1 /* $NetBSD: smtp.c,v 1.15 2026/05/09 18:49:20 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* smtp, lmtp 8 6 /* SUMMARY 7 /* Postfix SMTP+LMTP client 8 /* SYNOPSIS 9 /* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX] 10 /* 11 /* \fBlmtp\fR [generic Postfix daemon options] [flags=DORX] 12 /* DESCRIPTION 13 /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail 14 /* delivery protocols. It processes message delivery requests from 15 /* the queue manager. Each request specifies a queue file, a sender 16 /* address, a domain or host to deliver to, and recipient information. 17 /* This program expects to be run from the \fBmaster\fR(8) process 18 /* manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls 19 /* the protocol, and the names of the configuration parameters 20 /* that will be used. 21 /* 22 /* The SMTP+LMTP client updates the queue file and marks recipients 23 /* as finished, or it informs the queue manager that delivery should 24 /* be tried again at a later time. Delivery status reports are sent 25 /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as 26 /* appropriate. 27 /* 28 /* The server lookup strategy is different for SMTP and LMTP, 29 /* as described in the sections "SMTP SERVER LOOKUP" and "LMTP 30 /* SERVER LOOKUP". 31 /* 32 /* After a successful mail transaction, a connection may be saved 33 /* to the \fBscache\fR(8) connection cache server, so that it 34 /* may be used by any SMTP+LMTP client for a subsequent transaction. 35 /* 36 /* By default, connection caching is enabled temporarily for 37 /* destinations that have a high volume of mail in the active 38 /* queue. Connection caching can be enabled permanently for 39 /* specific destinations. 40 /* SMTP SERVER LOOKUP 41 /* .ad 42 /* .fi 43 /* The Postfix SMTP client supports multiple destinations 44 /* separated by comma or whitespace (Postfix 3.5 and later). 45 /* Each destination is tried in the specified order. 46 /* 47 /* SMTP destinations have the following form: 48 /* .IP \fIdomainname\fR 49 /* .IP \fIdomainname\fR:\fIservice\fR 50 /* Look up the mail exchangers for the specified domain, and 51 /* connect to the specified service (default: \fBsmtp\fR). 52 /* Optionally, mail exchangers may be looked up with SRV queries 53 /* instead of MX; this requires that \fIservice\fR is given 54 /* in symbolic form. 55 /* .IP [\fIhostname\fR] 56 /* .IP [\fIhostname\fR]:\fIservice\fR 57 /* Look up the address(es) for the specified host, and connect to 58 /* the specified service (default: \fBsmtp\fR). 59 /* .IP [\fIaddress\fR] 60 /* .IP [\fIaddress\fR]:\fIservice\fR 61 /* Connect to the host at the specified address, and connect 62 /* to the specified service (default: \fBsmtp\fR). An IPv6 address 63 /* must be formatted as [\fBipv6\fR:\fIaddress\fR]. 64 /* LMTP SERVER LOOKUP 65 /* .ad 66 /* .fi 67 /* The Postfix LMTP client supports multiple destinations 68 /* separated by comma or whitespace (Postfix 3.5 and later). 69 /* Each destination is tried in the specified order. 70 /* 71 /* LMTP destinations have the following form: 72 /* .IP \fBunix\fR:\fIpathname\fR 73 /* Connect to the local UNIX-domain server that is bound to the specified 74 /* \fIpathname\fR. If the process runs chrooted, an absolute pathname 75 /* is interpreted relative to the Postfix queue directory. 76 /* .IP \fBinet\fR:\fIdomainname\fR 77 /* .IP \fBinet\fR:\fIdomainname\fR:\fIservice\fR 78 /* Look up the LMTP servers for the specified domain and service 79 /* (default: \fBlmtp\fR). 80 /* This form is supported when SRV lookups are enabled, and 81 /* requires that \fIservice\fR is in symbolic form. 82 /* .IP \fBinet\fR:\fIhostname\fR 83 /* .IP \fBinet\fR:\fIhostname\fR:\fIservice\fR 84 /* Look up the address(es) for the specified host, and connect to 85 /* the specified service (default: \fBlmtp\fR). When SRV lookups 86 /* are enabled, use the form \fB[\fIhostname\fB]\fR to force 87 /* address lookups. 88 /* .IP \fBinet\fR:[\fIaddress\fR] 89 /* .IP \fBinet\fR:[\fIaddress\fR]:\fIservice\fR 90 /* Connect to the specified local or remote host and service 91 /* (default: \fBlmtp\fR). 92 /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. 93 /* SINGLE-RECIPIENT DELIVERY 94 /* .ad 95 /* .fi 96 /* By default, the Postfix SMTP+LMTP client delivers mail to 97 /* multiple recipients per delivery request. This is undesirable 98 /* when prepending a \fBDelivered-to:\fR or \fBX-Original-To:\fR 99 /* message header. To prevent Postfix from sending multiple 100 /* recipients per delivery request, specify 101 /* .sp 102 /* .nf 103 /* \fItransport\fB_destination_recipient_limit = 1\fR 104 /* .fi 105 /* 106 /* in the Postfix \fBmain.cf\fR file, where \fItransport\fR 107 /* is the name in the first column of the Postfix \fBmaster.cf\fR 108 /* entry for this mail delivery service. 109 /* COMMAND ATTRIBUTE SYNTAX 110 /* .ad 111 /* .fi 112 /* .IP "\fBflags=DORX\fR (optional)" 113 /* Optional message processing flags. 114 /* .RS 115 /* .IP \fBD\fR 116 /* Prepend a "\fBDelivered-To: \fIrecipient\fR" message header 117 /* with the envelope recipient address. Note: for this to work, 118 /* the \fItransport\fB_destination_recipient_limit\fR must be 119 /* 1 (see SINGLE-RECIPIENT DELIVERY above for details). 120 /* .sp 121 /* The \fBD\fR flag also enforces loop detection: if a message 122 /* already contains a \fBDelivered-To:\fR header with the same 123 /* recipient address, then the message is returned as 124 /* undeliverable. The address comparison is case insensitive. 125 /* .sp 126 /* This feature is available as of Postfix 3.5. 127 /* .IP \fBO\fR 128 /* Prepend an "\fBX-Original-To: \fIrecipient\fR" message 129 /* header with the recipient address as given to Postfix. Note: 130 /* for this to work, the 131 /* \fItransport\fB_destination_recipient_limit\fR must be 1 132 /* (see SINGLE-RECIPIENT DELIVERY above for details). 133 /* .sp 134 /* This feature is available as of Postfix 3.5. 135 /* .IP \fBR\fR 136 /* Prepend a "\fBReturn-Path: <\fIsender\fB>\fR" message header 137 /* with the envelope sender address. 138 /* .sp 139 /* This feature is available as of Postfix 3.5. 140 /* .IP \fBX\fR 141 /* Indicates that the delivery is final. This flag affects 142 /* the status reported in "success" DSN (delivery status 143 /* notification) messages, and changes it from "relayed" into 144 /* "delivered". 145 /* .sp 146 /* This feature is available as of Postfix 3.5. 147 /* .RE 148 /* SECURITY 149 /* .ad 150 /* .fi 151 /* The SMTP+LMTP client is moderately security-sensitive. It 152 /* talks to SMTP or LMTP servers and to DNS servers on the 153 /* network. The SMTP+LMTP client can be run chrooted at fixed 154 /* low privilege. 155 /* STANDARDS 156 /* RFC 821 (SMTP protocol) 157 /* RFC 822 (ARPA Internet Text Messages) 158 /* RFC 1651 (SMTP service extensions) 159 /* RFC 1652 (8bit-MIME transport) 160 /* RFC 1870 (Message Size Declaration) 161 /* RFC 2033 (LMTP protocol) 162 /* RFC 2034 (SMTP Enhanced Error Codes) 163 /* RFC 2045 (MIME: Format of Internet Message Bodies) 164 /* RFC 2046 (MIME: Media Types) 165 /* RFC 2554 (AUTH command) 166 /* RFC 2821 (SMTP protocol) 167 /* RFC 2782 (SRV resource records) 168 /* RFC 2920 (SMTP Pipelining) 169 /* RFC 3207 (STARTTLS command) 170 /* RFC 3461 (SMTP DSN Extension) 171 /* RFC 3463 (Enhanced Status Codes) 172 /* RFC 4954 (AUTH command) 173 /* RFC 5321 (SMTP protocol) 174 /* RFC 6531 (Internationalized SMTP) 175 /* RFC 6533 (Internationalized Delivery Status Notifications) 176 /* RFC 7672 (SMTP security via opportunistic DANE TLS) 177 /* RFC 8689 (SMTP REQUIRETLS extension, TLS-Required header) 178 /* DIAGNOSTICS 179 /* Problems and transactions are logged to \fBsyslogd\fR(8) 180 /* or \fBpostlogd\fR(8). 181 /* Corrupted message files are marked so that the queue manager can 182 /* move them to the \fBcorrupt\fR queue for further inspection. 183 /* 184 /* Depending on the setting of the \fBnotify_classes\fR parameter, 185 /* the postmaster is notified of bounces, protocol problems, and of 186 /* other trouble. 187 /* BUGS 188 /* SMTP and LMTP connection reuse for TLS (without closing the 189 /* SMTP or LMTP connection) is not supported before Postfix 3.4. 190 /* 191 /* SMTP and LMTP connection reuse assumes that SASL credentials 192 /* are valid for all destinations that map onto the same IP 193 /* address and TCP port. 194 /* CONFIGURATION PARAMETERS 195 /* .ad 196 /* .fi 197 /* Postfix versions 2.3 and later implement the SMTP and LMTP 198 /* client with the same program, and choose the protocol and 199 /* configuration parameters based on the process name, \fBsmtp\fR 200 /* or \fBlmtp\fR. 201 /* 202 /* Most smtp_\fIxxx\fR configuration parameters have an 203 /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP 204 /* feature. This document describes only those LMTP-related 205 /* parameters that aren't simply "mirror" parameters. 206 /* 207 /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) 208 /* processes run for only a limited amount of time. Use the command 209 /* "\fBpostfix reload\fR" to speed up a change. 210 /* 211 /* The text below provides only a parameter summary. See 212 /* \fBpostconf\fR(5) for more details including examples. 213 /* COMPATIBILITY CONTROLS 214 /* .ad 215 /* .fi 216 /* .IP "\fBignore_mx_lookup_error (no)\fR" 217 /* Ignore DNS MX lookups that produce no response. 218 /* .IP "\fBsmtp_always_send_ehlo (yes)\fR" 219 /* Always send EHLO at the start of an SMTP session. 220 /* .IP "\fBsmtp_never_send_ehlo (no)\fR" 221 /* Never send EHLO at the start of an SMTP session. 222 /* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" 223 /* Defer mail delivery when no MX record resolves to an IP address. 224 /* .IP "\fBsmtp_line_length_limit (998)\fR" 225 /* The maximal length of message header and body lines that Postfix 226 /* will send via SMTP. 227 /* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" 228 /* How long the Postfix SMTP client pauses before sending 229 /* ".<CR><LF>" in order to work around the PIX firewall 230 /* "<CR><LF>.<CR><LF>" bug. 231 /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" 232 /* How long a message must be queued before the Postfix SMTP client 233 /* turns on the PIX firewall "<CR><LF>.<CR><LF>" 234 /* bug workaround for delivery through firewalls with "smtp fixup" 235 /* mode turned on. 236 /* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" 237 /* A list that specifies zero or more workarounds for CISCO PIX 238 /* firewall bugs. 239 /* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" 240 /* Lookup tables, indexed by the remote SMTP server address, with 241 /* per-destination workarounds for CISCO PIX firewall bugs. 242 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" 243 /* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 244 /* as required 245 /* by RFC 5321. 246 /* .IP "\fBsmtp_reply_filter (empty)\fR" 247 /* A mechanism to transform replies from remote SMTP servers one 248 /* line at a time. 249 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR" 250 /* Skip remote SMTP servers that greet with a 5XX status code. 251 /* .IP "\fBsmtp_skip_quit_response (yes)\fR" 252 /* Do not wait for the response to the SMTP QUIT command. 253 /* .PP 254 /* Available in Postfix version 2.0 and earlier: 255 /* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR" 256 /* Skip SMTP servers that greet with a 4XX status code (go away, try 257 /* again later). 258 /* .PP 259 /* Available in Postfix version 2.2 and later: 260 /* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" 261 /* Lookup tables, indexed by the remote SMTP server address, with 262 /* case insensitive lists of EHLO keywords (pipelining, starttls, auth, 263 /* etc.) that the Postfix SMTP client will ignore in the EHLO response from a 264 /* remote SMTP server. 265 /* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" 266 /* A case insensitive list of EHLO keywords (pipelining, starttls, 267 /* auth, etc.) that the Postfix SMTP client will ignore in the EHLO 268 /* response from a remote SMTP server. 269 /* .IP "\fBsmtp_generic_maps (empty)\fR" 270 /* Optional lookup tables that perform address rewriting in the 271 /* Postfix SMTP client, typically to transform a locally valid address into 272 /* a globally valid address when sending mail across the Internet. 273 /* .PP 274 /* Available in Postfix version 2.2.9 and later: 275 /* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" 276 /* When the remote SMTP servername is a DNS CNAME, replace the 277 /* servername with the result from CNAME expansion for the purpose of 278 /* logging, SASL password lookup, TLS 279 /* policy decisions, or TLS certificate verification. 280 /* .PP 281 /* Available in Postfix version 2.3 and later: 282 /* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" 283 /* Lookup tables, indexed by the remote LMTP server address, with 284 /* case insensitive lists of LHLO keywords (pipelining, starttls, 285 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO 286 /* response 287 /* from a remote LMTP server. 288 /* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" 289 /* A case insensitive list of LHLO keywords (pipelining, starttls, 290 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO 291 /* response 292 /* from a remote LMTP server. 293 /* .PP 294 /* Available in Postfix version 2.4.4 and later: 295 /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" 296 /* When authenticating to a remote SMTP or LMTP server with the 297 /* default setting "no", send no SASL authoriZation ID (authzid); send 298 /* only the SASL authentiCation ID (authcid) plus the authcid's password. 299 /* .PP 300 /* Available in Postfix version 2.5 and later: 301 /* .IP "\fBsmtp_header_checks (empty)\fR" 302 /* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. 303 /* .IP "\fBsmtp_mime_header_checks (empty)\fR" 304 /* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP 305 /* client. 306 /* .IP "\fBsmtp_nested_header_checks (empty)\fR" 307 /* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP 308 /* client. 309 /* .IP "\fBsmtp_body_checks (empty)\fR" 310 /* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. 311 /* .PP 312 /* Available in Postfix version 2.6 and later: 313 /* .IP "\fBtcp_windowsize (0)\fR" 314 /* An optional workaround for routers that break TCP window scaling. 315 /* .PP 316 /* Available in Postfix version 2.8 and later: 317 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR" 318 /* DNS Resolver options for the Postfix SMTP client. 319 /* .PP 320 /* Available in Postfix version 2.9 - 3.6: 321 /* .IP "\fBsmtp_per_record_deadline (no)\fR" 322 /* Change the behavior of the smtp_*_timeout time limits, from a 323 /* time limit per read or write system call, to a time limit to send 324 /* or receive a complete record (an SMTP command line, SMTP response 325 /* line, SMTP message content line, or TLS protocol message). 326 /* .PP 327 /* Available in Postfix version 2.9 and later: 328 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" 329 /* Whether or not to append the "AUTH=<>" option to the MAIL 330 /* FROM command in SASL-authenticated SMTP sessions. 331 /* .PP 332 /* Available in Postfix version 2.11 and later: 333 /* .IP "\fBsmtp_dns_support_level (empty)\fR" 334 /* Level of DNS support in the Postfix SMTP client. 335 /* .PP 336 /* Available in Postfix version 3.0 and later: 337 /* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" 338 /* Optional filter for the \fBsmtp\fR(8) delivery agent to change the 339 /* delivery status code or explanatory text of successful or unsuccessful 340 /* deliveries. 341 /* .IP "\fBsmtp_dns_reply_filter (empty)\fR" 342 /* Optional filter for Postfix SMTP client DNS lookup results. 343 /* .PP 344 /* Available in Postfix version 3.3 and later: 345 /* .IP "\fBsmtp_balance_inet_protocols (yes)\fR" 346 /* When a remote destination resolves to a combination of IPv4 and 347 /* IPv6 addresses, ensure that the Postfix SMTP client can try both 348 /* address types before it runs into the smtp_mx_address_limit. 349 /* .PP 350 /* Available in Postfix 3.5 and later: 351 /* .IP "\fBinfo_log_address_format (external)\fR" 352 /* The email address form that will be used in non-debug logging 353 /* (info, warning, etc.). 354 /* .PP 355 /* Available in Postfix 3.6 and later: 356 /* .IP "\fBdnssec_probe (ns:.)\fR" 357 /* The DNS query type (default: "ns") and DNS query name (default: 358 /* ".") that Postfix may use to determine whether DNSSEC validation 359 /* is available. 360 /* .IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR" 361 /* Optional setting that avoids lookups in the \fBservices\fR(5) database. 362 /* .PP 363 /* Available in Postfix version 3.7 and later: 364 /* .IP "\fBsmtp_per_request_deadline (no)\fR" 365 /* Change the behavior of the smtp_*_timeout time limits, from a 366 /* time limit per plaintext or TLS read or write call, to a combined 367 /* time limit for sending a complete SMTP request and for receiving a 368 /* complete SMTP response. 369 /* .IP "\fBsmtp_min_data_rate (500)\fR" 370 /* The minimum plaintext data transfer rate in bytes/second for 371 /* DATA requests, when deadlines are enabled with smtp_per_request_deadline. 372 /* .IP "\fBheader_from_format (standard)\fR" 373 /* The format of the Postfix-generated \fBFrom:\fR header. 374 /* .PP 375 /* Available in Postfix version 3.8 and later: 376 /* .IP "\fBuse_srv_lookup (empty)\fR" 377 /* Enables discovery for the specified service(s) using DNS SRV 378 /* records. 379 /* .IP "\fBignore_srv_lookup_error (no)\fR" 380 /* When SRV record lookup fails, fall back to MX or IP address 381 /* lookup as if SRV record lookup was not enabled. 382 /* .IP "\fBallow_srv_lookup_fallback (no)\fR" 383 /* When SRV record lookup fails or no SRV record exists, fall back 384 /* to MX or IP address lookup as if SRV record lookup was not enabled. 385 /* MIME PROCESSING CONTROLS 386 /* .ad 387 /* .fi 388 /* Available in Postfix version 2.0 and later: 389 /* .IP "\fBdisable_mime_output_conversion (no)\fR" 390 /* Disable the conversion of 8BITMIME format to 7BIT format. 391 /* .IP "\fBmime_boundary_length_limit (2048)\fR" 392 /* The maximal length of MIME multipart boundary strings. 393 /* .IP "\fBmime_nesting_limit (100)\fR" 394 /* The maximal recursion level that the MIME processor will handle. 395 /* EXTERNAL CONTENT INSPECTION CONTROLS 396 /* .ad 397 /* .fi 398 /* Available in Postfix version 2.1 and later: 399 /* .IP "\fBsmtp_send_xforward_command (no)\fR" 400 /* Send the non-standard XFORWARD command when the Postfix SMTP server 401 /* EHLO response announces XFORWARD support. 402 /* SASL AUTHENTICATION CONTROLS 403 /* .ad 404 /* .fi 405 /* .IP "\fBsmtp_sasl_auth_enable (no)\fR" 406 /* Enable SASL authentication in the Postfix SMTP client. 407 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR" 408 /* Optional Postfix SMTP client lookup tables with one username:password 409 /* entry per sender, remote hostname or next-hop domain. 410 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" 411 /* Postfix SMTP client SASL security options; as of Postfix 2.3 412 /* the list of available 413 /* features depends on the SASL client implementation that is selected 414 /* with \fBsmtp_sasl_type\fR. 415 /* .PP 416 /* Available in Postfix version 2.2 and later: 417 /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" 418 /* If non-empty, a Postfix SMTP client filter for the remote SMTP 419 /* server's list of offered SASL mechanisms. 420 /* .PP 421 /* Available in Postfix version 2.3 and later: 422 /* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" 423 /* Enable sender-dependent authentication in the Postfix SMTP client; this is 424 /* available only with SASL authentication, and disables SMTP connection 425 /* caching to ensure that mail from different senders will use the 426 /* appropriate credentials. 427 /* .IP "\fBsmtp_sasl_path (empty)\fR" 428 /* Implementation-specific information that the Postfix SMTP client 429 /* passes through to 430 /* the SASL plug-in implementation that is selected with 431 /* \fBsmtp_sasl_type\fR. 432 /* .IP "\fBsmtp_sasl_type (cyrus)\fR" 433 /* The SASL plug-in type that the Postfix SMTP client should use 434 /* for authentication. 435 /* .PP 436 /* Available in Postfix version 2.5 and later: 437 /* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" 438 /* An optional table to prevent repeated SASL authentication 439 /* failures with the same remote SMTP server hostname, username and 440 /* password. 441 /* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" 442 /* The maximal age of an smtp_sasl_auth_cache_name entry before it 443 /* is removed. 444 /* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" 445 /* When a remote SMTP server rejects a SASL authentication request 446 /* with a 535 reply code, defer mail delivery instead of returning 447 /* mail as undeliverable. 448 /* .PP 449 /* Available in Postfix version 2.9 and later: 450 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" 451 /* Whether or not to append the "AUTH=<>" option to the MAIL 452 /* FROM command in SASL-authenticated SMTP sessions. 453 /* .PP 454 /* Available in Postfix version 3.9 and later: 455 /* .IP "\fBsmtp_sasl_password_result_delimiter (:)\fR" 456 /* The delimiter between username and password in sasl_passwd_maps lookup 457 /* results. 458 /* TLS SUPPORT CONTROLS 459 /* .ad 460 /* .fi 461 /* Detailed information about STARTTLS configuration may be found 462 /* in the TLS_README document. 463 /* .IP "\fBsmtp_tls_security_level (Postfix >= 3.11: may; Postfix < 3.11: empty)\fR" 464 /* The default SMTP TLS security level for the Postfix SMTP client. 465 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" 466 /* The SASL authentication security options that the Postfix SMTP 467 /* client uses for TLS encrypted SMTP sessions. 468 /* .IP "\fBsmtp_starttls_timeout (300s)\fR" 469 /* Time limit for Postfix SMTP client write and read operations 470 /* during TLS startup and shutdown handshake procedures. 471 /* .IP "\fBsmtp_tls_CAfile (empty)\fR" 472 /* A file containing CA certificates of root CAs trusted to sign 473 /* either remote SMTP server certificates or intermediate CA certificates. 474 /* .IP "\fBsmtp_tls_CApath (empty)\fR" 475 /* Directory with PEM format Certification Authority certificates 476 /* that the Postfix SMTP client uses to verify a remote SMTP server 477 /* certificate. 478 /* .IP "\fBsmtp_tls_cert_file (empty)\fR" 479 /* File with the Postfix SMTP client RSA certificate in PEM format. 480 /* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" 481 /* The minimum TLS cipher grade that the Postfix SMTP client will 482 /* use with 483 /* mandatory TLS encryption. 484 /* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" 485 /* List of ciphers or cipher types to exclude from the Postfix 486 /* SMTP client cipher 487 /* list at all TLS security levels. 488 /* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" 489 /* Additional list of ciphers or cipher types to exclude from the 490 /* Postfix SMTP client cipher list at mandatory TLS security levels. 491 /* .IP "\fBsmtp_tls_dcert_file (empty)\fR" 492 /* File with the Postfix SMTP client DSA certificate in PEM format. 493 /* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" 494 /* File with the Postfix SMTP client DSA private key in PEM format. 495 /* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" 496 /* File with the Postfix SMTP client RSA private key in PEM format. 497 /* .IP "\fBsmtp_tls_loglevel (0)\fR" 498 /* Enable additional Postfix SMTP client logging of TLS activity. 499 /* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR" 500 /* Log the hostname of a remote SMTP server that offers STARTTLS, 501 /* when TLS is not already enabled for that server. 502 /* .IP "\fBsmtp_tls_policy_maps (empty)\fR" 503 /* Optional lookup tables with the Postfix SMTP client TLS security 504 /* policy by next-hop destination; when a non-empty value is specified, 505 /* this overrides the obsolete smtp_tls_per_site parameter. 506 /* .IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR" 507 /* TLS protocols that the Postfix SMTP client will use with mandatory 508 /* TLS encryption. 509 /* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" 510 /* The verification depth for remote SMTP server certificates. 511 /* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" 512 /* How the Postfix SMTP client verifies the server certificate 513 /* peername for the "secure" TLS security level. 514 /* .IP "\fBsmtp_tls_session_cache_database (empty)\fR" 515 /* Name of the file containing the optional Postfix SMTP client 516 /* TLS session cache. 517 /* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" 518 /* The expiration time of Postfix SMTP client TLS session cache 519 /* information. 520 /* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" 521 /* How the Postfix SMTP client verifies the server certificate 522 /* peername for the 523 /* "verify" TLS security level. 524 /* .IP "\fBtls_daemon_random_bytes (32)\fR" 525 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 526 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its 527 /* internal pseudo random number generator (PRNG). 528 /* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" 529 /* The OpenSSL cipherlist for "high" grade ciphers. 530 /* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" 531 /* The OpenSSL cipherlist for "medium" or higher grade ciphers. 532 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 533 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide 534 /* authentication without encryption. 535 /* .PP 536 /* Available in in Postfix version 2.3..3.7: 537 /* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" 538 /* The OpenSSL cipherlist for "low" or higher grade ciphers. 539 /* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" 540 /* The OpenSSL cipherlist for "export" or higher grade ciphers. 541 /* .PP 542 /* Available in Postfix version 2.4 and later: 543 /* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" 544 /* The SASL authentication security options that the Postfix SMTP 545 /* client uses for TLS encrypted SMTP sessions with a verified server 546 /* certificate. 547 /* .PP 548 /* Available in Postfix version 2.5 and later: 549 /* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" 550 /* List of acceptable remote SMTP server certificate fingerprints for 551 /* the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = 552 /* fingerprint). 553 /* .IP "\fBsmtp_tls_fingerprint_digest (see 'postconf -d' output)\fR" 554 /* The message digest algorithm used to construct remote SMTP server 555 /* certificate fingerprints. 556 /* .PP 557 /* Available in Postfix version 2.6 and later: 558 /* .IP "\fBsmtp_tls_protocols (see 'postconf -d' output)\fR" 559 /* TLS protocols that the Postfix SMTP client will use with 560 /* opportunistic TLS encryption. 561 /* .IP "\fBsmtp_tls_ciphers (medium)\fR" 562 /* The minimum TLS cipher grade that the Postfix SMTP client 563 /* will use with opportunistic TLS encryption. 564 /* .IP "\fBsmtp_tls_eccert_file (empty)\fR" 565 /* File with the Postfix SMTP client ECDSA certificate in PEM format. 566 /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" 567 /* File with the Postfix SMTP client ECDSA private key in PEM format. 568 /* .PP 569 /* Available in Postfix version 2.7 and later: 570 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" 571 /* Try to detect a mail hijacking attack based on a TLS protocol 572 /* vulnerability (CVE-2009-3555), where an attacker prepends malicious 573 /* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 574 /* .PP 575 /* Available in Postfix version 2.8 and later: 576 /* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" 577 /* List or bit-mask of OpenSSL bug work-arounds to disable. 578 /* .PP 579 /* Available in Postfix version 2.11-3.1: 580 /* .IP "\fBtls_dane_digest_agility (on)\fR" 581 /* Configure RFC7671 DANE TLSA digest algorithm agility. 582 /* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" 583 /* Enable support for RFC 6698 (DANE TLSA) DNS records that contain 584 /* digests of trust-anchors with certificate usage "2". 585 /* .PP 586 /* Available in Postfix version 2.11 and later: 587 /* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR" 588 /* Zero or more PEM-format files with trust-anchor certificates 589 /* and/or public keys. 590 /* .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR" 591 /* Lookup the associated DANE TLSA RRset even when a hostname is 592 /* not an alias and its address records lie in an unsigned zone. 593 /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" 594 /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. 595 /* .PP 596 /* Available in Postfix version 3.0 and later: 597 /* .IP "\fBsmtp_tls_wrappermode (no)\fR" 598 /* Request that the Postfix SMTP client connects using the 599 /* SUBMISSIONS (formerly called SMTPS) protocol instead of using the 600 /* STARTTLS command. 601 /* .PP 602 /* Available in Postfix version 3.1 and later: 603 /* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" 604 /* The TLS policy for MX hosts with "secure" TLSA records when the 605 /* nexthop destination security level is \fBdane\fR, but the MX 606 /* record was found via an "insecure" MX lookup. 607 /* .PP 608 /* Available in Postfix version 3.2 and later: 609 /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR" 610 /* The prioritized list of elliptic curves, that should be enabled in the 611 /* Postfix SMTP client and server. 612 /* .PP 613 /* Available in Postfix version 3.4 and later: 614 /* .IP "\fBsmtp_tls_connection_reuse (no)\fR" 615 /* Try to make multiple deliveries per TLS-encrypted connection. 616 /* .IP "\fBsmtp_tls_chain_files (empty)\fR" 617 /* List of one or more PEM files, each holding one or more private keys 618 /* directly followed by a corresponding certificate chain. 619 /* .IP "\fBsmtp_tls_servername (empty)\fR" 620 /* Optional name to send to the remote SMTP server in the TLS Server 621 /* Name Indication (SNI) extension. 622 /* .PP 623 /* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later: 624 /* .IP "\fBtls_fast_shutdown_enable (yes)\fR" 625 /* A workaround for implementations that hang Postfix while shutting 626 /* down a TLS session, until Postfix times out. 627 /* .PP 628 /* Available in Postfix version 3.8 and later: 629 /* .IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR" 630 /* The prioritized list of finite-field Diffie-Hellman ephemeral 631 /* (FFDHE) key exchange groups supported by the Postfix SMTP client and 632 /* server. 633 /* .PP 634 /* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later: 635 /* .IP "\fBtls_config_file (default)\fR" 636 /* Optional configuration file with baseline OpenSSL settings. 637 /* .IP "\fBtls_config_name (empty)\fR" 638 /* The application name passed by Postfix to OpenSSL library 639 /* initialization functions. 640 /* .PP 641 /* Available in Postfix version 3.9 and later: 642 /* .IP "\fBsmtp_tls_enable_rpk (no)\fR" 643 /* Request that remote SMTP servers send an RFC7250 raw public key 644 /* instead of an X.509 certificate. 645 /* .PP 646 /* Available in Postfix version 3.10 and later: 647 /* .IP "\fBsmtp_tlsrpt_enable (no)\fR" 648 /* Enable support for RFC 8460 TLSRPT notifications. 649 /* .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR" 650 /* The pathname of a UNIX-domain datagram socket that is managed 651 /* by a local TLSRPT reporting service. 652 /* .IP "\fBsmtp_tlsrpt_skip_reused_handshakes (Postfix >= 3.11: no, Postfix 3.10: yes)\fR" 653 /* When set to "yes", report the TLSRPT status only for "new" TLS 654 /* sessions. 655 /* .IP "\fBtls_required_enable (yes)\fR" 656 /* Enable support for the "TLS-Required: no" message header, defined 657 /* in RFC 8689. 658 /* .PP 659 /* Available in Postfix version 3.10.5 and later: 660 /* .IP "\fBsmtp_tls_enforce_sts_mx_patterns (yes)\fR" 661 /* Transform the TLS policy from an STS policy plugin: connect to 662 /* an MX host only if its name matches any STS policy MX host pattern, 663 /* and match the server certificate against the MX hostname. 664 /* .PP 665 /* Available in Postfix version 3.11 and later: 666 /* .IP "\fBrequiretls_enable (yes)\fR" 667 /* Enable support for the ESMTP verb "REQUIRETLS" in the "MAIL 668 /* FROM" command. 669 /* .IP "\fBsmtp_requiretls_policy (see 'postconf -d smtp_requiretls_policy' output)\fR" 670 /* How the Postfix SMTP and LMTP client will enforce REQUIRETLS 671 /* for messages received with the REQUIRETLS option. 672 /* .IP "\fBsmtp_log_tls_feature_status (yes)\fR" 673 /* Enable logging of TLS feature information in delivery status 674 /* logging. 675 /* OBSOLETE TLS CONTROLS 676 /* .ad 677 /* .fi 678 /* The following configuration parameters exist for compatibility 679 /* with Postfix versions before 2.3. Support for these will 680 /* be removed in a future release. 681 /* .IP "\fBsmtp_use_tls (no)\fR" 682 /* Opportunistic mode: use TLS when a remote SMTP server announces 683 /* STARTTLS support, otherwise send the mail in the clear. 684 /* .IP "\fBsmtp_enforce_tls (no)\fR" 685 /* Enforcement mode: require that remote SMTP servers use TLS 686 /* encryption, and never send mail in the clear. 687 /* .IP "\fBsmtp_tls_enforce_peername (yes)\fR" 688 /* With mandatory TLS encryption, require that the remote SMTP 689 /* server hostname matches the information in the remote SMTP server 690 /* certificate. 691 /* .IP "\fBsmtp_tls_per_site (empty)\fR" 692 /* Optional lookup tables with the Postfix SMTP client TLS usage 693 /* policy by next-hop destination and by remote SMTP server hostname. 694 /* .IP "\fBsmtp_tls_cipherlist (empty)\fR" 695 /* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 696 /* cipher list. 697 /* RESOURCE AND RATE CONTROLS 698 /* .ad 699 /* .fi 700 /* .IP "\fBsmtp_connect_timeout (30s)\fR" 701 /* The Postfix SMTP client time limit for completing a TCP connection, or 702 /* zero (use the operating system built-in time limit). 703 /* .IP "\fBsmtp_helo_timeout (300s)\fR" 704 /* The Postfix SMTP client time limit for sending the HELO or EHLO command, 705 /* and for receiving the initial remote SMTP server response. 706 /* .IP "\fBlmtp_lhlo_timeout (300s)\fR" 707 /* The Postfix LMTP client time limit for sending the LHLO command, 708 /* and for receiving the initial remote LMTP server response. 709 /* .IP "\fBsmtp_xforward_timeout (300s)\fR" 710 /* The Postfix SMTP client time limit for sending the XFORWARD command, 711 /* and for receiving the remote SMTP server response. 712 /* .IP "\fBsmtp_mail_timeout (300s)\fR" 713 /* The Postfix SMTP client time limit for sending the MAIL FROM command, 714 /* and for receiving the remote SMTP server response. 715 /* .IP "\fBsmtp_rcpt_timeout (300s)\fR" 716 /* The Postfix SMTP client time limit for sending the SMTP RCPT TO 717 /* command, and for receiving the remote SMTP server response. 718 /* .IP "\fBsmtp_data_init_timeout (120s)\fR" 719 /* The Postfix SMTP client time limit for sending the SMTP DATA command, 720 /* and for receiving the remote SMTP server response. 721 /* .IP "\fBsmtp_data_xfer_timeout (180s)\fR" 722 /* The Postfix SMTP client time limit for sending the SMTP message content. 723 /* .IP "\fBsmtp_data_done_timeout (600s)\fR" 724 /* The Postfix SMTP client time limit for sending the SMTP ".", and 725 /* for receiving the remote SMTP server response. 726 /* .IP "\fBsmtp_quit_timeout (300s)\fR" 727 /* The Postfix SMTP client time limit for sending the QUIT command, 728 /* and for receiving the remote SMTP server response. 729 /* .PP 730 /* Available in Postfix version 2.1 and later: 731 /* .IP "\fBsmtp_mx_address_limit (5)\fR" 732 /* The maximal number of MX (mail exchanger) IP addresses that can 733 /* result from Postfix SMTP client mail exchanger lookups, or zero (no 734 /* limit). 735 /* .IP "\fBsmtp_mx_session_limit (2)\fR" 736 /* The maximal number of SMTP sessions per delivery request before 737 /* the Postfix SMTP client 738 /* gives up or delivers to a fall-back relay host, or zero (no 739 /* limit). 740 /* .IP "\fBsmtp_rset_timeout (20s)\fR" 741 /* The Postfix SMTP client time limit for sending the RSET command, 742 /* and for receiving the remote SMTP server response. 743 /* .PP 744 /* Available in Postfix version 2.2 and earlier: 745 /* .IP "\fBlmtp_cache_connection (yes)\fR" 746 /* Keep Postfix LMTP client connections open for up to $max_idle 747 /* seconds. 748 /* .PP 749 /* Available in Postfix version 2.2 and later: 750 /* .IP "\fBsmtp_connection_cache_destinations (empty)\fR" 751 /* Permanently enable SMTP connection caching for the specified 752 /* destinations. 753 /* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR" 754 /* Temporarily enable SMTP connection caching while a destination 755 /* has a high volume of mail in the active queue. 756 /* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" 757 /* The amount of time during which Postfix will use an SMTP 758 /* connection repeatedly. 759 /* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR" 760 /* When SMTP connection caching is enabled, the amount of time that 761 /* an unused SMTP client socket is kept open before it is closed. 762 /* .PP 763 /* Available in Postfix version 2.3 and later: 764 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR" 765 /* Time limit for connection cache connect, send or receive 766 /* operations. 767 /* .PP 768 /* Available in Postfix version 2.9 - 3.6: 769 /* .IP "\fBsmtp_per_record_deadline (no)\fR" 770 /* Change the behavior of the smtp_*_timeout time limits, from a 771 /* time limit per read or write system call, to a time limit to send 772 /* or receive a complete record (an SMTP command line, SMTP response 773 /* line, SMTP message content line, or TLS protocol message). 774 /* .PP 775 /* Available in Postfix version 2.11 and later: 776 /* .IP "\fBsmtp_connection_reuse_count_limit (0)\fR" 777 /* When SMTP connection caching is enabled, the number of times 778 /* that an SMTP session may be reused before it is closed, or zero (no 779 /* limit). 780 /* .PP 781 /* Available in Postfix version 3.4 and later: 782 /* .IP "\fBsmtp_tls_connection_reuse (no)\fR" 783 /* Try to make multiple deliveries per TLS-encrypted connection. 784 /* .PP 785 /* Available in Postfix version 3.7 and later: 786 /* .IP "\fBsmtp_per_request_deadline (no)\fR" 787 /* Change the behavior of the smtp_*_timeout time limits, from a 788 /* time limit per plaintext or TLS read or write call, to a combined 789 /* time limit for sending a complete SMTP request and for receiving a 790 /* complete SMTP response. 791 /* .IP "\fBsmtp_min_data_rate (500)\fR" 792 /* The minimum plaintext data transfer rate in bytes/second for 793 /* DATA requests, when deadlines are enabled with smtp_per_request_deadline. 794 /* .PP 795 /* Implemented in the qmgr(8) daemon: 796 /* .IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 797 /* A transport-specific override for the 798 /* default_destination_concurrency_limit parameter value, where 799 /* \fItransport\fR is the master.cf name of the message delivery 800 /* transport. 801 /* .IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR" 802 /* A transport-specific override for the 803 /* default_destination_recipient_limit parameter value, where 804 /* \fItransport\fR is the master.cf name of the message delivery 805 /* transport. 806 /* SMTPUTF8 CONTROLS 807 /* .ad 808 /* .fi 809 /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. 810 /* .IP "\fBsmtputf8_enable (yes)\fR" 811 /* Enable preliminary SMTPUTF8 support for the protocols described 812 /* in RFC 6531, RFC 6532, and RFC 6533. 813 /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" 814 /* Detect that a message requires SMTPUTF8 support for the specified 815 /* mail origin classes. 816 /* .PP 817 /* Available in Postfix version 3.2 and later: 818 /* .IP "\fBenable_idna2003_compatibility (no)\fR" 819 /* Enable 'transitional' compatibility between IDNA2003 and IDNA2008, 820 /* when converting UTF-8 domain names to/from the ASCII form that is 821 /* used for DNS lookups. 822 /* TROUBLE SHOOTING CONTROLS 823 /* .ad 824 /* .fi 825 /* .IP "\fBdebug_peer_level (2)\fR" 826 /* The increment in verbose logging level when a nexthop destination, 827 /* remote client or server name or network address matches a pattern 828 /* given with the debug_peer_list parameter. 829 /* .IP "\fBdebug_peer_list (empty)\fR" 830 /* Optional list of nexthop destination, remote client or server 831 /* name or network address patterns that, if matched, cause the verbose 832 /* logging level to increase by the amount specified in $debug_peer_level. 833 /* .IP "\fBerror_notice_recipient (postmaster)\fR" 834 /* The recipient of postmaster notifications about mail delivery 835 /* problems that are caused by policy, resource, software or protocol 836 /* errors. 837 /* .IP "\fBinternal_mail_filter_classes (empty)\fR" 838 /* What categories of Postfix-generated mail are subject to 839 /* before-queue content inspection by non_smtpd_milters, header_checks 840 /* and body_checks. 841 /* .IP "\fBnotify_classes (resource, software)\fR" 842 /* The list of error classes that are reported to the postmaster. 843 /* MISCELLANEOUS CONTROLS 844 /* .ad 845 /* .fi 846 /* .IP "\fBbest_mx_transport (empty)\fR" 847 /* Where the Postfix SMTP client should deliver mail when it detects 848 /* a "mail loops back to myself" error condition. 849 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 850 /* The default location of the Postfix main.cf and master.cf 851 /* configuration files. 852 /* .IP "\fBdaemon_timeout (18000s)\fR" 853 /* How much time a Postfix daemon process may take to handle a 854 /* request before it is terminated by a built-in watchdog timer. 855 /* .IP "\fBdelay_logging_resolution_limit (2)\fR" 856 /* The maximal number of digits after the decimal point when logging 857 /* delay values. 858 /* .IP "\fBdisable_dns_lookups (no)\fR" 859 /* Disable DNS lookups in the Postfix SMTP and LMTP clients. 860 /* .IP "\fBinet_interfaces (all)\fR" 861 /* The local network interface addresses that this mail system 862 /* receives mail on. 863 /* .IP "\fBinet_protocols (see 'postconf -d' output)\fR" 864 /* The Internet protocols Postfix will attempt to use when making 865 /* or accepting connections. 866 /* .IP "\fBipc_timeout (3600s)\fR" 867 /* The time limit for sending or receiving information over an internal 868 /* communication channel. 869 /* .IP "\fBlmtp_assume_final (no)\fR" 870 /* When a remote LMTP server announces no DSN support, assume that 871 /* the 872 /* server performs final delivery, and send "delivered" delivery status 873 /* notifications instead of "relayed". 874 /* .IP "\fBlmtp_tcp_port (24)\fR" 875 /* The default TCP port that the Postfix LMTP client connects to. 876 /* .IP "\fBmax_idle (100s)\fR" 877 /* The maximum amount of time that an idle Postfix daemon process waits 878 /* for an incoming connection before terminating voluntarily. 879 /* .IP "\fBmax_use (100)\fR" 880 /* The maximal number of incoming connections that a Postfix daemon 881 /* process will service before terminating voluntarily. 882 /* .IP "\fBprocess_id (read-only)\fR" 883 /* The process ID of a Postfix command or daemon process. 884 /* .IP "\fBprocess_name (read-only)\fR" 885 /* The process name of a Postfix command or daemon process. 886 /* .IP "\fBproxy_interfaces (empty)\fR" 887 /* The remote network interface addresses that this mail system receives mail 888 /* on by way of a proxy or network address translation unit. 889 /* .IP "\fBsmtp_address_preference (any)\fR" 890 /* The address type ("ipv6", "ipv4" or "any") that the Postfix 891 /* SMTP client will try first, when a destination has IPv6 and IPv4 892 /* addresses with equal MX preference. 893 /* .IP "\fBsmtp_bind_address (empty)\fR" 894 /* An optional numerical network address that the Postfix SMTP client 895 /* should bind to when making an IPv4 connection. 896 /* .IP "\fBsmtp_bind_address6 (empty)\fR" 897 /* An optional numerical network address that the Postfix SMTP client 898 /* should bind to when making an IPv6 connection. 899 /* .IP "\fBsmtp_helo_name ($myhostname)\fR" 900 /* The hostname to send in the SMTP HELO or EHLO command. 901 /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" 902 /* The hostname to send in the LMTP LHLO command. 903 /* .IP "\fBsmtp_host_lookup (dns)\fR" 904 /* What mechanisms the Postfix SMTP client uses to look up a host's 905 /* IP address. 906 /* .IP "\fBsmtp_randomize_addresses (yes)\fR" 907 /* Randomize the order of equal-preference MX host addresses. 908 /* .IP "\fBsyslog_facility (mail)\fR" 909 /* The syslog facility of Postfix logging. 910 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 911 /* A prefix that is prepended to the process name in syslog 912 /* records, so that, for example, "smtpd" becomes "prefix/smtpd". 913 /* .PP 914 /* Available with Postfix 2.2 and earlier: 915 /* .IP "\fBfallback_relay (empty)\fR" 916 /* Optional list of relay hosts for SMTP destinations that can't be 917 /* found or that are unreachable. 918 /* .PP 919 /* Available with Postfix 2.3 and later: 920 /* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" 921 /* Optional list of relay destinations that will be used when an 922 /* SMTP destination is not found, or when delivery fails due to a 923 /* non-permanent error. 924 /* .PP 925 /* Available with Postfix 3.0 and later: 926 /* .IP "\fBsmtp_address_verify_target (rcpt)\fR" 927 /* In the context of email address verification, the SMTP protocol 928 /* stage that determines whether an email address is deliverable. 929 /* .PP 930 /* Available with Postfix 3.1 and later: 931 /* .IP "\fBlmtp_fallback_relay (empty)\fR" 932 /* Optional list of relay hosts for LMTP destinations that can't be 933 /* found or that are unreachable. 934 /* .PP 935 /* Available with Postfix 3.2 and later: 936 /* .IP "\fBsmtp_tcp_port (smtp)\fR" 937 /* The default TCP port that the Postfix SMTP client connects to. 938 /* .PP 939 /* Available in Postfix 3.3 and later: 940 /* .IP "\fBservice_name (read-only)\fR" 941 /* The master.cf service name of a Postfix daemon process. 942 /* .PP 943 /* Available in Postfix 3.7 and later: 944 /* .IP "\fBsmtp_bind_address_enforce (no)\fR" 945 /* Defer delivery when the Postfix SMTP client cannot apply the 946 /* smtp_bind_address or smtp_bind_address6 setting. 947 /* SEE ALSO 948 /* generic(5), output address rewriting 949 /* header_checks(5), message header content inspection 950 /* body_checks(5), body parts content inspection 951 /* qmgr(8), queue manager 952 /* bounce(8), delivery status reports 953 /* scache(8), connection cache server 954 /* postconf(5), configuration parameters 955 /* master(5), generic daemon options 956 /* master(8), process manager 957 /* tlsmgr(8), TLS session and PRNG management 958 /* postlogd(8), Postfix logging 959 /* syslogd(8), system logging 960 /* README FILES 961 /* .ad 962 /* .fi 963 /* Use "\fBpostconf readme_directory\fR" or 964 /* "\fBpostconf html_directory\fR" to locate this information. 965 /* .na 966 /* .nf 967 /* SASL_README, Postfix SASL howto 968 /* TLS_README, Postfix STARTTLS howto 969 /* LICENSE 970 /* .ad 971 /* .fi 972 /* The Secure Mailer license must be distributed with this software. 973 /* AUTHOR(S) 974 /* Wietse Venema 975 /* IBM T.J. Watson Research 976 /* P.O. Box 704 977 /* Yorktown Heights, NY 10598, USA 978 /* 979 /* Wietse Venema 980 /* Google, Inc. 981 /* 111 8th Avenue 982 /* New York, NY 10011, USA 983 /* 984 /* Command pipelining in cooperation with: 985 /* Jon Ribbens 986 /* Oaktree Internet Solutions Ltd., 987 /* Internet House, 988 /* Canal Basin, 989 /* Coventry, 990 /* CV1 4LY, United Kingdom. 991 /* 992 /* SASL support originally by: 993 /* Till Franke 994 /* SuSE Rhein/Main AG 995 /* 65760 Eschborn, Germany 996 /* 997 /* TLS support originally by: 998 /* Lutz Jaenicke 999 /* BTU Cottbus 1000 /* Allgemeine Elektrotechnik 1001 /* Universitaetsplatz 3-4 1002 /* D-03044 Cottbus, Germany 1003 /* 1004 /* Revised TLS and SMTP connection cache support by: 1005 /* Victor Duchovni 1006 /* Morgan Stanley 1007 /*--*/ 1008 1009 /* System library. */ 1010 1011 #include <sys_defs.h> 1012 #include <unistd.h> 1013 #include <stdlib.h> 1014 #include <string.h> 1015 #include <fcntl.h> 1016 #include <dict.h> 1017 #include <stringops.h> 1018 1019 /* Utility library. */ 1020 1021 #include <msg.h> 1022 #include <mymalloc.h> 1023 #include <name_mask.h> 1024 #include <name_code.h> 1025 #include <byte_mask.h> 1026 1027 /* Global library. */ 1028 1029 #include <deliver_request.h> 1030 #include <delivered_hdr.h> 1031 #include <mail_proto.h> 1032 #include <mail_params.h> 1033 #include <mail_version.h> 1034 #include <mail_conf.h> 1035 #include <debug_peer.h> 1036 #include <flush_clnt.h> 1037 #include <scache.h> 1038 #include <string_list.h> 1039 #include <maps.h> 1040 #include <ext_prop.h> 1041 #include <hfrom_format.h> 1042 1043 /* DNS library. */ 1044 1045 #include <dns.h> 1046 1047 /* Single server skeleton. */ 1048 1049 #include <mail_server.h> 1050 1051 /* Application-specific. */ 1052 1053 #include "smtp.h" 1054 #include "smtp_sasl.h" 1055 1056 /* 1057 * Tunable parameters. These have compiled-in defaults that can be overruled 1058 * by settings in the global Postfix configuration file. 1059 */ 1060 int var_smtp_conn_tmout; 1061 int var_smtp_helo_tmout; 1062 int var_smtp_xfwd_tmout; 1063 int var_smtp_mail_tmout; 1064 int var_smtp_rcpt_tmout; 1065 int var_smtp_data0_tmout; 1066 int var_smtp_data1_tmout; 1067 int var_smtp_data2_tmout; 1068 int var_smtp_rset_tmout; 1069 int var_smtp_quit_tmout; 1070 char *var_notify_classes; 1071 bool var_smtp_skip_5xx_greeting; 1072 bool var_ign_mx_lookup_err; 1073 bool var_skip_quit_resp; 1074 char *var_fallback_relay; 1075 char *var_bestmx_transp; 1076 char *var_error_rcpt; 1077 bool var_smtp_always_ehlo; 1078 bool var_smtp_never_ehlo; 1079 char *var_smtp_sasl_opts; 1080 char *var_smtp_sasl_path; 1081 char *var_smtp_sasl_passwd; 1082 char *var_smtp_sasl_passwd_res_delim; 1083 bool var_smtp_sasl_enable; 1084 char *var_smtp_sasl_mechs; 1085 char *var_smtp_sasl_type; 1086 char *var_smtp_bind_addr; 1087 char *var_smtp_bind_addr6; 1088 char *var_smtp_vrfy_tgt; 1089 bool var_smtp_rand_addr; 1090 int var_smtp_pix_thresh; 1091 int var_queue_run_delay; 1092 int var_min_backoff_time; 1093 int var_smtp_pix_delay; 1094 int var_smtp_line_limit; 1095 char *var_smtp_helo_name; 1096 char *var_smtp_host_lookup; 1097 bool var_smtp_quote_821_env; 1098 bool var_smtp_defer_mxaddr; 1099 bool var_smtp_send_xforward; 1100 int var_smtp_mxaddr_limit; 1101 int var_smtp_mxsess_limit; 1102 int var_smtp_cache_conn; 1103 int var_smtp_reuse_time; 1104 int var_smtp_reuse_count; 1105 char *var_smtp_cache_dest; 1106 char *var_scache_service; /* You can now leave this here. */ 1107 bool var_smtp_cache_demand; 1108 char *var_smtp_ehlo_dis_words; 1109 char *var_smtp_ehlo_dis_maps; 1110 char *var_smtp_addr_pref; 1111 1112 char *var_smtp_tls_level; 1113 bool var_smtp_use_tls; 1114 bool var_smtp_enforce_tls; 1115 char *var_smtp_tls_per_site; 1116 char *var_smtp_tls_policy; 1117 bool var_smtp_tls_wrappermode; 1118 bool var_smtp_tls_conn_reuse; 1119 char *var_tlsproxy_service; 1120 1121 #ifdef USE_TLS 1122 char *var_smtp_sasl_tls_opts; 1123 char *var_smtp_sasl_tlsv_opts; 1124 int var_smtp_starttls_tmout; 1125 char *var_smtp_tls_CAfile; 1126 char *var_smtp_tls_CApath; 1127 char *var_smtp_tls_chain_files; 1128 char *var_smtp_tls_cert_file; 1129 char *var_smtp_tls_mand_ciph; 1130 char *var_smtp_tls_excl_ciph; 1131 char *var_smtp_tls_mand_excl; 1132 char *var_smtp_tls_dcert_file; 1133 char *var_smtp_tls_dkey_file; 1134 bool var_smtp_tls_enforce_peername; 1135 char *var_smtp_tls_key_file; 1136 char *var_smtp_tls_loglevel; 1137 bool var_smtp_tls_note_starttls_offer; 1138 char *var_smtp_tls_mand_proto; 1139 char *var_smtp_tls_sec_cmatch; 1140 int var_smtp_tls_scert_vd; 1141 char *var_smtp_tls_vfy_cmatch; 1142 char *var_smtp_tls_fpt_cmatch; 1143 char *var_smtp_tls_fpt_dgst; 1144 char *var_smtp_tls_tafile; 1145 char *var_smtp_tls_proto; 1146 char *var_smtp_tls_ciph; 1147 char *var_smtp_tls_eccert_file; 1148 char *var_smtp_tls_eckey_file; 1149 char *var_smtp_tls_sni; 1150 bool var_smtp_tls_blk_early_mail_reply; 1151 bool var_smtp_tls_force_tlsa; 1152 char *var_smtp_tls_insecure_mx_policy; 1153 bool var_smtp_tls_enable_rpk; 1154 bool var_smtp_tls_enf_sts_mx_pat; 1155 1156 #endif 1157 1158 char *var_smtp_generic_maps; 1159 char *var_prop_extension; 1160 bool var_smtp_sender_auth; 1161 char *var_smtp_tcp_port; 1162 int var_scache_proto_tmout; 1163 bool var_smtp_cname_overr; 1164 char *var_smtp_pix_bug_words; 1165 char *var_smtp_pix_bug_maps; 1166 char *var_cyrus_conf_path; 1167 char *var_smtp_head_chks; 1168 char *var_smtp_mime_chks; 1169 char *var_smtp_nest_chks; 1170 char *var_smtp_body_chks; 1171 char *var_smtp_resp_filter; 1172 bool var_lmtp_assume_final; 1173 char *var_smtp_dns_res_opt; 1174 char *var_smtp_dns_support; 1175 bool var_smtp_dummy_mail_auth; 1176 char *var_smtp_dsn_filter; 1177 char *var_smtp_dns_re_filter; 1178 bool var_smtp_balance_inet_proto; 1179 bool var_smtp_req_deadline; 1180 int var_smtp_min_data_rate; 1181 char *var_use_srv_lookup; 1182 bool var_ign_srv_lookup_err; 1183 bool var_allow_srv_fallback; 1184 bool var_smtp_tlsrpt_enable; 1185 char *var_smtp_tlsrpt_sockname; 1186 bool var_smtp_tlsrpt_skip_reused_hs; 1187 char *var_smtp_reqtls_policy; 1188 bool var_log_tls_feature_status; 1189 1190 /* Special handling of 535 AUTH errors. */ 1191 char *var_smtp_sasl_auth_cache_name; 1192 int var_smtp_sasl_auth_cache_time; 1193 bool var_smtp_sasl_auth_soft_bounce; 1194 1195 char *var_hfrom_format; 1196 bool var_smtp_bind_addr_enforce; 1197 1198 /* 1199 * Global variables. 1200 */ 1201 int smtp_mode; 1202 int smtp_host_lookup_mask; 1203 int smtp_dns_support; 1204 STRING_LIST *smtp_cache_dest; 1205 SCACHE *smtp_scache; 1206 MAPS *smtp_ehlo_dis_maps; 1207 MAPS *smtp_generic_maps; 1208 int smtp_ext_prop_mask; 1209 unsigned smtp_dns_res_opt; 1210 MAPS *smtp_pix_bug_maps; 1211 HBC_CHECKS *smtp_header_checks; /* limited header checks */ 1212 HBC_CHECKS *smtp_body_checks; /* limited body checks */ 1213 SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */ 1214 int smtp_hfrom_format; /* postmaster notifications */ 1215 STRING_LIST *smtp_use_srv_lookup; 1216 SMTP_REQTLS_POLICY *smtp_reqtls_policy; 1217 1218 #ifdef USE_TLS 1219 1220 /* 1221 * OpenSSL client state (opaque handle) 1222 */ 1223 TLS_APPL_STATE *smtp_tls_ctx; 1224 int smtp_tls_insecure_mx_policy; 1225 1226 #endif 1227 1228 /* 1229 * IPv6 preference. 1230 */ 1231 static int smtp_addr_pref; 1232 1233 /* get_cli_attr - get command-line attributes */ 1234 1235 static void get_cli_attr(SMTP_CLI_ATTR *attr, char **argv) 1236 { 1237 const char myname[] = "get_cli_attr"; 1238 const char *last_flags = "flags="; /* i.e. empty */ 1239 static const BYTE_MASK flags_map[] = { 1240 'D', SMTP_CLI_FLAG_DELIVERED_TO, 1241 'O', SMTP_CLI_FLAG_ORIG_RCPT, 1242 'R', SMTP_CLI_FLAG_RETURN_PATH, 1243 'X', SMTP_CLI_FLAG_FINAL_DELIVERY, 1244 0, 1245 }; 1246 1247 /* 1248 * Initialize. 1249 */ 1250 attr->flags = 0; 1251 1252 /* 1253 * Iterate over the command-line attribute list. Errors are fatal. 1254 */ 1255 for ( /* void */ ; *argv != 0; argv++) { 1256 1257 /* 1258 * flags=stuff. Errors are fatal. 1259 */ 1260 if (strncasecmp("flags=", *argv, sizeof("flags=") - 1) == 0) { 1261 last_flags = *argv; 1262 if (msg_verbose) 1263 msg_info("%s: %s", myname, last_flags); 1264 attr->flags = byte_mask(*argv, flags_map, 1265 *argv + sizeof("flags=") - 1); 1266 } 1267 1268 /* 1269 * Bad. 1270 */ 1271 else 1272 msg_fatal("unknown attribute name: %s", *argv); 1273 } 1274 1275 /* 1276 * Backwards compatibility, redundancy, and obsolescence. 1277 */ 1278 if (!smtp_mode && var_lmtp_assume_final 1279 && (attr->flags & SMTP_CLI_FLAG_FINAL_DELIVERY) == 0) { 1280 attr->flags |= SMTP_CLI_FLAG_FINAL_DELIVERY; 1281 msg_warn("%s is obsolete; instead, specify \"%sX\" in %s", 1282 VAR_LMTP_ASSUME_FINAL, last_flags, MASTER_CONF_FILE); 1283 } 1284 } 1285 1286 /* deliver_message - deliver message with extreme prejudice */ 1287 1288 static int deliver_message(const char *service, DELIVER_REQUEST *request) 1289 { 1290 SMTP_STATE *state; 1291 int result; 1292 1293 if (msg_verbose) 1294 msg_info("deliver_message: from %s", request->sender); 1295 1296 /* 1297 * Sanity checks. The smtp server is unprivileged and chrooted, so we can 1298 * afford to distribute the data censoring code, instead of having it all 1299 * in one place. 1300 */ 1301 if (request->nexthop[0] == 0) 1302 msg_fatal("empty nexthop hostname"); 1303 if (request->rcpt_list.len <= 0) 1304 msg_fatal("recipient count: %d", request->rcpt_list.len); 1305 1306 /* 1307 * D flag checks. 1308 */ 1309 if (smtp_cli_attr.flags & SMTP_CLI_FLAG_DELIVERED_TO) { 1310 1311 /* 1312 * The D flag cannot be specified for multi-recipient deliveries. 1313 */ 1314 if (request->rcpt_list.len > 1) { 1315 msg_warn("flag `D' requires %s_destination_recipient_limit = 1", 1316 service); 1317 return (reject_deliver_request(service, request, "4.3.5", 1318 "mail system configuration error")); 1319 } 1320 1321 /* 1322 * The recipient cannot appear in a Delivered-To: header. 1323 */ 1324 else { 1325 DELIVERED_HDR_INFO *delivered_info = delivered_hdr_init( 1326 request->fp, request->data_offset, FOLD_ADDR_ALL); 1327 VSTRING *generic_rcpt = vstring_alloc(100); 1328 int have_delivered_loop; 1329 1330 smtp_rewrite_generic_internal(generic_rcpt, 1331 request->rcpt_list.info->address); 1332 have_delivered_loop = delivered_hdr_find( 1333 delivered_info, STR(generic_rcpt)); 1334 vstring_free(generic_rcpt); 1335 delivered_hdr_free(delivered_info); 1336 if (have_delivered_loop) { 1337 return (reject_deliver_request(service, request, "5.4.6", 1338 "mail forwarding loop for %s", 1339 request->rcpt_list.info->address)); 1340 } 1341 } 1342 } 1343 1344 /* 1345 * The O flag cannot be specified for multi-recipient deliveries. 1346 */ 1347 if ((smtp_cli_attr.flags & SMTP_CLI_FLAG_ORIG_RCPT) 1348 && request->rcpt_list.len > 1) { 1349 msg_warn("flag `O' requires %s_destination_recipient_limit = 1", 1350 service); 1351 return (reject_deliver_request(service, request, "4.3.5", 1352 "mail system configuration error")); 1353 } 1354 1355 /* 1356 * Initialize. Bundle all information about the delivery request, so that 1357 * we can produce understandable diagnostics when something goes wrong 1358 * many levels below. The alternative would be to make everything global. 1359 */ 1360 state = smtp_state_alloc(); 1361 state->request = request; 1362 state->src = request->fp; 1363 state->service = service; 1364 state->misc_flags |= smtp_addr_pref; 1365 state->debug_peer_per_nexthop = 1366 debug_peer_check(request->nexthop, "noaddr"); 1367 SMTP_RCPT_INIT(state); 1368 1369 /* 1370 * Establish an SMTP session and deliver this message to all requested 1371 * recipients. At the end, notify the postmaster of any protocol errors. 1372 * Optionally deliver mail locally when this machine is the best mail 1373 * exchanger. 1374 */ 1375 result = smtp_connect(state); 1376 1377 /* 1378 * Clean up. 1379 */ 1380 smtp_state_free(state); 1381 1382 return (result); 1383 } 1384 1385 /* smtp_service - perform service for client */ 1386 1387 static void smtp_service(VSTREAM *client_stream, char *service, 1388 char **unused_argv) 1389 { 1390 DELIVER_REQUEST *request; 1391 int status; 1392 1393 /* 1394 * This routine runs whenever a client connects to the UNIX-domain socket 1395 * dedicated to remote SMTP delivery service. What we see below is a 1396 * little protocol to (1) tell the queue manager that we are ready, (2) 1397 * read a request from the queue manager, and (3) report the completion 1398 * status of that request. All connection-management stuff is handled by 1399 * the common code in single_server.c. 1400 */ 1401 if ((request = deliver_request_read(client_stream)) != 0) { 1402 status = deliver_message(service, request); 1403 deliver_request_done(client_stream, request, status); 1404 } 1405 } 1406 1407 /* post_init - post-jail initialization */ 1408 1409 static void post_init(char *unused_name, char **argv) 1410 { 1411 static const NAME_MASK lookup_masks[] = { 1412 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, 1413 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 1414 0, 1415 }; 1416 static const NAME_MASK dns_res_opt_masks[] = { 1417 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES, 1418 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH, 1419 0, 1420 }; 1421 static const NAME_CODE dns_support[] = { 1422 SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED, 1423 SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED, 1424 #if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0) 1425 SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC, 1426 #endif 1427 0, SMTP_DNS_INVALID, 1428 }; 1429 1430 if (*var_smtp_dns_support == 0) { 1431 /* Backwards compatible empty setting */ 1432 smtp_dns_support = 1433 var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED; 1434 } else { 1435 smtp_dns_support = 1436 name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support); 1437 if (smtp_dns_support == SMTP_DNS_INVALID) 1438 msg_fatal("invalid %s: \"%s\"", VAR_LMTP_SMTP(DNS_SUPPORT), 1439 var_smtp_dns_support); 1440 var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED); 1441 } 1442 1443 #if !defined(USE_TLS) || !defined(USE_TLSRPT) 1444 if (var_smtp_tlsrpt_enable) 1445 msg_warn("TLSRPT is selected, but TLSRPT is not compiled in"); 1446 #endif 1447 #ifdef USE_TLS 1448 #ifdef USE_TLSRPT 1449 if (var_smtp_tlsrpt_enable) { 1450 if (smtp_mode) { 1451 if (smtp_tlsrpt_post_jail(VAR_SMTP_TLSRPT_SOCKNAME, 1452 var_smtp_tlsrpt_sockname) < 0) 1453 var_smtp_tlsrpt_enable = 0; 1454 } else { 1455 msg_warn("TLSRPT support is not implemented for LMTP"); 1456 var_smtp_tlsrpt_enable = 0; 1457 } 1458 } 1459 #endif /* USE_TLSRPT */ 1460 if (smtp_mode) { 1461 smtp_tls_insecure_mx_policy = 1462 tls_level_lookup(var_smtp_tls_insecure_mx_policy); 1463 switch (smtp_tls_insecure_mx_policy) { 1464 case TLS_LEV_MAY: 1465 case TLS_LEV_ENCRYPT: 1466 case TLS_LEV_DANE: 1467 break; 1468 default: 1469 msg_fatal("invalid %s: \"%s\"", VAR_SMTP_TLS_INSECURE_MX_POLICY, 1470 var_smtp_tls_insecure_mx_policy); 1471 } 1472 } 1473 #endif 1474 1475 /* 1476 * Select hostname lookup mechanisms. 1477 */ 1478 if (smtp_dns_support == SMTP_DNS_DISABLED) 1479 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; 1480 else 1481 smtp_host_lookup_mask = 1482 name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks, 1483 var_smtp_host_lookup); 1484 if (msg_verbose) 1485 msg_info("host name lookup methods: %s", 1486 str_name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks, 1487 smtp_host_lookup_mask)); 1488 1489 /* 1490 * Session cache instance. 1491 */ 1492 if (*var_smtp_cache_dest || var_smtp_cache_demand) 1493 #if 0 1494 smtp_scache = scache_multi_create(); 1495 #else 1496 smtp_scache = scache_clnt_create(var_scache_service, 1497 var_scache_proto_tmout, 1498 var_ipc_idle_limit, 1499 var_ipc_ttl_limit); 1500 #endif 1501 1502 /* 1503 * Select DNS query flags. 1504 */ 1505 smtp_dns_res_opt = name_mask(VAR_LMTP_SMTP(DNS_RES_OPT), dns_res_opt_masks, 1506 var_smtp_dns_res_opt); 1507 1508 /* 1509 * Address verification. 1510 */ 1511 smtp_vrfy_init(); 1512 1513 /* 1514 * Look up service command-line attributes; these do not change during 1515 * the process lifetime. 1516 */ 1517 get_cli_attr(&smtp_cli_attr, argv); 1518 1519 /* 1520 * header_from format, for postmaster notifications. 1521 */ 1522 smtp_hfrom_format = hfrom_format_parse(VAR_HFROM_FORMAT, var_hfrom_format); 1523 1524 /* 1525 * Service discovery with SRV record lookup. 1526 */ 1527 if (*var_use_srv_lookup) 1528 smtp_use_srv_lookup = string_list_init(VAR_USE_SRV_LOOKUP, 1529 MATCH_FLAG_RETURN, 1530 var_use_srv_lookup); 1531 } 1532 1533 /* pre_init - pre-jail initialization */ 1534 1535 static void pre_init(char *unused_name, char **unused_argv) 1536 { 1537 int use_tls; 1538 static const NAME_CODE addr_pref_map[] = { 1539 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6, 1540 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4, 1541 INET_PROTO_NAME_ANY, 0, 1542 0, -1, 1543 }; 1544 1545 /* 1546 * The process name, "smtp" or "lmtp", determines the configuration 1547 * parameters to use, protocol, DSN server reply type, SASL service 1548 * information lookup, and more. We peeked at the name in the main() 1549 * function before logging was initialized. Here, we detect and report an 1550 * invalid process name. 1551 */ 1552 if (strcmp(var_procname, MAIL_PROC_NAME_SMTP) != 0 1553 && strcmp(var_procname, MAIL_PROC_NAME_LMTP) != 0) 1554 msg_fatal("unexpected process name \"%s\" - " 1555 "specify \"%s\" or \"%s\"", var_procname, 1556 MAIL_PROC_NAME_SMTP, MAIL_PROC_NAME_LMTP); 1557 1558 /* 1559 * Turn on per-peer debugging. 1560 */ 1561 debug_peer_init(); 1562 1563 /* 1564 * SASL initialization. 1565 */ 1566 if (var_smtp_sasl_enable) 1567 #ifdef USE_SASL_AUTH 1568 smtp_sasl_initialize(); 1569 #else 1570 msg_warn("%s is true, but SASL support is not compiled in", 1571 VAR_LMTP_SMTP(SASL_ENABLE)); 1572 #endif 1573 1574 #ifdef USE_TLS 1575 /* Postfix <= 3.10 backwards compatibility. */ 1576 if (smtp_mode && warn_compat_break_smtp_tls_level) 1577 msg_info("using backwards-compatible default setting %s=(empty)", 1578 VAR_SMTP_TLS_LEVEL); 1579 #endif 1580 if (*var_smtp_tls_level != 0) 1581 #ifdef USE_TLS 1582 switch (tls_level_lookup(var_smtp_tls_level)) { 1583 case TLS_LEV_SECURE: 1584 case TLS_LEV_VERIFY: 1585 case TLS_LEV_DANE_ONLY: 1586 case TLS_LEV_FPRINT: 1587 case TLS_LEV_ENCRYPT: 1588 var_smtp_use_tls = var_smtp_enforce_tls = 1; 1589 break; 1590 case TLS_LEV_DANE: 1591 case TLS_LEV_MAY: 1592 var_smtp_use_tls = 1; 1593 var_smtp_enforce_tls = 0; 1594 break; 1595 case TLS_LEV_NONE: 1596 var_smtp_use_tls = var_smtp_enforce_tls = 0; 1597 break; 1598 default: 1599 /* tls_level_lookup() logs no warning. */ 1600 /* session_tls_init() assumes that var_smtp_tls_level is sane. */ 1601 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); 1602 } 1603 #endif 1604 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); 1605 1606 /* 1607 * Initialize the TLS data before entering the chroot jail 1608 */ 1609 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { 1610 #ifdef USE_TLS 1611 TLS_CLIENT_INIT_PROPS props; 1612 1613 tls_pre_jail_init(TLS_ROLE_CLIENT); 1614 1615 /* 1616 * We get stronger type safety and a cleaner interface by combining 1617 * the various parameters into a single tls_client_props structure. 1618 * 1619 * Large parameter lists are error-prone, so we emulate a language 1620 * feature that C does not have natively: named parameter lists. 1621 * 1622 * With tlsproxy(8) turned on, this is still needed for DANE-related 1623 * initializations. 1624 */ 1625 smtp_tls_ctx = 1626 TLS_CLIENT_INIT(&props, 1627 log_param = VAR_LMTP_SMTP(TLS_LOGLEVEL), 1628 log_level = var_smtp_tls_loglevel, 1629 verifydepth = var_smtp_tls_scert_vd, 1630 cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE), 1631 chain_files = var_smtp_tls_chain_files, 1632 cert_file = var_smtp_tls_cert_file, 1633 key_file = var_smtp_tls_key_file, 1634 dcert_file = var_smtp_tls_dcert_file, 1635 dkey_file = var_smtp_tls_dkey_file, 1636 eccert_file = var_smtp_tls_eccert_file, 1637 eckey_file = var_smtp_tls_eckey_file, 1638 CAfile = var_smtp_tls_CAfile, 1639 CApath = var_smtp_tls_CApath, 1640 mdalg = var_smtp_tls_fpt_dgst); 1641 smtp_tls_list_init(); 1642 tls_dane_loglevel(VAR_LMTP_SMTP(TLS_LOGLEVEL), var_smtp_tls_loglevel); 1643 #else 1644 msg_warn("TLS has been selected, but TLS support is not compiled in"); 1645 #endif 1646 } 1647 1648 /* 1649 * Flush client. 1650 */ 1651 flush_init(); 1652 1653 /* 1654 * Session cache domain list. 1655 */ 1656 if (*var_smtp_cache_dest) 1657 smtp_cache_dest = string_list_init(VAR_SMTP_CACHE_DEST, 1658 MATCH_FLAG_RETURN, 1659 var_smtp_cache_dest); 1660 1661 /* 1662 * EHLO keyword filter. 1663 */ 1664 if (*var_smtp_ehlo_dis_maps) 1665 smtp_ehlo_dis_maps = maps_create(VAR_LMTP_SMTP(EHLO_DIS_MAPS), 1666 var_smtp_ehlo_dis_maps, 1667 DICT_FLAG_LOCK); 1668 1669 /* 1670 * PIX bug workarounds. 1671 */ 1672 if (*var_smtp_pix_bug_maps) 1673 smtp_pix_bug_maps = maps_create(VAR_LMTP_SMTP(PIX_BUG_MAPS), 1674 var_smtp_pix_bug_maps, 1675 DICT_FLAG_LOCK); 1676 1677 /* 1678 * Generic maps. 1679 */ 1680 if (*var_prop_extension) 1681 smtp_ext_prop_mask = 1682 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); 1683 if (*var_smtp_generic_maps) 1684 smtp_generic_maps = 1685 maps_create(VAR_LMTP_SMTP(GENERIC_MAPS), var_smtp_generic_maps, 1686 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX 1687 | DICT_FLAG_UTF8_REQUEST); 1688 1689 /* 1690 * Header/body checks. 1691 */ 1692 smtp_header_checks = hbc_header_checks_create( 1693 VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks, 1694 VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks, 1695 VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks, 1696 smtp_hbc_callbacks); 1697 smtp_body_checks = hbc_body_checks_create( 1698 VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks, 1699 smtp_hbc_callbacks); 1700 1701 /* 1702 * Server reply filter. 1703 */ 1704 if (*var_smtp_resp_filter) 1705 smtp_chat_resp_filter = 1706 dict_open(var_smtp_resp_filter, O_RDONLY, 1707 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1708 1709 /* 1710 * Address family preference. 1711 */ 1712 if (*var_smtp_addr_pref) { 1713 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE, 1714 var_smtp_addr_pref); 1715 if (smtp_addr_pref < 0) 1716 msg_fatal("bad %s value: %s", VAR_LMTP_SMTP(ADDR_PREF), 1717 var_smtp_addr_pref); 1718 } 1719 1720 /* 1721 * DNS reply filter. 1722 */ 1723 if (*var_smtp_dns_re_filter) 1724 dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER), 1725 var_smtp_dns_re_filter); 1726 1727 /* 1728 * REQUIRETLS enforcement policy. The parser appends a default action: DO 1729 * NOT skip the code below if the policy string is empty. When 1730 * var_reqtls_enable != 0, smtp_reqtls_policy must also be != 0. 1731 */ 1732 if (var_reqtls_enable) 1733 smtp_reqtls_policy = 1734 smtp_reqtls_policy_parse(VAR_LMTP_SMTP(REQTLS_POLICY), 1735 var_smtp_reqtls_policy); 1736 } 1737 1738 /* pre_accept - see if tables have changed */ 1739 1740 static void pre_accept(char *unused_name, char **unused_argv) 1741 { 1742 const char *table; 1743 1744 if ((table = dict_changed_name()) != 0) { 1745 msg_info("table %s has changed -- restarting", table); 1746 exit(0); 1747 } 1748 } 1749 1750 MAIL_VERSION_STAMP_DECLARE; 1751 1752 /* main - pass control to the single-threaded skeleton */ 1753 1754 int main(int argc, char **argv) 1755 { 1756 char *sane_procname; 1757 1758 #include "smtp_params.c" 1759 #include "lmtp_params.c" 1760 1761 /* 1762 * Fingerprint executables and core dumps. 1763 */ 1764 MAIL_VERSION_STAMP_ALLOCATE; 1765 1766 /* 1767 * XXX The process name, "smtp" or "lmtp", determines what configuration 1768 * parameter settings to use, and more. However, at this point, logging 1769 * and var_procname are not initialized. Here, we peek at the process 1770 * name to determine what configuration parameter settings to use. Later, 1771 * we detect and report an invalid process name. 1772 */ 1773 sane_procname = sane_basename((VSTRING *) 0, argv[0]); 1774 if (strcmp(sane_procname, MAIL_PROC_NAME_SMTP) == 0) 1775 smtp_mode = 1; 1776 1777 /* 1778 * Initialize with the LMTP or SMTP parameter name space. 1779 */ 1780 single_server_main(argc, argv, smtp_service, 1781 CA_MAIL_SERVER_TIME_TABLE(smtp_mode ? 1782 smtp_time_table : lmtp_time_table), 1783 CA_MAIL_SERVER_INT_TABLE(smtp_mode ? 1784 smtp_int_table : lmtp_int_table), 1785 CA_MAIL_SERVER_STR_TABLE(smtp_mode ? 1786 smtp_str_table : lmtp_str_table), 1787 CA_MAIL_SERVER_BOOL_TABLE(smtp_mode ? 1788 smtp_bool_table : lmtp_bool_table), 1789 CA_MAIL_SERVER_NBOOL_TABLE(smtp_mode ? 1790 smtp_nbool_table : lmtp_nbool_table), 1791 CA_MAIL_SERVER_PRE_INIT(pre_init), 1792 CA_MAIL_SERVER_POST_INIT(post_init), 1793 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept), 1794 CA_MAIL_SERVER_BOUNCE_INIT(VAR_SMTP_DSN_FILTER, 1795 &var_smtp_dsn_filter), 1796 0); 1797 } 1798
Indexes created Fri Jun 19 00:25:02 UTC 2026