1 /* $NetBSD: smtp.c,v 1.14 2025/02/25 19:15:49 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* smtp, lmtp 8
6 /* SUMMARY
7 /* Postfix SMTP+LMTP client
8 /* SYNOPSIS
9 /* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
10 /*
11 /* \fBlmtp\fR [generic Postfix daemon options] [flags=DORX]
12 /* DESCRIPTION
13 /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
14 /* delivery protocols. It processes message delivery requests from
15 /* the queue manager. Each request specifies a queue file, a sender
16 /* address, a domain or host to deliver to, and recipient information.
17 /* This program expects to be run from the \fBmaster\fR(8) process
18 /* manager. The process name, \fBsmtp\fR or \fBlmtp\fR, controls
19 /* the protocol, and the names of the configuration parameters
20 /* that will be used.
21 /*
22 /* The SMTP+LMTP client updates the queue file and marks recipients
23 /* as finished, or it informs the queue manager that delivery should
24 /* be tried again at a later time. Delivery status reports are sent
25 /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
26 /* appropriate.
27 /*
28 /* The server lookup strategy is different for SMTP and LMTP,
29 /* as described in the sections "SMTP SERVER LOOKUP" and "LMTP
30 /* SERVER LOOKUP".
31 /*
32 /* After a successful mail transaction, a connection may be saved
33 /* to the \fBscache\fR(8) connection cache server, so that it
34 /* may be used by any SMTP+LMTP client for a subsequent transaction.
35 /*
36 /* By default, connection caching is enabled temporarily for
37 /* destinations that have a high volume of mail in the active
38 /* queue. Connection caching can be enabled permanently for
39 /* specific destinations.
40 /* SMTP SERVER LOOKUP
41 /* .ad
42 /* .fi
43 /* The Postfix SMTP client supports multiple destinations
44 /* separated by comma or whitespace (Postfix 3.5 and later).
45 /* Each destination is tried in the specified order.
46 /*
47 /* SMTP destinations have the following form:
48 /* .IP \fIdomainname\fR
49 /* .IP \fIdomainname\fR:\fIservice\fR
50 /* Look up the mail exchangers for the specified domain, and
51 /* connect to the specified service (default: \fBsmtp\fR).
52 /* Optionally, mail exchangers may be looked up with SRV queries
53 /* instead of MX; this requires that \fIservice\fR is given
54 /* in symbolic form.
55 /* .IP [\fIhostname\fR]
56 /* .IP [\fIhostname\fR]:\fIservice\fR
57 /* Look up the address(es) for the specified host, and connect to
58 /* the specified service (default: \fBsmtp\fR).
59 /* .IP [\fIaddress\fR]
60 /* .IP [\fIaddress\fR]:\fIservice\fR
61 /* Connect to the host at the specified address, and connect
62 /* to the specified service (default: \fBsmtp\fR). An IPv6 address
63 /* must be formatted as [\fBipv6\fR:\fIaddress\fR].
64 /* LMTP SERVER LOOKUP
65 /* .ad
66 /* .fi
67 /* The Postfix LMTP client supports multiple destinations
68 /* separated by comma or whitespace (Postfix 3.5 and later).
69 /* Each destination is tried in the specified order.
70 /*
71 /* LMTP destinations have the following form:
72 /* .IP \fBunix\fR:\fIpathname\fR
73 /* Connect to the local UNIX-domain server that is bound to the specified
74 /* \fIpathname\fR. If the process runs chrooted, an absolute pathname
75 /* is interpreted relative to the Postfix queue directory.
76 /* .IP \fBinet\fR:\fIdomainname\fR
77 /* .IP \fBinet\fR:\fIdomainname\fR:\fIservice\fR
78 /* Look up the LMTP servers for the specified domain and service
79 /* (default: \fBlmtp\fR).
80 /* This form is supported when SRV lookups are enabled, and
81 /* requires that \fIservice\fR is in symbolic form.
82 /* .IP \fBinet\fR:\fIhostname\fR
83 /* .IP \fBinet\fR:\fIhostname\fR:\fIservice\fR
84 /* Look up the address(es) for the specified host, and connect to
85 /* the specified service (default: \fBlmtp\fR). When SRV lookups
86 /* are enabled, use the form \fB[\fIhostname\fB]\fR to force
87 /* address lookups.
88 /* .IP \fBinet\fR:[\fIaddress\fR]
89 /* .IP \fBinet\fR:[\fIaddress\fR]:\fIservice\fR
90 /* Connect to the specified local or remote host and service
91 /* (default: \fBlmtp\fR).
92 /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR].
93 /* SINGLE-RECIPIENT DELIVERY
94 /* .ad
95 /* .fi
96 /* By default, the Postfix SMTP+LMTP client delivers mail to
97 /* multiple recipients per delivery request. This is undesirable
98 /* when prepending a \fBDelivered-to:\fR or \fBX-Original-To:\fR
99 /* message header. To prevent Postfix from sending multiple
100 /* recipients per delivery request, specify
101 /* .sp
102 /* .nf
103 /* \fItransport\fB_destination_recipient_limit = 1\fR
104 /* .fi
105 /*
106 /* in the Postfix \fBmain.cf\fR file, where \fItransport\fR
107 /* is the name in the first column of the Postfix \fBmaster.cf\fR
108 /* entry for this mail delivery service.
109 /* COMMAND ATTRIBUTE SYNTAX
110 /* .ad
111 /* .fi
112 /* .IP "\fBflags=DORX\fR (optional)"
113 /* Optional message processing flags.
114 /* .RS
115 /* .IP \fBD\fR
116 /* Prepend a "\fBDelivered-To: \fIrecipient\fR" message header
117 /* with the envelope recipient address. Note: for this to work,
118 /* the \fItransport\fB_destination_recipient_limit\fR must be
119 /* 1 (see SINGLE-RECIPIENT DELIVERY above for details).
120 /* .sp
121 /* The \fBD\fR flag also enforces loop detection: if a message
122 /* already contains a \fBDelivered-To:\fR header with the same
123 /* recipient address, then the message is returned as
124 /* undeliverable. The address comparison is case insensitive.
125 /* .sp
126 /* This feature is available as of Postfix 3.5.
127 /* .IP \fBO\fR
128 /* Prepend an "\fBX-Original-To: \fIrecipient\fR" message
129 /* header with the recipient address as given to Postfix. Note:
130 /* for this to work, the
131 /* \fItransport\fB_destination_recipient_limit\fR must be 1
132 /* (see SINGLE-RECIPIENT DELIVERY above for details).
133 /* .sp
134 /* This feature is available as of Postfix 3.5.
135 /* .IP \fBR\fR
136 /* Prepend a "\fBReturn-Path: <\fIsender\fB>\fR" message header
137 /* with the envelope sender address.
138 /* .sp
139 /* This feature is available as of Postfix 3.5.
140 /* .IP \fBX\fR
141 /* Indicates that the delivery is final. This flag affects
142 /* the status reported in "success" DSN (delivery status
143 /* notification) messages, and changes it from "relayed" into
144 /* "delivered".
145 /* .sp
146 /* This feature is available as of Postfix 3.5.
147 /* .RE
148 /* SECURITY
149 /* .ad
150 /* .fi
151 /* The SMTP+LMTP client is moderately security-sensitive. It
152 /* talks to SMTP or LMTP servers and to DNS servers on the
153 /* network. The SMTP+LMTP client can be run chrooted at fixed
154 /* low privilege.
155 /* STANDARDS
156 /* RFC 821 (SMTP protocol)
157 /* RFC 822 (ARPA Internet Text Messages)
158 /* RFC 1651 (SMTP service extensions)
159 /* RFC 1652 (8bit-MIME transport)
160 /* RFC 1870 (Message Size Declaration)
161 /* RFC 2033 (LMTP protocol)
162 /* RFC 2034 (SMTP Enhanced Error Codes)
163 /* RFC 2045 (MIME: Format of Internet Message Bodies)
164 /* RFC 2046 (MIME: Media Types)
165 /* RFC 2554 (AUTH command)
166 /* RFC 2821 (SMTP protocol)
167 /* RFC 2782 (SRV resource records)
168 /* RFC 2920 (SMTP Pipelining)
169 /* RFC 3207 (STARTTLS command)
170 /* RFC 3461 (SMTP DSN Extension)
171 /* RFC 3463 (Enhanced Status Codes)
172 /* RFC 4954 (AUTH command)
173 /* RFC 5321 (SMTP protocol)
174 /* RFC 6531 (Internationalized SMTP)
175 /* RFC 6533 (Internationalized Delivery Status Notifications)
176 /* RFC 7672 (SMTP security via opportunistic DANE TLS)
177 /* RFC 8689 (TLS-Required message header)
178 /* DIAGNOSTICS
179 /* Problems and transactions are logged to \fBsyslogd\fR(8)
180 /* or \fBpostlogd\fR(8).
181 /* Corrupted message files are marked so that the queue manager can
182 /* move them to the \fBcorrupt\fR queue for further inspection.
183 /*
184 /* Depending on the setting of the \fBnotify_classes\fR parameter,
185 /* the postmaster is notified of bounces, protocol problems, and of
186 /* other trouble.
187 /* BUGS
188 /* SMTP and LMTP connection reuse for TLS (without closing the
189 /* SMTP or LMTP connection) is not supported before Postfix 3.4.
190 /*
191 /* SMTP and LMTP connection reuse assumes that SASL credentials
192 /* are valid for all destinations that map onto the same IP
193 /* address and TCP port.
194 /* CONFIGURATION PARAMETERS
195 /* .ad
196 /* .fi
197 /* Postfix versions 2.3 and later implement the SMTP and LMTP
198 /* client with the same program, and choose the protocol and
199 /* configuration parameters based on the process name, \fBsmtp\fR
200 /* or \fBlmtp\fR.
201 /*
202 /* Most smtp_\fIxxx\fR configuration parameters have an
203 /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
204 /* feature. This document describes only those LMTP-related
205 /* parameters that aren't simply "mirror" parameters.
206 /*
207 /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8)
208 /* processes run for only a limited amount of time. Use the command
209 /* "\fBpostfix reload\fR" to speed up a change.
210 /*
211 /* The text below provides only a parameter summary. See
212 /* \fBpostconf\fR(5) for more details including examples.
213 /* COMPATIBILITY CONTROLS
214 /* .ad
215 /* .fi
216 /* .IP "\fBignore_mx_lookup_error (no)\fR"
217 /* Ignore DNS MX lookups that produce no response.
218 /* .IP "\fBsmtp_always_send_ehlo (yes)\fR"
219 /* Always send EHLO at the start of an SMTP session.
220 /* .IP "\fBsmtp_never_send_ehlo (no)\fR"
221 /* Never send EHLO at the start of an SMTP session.
222 /* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR"
223 /* Defer mail delivery when no MX record resolves to an IP address.
224 /* .IP "\fBsmtp_line_length_limit (998)\fR"
225 /* The maximal length of message header and body lines that Postfix
226 /* will send via SMTP.
227 /* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR"
228 /* How long the Postfix SMTP client pauses before sending
229 /* ".<CR><LF>" in order to work around the PIX firewall
230 /* "<CR><LF>.<CR><LF>" bug.
231 /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR"
232 /* How long a message must be queued before the Postfix SMTP client
233 /* turns on the PIX firewall "<CR><LF>.<CR><LF>"
234 /* bug workaround for delivery through firewalls with "smtp fixup"
235 /* mode turned on.
236 /* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR"
237 /* A list that specifies zero or more workarounds for CISCO PIX
238 /* firewall bugs.
239 /* .IP "\fBsmtp_pix_workaround_maps (empty)\fR"
240 /* Lookup tables, indexed by the remote SMTP server address, with
241 /* per-destination workarounds for CISCO PIX firewall bugs.
242 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
243 /* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
244 /* as required
245 /* by RFC 5321.
246 /* .IP "\fBsmtp_reply_filter (empty)\fR"
247 /* A mechanism to transform replies from remote SMTP servers one
248 /* line at a time.
249 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
250 /* Skip remote SMTP servers that greet with a 5XX status code.
251 /* .IP "\fBsmtp_skip_quit_response (yes)\fR"
252 /* Do not wait for the response to the SMTP QUIT command.
253 /* .PP
254 /* Available in Postfix version 2.0 and earlier:
255 /* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR"
256 /* Skip SMTP servers that greet with a 4XX status code (go away, try
257 /* again later).
258 /* .PP
259 /* Available in Postfix version 2.2 and later:
260 /* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
261 /* Lookup tables, indexed by the remote SMTP server address, with
262 /* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
263 /* etc.) that the Postfix SMTP client will ignore in the EHLO response from a
264 /* remote SMTP server.
265 /* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
266 /* A case insensitive list of EHLO keywords (pipelining, starttls,
267 /* auth, etc.) that the Postfix SMTP client will ignore in the EHLO
268 /* response from a remote SMTP server.
269 /* .IP "\fBsmtp_generic_maps (empty)\fR"
270 /* Optional lookup tables that perform address rewriting in the
271 /* Postfix SMTP client, typically to transform a locally valid address into
272 /* a globally valid address when sending mail across the Internet.
273 /* .PP
274 /* Available in Postfix version 2.2.9 and later:
275 /* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR"
276 /* When the remote SMTP servername is a DNS CNAME, replace the
277 /* servername with the result from CNAME expansion for the purpose of
278 /* logging, SASL password lookup, TLS
279 /* policy decisions, or TLS certificate verification.
280 /* .PP
281 /* Available in Postfix version 2.3 and later:
282 /* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR"
283 /* Lookup tables, indexed by the remote LMTP server address, with
284 /* case insensitive lists of LHLO keywords (pipelining, starttls,
285 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO
286 /* response
287 /* from a remote LMTP server.
288 /* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR"
289 /* A case insensitive list of LHLO keywords (pipelining, starttls,
290 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO
291 /* response
292 /* from a remote LMTP server.
293 /* .PP
294 /* Available in Postfix version 2.4.4 and later:
295 /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
296 /* When authenticating to a remote SMTP or LMTP server with the
297 /* default setting "no", send no SASL authoriZation ID (authzid); send
298 /* only the SASL authentiCation ID (authcid) plus the authcid's password.
299 /* .PP
300 /* Available in Postfix version 2.5 and later:
301 /* .IP "\fBsmtp_header_checks (empty)\fR"
302 /* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client.
303 /* .IP "\fBsmtp_mime_header_checks (empty)\fR"
304 /* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP
305 /* client.
306 /* .IP "\fBsmtp_nested_header_checks (empty)\fR"
307 /* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP
308 /* client.
309 /* .IP "\fBsmtp_body_checks (empty)\fR"
310 /* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
311 /* .PP
312 /* Available in Postfix version 2.6 and later:
313 /* .IP "\fBtcp_windowsize (0)\fR"
314 /* An optional workaround for routers that break TCP window scaling.
315 /* .PP
316 /* Available in Postfix version 2.8 and later:
317 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR"
318 /* DNS Resolver options for the Postfix SMTP client.
319 /* .PP
320 /* Available in Postfix version 2.9 - 3.6:
321 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
322 /* Change the behavior of the smtp_*_timeout time limits, from a
323 /* time limit per read or write system call, to a time limit to send
324 /* or receive a complete record (an SMTP command line, SMTP response
325 /* line, SMTP message content line, or TLS protocol message).
326 /* .PP
327 /* Available in Postfix version 2.9 and later:
328 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
329 /* Whether or not to append the "AUTH=<>" option to the MAIL
330 /* FROM command in SASL-authenticated SMTP sessions.
331 /* .PP
332 /* Available in Postfix version 2.11 and later:
333 /* .IP "\fBsmtp_dns_support_level (empty)\fR"
334 /* Level of DNS support in the Postfix SMTP client.
335 /* .PP
336 /* Available in Postfix version 3.0 and later:
337 /* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR"
338 /* Optional filter for the \fBsmtp\fR(8) delivery agent to change the
339 /* delivery status code or explanatory text of successful or unsuccessful
340 /* deliveries.
341 /* .IP "\fBsmtp_dns_reply_filter (empty)\fR"
342 /* Optional filter for Postfix SMTP client DNS lookup results.
343 /* .PP
344 /* Available in Postfix version 3.3 and later:
345 /* .IP "\fBsmtp_balance_inet_protocols (yes)\fR"
346 /* When a remote destination resolves to a combination of IPv4 and
347 /* IPv6 addresses, ensure that the Postfix SMTP client can try both
348 /* address types before it runs into the smtp_mx_address_limit.
349 /* .PP
350 /* Available in Postfix 3.5 and later:
351 /* .IP "\fBinfo_log_address_format (external)\fR"
352 /* The email address form that will be used in non-debug logging
353 /* (info, warning, etc.).
354 /* .PP
355 /* Available in Postfix 3.6 and later:
356 /* .IP "\fBdnssec_probe (ns:.)\fR"
357 /* The DNS query type (default: "ns") and DNS query name (default:
358 /* ".") that Postfix may use to determine whether DNSSEC validation
359 /* is available.
360 /* .IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR"
361 /* Optional setting that avoids lookups in the \fBservices\fR(5) database.
362 /* .PP
363 /* Available in Postfix version 3.7 and later:
364 /* .IP "\fBsmtp_per_request_deadline (no)\fR"
365 /* Change the behavior of the smtp_*_timeout time limits, from a
366 /* time limit per plaintext or TLS read or write call, to a combined
367 /* time limit for sending a complete SMTP request and for receiving a
368 /* complete SMTP response.
369 /* .IP "\fBsmtp_min_data_rate (500)\fR"
370 /* The minimum plaintext data transfer rate in bytes/second for
371 /* DATA requests, when deadlines are enabled with smtp_per_request_deadline.
372 /* .IP "\fBheader_from_format (standard)\fR"
373 /* The format of the Postfix-generated \fBFrom:\fR header.
374 /* .PP
375 /* Available in Postfix version 3.8 and later:
376 /* .IP "\fBuse_srv_lookup (empty)\fR"
377 /* Enables discovery for the specified service(s) using DNS SRV
378 /* records.
379 /* .IP "\fBignore_srv_lookup_error (no)\fR"
380 /* When SRV record lookup fails, fall back to MX or IP address
381 /* lookup as if SRV record lookup was not enabled.
382 /* .IP "\fBallow_srv_lookup_fallback (no)\fR"
383 /* When SRV record lookup fails or no SRV record exists, fall back
384 /* to MX or IP address lookup as if SRV record lookup was not enabled.
385 /* MIME PROCESSING CONTROLS
386 /* .ad
387 /* .fi
388 /* Available in Postfix version 2.0 and later:
389 /* .IP "\fBdisable_mime_output_conversion (no)\fR"
390 /* Disable the conversion of 8BITMIME format to 7BIT format.
391 /* .IP "\fBmime_boundary_length_limit (2048)\fR"
392 /* The maximal length of MIME multipart boundary strings.
393 /* .IP "\fBmime_nesting_limit (100)\fR"
394 /* The maximal recursion level that the MIME processor will handle.
395 /* EXTERNAL CONTENT INSPECTION CONTROLS
396 /* .ad
397 /* .fi
398 /* Available in Postfix version 2.1 and later:
399 /* .IP "\fBsmtp_send_xforward_command (no)\fR"
400 /* Send the non-standard XFORWARD command when the Postfix SMTP server
401 /* EHLO response announces XFORWARD support.
402 /* SASL AUTHENTICATION CONTROLS
403 /* .ad
404 /* .fi
405 /* .IP "\fBsmtp_sasl_auth_enable (no)\fR"
406 /* Enable SASL authentication in the Postfix SMTP client.
407 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
408 /* Optional Postfix SMTP client lookup tables with one username:password
409 /* entry per sender, remote hostname or next-hop domain.
410 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
411 /* Postfix SMTP client SASL security options; as of Postfix 2.3
412 /* the list of available
413 /* features depends on the SASL client implementation that is selected
414 /* with \fBsmtp_sasl_type\fR.
415 /* .PP
416 /* Available in Postfix version 2.2 and later:
417 /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
418 /* If non-empty, a Postfix SMTP client filter for the remote SMTP
419 /* server's list of offered SASL mechanisms.
420 /* .PP
421 /* Available in Postfix version 2.3 and later:
422 /* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
423 /* Enable sender-dependent authentication in the Postfix SMTP client; this is
424 /* available only with SASL authentication, and disables SMTP connection
425 /* caching to ensure that mail from different senders will use the
426 /* appropriate credentials.
427 /* .IP "\fBsmtp_sasl_path (empty)\fR"
428 /* Implementation-specific information that the Postfix SMTP client
429 /* passes through to
430 /* the SASL plug-in implementation that is selected with
431 /* \fBsmtp_sasl_type\fR.
432 /* .IP "\fBsmtp_sasl_type (cyrus)\fR"
433 /* The SASL plug-in type that the Postfix SMTP client should use
434 /* for authentication.
435 /* .PP
436 /* Available in Postfix version 2.5 and later:
437 /* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR"
438 /* An optional table to prevent repeated SASL authentication
439 /* failures with the same remote SMTP server hostname, username and
440 /* password.
441 /* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR"
442 /* The maximal age of an smtp_sasl_auth_cache_name entry before it
443 /* is removed.
444 /* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR"
445 /* When a remote SMTP server rejects a SASL authentication request
446 /* with a 535 reply code, defer mail delivery instead of returning
447 /* mail as undeliverable.
448 /* .PP
449 /* Available in Postfix version 2.9 and later:
450 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
451 /* Whether or not to append the "AUTH=<>" option to the MAIL
452 /* FROM command in SASL-authenticated SMTP sessions.
453 /* .PP
454 /* Available in Postfix version 3.9 and later:
455 /* .IP "\fBsmtp_sasl_password_result_delimiter (:)\fR"
456 /* The delimiter between username and password in sasl_passwd_maps lookup
457 /* results.
458 /* STARTTLS SUPPORT CONTROLS
459 /* .ad
460 /* .fi
461 /* Detailed information about STARTTLS configuration may be found
462 /* in the TLS_README document.
463 /* .IP "\fBsmtp_tls_security_level (empty)\fR"
464 /* The default SMTP TLS security level for the Postfix SMTP client.
465 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
466 /* The SASL authentication security options that the Postfix SMTP
467 /* client uses for TLS encrypted SMTP sessions.
468 /* .IP "\fBsmtp_starttls_timeout (300s)\fR"
469 /* Time limit for Postfix SMTP client write and read operations
470 /* during TLS startup and shutdown handshake procedures.
471 /* .IP "\fBsmtp_tls_CAfile (empty)\fR"
472 /* A file containing CA certificates of root CAs trusted to sign
473 /* either remote SMTP server certificates or intermediate CA certificates.
474 /* .IP "\fBsmtp_tls_CApath (empty)\fR"
475 /* Directory with PEM format Certification Authority certificates
476 /* that the Postfix SMTP client uses to verify a remote SMTP server
477 /* certificate.
478 /* .IP "\fBsmtp_tls_cert_file (empty)\fR"
479 /* File with the Postfix SMTP client RSA certificate in PEM format.
480 /* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
481 /* The minimum TLS cipher grade that the Postfix SMTP client will
482 /* use with
483 /* mandatory TLS encryption.
484 /* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
485 /* List of ciphers or cipher types to exclude from the Postfix
486 /* SMTP client cipher
487 /* list at all TLS security levels.
488 /* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
489 /* Additional list of ciphers or cipher types to exclude from the
490 /* Postfix SMTP client cipher list at mandatory TLS security levels.
491 /* .IP "\fBsmtp_tls_dcert_file (empty)\fR"
492 /* File with the Postfix SMTP client DSA certificate in PEM format.
493 /* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
494 /* File with the Postfix SMTP client DSA private key in PEM format.
495 /* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR"
496 /* File with the Postfix SMTP client RSA private key in PEM format.
497 /* .IP "\fBsmtp_tls_loglevel (0)\fR"
498 /* Enable additional Postfix SMTP client logging of TLS activity.
499 /* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
500 /* Log the hostname of a remote SMTP server that offers STARTTLS,
501 /* when TLS is not already enabled for that server.
502 /* .IP "\fBsmtp_tls_policy_maps (empty)\fR"
503 /* Optional lookup tables with the Postfix SMTP client TLS security
504 /* policy by next-hop destination; when a non-empty value is specified,
505 /* this overrides the obsolete smtp_tls_per_site parameter.
506 /* .IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
507 /* TLS protocols that the Postfix SMTP client will use with mandatory
508 /* TLS encryption.
509 /* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
510 /* The verification depth for remote SMTP server certificates.
511 /* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
512 /* How the Postfix SMTP client verifies the server certificate
513 /* peername for the "secure" TLS security level.
514 /* .IP "\fBsmtp_tls_session_cache_database (empty)\fR"
515 /* Name of the file containing the optional Postfix SMTP client
516 /* TLS session cache.
517 /* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR"
518 /* The expiration time of Postfix SMTP client TLS session cache
519 /* information.
520 /* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR"
521 /* How the Postfix SMTP client verifies the server certificate
522 /* peername for the
523 /* "verify" TLS security level.
524 /* .IP "\fBtls_daemon_random_bytes (32)\fR"
525 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
526 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its
527 /* internal pseudo random number generator (PRNG).
528 /* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
529 /* The OpenSSL cipherlist for "high" grade ciphers.
530 /* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
531 /* The OpenSSL cipherlist for "medium" or higher grade ciphers.
532 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
533 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide
534 /* authentication without encryption.
535 /* .PP
536 /* Available in in Postfix version 2.3..3.7:
537 /* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
538 /* The OpenSSL cipherlist for "low" or higher grade ciphers.
539 /* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
540 /* The OpenSSL cipherlist for "export" or higher grade ciphers.
541 /* .PP
542 /* Available in Postfix version 2.4 and later:
543 /* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR"
544 /* The SASL authentication security options that the Postfix SMTP
545 /* client uses for TLS encrypted SMTP sessions with a verified server
546 /* certificate.
547 /* .PP
548 /* Available in Postfix version 2.5 and later:
549 /* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR"
550 /* List of acceptable remote SMTP server certificate fingerprints for
551 /* the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR =
552 /* fingerprint).
553 /* .IP "\fBsmtp_tls_fingerprint_digest (see 'postconf -d' output)\fR"
554 /* The message digest algorithm used to construct remote SMTP server
555 /* certificate fingerprints.
556 /* .PP
557 /* Available in Postfix version 2.6 and later:
558 /* .IP "\fBsmtp_tls_protocols (see 'postconf -d' output)\fR"
559 /* TLS protocols that the Postfix SMTP client will use with
560 /* opportunistic TLS encryption.
561 /* .IP "\fBsmtp_tls_ciphers (medium)\fR"
562 /* The minimum TLS cipher grade that the Postfix SMTP client
563 /* will use with opportunistic TLS encryption.
564 /* .IP "\fBsmtp_tls_eccert_file (empty)\fR"
565 /* File with the Postfix SMTP client ECDSA certificate in PEM format.
566 /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
567 /* File with the Postfix SMTP client ECDSA private key in PEM format.
568 /* .PP
569 /* Available in Postfix version 2.7 and later:
570 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
571 /* Try to detect a mail hijacking attack based on a TLS protocol
572 /* vulnerability (CVE-2009-3555), where an attacker prepends malicious
573 /* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
574 /* .PP
575 /* Available in Postfix version 2.8 and later:
576 /* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
577 /* List or bit-mask of OpenSSL bug work-arounds to disable.
578 /* .PP
579 /* Available in Postfix version 2.11-3.1:
580 /* .IP "\fBtls_dane_digest_agility (on)\fR"
581 /* Configure RFC7671 DANE TLSA digest algorithm agility.
582 /* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
583 /* Enable support for RFC 6698 (DANE TLSA) DNS records that contain
584 /* digests of trust-anchors with certificate usage "2".
585 /* .PP
586 /* Available in Postfix version 2.11 and later:
587 /* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR"
588 /* Zero or more PEM-format files with trust-anchor certificates
589 /* and/or public keys.
590 /* .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR"
591 /* Lookup the associated DANE TLSA RRset even when a hostname is
592 /* not an alias and its address records lie in an unsigned zone.
593 /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
594 /* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
595 /* .PP
596 /* Available in Postfix version 3.0 and later:
597 /* .IP "\fBsmtp_tls_wrappermode (no)\fR"
598 /* Request that the Postfix SMTP client connects using the
599 /* SUBMISSIONS (formerly called SMTPS) protocol instead of using the
600 /* STARTTLS command.
601 /* .PP
602 /* Available in Postfix version 3.1 and later:
603 /* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR"
604 /* The TLS policy for MX hosts with "secure" TLSA records when the
605 /* nexthop destination security level is \fBdane\fR, but the MX
606 /* record was found via an "insecure" MX lookup.
607 /* .PP
608 /* Available in Postfix version 3.2 and later:
609 /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
610 /* The prioritized list of elliptic curves, that should be enabled in the
611 /* Postfix SMTP client and server.
612 /* .PP
613 /* Available in Postfix version 3.4 and later:
614 /* .IP "\fBsmtp_tls_connection_reuse (no)\fR"
615 /* Try to make multiple deliveries per TLS-encrypted connection.
616 /* .IP "\fBsmtp_tls_chain_files (empty)\fR"
617 /* List of one or more PEM files, each holding one or more private keys
618 /* directly followed by a corresponding certificate chain.
619 /* .IP "\fBsmtp_tls_servername (empty)\fR"
620 /* Optional name to send to the remote SMTP server in the TLS Server
621 /* Name Indication (SNI) extension.
622 /* .PP
623 /* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
624 /* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
625 /* A workaround for implementations that hang Postfix while shutting
626 /* down a TLS session, until Postfix times out.
627 /* .PP
628 /* Available in Postfix version 3.8 and later:
629 /* .IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR"
630 /* The prioritized list of finite-field Diffie-Hellman ephemeral
631 /* (FFDHE) key exchange groups supported by the Postfix SMTP client and
632 /* server.
633 /* .PP
634 /* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
635 /* .IP "\fBtls_config_file (default)\fR"
636 /* Optional configuration file with baseline OpenSSL settings.
637 /* .IP "\fBtls_config_name (empty)\fR"
638 /* The application name passed by Postfix to OpenSSL library
639 /* initialization functions.
640 /* .PP
641 /* Available in Postfix version 3.9 and later:
642 /* .IP "\fBsmtp_tls_enable_rpk (no)\fR"
643 /* Request that remote SMTP servers send an RFC7250 raw public key
644 /* instead of an X.509 certificate.
645 /* .PP
646 /* Available in Postfix version 3.10 and later:
647 /* .IP "\fBsmtp_tlsrpt_enable (no)\fR"
648 /* Enable support for RFC 8460 TLSRPT notifications.
649 /* .IP "\fBsmtp_tlsrpt_socket_name (empty)\fR"
650 /* The pathname of a UNIX-domain datagram socket that is managed
651 /* by a local TLSRPT reporting service.
652 /* .IP "\fBsmtp_tlsrpt_skip_reused_handshakes (yes)\fR"
653 /* Do not report the TLSRPT status for TLS protocol handshakes
654 /* that reuse a previously-negotiated TLS session (there is no new
655 /* information to report).
656 /* .IP "\fBtls_required_enable (yes)\fR"
657 /* Enable support for the "TLS-Required: no" message header, defined
658 /* in RFC 8689.
659 /* OBSOLETE STARTTLS CONTROLS
660 /* .ad
661 /* .fi
662 /* The following configuration parameters exist for compatibility
663 /* with Postfix versions before 2.3. Support for these will
664 /* be removed in a future release.
665 /* .IP "\fBsmtp_use_tls (no)\fR"
666 /* Opportunistic mode: use TLS when a remote SMTP server announces
667 /* STARTTLS support, otherwise send the mail in the clear.
668 /* .IP "\fBsmtp_enforce_tls (no)\fR"
669 /* Enforcement mode: require that remote SMTP servers use TLS
670 /* encryption, and never send mail in the clear.
671 /* .IP "\fBsmtp_tls_enforce_peername (yes)\fR"
672 /* With mandatory TLS encryption, require that the remote SMTP
673 /* server hostname matches the information in the remote SMTP server
674 /* certificate.
675 /* .IP "\fBsmtp_tls_per_site (empty)\fR"
676 /* Optional lookup tables with the Postfix SMTP client TLS usage
677 /* policy by next-hop destination and by remote SMTP server hostname.
678 /* .IP "\fBsmtp_tls_cipherlist (empty)\fR"
679 /* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
680 /* cipher list.
681 /* RESOURCE AND RATE CONTROLS
682 /* .ad
683 /* .fi
684 /* .IP "\fBsmtp_connect_timeout (30s)\fR"
685 /* The Postfix SMTP client time limit for completing a TCP connection, or
686 /* zero (use the operating system built-in time limit).
687 /* .IP "\fBsmtp_helo_timeout (300s)\fR"
688 /* The Postfix SMTP client time limit for sending the HELO or EHLO command,
689 /* and for receiving the initial remote SMTP server response.
690 /* .IP "\fBlmtp_lhlo_timeout (300s)\fR"
691 /* The Postfix LMTP client time limit for sending the LHLO command,
692 /* and for receiving the initial remote LMTP server response.
693 /* .IP "\fBsmtp_xforward_timeout (300s)\fR"
694 /* The Postfix SMTP client time limit for sending the XFORWARD command,
695 /* and for receiving the remote SMTP server response.
696 /* .IP "\fBsmtp_mail_timeout (300s)\fR"
697 /* The Postfix SMTP client time limit for sending the MAIL FROM command,
698 /* and for receiving the remote SMTP server response.
699 /* .IP "\fBsmtp_rcpt_timeout (300s)\fR"
700 /* The Postfix SMTP client time limit for sending the SMTP RCPT TO
701 /* command, and for receiving the remote SMTP server response.
702 /* .IP "\fBsmtp_data_init_timeout (120s)\fR"
703 /* The Postfix SMTP client time limit for sending the SMTP DATA command,
704 /* and for receiving the remote SMTP server response.
705 /* .IP "\fBsmtp_data_xfer_timeout (180s)\fR"
706 /* The Postfix SMTP client time limit for sending the SMTP message content.
707 /* .IP "\fBsmtp_data_done_timeout (600s)\fR"
708 /* The Postfix SMTP client time limit for sending the SMTP ".", and
709 /* for receiving the remote SMTP server response.
710 /* .IP "\fBsmtp_quit_timeout (300s)\fR"
711 /* The Postfix SMTP client time limit for sending the QUIT command,
712 /* and for receiving the remote SMTP server response.
713 /* .PP
714 /* Available in Postfix version 2.1 and later:
715 /* .IP "\fBsmtp_mx_address_limit (5)\fR"
716 /* The maximal number of MX (mail exchanger) IP addresses that can
717 /* result from Postfix SMTP client mail exchanger lookups, or zero (no
718 /* limit).
719 /* .IP "\fBsmtp_mx_session_limit (2)\fR"
720 /* The maximal number of SMTP sessions per delivery request before
721 /* the Postfix SMTP client
722 /* gives up or delivers to a fall-back relay host, or zero (no
723 /* limit).
724 /* .IP "\fBsmtp_rset_timeout (20s)\fR"
725 /* The Postfix SMTP client time limit for sending the RSET command,
726 /* and for receiving the remote SMTP server response.
727 /* .PP
728 /* Available in Postfix version 2.2 and earlier:
729 /* .IP "\fBlmtp_cache_connection (yes)\fR"
730 /* Keep Postfix LMTP client connections open for up to $max_idle
731 /* seconds.
732 /* .PP
733 /* Available in Postfix version 2.2 and later:
734 /* .IP "\fBsmtp_connection_cache_destinations (empty)\fR"
735 /* Permanently enable SMTP connection caching for the specified
736 /* destinations.
737 /* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR"
738 /* Temporarily enable SMTP connection caching while a destination
739 /* has a high volume of mail in the active queue.
740 /* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR"
741 /* The amount of time during which Postfix will use an SMTP
742 /* connection repeatedly.
743 /* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR"
744 /* When SMTP connection caching is enabled, the amount of time that
745 /* an unused SMTP client socket is kept open before it is closed.
746 /* .PP
747 /* Available in Postfix version 2.3 and later:
748 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
749 /* Time limit for connection cache connect, send or receive
750 /* operations.
751 /* .PP
752 /* Available in Postfix version 2.9 - 3.6:
753 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
754 /* Change the behavior of the smtp_*_timeout time limits, from a
755 /* time limit per read or write system call, to a time limit to send
756 /* or receive a complete record (an SMTP command line, SMTP response
757 /* line, SMTP message content line, or TLS protocol message).
758 /* .PP
759 /* Available in Postfix version 2.11 and later:
760 /* .IP "\fBsmtp_connection_reuse_count_limit (0)\fR"
761 /* When SMTP connection caching is enabled, the number of times
762 /* that an SMTP session may be reused before it is closed, or zero (no
763 /* limit).
764 /* .PP
765 /* Available in Postfix version 3.4 and later:
766 /* .IP "\fBsmtp_tls_connection_reuse (no)\fR"
767 /* Try to make multiple deliveries per TLS-encrypted connection.
768 /* .PP
769 /* Available in Postfix version 3.7 and later:
770 /* .IP "\fBsmtp_per_request_deadline (no)\fR"
771 /* Change the behavior of the smtp_*_timeout time limits, from a
772 /* time limit per plaintext or TLS read or write call, to a combined
773 /* time limit for sending a complete SMTP request and for receiving a
774 /* complete SMTP response.
775 /* .IP "\fBsmtp_min_data_rate (500)\fR"
776 /* The minimum plaintext data transfer rate in bytes/second for
777 /* DATA requests, when deadlines are enabled with smtp_per_request_deadline.
778 /* .PP
779 /* Implemented in the qmgr(8) daemon:
780 /* .IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
781 /* A transport-specific override for the
782 /* default_destination_concurrency_limit parameter value, where
783 /* \fItransport\fR is the master.cf name of the message delivery
784 /* transport.
785 /* .IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
786 /* A transport-specific override for the
787 /* default_destination_recipient_limit parameter value, where
788 /* \fItransport\fR is the master.cf name of the message delivery
789 /* transport.
790 /* SMTPUTF8 CONTROLS
791 /* .ad
792 /* .fi
793 /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
794 /* .IP "\fBsmtputf8_enable (yes)\fR"
795 /* Enable preliminary SMTPUTF8 support for the protocols described
796 /* in RFC 6531, RFC 6532, and RFC 6533.
797 /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
798 /* Detect that a message requires SMTPUTF8 support for the specified
799 /* mail origin classes.
800 /* .PP
801 /* Available in Postfix version 3.2 and later:
802 /* .IP "\fBenable_idna2003_compatibility (no)\fR"
803 /* Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
804 /* when converting UTF-8 domain names to/from the ASCII form that is
805 /* used for DNS lookups.
806 /* TROUBLE SHOOTING CONTROLS
807 /* .ad
808 /* .fi
809 /* .IP "\fBdebug_peer_level (2)\fR"
810 /* The increment in verbose logging level when a nexthop destination,
811 /* remote client or server name or network address matches a pattern
812 /* given with the debug_peer_list parameter.
813 /* .IP "\fBdebug_peer_list (empty)\fR"
814 /* Optional list of nexthop destination, remote client or server
815 /* name or network address patterns that, if matched, cause the verbose
816 /* logging level to increase by the amount specified in $debug_peer_level.
817 /* .IP "\fBerror_notice_recipient (postmaster)\fR"
818 /* The recipient of postmaster notifications about mail delivery
819 /* problems that are caused by policy, resource, software or protocol
820 /* errors.
821 /* .IP "\fBinternal_mail_filter_classes (empty)\fR"
822 /* What categories of Postfix-generated mail are subject to
823 /* before-queue content inspection by non_smtpd_milters, header_checks
824 /* and body_checks.
825 /* .IP "\fBnotify_classes (resource, software)\fR"
826 /* The list of error classes that are reported to the postmaster.
827 /* MISCELLANEOUS CONTROLS
828 /* .ad
829 /* .fi
830 /* .IP "\fBbest_mx_transport (empty)\fR"
831 /* Where the Postfix SMTP client should deliver mail when it detects
832 /* a "mail loops back to myself" error condition.
833 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
834 /* The default location of the Postfix main.cf and master.cf
835 /* configuration files.
836 /* .IP "\fBdaemon_timeout (18000s)\fR"
837 /* How much time a Postfix daemon process may take to handle a
838 /* request before it is terminated by a built-in watchdog timer.
839 /* .IP "\fBdelay_logging_resolution_limit (2)\fR"
840 /* The maximal number of digits after the decimal point when logging
841 /* delay values.
842 /* .IP "\fBdisable_dns_lookups (no)\fR"
843 /* Disable DNS lookups in the Postfix SMTP and LMTP clients.
844 /* .IP "\fBinet_interfaces (all)\fR"
845 /* The local network interface addresses that this mail system
846 /* receives mail on.
847 /* .IP "\fBinet_protocols (see 'postconf -d' output)\fR"
848 /* The Internet protocols Postfix will attempt to use when making
849 /* or accepting connections.
850 /* .IP "\fBipc_timeout (3600s)\fR"
851 /* The time limit for sending or receiving information over an internal
852 /* communication channel.
853 /* .IP "\fBlmtp_assume_final (no)\fR"
854 /* When a remote LMTP server announces no DSN support, assume that
855 /* the
856 /* server performs final delivery, and send "delivered" delivery status
857 /* notifications instead of "relayed".
858 /* .IP "\fBlmtp_tcp_port (24)\fR"
859 /* The default TCP port that the Postfix LMTP client connects to.
860 /* .IP "\fBmax_idle (100s)\fR"
861 /* The maximum amount of time that an idle Postfix daemon process waits
862 /* for an incoming connection before terminating voluntarily.
863 /* .IP "\fBmax_use (100)\fR"
864 /* The maximal number of incoming connections that a Postfix daemon
865 /* process will service before terminating voluntarily.
866 /* .IP "\fBprocess_id (read-only)\fR"
867 /* The process ID of a Postfix command or daemon process.
868 /* .IP "\fBprocess_name (read-only)\fR"
869 /* The process name of a Postfix command or daemon process.
870 /* .IP "\fBproxy_interfaces (empty)\fR"
871 /* The remote network interface addresses that this mail system receives mail
872 /* on by way of a proxy or network address translation unit.
873 /* .IP "\fBsmtp_address_preference (any)\fR"
874 /* The address type ("ipv6", "ipv4" or "any") that the Postfix
875 /* SMTP client will try first, when a destination has IPv6 and IPv4
876 /* addresses with equal MX preference.
877 /* .IP "\fBsmtp_bind_address (empty)\fR"
878 /* An optional numerical network address that the Postfix SMTP client
879 /* should bind to when making an IPv4 connection.
880 /* .IP "\fBsmtp_bind_address6 (empty)\fR"
881 /* An optional numerical network address that the Postfix SMTP client
882 /* should bind to when making an IPv6 connection.
883 /* .IP "\fBsmtp_helo_name ($myhostname)\fR"
884 /* The hostname to send in the SMTP HELO or EHLO command.
885 /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
886 /* The hostname to send in the LMTP LHLO command.
887 /* .IP "\fBsmtp_host_lookup (dns)\fR"
888 /* What mechanisms the Postfix SMTP client uses to look up a host's
889 /* IP address.
890 /* .IP "\fBsmtp_randomize_addresses (yes)\fR"
891 /* Randomize the order of equal-preference MX host addresses.
892 /* .IP "\fBsyslog_facility (mail)\fR"
893 /* The syslog facility of Postfix logging.
894 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
895 /* A prefix that is prepended to the process name in syslog
896 /* records, so that, for example, "smtpd" becomes "prefix/smtpd".
897 /* .PP
898 /* Available with Postfix 2.2 and earlier:
899 /* .IP "\fBfallback_relay (empty)\fR"
900 /* Optional list of relay hosts for SMTP destinations that can't be
901 /* found or that are unreachable.
902 /* .PP
903 /* Available with Postfix 2.3 and later:
904 /* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR"
905 /* Optional list of relay destinations that will be used when an
906 /* SMTP destination is not found, or when delivery fails due to a
907 /* non-permanent error.
908 /* .PP
909 /* Available with Postfix 3.0 and later:
910 /* .IP "\fBsmtp_address_verify_target (rcpt)\fR"
911 /* In the context of email address verification, the SMTP protocol
912 /* stage that determines whether an email address is deliverable.
913 /* .PP
914 /* Available with Postfix 3.1 and later:
915 /* .IP "\fBlmtp_fallback_relay (empty)\fR"
916 /* Optional list of relay hosts for LMTP destinations that can't be
917 /* found or that are unreachable.
918 /* .PP
919 /* Available with Postfix 3.2 and later:
920 /* .IP "\fBsmtp_tcp_port (smtp)\fR"
921 /* The default TCP port that the Postfix SMTP client connects to.
922 /* .PP
923 /* Available in Postfix 3.3 and later:
924 /* .IP "\fBservice_name (read-only)\fR"
925 /* The master.cf service name of a Postfix daemon process.
926 /* .PP
927 /* Available in Postfix 3.7 and later:
928 /* .IP "\fBsmtp_bind_address_enforce (no)\fR"
929 /* Defer delivery when the Postfix SMTP client cannot apply the
930 /* smtp_bind_address or smtp_bind_address6 setting.
931 /* SEE ALSO
932 /* generic(5), output address rewriting
933 /* header_checks(5), message header content inspection
934 /* body_checks(5), body parts content inspection
935 /* qmgr(8), queue manager
936 /* bounce(8), delivery status reports
937 /* scache(8), connection cache server
938 /* postconf(5), configuration parameters
939 /* master(5), generic daemon options
940 /* master(8), process manager
941 /* tlsmgr(8), TLS session and PRNG management
942 /* postlogd(8), Postfix logging
943 /* syslogd(8), system logging
944 /* README FILES
945 /* .ad
946 /* .fi
947 /* Use "\fBpostconf readme_directory\fR" or
948 /* "\fBpostconf html_directory\fR" to locate this information.
949 /* .na
950 /* .nf
951 /* SASL_README, Postfix SASL howto
952 /* TLS_README, Postfix STARTTLS howto
953 /* LICENSE
954 /* .ad
955 /* .fi
956 /* The Secure Mailer license must be distributed with this software.
957 /* AUTHOR(S)
958 /* Wietse Venema
959 /* IBM T.J. Watson Research
960 /* P.O. Box 704
961 /* Yorktown Heights, NY 10598, USA
962 /*
963 /* Wietse Venema
964 /* Google, Inc.
965 /* 111 8th Avenue
966 /* New York, NY 10011, USA
967 /*
968 /* Command pipelining in cooperation with:
969 /* Jon Ribbens
970 /* Oaktree Internet Solutions Ltd.,
971 /* Internet House,
972 /* Canal Basin,
973 /* Coventry,
974 /* CV1 4LY, United Kingdom.
975 /*
976 /* SASL support originally by:
977 /* Till Franke
978 /* SuSE Rhein/Main AG
979 /* 65760 Eschborn, Germany
980 /*
981 /* TLS support originally by:
982 /* Lutz Jaenicke
983 /* BTU Cottbus
984 /* Allgemeine Elektrotechnik
985 /* Universitaetsplatz 3-4
986 /* D-03044 Cottbus, Germany
987 /*
988 /* Revised TLS and SMTP connection cache support by:
989 /* Victor Duchovni
990 /* Morgan Stanley
991 /*--*/
992
993 /* System library. */
994
995 #include <sys_defs.h>
996 #include <unistd.h>
997 #include <stdlib.h>
998 #include <string.h>
999 #include <fcntl.h>
1000 #include <dict.h>
1001 #include <stringops.h>
1002
1003 /* Utility library. */
1004
1005 #include <msg.h>
1006 #include <mymalloc.h>
1007 #include <name_mask.h>
1008 #include <name_code.h>
1009 #include <byte_mask.h>
1010
1011 /* Global library. */
1012
1013 #include <deliver_request.h>
1014 #include <delivered_hdr.h>
1015 #include <mail_proto.h>
1016 #include <mail_params.h>
1017 #include <mail_version.h>
1018 #include <mail_conf.h>
1019 #include <debug_peer.h>
1020 #include <flush_clnt.h>
1021 #include <scache.h>
1022 #include <string_list.h>
1023 #include <maps.h>
1024 #include <ext_prop.h>
1025 #include <hfrom_format.h>
1026
1027 /* DNS library. */
1028
1029 #include <dns.h>
1030
1031 /* Single server skeleton. */
1032
1033 #include <mail_server.h>
1034
1035 /* Application-specific. */
1036
1037 #include "smtp.h"
1038 #include "smtp_sasl.h"
1039
1040 /*
1041 * Tunable parameters. These have compiled-in defaults that can be overruled
1042 * by settings in the global Postfix configuration file.
1043 */
1044 int var_smtp_conn_tmout;
1045 int var_smtp_helo_tmout;
1046 int var_smtp_xfwd_tmout;
1047 int var_smtp_mail_tmout;
1048 int var_smtp_rcpt_tmout;
1049 int var_smtp_data0_tmout;
1050 int var_smtp_data1_tmout;
1051 int var_smtp_data2_tmout;
1052 int var_smtp_rset_tmout;
1053 int var_smtp_quit_tmout;
1054 char *var_notify_classes;
1055 int var_smtp_skip_5xx_greeting;
1056 int var_ign_mx_lookup_err;
1057 int var_skip_quit_resp;
1058 char *var_fallback_relay;
1059 char *var_bestmx_transp;
1060 char *var_error_rcpt;
1061 int var_smtp_always_ehlo;
1062 int var_smtp_never_ehlo;
1063 char *var_smtp_sasl_opts;
1064 char *var_smtp_sasl_path;
1065 char *var_smtp_sasl_passwd;
1066 char *var_smtp_sasl_passwd_res_delim;
1067 bool var_smtp_sasl_enable;
1068 char *var_smtp_sasl_mechs;
1069 char *var_smtp_sasl_type;
1070 char *var_smtp_bind_addr;
1071 char *var_smtp_bind_addr6;
1072 char *var_smtp_vrfy_tgt;
1073 bool var_smtp_rand_addr;
1074 int var_smtp_pix_thresh;
1075 int var_queue_run_delay;
1076 int var_min_backoff_time;
1077 int var_smtp_pix_delay;
1078 int var_smtp_line_limit;
1079 char *var_smtp_helo_name;
1080 char *var_smtp_host_lookup;
1081 bool var_smtp_quote_821_env;
1082 bool var_smtp_defer_mxaddr;
1083 bool var_smtp_send_xforward;
1084 int var_smtp_mxaddr_limit;
1085 int var_smtp_mxsess_limit;
1086 int var_smtp_cache_conn;
1087 int var_smtp_reuse_time;
1088 int var_smtp_reuse_count;
1089 char *var_smtp_cache_dest;
1090 char *var_scache_service; /* You can now leave this here. */
1091 bool var_smtp_cache_demand;
1092 char *var_smtp_ehlo_dis_words;
1093 char *var_smtp_ehlo_dis_maps;
1094 char *var_smtp_addr_pref;
1095
1096 char *var_smtp_tls_level;
1097 bool var_smtp_use_tls;
1098 bool var_smtp_enforce_tls;
1099 char *var_smtp_tls_per_site;
1100 char *var_smtp_tls_policy;
1101 bool var_smtp_tls_wrappermode;
1102 bool var_smtp_tls_conn_reuse;
1103 char *var_tlsproxy_service;
1104
1105 #ifdef USE_TLS
1106 char *var_smtp_sasl_tls_opts;
1107 char *var_smtp_sasl_tlsv_opts;
1108 int var_smtp_starttls_tmout;
1109 char *var_smtp_tls_CAfile;
1110 char *var_smtp_tls_CApath;
1111 char *var_smtp_tls_chain_files;
1112 char *var_smtp_tls_cert_file;
1113 char *var_smtp_tls_mand_ciph;
1114 char *var_smtp_tls_excl_ciph;
1115 char *var_smtp_tls_mand_excl;
1116 char *var_smtp_tls_dcert_file;
1117 char *var_smtp_tls_dkey_file;
1118 bool var_smtp_tls_enforce_peername;
1119 char *var_smtp_tls_key_file;
1120 char *var_smtp_tls_loglevel;
1121 bool var_smtp_tls_note_starttls_offer;
1122 char *var_smtp_tls_mand_proto;
1123 char *var_smtp_tls_sec_cmatch;
1124 int var_smtp_tls_scert_vd;
1125 char *var_smtp_tls_vfy_cmatch;
1126 char *var_smtp_tls_fpt_cmatch;
1127 char *var_smtp_tls_fpt_dgst;
1128 char *var_smtp_tls_tafile;
1129 char *var_smtp_tls_proto;
1130 char *var_smtp_tls_ciph;
1131 char *var_smtp_tls_eccert_file;
1132 char *var_smtp_tls_eckey_file;
1133 char *var_smtp_tls_sni;
1134 bool var_smtp_tls_blk_early_mail_reply;
1135 bool var_smtp_tls_force_tlsa;
1136 char *var_smtp_tls_insecure_mx_policy;
1137 bool var_smtp_tls_enable_rpk;
1138
1139 #endif
1140
1141 char *var_smtp_generic_maps;
1142 char *var_prop_extension;
1143 bool var_smtp_sender_auth;
1144 char *var_smtp_tcp_port;
1145 int var_scache_proto_tmout;
1146 bool var_smtp_cname_overr;
1147 char *var_smtp_pix_bug_words;
1148 char *var_smtp_pix_bug_maps;
1149 char *var_cyrus_conf_path;
1150 char *var_smtp_head_chks;
1151 char *var_smtp_mime_chks;
1152 char *var_smtp_nest_chks;
1153 char *var_smtp_body_chks;
1154 char *var_smtp_resp_filter;
1155 bool var_lmtp_assume_final;
1156 char *var_smtp_dns_res_opt;
1157 char *var_smtp_dns_support;
1158 bool var_smtp_dummy_mail_auth;
1159 char *var_smtp_dsn_filter;
1160 char *var_smtp_dns_re_filter;
1161 bool var_smtp_balance_inet_proto;
1162 bool var_smtp_req_deadline;
1163 int var_smtp_min_data_rate;
1164 char *var_use_srv_lookup;
1165 bool var_ign_srv_lookup_err;
1166 bool var_allow_srv_fallback;
1167 bool var_smtp_tlsrpt_enable;
1168 char *var_smtp_tlsrpt_sockname;
1169 bool var_smtp_tlsrpt_skip_reused_hs;
1170
1171 /* Special handling of 535 AUTH errors. */
1172 char *var_smtp_sasl_auth_cache_name;
1173 int var_smtp_sasl_auth_cache_time;
1174 bool var_smtp_sasl_auth_soft_bounce;
1175
1176 char *var_hfrom_format;
1177 bool var_smtp_bind_addr_enforce;
1178
1179 /*
1180 * Global variables.
1181 */
1182 int smtp_mode;
1183 int smtp_host_lookup_mask;
1184 int smtp_dns_support;
1185 STRING_LIST *smtp_cache_dest;
1186 SCACHE *smtp_scache;
1187 MAPS *smtp_ehlo_dis_maps;
1188 MAPS *smtp_generic_maps;
1189 int smtp_ext_prop_mask;
1190 unsigned smtp_dns_res_opt;
1191 MAPS *smtp_pix_bug_maps;
1192 HBC_CHECKS *smtp_header_checks; /* limited header checks */
1193 HBC_CHECKS *smtp_body_checks; /* limited body checks */
1194 SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */
1195 int smtp_hfrom_format; /* postmaster notifications */
1196 STRING_LIST *smtp_use_srv_lookup;
1197
1198 #ifdef USE_TLS
1199
1200 /*
1201 * OpenSSL client state (opaque handle)
1202 */
1203 TLS_APPL_STATE *smtp_tls_ctx;
1204 int smtp_tls_insecure_mx_policy;
1205
1206 #endif
1207
1208 /*
1209 * IPv6 preference.
1210 */
1211 static int smtp_addr_pref;
1212
1213 /* get_cli_attr - get command-line attributes */
1214
get_cli_attr(SMTP_CLI_ATTR * attr,char ** argv)1215 static void get_cli_attr(SMTP_CLI_ATTR *attr, char **argv)
1216 {
1217 const char myname[] = "get_cli_attr";
1218 const char *last_flags = "flags="; /* i.e. empty */
1219 static const BYTE_MASK flags_map[] = {
1220 'D', SMTP_CLI_FLAG_DELIVERED_TO,
1221 'O', SMTP_CLI_FLAG_ORIG_RCPT,
1222 'R', SMTP_CLI_FLAG_RETURN_PATH,
1223 'X', SMTP_CLI_FLAG_FINAL_DELIVERY,
1224 0,
1225 };
1226
1227 /*
1228 * Initialize.
1229 */
1230 attr->flags = 0;
1231
1232 /*
1233 * Iterate over the command-line attribute list. Errors are fatal.
1234 */
1235 for ( /* void */ ; *argv != 0; argv++) {
1236
1237 /*
1238 * flags=stuff. Errors are fatal.
1239 */
1240 if (strncasecmp("flags=", *argv, sizeof("flags=") - 1) == 0) {
1241 last_flags = *argv;
1242 if (msg_verbose)
1243 msg_info("%s: %s", myname, last_flags);
1244 attr->flags = byte_mask(*argv, flags_map,
1245 *argv + sizeof("flags=") - 1);
1246 }
1247
1248 /*
1249 * Bad.
1250 */
1251 else
1252 msg_fatal("unknown attribute name: %s", *argv);
1253 }
1254
1255 /*
1256 * Backwards compatibility, redundancy, and obsolescence.
1257 */
1258 if (!smtp_mode && var_lmtp_assume_final
1259 && (attr->flags & SMTP_CLI_FLAG_FINAL_DELIVERY) == 0) {
1260 attr->flags |= SMTP_CLI_FLAG_FINAL_DELIVERY;
1261 msg_warn("%s is obsolete; instead, specify \"%sX\" in %s",
1262 VAR_LMTP_ASSUME_FINAL, last_flags, MASTER_CONF_FILE);
1263 }
1264 }
1265
1266 /* deliver_message - deliver message with extreme prejudice */
1267
deliver_message(const char * service,DELIVER_REQUEST * request)1268 static int deliver_message(const char *service, DELIVER_REQUEST *request)
1269 {
1270 SMTP_STATE *state;
1271 int result;
1272
1273 if (msg_verbose)
1274 msg_info("deliver_message: from %s", request->sender);
1275
1276 /*
1277 * Sanity checks. The smtp server is unprivileged and chrooted, so we can
1278 * afford to distribute the data censoring code, instead of having it all
1279 * in one place.
1280 */
1281 if (request->nexthop[0] == 0)
1282 msg_fatal("empty nexthop hostname");
1283 if (request->rcpt_list.len <= 0)
1284 msg_fatal("recipient count: %d", request->rcpt_list.len);
1285
1286 /*
1287 * D flag checks.
1288 */
1289 if (smtp_cli_attr.flags & SMTP_CLI_FLAG_DELIVERED_TO) {
1290
1291 /*
1292 * The D flag cannot be specified for multi-recipient deliveries.
1293 */
1294 if (request->rcpt_list.len > 1) {
1295 msg_warn("flag `D' requires %s_destination_recipient_limit = 1",
1296 service);
1297 return (reject_deliver_request(service, request, "4.3.5",
1298 "mail system configuration error"));
1299 }
1300
1301 /*
1302 * The recipient cannot appear in a Delivered-To: header.
1303 */
1304 else {
1305 DELIVERED_HDR_INFO *delivered_info = delivered_hdr_init(
1306 request->fp, request->data_offset, FOLD_ADDR_ALL);
1307 VSTRING *generic_rcpt = vstring_alloc(100);
1308 int have_delivered_loop;
1309
1310 smtp_rewrite_generic_internal(generic_rcpt,
1311 request->rcpt_list.info->address);
1312 have_delivered_loop = delivered_hdr_find(
1313 delivered_info, STR(generic_rcpt));
1314 vstring_free(generic_rcpt);
1315 delivered_hdr_free(delivered_info);
1316 if (have_delivered_loop) {
1317 return (reject_deliver_request(service, request, "5.4.6",
1318 "mail forwarding loop for %s",
1319 request->rcpt_list.info->address));
1320 }
1321 }
1322 }
1323
1324 /*
1325 * The O flag cannot be specified for multi-recipient deliveries.
1326 */
1327 if ((smtp_cli_attr.flags & SMTP_CLI_FLAG_ORIG_RCPT)
1328 && request->rcpt_list.len > 1) {
1329 msg_warn("flag `O' requires %s_destination_recipient_limit = 1",
1330 service);
1331 return (reject_deliver_request(service, request, "4.3.5",
1332 "mail system configuration error"));
1333 }
1334
1335 /*
1336 * Initialize. Bundle all information about the delivery request, so that
1337 * we can produce understandable diagnostics when something goes wrong
1338 * many levels below. The alternative would be to make everything global.
1339 */
1340 state = smtp_state_alloc();
1341 state->request = request;
1342 state->src = request->fp;
1343 state->service = service;
1344 state->misc_flags |= smtp_addr_pref;
1345 state->debug_peer_per_nexthop =
1346 debug_peer_check(request->nexthop, "noaddr");
1347 SMTP_RCPT_INIT(state);
1348
1349 /*
1350 * Establish an SMTP session and deliver this message to all requested
1351 * recipients. At the end, notify the postmaster of any protocol errors.
1352 * Optionally deliver mail locally when this machine is the best mail
1353 * exchanger.
1354 */
1355 result = smtp_connect(state);
1356
1357 /*
1358 * Clean up.
1359 */
1360 smtp_state_free(state);
1361
1362 return (result);
1363 }
1364
1365 /* smtp_service - perform service for client */
1366
smtp_service(VSTREAM * client_stream,char * service,char ** unused_argv)1367 static void smtp_service(VSTREAM *client_stream, char *service,
1368 char **unused_argv)
1369 {
1370 DELIVER_REQUEST *request;
1371 int status;
1372
1373 /*
1374 * This routine runs whenever a client connects to the UNIX-domain socket
1375 * dedicated to remote SMTP delivery service. What we see below is a
1376 * little protocol to (1) tell the queue manager that we are ready, (2)
1377 * read a request from the queue manager, and (3) report the completion
1378 * status of that request. All connection-management stuff is handled by
1379 * the common code in single_server.c.
1380 */
1381 if ((request = deliver_request_read(client_stream)) != 0) {
1382 status = deliver_message(service, request);
1383 deliver_request_done(client_stream, request, status);
1384 }
1385 }
1386
1387 /* post_init - post-jail initialization */
1388
post_init(char * unused_name,char ** argv)1389 static void post_init(char *unused_name, char **argv)
1390 {
1391 static const NAME_MASK lookup_masks[] = {
1392 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS,
1393 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
1394 0,
1395 };
1396 static const NAME_MASK dns_res_opt_masks[] = {
1397 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES,
1398 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH,
1399 0,
1400 };
1401 static const NAME_CODE dns_support[] = {
1402 SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED,
1403 SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED,
1404 #if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0)
1405 SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC,
1406 #endif
1407 0, SMTP_DNS_INVALID,
1408 };
1409
1410 if (*var_smtp_dns_support == 0) {
1411 /* Backwards compatible empty setting */
1412 smtp_dns_support =
1413 var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED;
1414 } else {
1415 smtp_dns_support =
1416 name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support);
1417 if (smtp_dns_support == SMTP_DNS_INVALID)
1418 msg_fatal("invalid %s: \"%s\"", VAR_LMTP_SMTP(DNS_SUPPORT),
1419 var_smtp_dns_support);
1420 var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
1421 }
1422
1423 #if !defined(USE_TLS) || !defined(USE_TLSRPT)
1424 if (var_smtp_tlsrpt_enable)
1425 msg_warn("TLSRPT is selected, but TLSRPT is not compiled in");
1426 #endif
1427 #ifdef USE_TLS
1428 #ifdef USE_TLSRPT
1429 if (var_smtp_tlsrpt_enable) {
1430 if (smtp_mode) {
1431 if (smtp_tlsrpt_post_jail(VAR_SMTP_TLSRPT_SOCKNAME,
1432 var_smtp_tlsrpt_sockname) < 0)
1433 var_smtp_tlsrpt_enable = 0;
1434 } else {
1435 msg_warn("TLSRPT support is not implemented for LMTP");
1436 var_smtp_tlsrpt_enable = 0;
1437 }
1438 }
1439 #endif /* USE_TLSRPT */
1440 if (smtp_mode) {
1441 smtp_tls_insecure_mx_policy =
1442 tls_level_lookup(var_smtp_tls_insecure_mx_policy);
1443 switch (smtp_tls_insecure_mx_policy) {
1444 case TLS_LEV_MAY:
1445 case TLS_LEV_ENCRYPT:
1446 case TLS_LEV_DANE:
1447 break;
1448 default:
1449 msg_fatal("invalid %s: \"%s\"", VAR_SMTP_TLS_INSECURE_MX_POLICY,
1450 var_smtp_tls_insecure_mx_policy);
1451 }
1452 }
1453 #endif
1454
1455 /*
1456 * Select hostname lookup mechanisms.
1457 */
1458 if (smtp_dns_support == SMTP_DNS_DISABLED)
1459 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
1460 else
1461 smtp_host_lookup_mask =
1462 name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks,
1463 var_smtp_host_lookup);
1464 if (msg_verbose)
1465 msg_info("host name lookup methods: %s",
1466 str_name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks,
1467 smtp_host_lookup_mask));
1468
1469 /*
1470 * Session cache instance.
1471 */
1472 if (*var_smtp_cache_dest || var_smtp_cache_demand)
1473 #if 0
1474 smtp_scache = scache_multi_create();
1475 #else
1476 smtp_scache = scache_clnt_create(var_scache_service,
1477 var_scache_proto_tmout,
1478 var_ipc_idle_limit,
1479 var_ipc_ttl_limit);
1480 #endif
1481
1482 /*
1483 * Select DNS query flags.
1484 */
1485 smtp_dns_res_opt = name_mask(VAR_LMTP_SMTP(DNS_RES_OPT), dns_res_opt_masks,
1486 var_smtp_dns_res_opt);
1487
1488 /*
1489 * Address verification.
1490 */
1491 smtp_vrfy_init();
1492
1493 /*
1494 * Look up service command-line attributes; these do not change during
1495 * the process lifetime.
1496 */
1497 get_cli_attr(&smtp_cli_attr, argv);
1498
1499 /*
1500 * header_from format, for postmaster notifications.
1501 */
1502 smtp_hfrom_format = hfrom_format_parse(VAR_HFROM_FORMAT, var_hfrom_format);
1503
1504 /*
1505 * Service discovery with SRV record lookup.
1506 */
1507 if (*var_use_srv_lookup)
1508 smtp_use_srv_lookup = string_list_init(VAR_USE_SRV_LOOKUP,
1509 MATCH_FLAG_RETURN,
1510 var_use_srv_lookup);
1511 }
1512
1513 /* pre_init - pre-jail initialization */
1514
pre_init(char * unused_name,char ** unused_argv)1515 static void pre_init(char *unused_name, char **unused_argv)
1516 {
1517 int use_tls;
1518 static const NAME_CODE addr_pref_map[] = {
1519 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6,
1520 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4,
1521 INET_PROTO_NAME_ANY, 0,
1522 0, -1,
1523 };
1524
1525 /*
1526 * The process name, "smtp" or "lmtp", determines the configuration
1527 * parameters to use, protocol, DSN server reply type, SASL service
1528 * information lookup, and more. We peeked at the name in the main()
1529 * function before logging was initialized. Here, we detect and report an
1530 * invalid process name.
1531 */
1532 if (strcmp(var_procname, MAIL_PROC_NAME_SMTP) != 0
1533 && strcmp(var_procname, MAIL_PROC_NAME_LMTP) != 0)
1534 msg_fatal("unexpected process name \"%s\" - "
1535 "specify \"%s\" or \"%s\"", var_procname,
1536 MAIL_PROC_NAME_SMTP, MAIL_PROC_NAME_LMTP);
1537
1538 /*
1539 * Turn on per-peer debugging.
1540 */
1541 debug_peer_init();
1542
1543 /*
1544 * SASL initialization.
1545 */
1546 if (var_smtp_sasl_enable)
1547 #ifdef USE_SASL_AUTH
1548 smtp_sasl_initialize();
1549 #else
1550 msg_warn("%s is true, but SASL support is not compiled in",
1551 VAR_LMTP_SMTP(SASL_ENABLE));
1552 #endif
1553
1554 if (*var_smtp_tls_level != 0)
1555 #ifdef USE_TLS
1556 switch (tls_level_lookup(var_smtp_tls_level)) {
1557 case TLS_LEV_SECURE:
1558 case TLS_LEV_VERIFY:
1559 case TLS_LEV_DANE_ONLY:
1560 case TLS_LEV_FPRINT:
1561 case TLS_LEV_ENCRYPT:
1562 var_smtp_use_tls = var_smtp_enforce_tls = 1;
1563 break;
1564 case TLS_LEV_DANE:
1565 case TLS_LEV_MAY:
1566 var_smtp_use_tls = 1;
1567 var_smtp_enforce_tls = 0;
1568 break;
1569 case TLS_LEV_NONE:
1570 var_smtp_use_tls = var_smtp_enforce_tls = 0;
1571 break;
1572 default:
1573 /* tls_level_lookup() logs no warning. */
1574 /* session_tls_init() assumes that var_smtp_tls_level is sane. */
1575 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level);
1576 }
1577 #endif
1578 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls);
1579
1580 /*
1581 * Initialize the TLS data before entering the chroot jail
1582 */
1583 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
1584 #ifdef USE_TLS
1585 TLS_CLIENT_INIT_PROPS props;
1586
1587 tls_pre_jail_init(TLS_ROLE_CLIENT);
1588
1589 /*
1590 * We get stronger type safety and a cleaner interface by combining
1591 * the various parameters into a single tls_client_props structure.
1592 *
1593 * Large parameter lists are error-prone, so we emulate a language
1594 * feature that C does not have natively: named parameter lists.
1595 *
1596 * With tlsproxy(8) turned on, this is still needed for DANE-related
1597 * initializations.
1598 */
1599 smtp_tls_ctx =
1600 TLS_CLIENT_INIT(&props,
1601 log_param = VAR_LMTP_SMTP(TLS_LOGLEVEL),
1602 log_level = var_smtp_tls_loglevel,
1603 verifydepth = var_smtp_tls_scert_vd,
1604 cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE),
1605 chain_files = var_smtp_tls_chain_files,
1606 cert_file = var_smtp_tls_cert_file,
1607 key_file = var_smtp_tls_key_file,
1608 dcert_file = var_smtp_tls_dcert_file,
1609 dkey_file = var_smtp_tls_dkey_file,
1610 eccert_file = var_smtp_tls_eccert_file,
1611 eckey_file = var_smtp_tls_eckey_file,
1612 CAfile = var_smtp_tls_CAfile,
1613 CApath = var_smtp_tls_CApath,
1614 mdalg = var_smtp_tls_fpt_dgst);
1615 smtp_tls_list_init();
1616 tls_dane_loglevel(VAR_LMTP_SMTP(TLS_LOGLEVEL), var_smtp_tls_loglevel);
1617 #else
1618 msg_warn("TLS has been selected, but TLS support is not compiled in");
1619 #endif
1620 }
1621
1622 /*
1623 * Flush client.
1624 */
1625 flush_init();
1626
1627 /*
1628 * Session cache domain list.
1629 */
1630 if (*var_smtp_cache_dest)
1631 smtp_cache_dest = string_list_init(VAR_SMTP_CACHE_DEST,
1632 MATCH_FLAG_RETURN,
1633 var_smtp_cache_dest);
1634
1635 /*
1636 * EHLO keyword filter.
1637 */
1638 if (*var_smtp_ehlo_dis_maps)
1639 smtp_ehlo_dis_maps = maps_create(VAR_LMTP_SMTP(EHLO_DIS_MAPS),
1640 var_smtp_ehlo_dis_maps,
1641 DICT_FLAG_LOCK);
1642
1643 /*
1644 * PIX bug workarounds.
1645 */
1646 if (*var_smtp_pix_bug_maps)
1647 smtp_pix_bug_maps = maps_create(VAR_LMTP_SMTP(PIX_BUG_MAPS),
1648 var_smtp_pix_bug_maps,
1649 DICT_FLAG_LOCK);
1650
1651 /*
1652 * Generic maps.
1653 */
1654 if (*var_prop_extension)
1655 smtp_ext_prop_mask =
1656 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
1657 if (*var_smtp_generic_maps)
1658 smtp_generic_maps =
1659 maps_create(VAR_LMTP_SMTP(GENERIC_MAPS), var_smtp_generic_maps,
1660 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
1661 | DICT_FLAG_UTF8_REQUEST);
1662
1663 /*
1664 * Header/body checks.
1665 */
1666 smtp_header_checks = hbc_header_checks_create(
1667 VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks,
1668 VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks,
1669 VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks,
1670 smtp_hbc_callbacks);
1671 smtp_body_checks = hbc_body_checks_create(
1672 VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks,
1673 smtp_hbc_callbacks);
1674
1675 /*
1676 * Server reply filter.
1677 */
1678 if (*var_smtp_resp_filter)
1679 smtp_chat_resp_filter =
1680 dict_open(var_smtp_resp_filter, O_RDONLY,
1681 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
1682
1683 /*
1684 * Address family preference.
1685 */
1686 if (*var_smtp_addr_pref) {
1687 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE,
1688 var_smtp_addr_pref);
1689 if (smtp_addr_pref < 0)
1690 msg_fatal("bad %s value: %s", VAR_LMTP_SMTP(ADDR_PREF),
1691 var_smtp_addr_pref);
1692 }
1693
1694 /*
1695 * DNS reply filter.
1696 */
1697 if (*var_smtp_dns_re_filter)
1698 dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER),
1699 var_smtp_dns_re_filter);
1700 }
1701
1702 /* pre_accept - see if tables have changed */
1703
pre_accept(char * unused_name,char ** unused_argv)1704 static void pre_accept(char *unused_name, char **unused_argv)
1705 {
1706 const char *table;
1707
1708 if ((table = dict_changed_name()) != 0) {
1709 msg_info("table %s has changed -- restarting", table);
1710 exit(0);
1711 }
1712 }
1713
1714 MAIL_VERSION_STAMP_DECLARE;
1715
1716 /* main - pass control to the single-threaded skeleton */
1717
main(int argc,char ** argv)1718 int main(int argc, char **argv)
1719 {
1720 char *sane_procname;
1721
1722 #include "smtp_params.c"
1723 #include "lmtp_params.c"
1724
1725 /*
1726 * Fingerprint executables and core dumps.
1727 */
1728 MAIL_VERSION_STAMP_ALLOCATE;
1729
1730 /*
1731 * XXX The process name, "smtp" or "lmtp", determines what configuration
1732 * parameter settings to use, and more. However, at this point, logging
1733 * and var_procname are not initialized. Here, we peek at the process
1734 * name to determine what configuration parameter settings to use. Later,
1735 * we detect and report an invalid process name.
1736 */
1737 sane_procname = sane_basename((VSTRING *) 0, argv[0]);
1738 if (strcmp(sane_procname, MAIL_PROC_NAME_SMTP) == 0)
1739 smtp_mode = 1;
1740
1741 /*
1742 * Initialize with the LMTP or SMTP parameter name space.
1743 */
1744 single_server_main(argc, argv, smtp_service,
1745 CA_MAIL_SERVER_TIME_TABLE(smtp_mode ?
1746 smtp_time_table : lmtp_time_table),
1747 CA_MAIL_SERVER_INT_TABLE(smtp_mode ?
1748 smtp_int_table : lmtp_int_table),
1749 CA_MAIL_SERVER_STR_TABLE(smtp_mode ?
1750 smtp_str_table : lmtp_str_table),
1751 CA_MAIL_SERVER_BOOL_TABLE(smtp_mode ?
1752 smtp_bool_table : lmtp_bool_table),
1753 CA_MAIL_SERVER_NBOOL_TABLE(smtp_mode ?
1754 smtp_nbool_table : lmtp_nbool_table),
1755 CA_MAIL_SERVER_PRE_INIT(pre_init),
1756 CA_MAIL_SERVER_POST_INIT(post_init),
1757 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept),
1758 CA_MAIL_SERVER_BOUNCE_INIT(VAR_SMTP_DSN_FILTER,
1759 &var_smtp_dsn_filter),
1760 0);
1761 }
1762