 3.4) overrides the +main.cf smtp_tls_connection_reuse parameter. </dd> </dl> @@ -11724,7 +11884,7 @@ configuration parameter. See there for details. </p> <p> This feature is available in Postfix 2.3 and later. </p> -%PARAM lmtp_tls_mandatory_protocols see postconf -d output +%PARAM lmtp_tls_mandatory_protocols see 'postconf -d' output <p> The LMTP-specific version of the smtp_tls_mandatory_protocols configuration parameter. See there for details. </p> @@ -11831,7 +11991,9 @@ destinations via smtp_tls_policy_maps. </dd> <dt><b><a href="TLS_README.html#client_tls_may">may</a></b></dt> <dd> Opportunistic TLS. Use TLS if this is supported by the remote -SMTP server, otherwise use plaintext. Since +SMTP server, otherwise use plaintext; after a failed TLS handshake +or TLS session, fall back to plaintext if the message has spent +minimal_backoff_time in the mail queue. Since sending in the clear is acceptable, demanding stronger than default TLS security merely reduces interoperability. The "smtp_tls_ciphers" and "smtp_tls_protocols" (Postfix ≥ 2.6) @@ -12902,7 +13064,7 @@ the hostname and IP address. The logging format is "host[address]:port". <p> This feature is available in Postfix 2.5 and later. </p> -%PARAM smtp_tls_protocols see postconf -d output +%PARAM smtp_tls_protocols see 'postconf -d' output <p> TLS protocols that the Postfix SMTP client will use with opportunistic TLS encryption. In main.cf the values are separated by @@ -12982,7 +13144,7 @@ smtp_tls_protocols = !SSLv2, !SSLv3 <p> This feature is available in Postfix 2.6 and later. </p> -%PARAM smtpd_tls_protocols see postconf -d output +%PARAM smtpd_tls_protocols see 'postconf -d' output <p> TLS protocols accepted by the Postfix SMTP server with opportunistic TLS encryption. If the list is empty, the server supports all available @@ -13048,7 +13210,7 @@ smtpd_tls_protocols = !SSLv2, !SSLv3 <p> This feature is available in Postfix 2.6 and later. </p> -%PARAM lmtp_tls_protocols see postconf -d output +%PARAM lmtp_tls_protocols see 'postconf -d' output <p> The LMTP-specific version of the smtp_tls_protocols configuration parameter. See there for details. </p> @@ -14353,9 +14515,9 @@ receive a 421 response. </p> %PARAM postscreen_greet_ttl 1d -<p> The amount of time that postscreen(8) will use the result from -a successful PREGREET test. During this time, the client IP address -is excluded from this test. The default is relatively short, because +<p> The amount of time that postscreen(8) remembers that a client +IP address passed a PREGREET test, before it is required to pass +that test again. The default is relatively short, because a good client can immediately talk to a real Postfix SMTP server. </p> <p> Specify a non-zero time value (an integral value plus an optional @@ -14813,18 +14975,38 @@ address and @domain. A lookup result of DUNNO terminates the search without overriding the global default_transport parameter setting. This information is overruled with the transport(5) table. </p> -<p> -Specify zero or more "type:name" lookup tables, separated by -whitespace or comma. Tables will be searched in the specified order -until a match is found. +<p> This setting affects only the default domain address class +(recipient domains that do not match $mydestination, $inet_interfaces, +$proxy_interfaces, $virtual_alias_domains, $virtual_mailbox_domains, +or $relay_domains): </p> + +<ul> + +<li> <p> In order of decreasing precedence, the delivery transport +is taken from 1) $transport_maps, 2) +$sender_dependent_default_transport_maps or $default_transport. </p> +<li> <p> In order of decreasing precedence, the nexthop destination +is taken from 1) $transport_maps, 2) +$sender_dependent_default_transport_maps or $default_transport, 3) +$sender_dependent_relayhost_maps or $relayhost or the recipient +domain. </p> + +</ul> + <p> Note: this overrides default_transport, not transport_maps, and therefore the expected syntax is that of default_transport, not the syntax of transport_maps. Specifically, this does not support the transport_maps syntax for null transport, null nexthop, or null email addresses. </p> +<p> +Specify zero or more "type:name" lookup tables, separated by +whitespace or comma. Tables will be searched in the specified order +until a match is found. +</p> + <p> For safety reasons, this feature does not allow $number substitutions in regular expression maps. </p> @@ -14865,13 +15047,38 @@ IPv6 connectivity: </p> <ul> <li> <p> The setting "smtp_address_preference = ipv6" is unsafe. -It can fail to deliver mail when there is an outage that affects -IPv6, while the destination is still reachable over IPv4. </p> +All deliveries will suffer delays during an IPv6 outage, even +while the destination is still reachable over IPv4. Mail may be +stuck in the queue with Postfix versions < 3.3 that do not +implement "smtp_balance_inet_protocols". For similar reasons, the +setting "smtp_address_preference = ipv4" is also unsafe. </p> <li> <p> The setting "smtp_address_preference = any" is safe. With -this, mail will eventually be delivered even if there is an outage +this, and "smtp_balance_inet_protocols = yes" (the default), only +half of deliveries will suffer delays if there is an outage that affects IPv6 or IPv4, as long as it does not affect both. </p> +<li> <p> The setting "smtp_address_preference = ipv4" is not a +solution for remote servers that flag email received over IPv6 as +more 'spammy' (the client IPv6 address has a bad or missing PTR or +AAAA record, bad network neighbors, etc.). Instead, configure Postfix +to receive mail over both IPv4 and IPv6, and to deliver mail over +only IPv4. </p> + +<blockquote> +<pre> +/etc/postfix/main.cf: + inet_protocols = all +</pre> +</blockquote> + +<blockquote> +<pre> +/etc/postfix/master.cf + smtp ...other fields... smtp -o inet_protocols=ipv4 +</pre> +</blockquote> + </ul> <p> This feature is available in Postfix 2.8 and later. </p> @@ -14938,9 +15145,10 @@ defined with the postscreen_dnsbl_sites parameter. </p> <p> Specify a negative value to enable this feature. When a client passes the postscreen_dnsbl_allowlist_threshold without having failed other tests, all pending or disabled tests are flagged as -completed with a time-to-live value equal to postscreen_dnsbl_ttl. -When a test was already completed, its time-to-live value is updated -if it was less than postscreen_dnsbl_ttl. </p> +completed with an expiration time based on the DNS reply TTL. +When a test was already completed, its expiration time is updated +if it was less than the value based on the DNS reply TTL. See +also postscreen_dnsbl_max_ttl and postscreen_dnsbl_min_ttl. </p> <p> This feature is available in Postfix 3.6 and later. </p> @@ -14966,9 +15174,9 @@ built-in SMTP protocol engine. </p> %PARAM postscreen_dnsbl_ttl 1h -<p> The amount of time that postscreen(8) will use the result from -a successful DNS-based reputation test before a client -IP address is required to pass that test again. </p> +<p> The amount of time that postscreen(8) remembers that a client +IP address passed a DNS-based reputation test, before it is required +to pass that test again. </p> <p> Specify a non-zero time value (an integral value plus an optional one-letter suffix that specifies the time unit). Time units: s @@ -14980,9 +15188,9 @@ replaced by postscreen_dnsbl_max_ttl in Postfix 3.1. </p> %PARAM postscreen_dnsbl_min_ttl 60s -<p> The minimum amount of time that postscreen(8) will use the -result from a successful DNS-based reputation test before a -client IP address is required to pass that test again. If the DNS +<p> The minimum amount of time that postscreen(8) remembers that a +client IP address passed a DNS-based reputation test, before it +is required to pass that test again. If the DNS reply specifies a larger TTL value, that value will be used unless it would be larger than postscreen_dnsbl_max_ttl. </p> @@ -14995,9 +15203,9 @@ The default time unit is s (seconds). </p> %PARAM postscreen_dnsbl_max_ttl ${postscreen_dnsbl_ttl?{$postscreen_dnsbl_ttl}:{1}}h -<p> The maximum amount of time that postscreen(8) will use the -result from a successful DNS-based reputation test before a -client IP address is required to pass that test again. If the DNS +<p> The maximum amount of time that postscreen(8) remembers that a +client IP address passed a DNS-based reputation test, before it is +required to pass that test again. If the DNS reply specifies a shorter TTL value, that value will be used unless it would be smaller than postscreen_dnsbl_min_ttl. </p> @@ -15043,9 +15251,9 @@ this test the next time the client connects. </dd> %PARAM postscreen_pipelining_ttl 30d -<p> The amount of time that postscreen(8) will use the result from -a successful "pipelining" SMTP protocol test. During this time, the -client IP address is excluded from this test. The default is +<p> The amount of time that postscreen(8) remembers that a client +IP address passed a "pipelining" SMTP protocol test, before it is +required to pass that test again. The default is long because a good client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. </p> @@ -15140,9 +15348,9 @@ feature. </dd> %PARAM postscreen_non_smtp_command_ttl 30d -<p> The amount of time that postscreen(8) will use the result from -a successful "non_smtp_command" SMTP protocol test. During this -time, the client IP address is excluded from this test. The default +<p> The amount of time that postscreen(8) remembers that a client +IP address passed a "non_smtp_command" SMTP protocol test, before +it is required to pass that test again. The default is long because a client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. </p> @@ -15233,9 +15441,9 @@ this test the next time the client connects. </dd> %PARAM postscreen_bare_newline_ttl 30d -<p> The amount of time that postscreen(8) will use the result from -a successful "bare newline" SMTP protocol test. During this -time, the client IP address is excluded from this test. The default +<p> The amount of time that postscreen(8) remembers that a client +IP address passed a "bare newline" SMTP protocol test, before it +address is required to pass that test again. The default is long because a remote SMTP client must disconnect after it passes the test, before it can talk to a real Postfix SMTP server. </p> @@ -15542,6 +15750,9 @@ for details. </p> require that clients use TLS encryption. See smtpd_enforce_tls for further details. Use tlsproxy_tls_security_level instead. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead. </p> + <p> This feature is available in Postfix 2.8 and later. </p> %PARAM tlsproxy_tls_CAfile $smtpd_tls_CAfile @@ -15616,6 +15827,8 @@ smtpd_tls_dcert_file for further details. </p> should use with non-export EDH ciphers. See smtpd_tls_dh1024_param_file for further details. </p> +<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p> + <p> This feature is available in Postfix 2.8 and later. </p> %PARAM tlsproxy_tls_dh512_param_file $smtpd_tls_dh512_param_file @@ -15668,6 +15881,8 @@ the "tlsproxy_tls_chain_files" parameter. </p> elliptic-curve Diffie-Hellman (EECDH) key exchange. See smtpd_tls_eecdh_grade for further details. </p> +<p> This feature is deprecated as of Postfix 3.9. Do not specify. </p> + <p> This feature is available in Postfix 2.8 and later. </p> %PARAM tlsproxy_tls_exclude_ciphers $smtpd_tls_exclude_ciphers @@ -15772,6 +15987,9 @@ shared by all three services, namely smtpd_tls_session_cache_timeout. </p> but do not require that clients use TLS encryption. See smtpd_use_tls for further details. Use tlsproxy_tls_security_level instead. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_tls_security_level instead. </p> + <p> This feature is available in Postfix 2.8 and later. </p> %PARAM smtpd_reject_footer @@ -17575,6 +17793,9 @@ was previously called tlsproxy_client_level. </p> usage policy by next-hop destination and by remote TLS server hostname. See smtp_tls_per_site for further details. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_policy_maps instead. </p> + <p> This feature is available in Postfix 3.4 and later. </p> %PARAM tlsproxy_client_policy $smtp_tls_policy_maps @@ -17601,6 +17822,9 @@ was previously called tlsproxy_client_policy. </p> support. See smtp_use_tls for further details. Use tlsproxy_client_security_level instead. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead. </p> + <p> This feature is available in Postfix 3.4 and later. </p> %PARAM tlsproxy_client_enforce_tls $smtp_enforce_tls @@ -17609,6 +17833,9 @@ tlsproxy_client_security_level instead. </p> See smtp_enforce_tls for further details. Use tlsproxy_client_security_level instead. </p> +<p> This feature is deprecated as of Postfix 3.9. Specify +tlsproxy_client_security_level instead. </p> + <p> This feature is available in Postfix 3.4 and later. </p> %PARAM smtpd_tls_chain_files @@ -18145,6 +18372,17 @@ default suffix, YYYYMMDD-HHMMSS, allows logs to be rotated frequently. <p> This feature is available in Postfix 3.4 and later. </p> +%PARAM maillog_file_permissions 0600 + +<p> The file access permissions that will be set when the file +$maillog_file is created for the first time, or when the file is +created after an existing file is rotated. Specify one of: <b>0600</b> +(only super-user read/write access), <b>0640</b> (adds 'group' read +access), or <b>0644</b> (also adds 'other' read access). The leading +'0' is optional. </p> + +<p> This feature is available in Postfix 3.9 and later. </p> + %PARAM info_log_address_format external <p> The email address form that will be used in non-debug logging @@ -18495,6 +18733,140 @@ configuration parameter. See there for details. </p> <p> This feature is available in Postfix 3.7 and later. </p> +%PARAM smtpd_tls_enable_rpk no + +<p> Request that remote SMTP clients send an RFC7250 raw public key +instead of an X.509 certificate, when asking for or requiring client +authentication. This feature is ignored when there is no raw public +key support in the local TLS implementation. </p> + +<p> The Postfix SMTP server will log a warning when "smtpd_tls_enable_rpk += yes", but the remote SMTP client sends a certificate, the +certificate's public key fingerprint does not match a check_ccert_access +table, while the certificate fingerprint does match a check_ccert_access +table. The remote SMTP client would lose access when it starts +sending a raw public key instead of a certificate, after its TLS +implementation is updated with raw public key support. </p> + +<p> The Postfix SMTP server always sends a raw public key instead +of a certificate, if solicited by the remote SMTP client and the +local TLS implementation supports raw public keys. If the client +sends a server name indication with an SNI TLS extension, and +tls_server_sni_maps is configured, the server will extract a raw +public key from the indicated certificate. </p> + +<p> Sample commands to compute certificate and public key SHA256 digests: </p> + +<pre> +# SHA256 digest of the first certificate in "cert.pem" +$ openssl x509 -in cert.pem -outform DER | openssl dgst -sha256 -c +</pre> + +<pre> +# SHA256 digest of the SPKI of the first certificate in "cert.pem" +$ openssl x509 -in cert.pem -pubkey -noout | + openssl pkey -pubin -outform DER | openssl dgst -sha256 -c +</pre> + +<pre> +# SHA256 digest of the SPKI of the first private key in "pkey.pem" +$ openssl pkey -in pkey.pem -pubout -outform DER | + openssl dgst -sha256 -c +</pre> + +<p> This feature is available in Postfix 3.9 and later. </p> + +%PARAM tlsproxy_tls_enable_rpk $smtpd_tls_enable_rpk + +<p> Request that remote SMTP clients send an RFC7250 raw public key +instead of an X.509 certificate, when asking or requiring client +authentication. See $smtpd_tls_enable_rpk for details. </p> + +<p> This feature is available in Postfix 3.9 and later. </p> + +%PARAM smtp_tls_enable_rpk no + +<p> Request that remote SMTP servers send an RFC7250 raw public key +instead of an X.509 certificate. This feature and the enable_rpk +policy attribute are ignored when there is no raw public key support +in the local TLS implementation. </p> + +<ul> + +<li> <p> At the "may", "encrypt" and "fingerprint" security levels, +with parameter setting "smtp_tls_enable_rpk = yes" or with "enable_rpk += yes" in a policy entry, the Postfix SMTP client will indicate in +the TLS handshake that it prefers to receive a raw server public +key, but it will still accept a server public key certificate. </p> + +<li> <p> At the "fingerprint" security level, with parameter setting +"smtp_tls_enable_rpk = yes" or with "enable_rpk = yes" in a policy +entry, server authentication based on certificate fingerprints +becomes more fragile. Even if the server private key and certificate +remain unchanged, the remote SMTP server will fail fingerprint +authentication (won't match the configured list of fingerprints) +when it starts sending a raw public key instead of a certificate, +after its TLS implementation is updated with raw public key support. +Therefore, <b>DO NOT</b> enable raw public keys to remote destinations +authenticated by server <b>certificate</b> fingerprints. You should +enable raw public keys only for servers matched via their public +key fingerprint. </p> + +<li> <p> At the "verify" and "secure" security levels, the Postfix +SMTP client always ignores the parameter setting smtp_tls_enable_rpk +or the enable_rpk policy attribute. </p> + +<li> <p> At the opportunistic "dane" security level, the Postfix +SMTP client ignores the parameter setting smtp_tls_enable_rpk or +the enable_rpk policy attribute (but it will respect them when it +falls back to the "may" or "encrypt" level). When all valid TLSA +records specify only server public keys (no certificates) and the +local TLS implementation supports raw public keys, the client will +indicate in the TLS handshake that it prefers to receive a raw +public key, but it will still accept a public key certificate. </p> + +<li> <p> At the mandatory "dane-only" security level, the Postfix +SMTP client always ignores the parameter setting smtp_tls_enable_rpk +or the enable_rpk policy attribute. When all valid TLSA records +specify only server public keys (no certificates) and the local TLS +implementation supports raw public keys, the client will indicate +in the TLS handshake that it prefers to receive a raw public key, +but it will still accept a public key certificate. </p> + +</ul> + +<p>The Postfix SMTP client is always willing to send raw public keys +to servers that solicit them when a client certificate is configured +and the local TLS implementation supports raw public keys. </p> + +<p> Sample commands to compute certificate and public key SHA256 digests: </p> + +<pre> +# SHA256 digest of the first certificate in "cert.pem" +$ openssl x509 -in cert.pem -outform DER | openssl dgst -sha256 -c +</pre> + +<pre> +# SHA256 digest of the SPKI of the first certificate in "cert.pem" +$ openssl x509 -in cert.pem -pubkey -noout | + openssl pkey -pubin -outform DER | openssl dgst -sha256 -c +</pre> + +<pre> +# SHA256 digest of the SPKI of the first private key in "pkey.pem" +$ openssl pkey -in pkey.pem -pubout -outform DER | + openssl dgst -sha256 -c +</pre> + +<p> This feature is available in Postfix 3.9 and later. </p> + +%PARAM lmtp_tls_enable_rpk yes + +<p> The LMTP-specific version of the smtp_tls_enable_rpk +configuration parameter. See there for details. </p> + +<p> This feature is available in Postfix 3.9 and later. </p> + %PARAM use_srv_lookup <p> Enables discovery for the specified service(s) using DNS SRV @@ -18629,8 +19001,7 @@ via the tls_config_file parameter. When empty, or when the selected name is not present in the configuration file, the default application name ("openssl_conf") is used as a fallback. </p> -<p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, -3.6.10, and 3.5.20. </p> +<p> This feature is available in Postfix ≥ 3.9. </p> %PARAM tls_config_file default @@ -18719,7 +19090,7 @@ MinProtocol = TLSv1 <p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 3.6.10, and 3.5.20. </p> -%PARAM smtpd_forbid_bare_newline Postfix < 3.9: no +%PARAM smtpd_forbid_bare_newline Postfix ≥ 3.9: normalize <p> Reject or restrict input lines from an SMTP client that end in <LF> instead of the standard <CR><LF>. Such line @@ -18732,7 +19103,8 @@ SMTP smuggling</a>. </p> <dl compact> -<dt> <b>normalize</b></dt> <dd> Require the standard +<dt> <b>normalize</b> (default for Postfix ≥ 3.9) </dt> +<dd> Require the standard End-of-DATA sequence <CR><LF>.<CR><LF>. Otherwise, allow command or message content lines ending in the non-standard <LF>, and process them as if the client sent the @@ -18744,6 +19116,13 @@ with the standard End-of-DATA sequence <CR><LF>.<CR><LF>. <br> <br> Such clients can be excluded with smtpd_forbid_bare_newline_exclusions. </dd> +<dt> <b>note</b> </dt> <dd> Same as "normalize", but also notes in +the log whether the Postfix SMTP server received any lines with +"bare <LF>". The information is formatted as "<tt>disconnect +from name[address] ... notes=bare_lf</tt>". The notes value is +expected to become a list of comma-separated names. <br> <br> This +feature is available in Postfix 3.9 and later. </dd> + <dt> <b>yes</b> </dt> <dd> Compatibility alias for <b>normalize</b>. </dd> <dt> <b>reject</b> </dt> <dd> Require the standard End-of-DATA @@ -18762,8 +19141,8 @@ of BDAT violations, BDAT can be selectively disabled with smtpd_discard_ehlo_keyword_address_maps, or globally disabled with smtpd_discard_ehlo_keywords). </dd> -<dt> <b>no</b> (default)</dt> <dd> Do not require the standard -End-of-DATA +<dt> <b>no</b> (default for Postfix < 3.9) </dt> +<dd> Do not require the standard End-of-DATA sequence <CR><LF>.<CR><LF>. Always process a bare <LF> as if the client sent <CR><LF>. This option is fully backwards compatible, but is not recommended for @@ -18889,9 +19268,24 @@ implementation-dependent manner. </p> <p> Disconnect remote SMTP clients that violate RFC 2920 (or 5321) command pipelining constraints. The server replies with "554 5.5.0 Error: SMTP protocol synchronization" and logs the unexpected remote -SMTP client input. Specify "smtpd_forbid_unauth_pipelining = yes" -to enable. This feature is enabled by default with Postfix ≥ -3.9. </p> +SMTP client input. This feature is enabled by default with Postfix +≥ 3.9. Specify "smtpd_forbid_unauth_pipelining = no" to disable. +</p> <p> This feature is available in Postfix ≥ 3.9, 3.8.1, 3.7.6, 3.6.10, and 3.5.20. </p> + +%PARAM force_mime_input_conversion no + +<p> Convert body content that claims to be 8-bit into quoted-printable, +before header_checks, body_checks, Milters, and before after-queue +content filters. This feature does not affect messages that are +sent into smtpd_proxy_filter. </p> + +<p> The typical use case is an MTA that applies this conversion +before signing outbound messages, so that the signatures will remain +valid when a message is later delivered to an MTA that does not +announce 8BITMIME support, or when a message line exceeds the SMTP +length limit. </p> + +<p> This feature is available in Postfix ≥ 3.9. </p> diff --git a/proto/regexp_table b/proto/regexp_table index 1c38472..5e8c15f 100644 --- a/proto/regexp_table +++ b/proto/regexp_table @@ -147,9 +147,14 @@ # # Postfix parses the result as if it is a file in /etc/postfix. # -# Note: if a rule contains \fB$\fR, specify \fB$$\fR to keep -# Postfix from trying to do \fI$name\fR expansion as it -# evaluates a parameter value. +# Note: if an inlined rule contains \fB$\fR, specify \fB$$\fR +# to keep Postfix from trying to do \fI$name\fR expansion as +# it evaluates a parameter value. +# +# Note: when using \fI$name\fR inside an inlined pattern, +# this will not disable metacharacters such as '.' in the +# \fI$name\fR expansion. To prevent unexpected matches, use +# a pcre: table, and specify \eQ\fI$name\fR\eE. # EXAMPLE SMTPD ACCESS MAP # # Disallow sender-specified routing. This is a must if you relay mail # # for other domains. diff --git a/proto/relocated b/proto/relocated index a0a54ca..b517b35 100644 --- a/proto/relocated +++ b/proto/relocated @@ -125,8 +125,8 @@ # .PP # Other parameters of interest: # .IP "\fBinet_interfaces (all)\fR" -# The network interface addresses that this mail system receives -# mail on. +# The local network interface addresses that this mail system +# receives mail on. # .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" # The list of domains that are delivered via the $local_transport # mail delivery transport. @@ -134,7 +134,7 @@ # The domain name that locally-posted mail appears to come # from, and that locally posted mail is delivered to. # .IP "\fBproxy_interfaces (empty)\fR" -# The network interface addresses that this mail system receives mail +# The remote network interface addresses that this mail system receives mail # on by way of a proxy or network address translation unit. # SEE ALSO # trivial-rewrite(8), address resolver diff --git a/proto/socketmap_table b/proto/socketmap_table index be01054..52d1f47 100644 --- a/proto/socketmap_table +++ b/proto/socketmap_table @@ -13,7 +13,7 @@ # \fBpostmap -q - socketmap:unix:\fIpathname\fB:\fIname\fB <\fIinputfile\fR # DESCRIPTION # The Postfix mail system uses optional tables for address -# rewriting. mail routing or policy lookup. +# rewriting, mail routing or policy lookup. # # The Postfix socketmap client expects TCP endpoint names of # the form \fBinet:\fIhost\fB:\fIport\fB:\fIname\fR, or @@ -1182,7 +1182,6 @@ Nexthop OP OTIFY OpenSSL's -Postix Pt SECG SSLEAY @@ -1577,3 +1576,37 @@ Korbar ffdhe srv stderr +charset +latin +utf +mb +SPKI +certificate's +pubout +rpk +sni +Amawalk +resychronization +ENVID +netcat +probers +lf +EOD +chunking +allowlists +FWS +mongodb +Aionda +Ferraro +GmbH +Hamid +LLC +Maadani +GTEST +MONGODB +MongoDB +Sakaguchi +Toshifumi +envid +manpages +rr diff --git a/proto/stop.double-cc b/proto/stop.double-cc index 8efd133..bff4534 100644 --- a/proto/stop.double-cc +++ b/proto/stop.double-cc @@ -333,3 +333,5 @@ void void cleanup_milter_receive state count Available in in Postfix version 2 3 3 7 length length of 0 31 0 127 address address string length + whether the standard End of DATA sequence CRLF CRLF is required and + Require CRLF CRLF diff --git a/proto/stop.double-history b/proto/stop.double-history index c1026c8..f6df421 100644 --- a/proto/stop.double-history +++ b/proto/stop.double-history @@ -12,7 +12,6 @@ Fix by Viktor Dukhovni Files tls tls h tls tls_dane c Discovered by Benny Pedersen File postscreen postscreen c proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c - proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c src global mail_params h src smtp smtp c attacks Fix by Viktor Dukhovni Files tls tls h tls_client c @@ -25,18 +24,98 @@ arguments Files src dns dns h src dns dns_rr_eq_sa c only a subset of all arguments Files src dns dns h global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c - global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c tls tls_proxy_client_scan c tls tls_proxy h tlsproxy tlsproxy c smtp smtp c smtpd smtpd c tls tls_misc c - smtp smtp c smtpd smtpd c tls tls_misc c proto proto SASL_README html proto SQLITE_README html proto postconf proto global mail_params h smtp smtp c smtpd smtpd c tls tls_misc c tls tls_proxy_client_misc c tls tls_proxy h tlsproxy tlsproxy c postfix postfix c postlog postlog c - postfix postfix c postlog postlog c util net_mask_top hc smtpd smtpd c smtpd smtpd_peer c util inet_prefix_top hc smtpd smtpd c smtpd smtpd_peer c File smtp smtp h manpage File postscreen postscreen c Files postconf postconf h postconf postconf_dbms c +proto proto ADDRESS_REWRITING_README html + proto postconf proto proto ADDRESS_REWRITING_README html + cleanup cleanup c local local c smtpd smtpd c + postfix postfix c + aliasing Files proto aliases proto virtual postfix postfix c +proto proto aliases proto virtual proto ADDRESS_REWRITING_README html + master master c postlog postlog c postlogd postlogd c + proto postconf proto proto aliases proto virtual + posttls finger posttls finger c smtp smtp c smtp smtp_proto c + tls tls_client c tls tls h tls tls_misc c + tls tls_proxy h tls tls_server c tlsproxy tlsproxy c + Cleanup removed some the the instances Files + clients Files posttls finger posttls finger c smtp smtp c + smtp smtp c smtp smtp_proto c tls tls_client c tls tls h + smtp smtp c smtpd smtpd c tls tls_client c tls tls h + smtp smtp_proto c tls tls h tls tls_proxy_client_misc c + tls tls_server c tlsproxy tlsproxy c + tlsproxy tlsproxy c + proto postconf proto smtp smtp c smtpd smtpd c + pipelining before the server greeting File smtpd smtpd c + before the server greeting File smtpd smtpd c + global mail_params h smtpd smtpd c proto postconf proto + Typo fix by Trent W Buck Files proto postconf proto proto stop + smtp smtp c smtp smtp h smtp smtp_params c smtp smtp_proto c + smtp smtp_tls_policy c smtpd smtpd c smtpd smtpd_check c + tls tls h tls tls_client c tls tls_dane c tls tls_fprint c + reported by Serg File smtp smtp h + smtp lmtp_params c smtp smtp c smtp smtp_params c + plaintext Problem reported by Serg File smtp smtp h + cleanup cleanup c cleanup cleanup_init c proto postconf proto + smtpd smtpd c + proto postconf proto postscreen postscreen c + global maillog_client c master master c smtp smtp c + src postalias postalias c src postmap postmap c + src postalias postalias c src postmap postmap c + src smtpd smtpd c src smtpd smtpd_check c + not proxymap or proxywrite File proxymap proxymap c + still has its all zero SIZE record File postcat postcat c + manpage text File smtp smtp c + manpage text Files smtp smtp c global mail_proto h + File proxymap proxymap c + on process name Files smtp smtp c global mail_proto h + client process name File proxymap proxymap c + available Files local command c local local c + ID if available File pipe pipe c + global smtp_stream h smtpd smtpd c + global smtp_stream c global smtp_stream h smtpd smtpd c + log the helo mail and rcpt information Files smtpd smtpd c + LF LF or LF CR LF before responding This increases + smtpd smtpd c global smtp_stream hc global cleanup_user h + smtpd smtpd c smtpd smtpd_check c + keep reading message content after an unexpected LF LF + forms Files proto postconf proto smtpd smtpd c + CR LF CR CR LF File global smtp_stream c + CR LF CR CR LF There is no smuggling vulnerability + sequence mail systems send CR LF CR CR LF instead + global mail_params h cleanup cleanup c cleanup cleanup_message c + Files smtpd smtpd c proto postconf proto RELEASE_NOTES + stable releases Files global smtp_stream hc smtpd smtpd c + Files global smtp_stream hc smtpd smtpd c + Files smtpd smtpd c proto postconf proto + names Files smtpd smtpd hc + or access control limitations Files smtpd smtpd hc + spam the log with a warning message File tlsmgr tlsmgr c + Cleanup tlsmgr c fix 20240124 File tlsmgr tlsmgr c + MX or SRV records File smtp smtp c + a list of comma separated names Files smtpd smtpd hc + dnsblog dnsblog c postkick postkick c postlock postlock c + postdrop postdrop c postsuper postsuper c sendmail sendmail c + postlogd postlogd c + qmgr qmgr c qmqpd qmqpd c trivial rewrite trivial rewrite c + strategies File smtp smtp c + postconf postconf c postconf postconf_dbms c postconf postconf h + postconf postconf c postconf postconf_unused c + postfix start start fg check reload status Files + Files postconf postconf c postconf postconf_unused c + the commands postfix start start fg check reload or + status Files postconf postconf c postconf postconf_dbms c + postconf postconf h conf postfix script conf post install + postconf postconf c postconf postconf_dbms c + File tlsmgr tlsmgr c + restrictions Files dns dns h dns dns_lookup c dns dns_rr c + systems 6 bytes for LP64 File dns dns h diff --git a/proto/stop.double-install-proto-text b/proto/stop.double-install-proto-text index 338286e..4e3f43d 100644 --- a/proto/stop.double-install-proto-text +++ b/proto/stop.double-install-proto-text @@ -39,3 +39,7 @@ root root you shlib_directory shlib_directory user foo domain user domain domain virtual virtual alias domain anything right hand content does not matter + skipping unexpected LF LF in DATA from +Inbound SMTP smuggling strip extra CR in CR LF CR CR LF +Inbound SMTP smuggling don t strip extra CR in CR LF CR CR LF + CR LF CR CR LF to silence false alarms from test tools diff --git a/proto/stop.double-proto-html b/proto/stop.double-proto-html index c216f95..a4b2332 100644 --- a/proto/stop.double-proto-html +++ b/proto/stop.double-proto-html @@ -42,7 +42,6 @@ dd dd The default algorithm is b sha256 b with Postfix ge 3 6 dd No TLS TLS will not be used unless enabled for specific Dec 4 04 30 09 hostname postfix smtpd 58549 NOQUEUE reject default_transport uucp uucp gateway - different client IP addresses Lookup results override the the global Documentation Documentation is available as README files start with the file done done done done @@ -202,8 +201,6 @@ smtp_tls_mandatory_protocols SSLv2 SSLv3 TLSv1 TLSv1 1 SSLv3 TLSv1 TLSv1 1 TLSv1 2 and TLSv1 3 Starting with T 5 10 20 40 80 160 320 640 1280 1280 T A 5 10 20 40 80 160 320 320 - The and match and literally Without the the - The matches literally Without the the would Therefore 301 0301 0x301 and 0x0301 are all equivalent to The syntax of name value value name value and name value the the backed up domain tld domain This prevents your mail queue @@ -246,3 +243,118 @@ dt dt b name value b Postfix ge 3 0 dt parametername stress something something Other p Note on OpenBSD systems specify dev dev arandom when dev dev urandom user3 example net smtp smtp relay example net submission + virtual_alias_maps hash etc postfix virtual virtual aliasing +system_wide_settings system_wide_settings +ssl_library_settings ssl_library_settings +initial_ssl_settings initial_ssl_settings +postfix_settings postfix_settings +postfix_ssl_settings postfix_ssl_settings +baseline_postfix_settings baseline_postfix_settings + The and match and literally Without the the + The matches literally Without the the would + The example is simplified for educational purposes In reality my patterns list multiple domain names as domain domain + The matches literally Without the the would match any character + The and match and literally Without the the and would be grouping operators + The matches literally Without the the would match any character + pipeline all commands following EHLO for example MAIL RCPT BDAT BDAT MAIL RCPT BDAT without ever having to wait for a server response This means that with BDAT the Postfix SMTP server cannot distinguish between a well behaved client and a + NOTE Postfix 3 6 also introduces support for the level level and other operators to compare compatibility levels With the standard operators etc compatibility level 3 10 would be smaller than 3 9 which is undesirable + Otherwise the benefits of SMTP connection caching are minor it eliminates the latency of the TCP handshake SYN SYN ACK ACK plus the latency of the SMTP initial handshake 220 greeting EHLO command EHLO response With TLS encrypted + Otherwise the benefits of SMTP connection caching are minor it eliminates the latency of the TCP handshake SYN SYN ACK ACK plus the latency of the SMTP initial handshake 220 greeting EHLO command EHLO response With TLS encrypted + 3 Reject the mail by sending a suitable status code back to Postfix Postfix will send the mail back to the sender address + Line 8 NEVER NEVER NEVER use the t command line option here It will mis deliver mail like sending messages from a mailing list back to the mailing list + Line 8 NEVER NEVER NEVER use the t command line option here It will mis deliver mail like sending messages from a mailing list back to the mailing list +Documentation Documentation is available as README files start with the file README_FILES AAAREADME as HTML web pages point your browser to html index html and as UNIX style manual pages + Parameters whose defaults can be specified in this way are listed below See the postconf 5 manpage for a description command nroff man man man5 postconf 5 less + Parameters whose defaults can be specified in this way are listed below See the postconf 5 manpage for a description command nroff man man man5 postconf 5 less +mynetworks mynetworks 127 0 0 0 8 168 100 189 0 28 1 128 fe80 10 2001 240 587 64 +Postfix Postfix can use an LDAP directory as a source for any of its lookups aliases 5 virtual 5 canonical 5 etc This allows you to keep information for your mail service in a replicated network database with fine grained access controls By not + If you re using the libraries from the UM distribution http www umich edu dirsvcs ldap ldap html or OpenLDAP http www openldap org something like this in the top level of your Postfix source tree should work +query_filter mailacceptinggeneralid s maildrop maildrop maildrop +query_filter mailacceptinggeneralid s maildrop maildrop maildrop +query_filter mailacceptinggeneralid s maildrop maildrop maildrop owner cn root dc your dc com +query_filter mailacceptinggeneralid s maildrop maildrop maildrop owner cn root dc your dc com + As of Postfix version 2 0 the Postfix SMTP server rejects mail for unknown recipients in local domains domains that match mydestination or the IP addresses in inet_interfaces or proxy_interfaces with User unknown in local recipient table + Postfix emulates a limited number of Sendmail macros as shown in the table Some macro values depend on whether a recipient is rejected rejected recipients are available on request by the Milter application Different macros are available at + Postfix has TWO sets of mail filters filters that are used for SMTP mail only specified with the smtpd_milters parameter and filters for non SMTP mail specified with the non_smtpd_milters parameter The non SMTP filters are primarily for + etc usr usr bin var var spool and so on This is especially an issue if you executed postfix install see above as an unprivileged user + etc usr usr bin var var spool and so on This is especially an issue if you executed postfix install see above as an unprivileged user + parametername stress something stress something or parametername stress something something Other parameters always evaluate as if the stress value is the empty string + parametername stress something stress something or parametername stress something something Other parameters always evaluate as if the stress value is the empty string + more CPU faster disks and more network bandwidth can deal with larger deferred queues but as a rule of thumb the deferred queue scales to somewhere between 100 000 and 1 000 000 messages with good performance unlikely above that limit + 31 sasldb Accounts are stored stored in a Cyrus SASL Berkeley DB database + assigned to the delivery slots might look like this 12131415 Hmm fine for sneaking in the single recipient mail but how do we sneak in the mail with more than one recipient Say if we have one four recipient mail followed by two two recipient + we see the hundred recipient job can accumulate ten free delivery slots and then we could preempt it and sneak in the ten recipient mail Wait wait wait Could we Aren t we overinflating the original one thousand recipient mail + The truth is that it turns out that it is not really necessary to wait until the jobs counter accumulates all the delivery slots in advance Say we have ten recipient mail followed by two two recipient mails If the preemption happened when enough + Disallowing RFC 822 address syntax example MAIL FROM the dude dude example com + 3 Reject the mail by sending a suitable SMTP status code back to Postfix Postfix passes the status back to the remote SMTP client This way Postfix does not have to send a bounce message + Lines 14 18 Define the list of valid addresses in the the backed up domain tld domain This prevents your mail queue from filling up with undeliverable MAILER DAEMON messages If you can t maintain a list of valid recipients then you must + The syntax of name value value name value and name value is explained at the beginning of the postconf 5 manual page + Use 521 SMTP reply codes Postfix 2 6 and later or 421 Postfix 2 3 2 5 to hang up on clients that that match botnet related RBLs see next bullet or that match selected non RBL restrictions such as SMTP access maps The Postfix SMTP + the next hop destination can have the Postfix specific form name name port name or name port + dt b a name no_unknown_recipient_checks no_unknown_recipient_checks a b dt + dt b a name check_ccert_access check_ccert_access a i a href DATABASE_README html type table a i b dt + dt b a name check_client_access check_client_access a i a href DATABASE_README html type table a i b dt + dt b a name check_client_a_access check_client_a_access a i a href DATABASE_README html type table a i b dt + dt b a name check_client_mx_access check_client_mx_access a i a href DATABASE_README html type table a i b dt + dt b a name check_client_ns_access check_client_ns_access a i a href DATABASE_README html type table a i b dt + dt b a name check_reverse_client_hostname_access check_reverse_client_hostname_access a i a href DATABASE_README html type table a i b dt + dt b a name check_reverse_client_hostname_a_access check_reverse_client_hostname_a_access a i a href DATABASE_README html type table a i b dt + dt b a name check_reverse_client_hostname_mx_access check_reverse_client_hostname_mx_access a i a href DATABASE_README html type table a i b dt + dt b a name check_reverse_client_hostname_ns_access check_reverse_client_hostname_ns_access a i a href DATABASE_README html type table a i b dt + dt b a name check_sasl_access check_sasl_access a i a href DATABASE_README html type table a i b dt + dt b a name permit_sasl_authenticated permit_sasl_authenticated a b dt + dt b a name permit_tls_all_clientcerts permit_tls_all_clientcerts a b dt + dt b a name reject_rbl_client reject_rbl_client i rbl_domain d d d d i a b dt + dt b a name permit_dnswl_client permit_dnswl_client i dnswl_domain d d d d i a b dt + dt b a name reject_rhsbl_client reject_rhsbl_client i rbl_domain d d d d i a b dt + dt b a name permit_rhswl_client permit_rhswl_client i rhswl_domain d d d d i a b dt + dt b a name reject_rhsbl_reverse_client reject_rhsbl_reverse_client i rbl_domain d d d d i a b dt + dt b a name reject_unknown_client_hostname reject_unknown_client_hostname a b with Postfix lt 2 3 reject_unknown_client dt + dt b a name reject_unknown_reverse_client_hostname reject_unknown_reverse_client_hostname a b dt + dt b a name reject_unknown_forward_client_hostname reject_unknown_forward_client_hostname a b dt + dt b a name check_policy_service check_policy_service i servername i a b dt + dt b a name reject_multi_recipient_bounce reject_multi_recipient_bounce a b dt + dt b a name check_etrn_access check_etrn_access a i a href DATABASE_README html type table a i b dt + dt b a name check_helo_access check_helo_access a i a href DATABASE_README html type table a i b dt + dt b a name check_helo_a_access check_helo_a_access a i a href DATABASE_README html type table a i b dt + dt b a name check_helo_mx_access check_helo_mx_access a i a href DATABASE_README html type table a i b dt + dt b a name check_helo_ns_access check_helo_ns_access a i a href DATABASE_README html type table a i b dt + dt b a name reject_invalid_helo_hostname reject_invalid_helo_hostname a b with Postfix lt 2 3 reject_invalid_hostname dt + dt b a name reject_non_fqdn_helo_hostname reject_non_fqdn_helo_hostname a b with Postfix lt 2 3 reject_non_fqdn_hostname dt + dt b a name reject_rhsbl_helo reject_rhsbl_helo i rbl_domain d d d d i a b dt + dt b a name reject_unknown_helo_hostname reject_unknown_helo_hostname a b with Postfix lt 2 3 reject_unknown_hostname dt + dt b a name check_recipient_access check_recipient_access a i a href DATABASE_README html type table a i b dt + dt b a name check_recipient_a_access check_recipient_a_access a i a href DATABASE_README html type table a i b dt + dt b a name check_recipient_mx_access check_recipient_mx_access a i a href DATABASE_README html type table a i b dt + dt b a name check_recipient_ns_access check_recipient_ns_access a i a href DATABASE_README html type table a i b dt + dt b a name reject_non_fqdn_recipient reject_non_fqdn_recipient a b dt + dt b a name reject_rhsbl_recipient reject_rhsbl_recipient i rbl_domain d d d d i a b dt + dt b a name reject_unauth_destination reject_unauth_destination a b dt + dt b a name reject_unknown_recipient_domain reject_unknown_recipient_domain a b dt + dt b a name reject_unlisted_recipient reject_unlisted_recipient a b with Postfix version 2 0 check_recipient_maps dt + dt b a name reject_unverified_recipient reject_unverified_recipient a b dt + dt b a name check_sender_access check_sender_access a i a href DATABASE_README html type table a i b dt + dt b a name check_sender_a_access check_sender_a_access a i a href DATABASE_README html type table a i b dt + dt b a name check_sender_mx_access check_sender_mx_access a i a href DATABASE_README html type table a i b dt + dt b a name check_sender_ns_access check_sender_ns_access a i a href DATABASE_README html type table a i b dt + dt b a name reject_authenticated_sender_login_mismatch reject_authenticated_sender_login_mismatch a b dt + dt b a name reject_known_sender_login_mismatch reject_known_sender_login_mismatch a b dt + dt b a name reject_rhsbl_sender reject_rhsbl_sender i rbl_domain d d d d i a b dt + dt b a name reject_sender_login_mismatch reject_sender_login_mismatch a b dt + dt b a name reject_unauthenticated_sender_login_mismatch reject_unauthenticated_sender_login_mismatch a b dt + dt b a name reject_unknown_sender_domain reject_unknown_sender_domain a b dt + dt b a name check_address_map check_address_map a i a href DATABASE_README html type table a i b dt + PARAM postscreen_dnsbl_max_ttl postscreen_dnsbl_ttl postscreen_dnsbl_ttl 1 h +standard lt CR gt lt LF gt br br This maintains compatibility + lt CR gt lt LF gt lt CR gt lt LF gt br br Such clients + smtpd_forbid_bare_newline_reject_code br br This will reject + br br This will also reject some email from Microsoft services +2045 Sections 2 7 and 2 8 br br Such clients can be excluded + br br This will also reject email from services that use BDAT +RFC 2045 Sections 2 7 and 2 8 br br Such clients can be +to become a list of comma separated names br br This feature +the form of a domain name hostname hostname service hostname service +expected to become a list of comma separated names br br This +Postfix Postfix can use MongoDB as a source for any of its lookups aliases 5 virtual 5 canonical 5 etc This allows you to keep information for your mail service in a replicated noSQL database with fine grained access controls By not storing it + CCARGS CCARGS DHAS_MONGODB I usr include libmongoc 1 0 + dt dt dd 2 Also enable verbose logging in the Postfix TLS diff --git a/proto/stop.spell-cc b/proto/stop.spell-cc index 3da6690..097c7ac 100644 --- a/proto/stop.spell-cc +++ b/proto/stop.spell-cc @@ -1386,7 +1386,6 @@ th tha thash THASH -theadsafe threadsafe thusly timecmp @@ -1443,7 +1442,7 @@ tv txn TXT Typechecking -TYPECONNSTRING +TYPECONNSTR typedef typedefs TYPEINET @@ -1801,3 +1800,42 @@ bitcount bytecount ipproto cw +uncreate +MFLAGS +CRED +RPK +RPKs +SPKI +peerpkey +rpk +ep +inlined +stringz +Sarvepalli +uXXXX +Aionda +Ferraro +GmbH +Hamid +LLC +Maadani +MongoDB +PRId +bson +dexo +hamid +itoa +libmongoc +mongdb +mongo +mongodb +mongodbconf +Dextrous +Mongo +SUD +qtype +depr +dfhHnopqvx +fhHoqvx +foqvx +ILP diff --git a/proto/stop.spell-history b/proto/stop.spell-history index 096da09..6b009ed 100644 --- a/proto/stop.spell-history +++ b/proto/stop.spell-history @@ -56,3 +56,23 @@ Valgrind Florian Piekert refactored +Fumiyasu +SATOH +INI +Serg +Kinzler +smtpstone +spammy +Birta +Levente +MariaDB +dehtml +NONPROD +LC +Philosof +MONGODB +Refactored +Vijay +Sakaguchi +Toshifumi +mxonly diff --git a/proto/stop.spell-proto-html b/proto/stop.spell-proto-html index 1912240..79c1ce5 100644 --- a/proto/stop.spell-proto-html +++ b/proto/stop.spell-proto-html @@ -357,3 +357,20 @@ kDHE srv wraptls api +MinProtocol +spammy +concat +hamid +ina +lbson +libbson +libmobgo +libmongoc +lmongoc +mongo +mongod +noSQL +srv +viktor +MONGODB +MongoDB diff --git a/proto/virtual b/proto/virtual index 6e32881..e1935f0 100644 --- a/proto/virtual +++ b/proto/virtual @@ -10,13 +10,14 @@ # # \fBpostmap -q - /etc/postfix/virtual <\fIinputfile\fR # DESCRIPTION -# The optional \fBvirtual\fR(5) alias table rewrites recipient -# addresses for all local, all virtual, and all remote mail -# destinations. -# This is unlike the \fBaliases\fR(5) table which is used -# only for \fBlocal\fR(8) delivery. This feature is implemented +# The optional \fBvirtual\fR(5) alias table (virtual_alias_maps) +# applies to all recipients: local(8), virtual, and remote. +# This feature is implemented # in the Postfix \fBcleanup\fR(8) daemon before mail is queued. # +# This is unlike the \fBaliases\fR(5) table (alias_maps) which +# applies only to \fBlocal\fR(8) recipients. +# # Virtual aliasing is recursive; to terminate recursion for # a specific address, alias that address to itself. # @@ -244,8 +245,9 @@ # and for default values. Use the "\fBpostfix reload\fR" command after # a configuration change. # .IP "\fBvirtual_alias_maps ($virtual_maps)\fR" -# Optional lookup tables that alias specific mail addresses or domains -# to other local or remote addresses. +# Optional lookup tables with aliases that apply to all recipients: +# \fBlocal\fR(8), virtual, and remote; this is unlike alias_maps that apply +# only to \fBlocal\fR(8) recipients. # .IP "\fBvirtual_alias_domains ($virtual_alias_maps)\fR" # Postfix is the final destination for the specified list of virtual # alias domains, that is, domains for which all addresses are aliased @@ -256,8 +258,8 @@ # .PP # Other parameters of interest: # .IP "\fBinet_interfaces (all)\fR" -# The network interface addresses that this mail system receives -# mail on. +# The local network interface addresses that this mail system +# receives mail on. # .IP "\fBmydestination ($myhostname, localhost.$mydomain, localhost)\fR" # The list of domains that are delivered via the $local_transport # mail delivery transport. @@ -270,7 +272,7 @@ # \fIlistname\fR-request address localparts when the recipient_delimiter # is set to "-". # .IP "\fBproxy_interfaces (empty)\fR" -# The network interface addresses that this mail system receives mail +# The remote network interface addresses that this mail system receives mail # on by way of a proxy or network address translation unit. # SEE ALSO # cleanup(8), canonicalize and enqueue mail |