1 /* $NetBSD: smtp.c,v 1.13 2023/12/23 20:30:45 christos Exp $ */
2
3 /*++
4 /* NAME
5 /* smtp 8
6 /* SUMMARY
7 /* Postfix SMTP+LMTP client
8 /* SYNOPSIS
9 /* \fBsmtp\fR [generic Postfix daemon options] [flags=DORX]
10 /* DESCRIPTION
11 /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail
12 /* delivery protocols. It processes message delivery requests from
13 /* the queue manager. Each request specifies a queue file, a sender
14 /* address, a domain or host to deliver to, and recipient information.
15 /* This program expects to be run from the \fBmaster\fR(8) process
16 /* manager.
17 /*
18 /* The SMTP+LMTP client updates the queue file and marks recipients
19 /* as finished, or it informs the queue manager that delivery should
20 /* be tried again at a later time. Delivery status reports are sent
21 /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as
22 /* appropriate.
23 /*
24 /* The SMTP+LMTP client looks up a list of mail exchanger addresses for
25 /* the destination host, sorts the list by preference, and connects
26 /* to each listed address until it finds a server that responds.
27 /*
28 /* When a server is not reachable, or when mail delivery fails due
29 /* to a recoverable error condition, the SMTP+LMTP client will try to
30 /* deliver the mail to an alternate host.
31 /*
32 /* After a successful mail transaction, a connection may be saved
33 /* to the \fBscache\fR(8) connection cache server, so that it
34 /* may be used by any SMTP+LMTP client for a subsequent transaction.
35 /*
36 /* By default, connection caching is enabled temporarily for
37 /* destinations that have a high volume of mail in the active
38 /* queue. Connection caching can be enabled permanently for
39 /* specific destinations.
40 /* SMTP DESTINATION SYNTAX
41 /* .ad
42 /* .fi
43 /* The Postfix SMTP+LMTP client supports multiple destinations
44 /* separated by comma or whitespace (Postfix 3.5 and later).
45 /* SMTP destinations have the following form:
46 /* .IP \fIdomainname\fR
47 /* .IP \fIdomainname\fR:\fIport\fR
48 /* Look up the mail exchangers for the specified domain, and
49 /* connect to the specified port (default: \fBsmtp\fR).
50 /* .IP [\fIhostname\fR]
51 /* .IP [\fIhostname\fR]:\fIport\fR
52 /* Look up the address(es) of the specified host, and connect to
53 /* the specified port (default: \fBsmtp\fR).
54 /* .IP [\fIaddress\fR]
55 /* .IP [\fIaddress\fR]:\fIport\fR
56 /* Connect to the host at the specified address, and connect
57 /* to the specified port (default: \fBsmtp\fR). An IPv6 address
58 /* must be formatted as [\fBipv6\fR:\fIaddress\fR].
59 /* LMTP DESTINATION SYNTAX
60 /* .ad
61 /* .fi
62 /* The Postfix SMTP+LMTP client supports multiple destinations
63 /* separated by comma or whitespace (Postfix 3.5 and later).
64 /* LMTP destinations have the following form:
65 /* .IP \fBunix\fR:\fIpathname\fR
66 /* Connect to the local UNIX-domain server that is bound to the specified
67 /* \fIpathname\fR. If the process runs chrooted, an absolute pathname
68 /* is interpreted relative to the Postfix queue directory.
69 /* .IP \fBinet\fR:\fIhostname\fR
70 /* .IP \fBinet\fR:\fIhostname\fR:\fIport\fR
71 /* .IP \fBinet\fR:[\fIaddress\fR]
72 /* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR
73 /* Connect to the specified TCP port on the specified local or
74 /* remote host. If no port is specified, connect to the port defined as
75 /* \fBlmtp\fR in \fBservices\fR(4).
76 /* If no such service is found, the \fBlmtp_tcp_port\fR configuration
77 /* parameter (default value of 24) will be used.
78 /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR].
79 /* SINGLE-RECIPIENT DELIVERY
80 /* .ad
81 /* .fi
82 /* By default, the Postfix SMTP+LMTP client delivers mail to
83 /* multiple recipients per delivery request. This is undesirable
84 /* when prepending a \fBDelivered-to:\fR or \fBX-Original-To:\fR
85 /* message header. To prevent Postfix from sending multiple
86 /* recipients per delivery request, specify
87 /* .sp
88 /* .nf
89 /* \fItransport\fB_destination_recipient_limit = 1\fR
90 /* .fi
91 /*
92 /* in the Postfix \fBmain.cf\fR file, where \fItransport\fR
93 /* is the name in the first column of the Postfix \fBmaster.cf\fR
94 /* entry for this mail delivery service.
95 /* COMMAND ATTRIBUTE SYNTAX
96 /* .ad
97 /* .fi
98 /* .IP "\fBflags=DORX\fR (optional)"
99 /* Optional message processing flags.
100 /* .RS
101 /* .IP \fBD\fR
102 /* Prepend a "\fBDelivered-To: \fIrecipient\fR" message header
103 /* with the envelope recipient address. Note: for this to work,
104 /* the \fItransport\fB_destination_recipient_limit\fR must be
105 /* 1 (see SINGLE-RECIPIENT DELIVERY above for details).
106 /* .sp
107 /* The \fBD\fR flag also enforces loop detection: if a message
108 /* already contains a \fBDelivered-To:\fR header with the same
109 /* recipient address, then the message is returned as
110 /* undeliverable. The address comparison is case insensitive.
111 /* .sp
112 /* This feature is available as of Postfix 3.5.
113 /* .IP \fBO\fR
114 /* Prepend an "\fBX-Original-To: \fIrecipient\fR" message
115 /* header with the recipient address as given to Postfix. Note:
116 /* for this to work, the
117 /* \fItransport\fB_destination_recipient_limit\fR must be 1
118 /* (see SINGLE-RECIPIENT DELIVERY above for details).
119 /* .sp
120 /* This feature is available as of Postfix 3.5.
121 /* .IP \fBR\fR
122 /* Prepend a "\fBReturn-Path: <\fIsender\fB>\fR" message header
123 /* with the envelope sender address.
124 /* .sp
125 /* This feature is available as of Postfix 3.5.
126 /* .IP \fBX\fR
127 /* Indicates that the delivery is final. This flag affects
128 /* the status reported in "success" DSN (delivery status
129 /* notification) messages, and changes it from "relayed" into
130 /* "delivered".
131 /* .sp
132 /* This feature is available as of Postfix 3.5.
133 /* .RE
134 /* SECURITY
135 /* The SMTP+LMTP client is moderately security-sensitive. It
136 /* talks to SMTP or LMTP servers and to DNS servers on the
137 /* network. The SMTP+LMTP client can be run chrooted at fixed
138 /* low privilege.
139 /* STANDARDS
140 /* RFC 821 (SMTP protocol)
141 /* RFC 822 (ARPA Internet Text Messages)
142 /* RFC 1651 (SMTP service extensions)
143 /* RFC 1652 (8bit-MIME transport)
144 /* RFC 1870 (Message Size Declaration)
145 /* RFC 2033 (LMTP protocol)
146 /* RFC 2034 (SMTP Enhanced Error Codes)
147 /* RFC 2045 (MIME: Format of Internet Message Bodies)
148 /* RFC 2046 (MIME: Media Types)
149 /* RFC 2554 (AUTH command)
150 /* RFC 2821 (SMTP protocol)
151 /* RFC 2782 (SRV resource records)
152 /* RFC 2920 (SMTP Pipelining)
153 /* RFC 3207 (STARTTLS command)
154 /* RFC 3461 (SMTP DSN Extension)
155 /* RFC 3463 (Enhanced Status Codes)
156 /* RFC 4954 (AUTH command)
157 /* RFC 5321 (SMTP protocol)
158 /* RFC 6531 (Internationalized SMTP)
159 /* RFC 6533 (Internationalized Delivery Status Notifications)
160 /* RFC 7672 (SMTP security via opportunistic DANE TLS)
161 /* DIAGNOSTICS
162 /* Problems and transactions are logged to \fBsyslogd\fR(8)
163 /* or \fBpostlogd\fR(8).
164 /* Corrupted message files are marked so that the queue manager can
165 /* move them to the \fBcorrupt\fR queue for further inspection.
166 /*
167 /* Depending on the setting of the \fBnotify_classes\fR parameter,
168 /* the postmaster is notified of bounces, protocol problems, and of
169 /* other trouble.
170 /* BUGS
171 /* SMTP and LMTP connection reuse for TLS (without closing the
172 /* SMTP or LMTP connection) is not supported before Postfix 3.4.
173 /*
174 /* SMTP and LMTP connection reuse assumes that SASL credentials
175 /* are valid for all destinations that map onto the same IP
176 /* address and TCP port.
177 /* CONFIGURATION PARAMETERS
178 /* .ad
179 /* .fi
180 /* Before Postfix version 2.3, the LMTP client is a separate
181 /* program that implements only a subset of the functionality
182 /* available with SMTP: there is no support for TLS, and
183 /* connections are cached in-process, making it ineffective
184 /* when the client is used for multiple domains.
185 /*
186 /* Most smtp_\fIxxx\fR configuration parameters have an
187 /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP
188 /* feature. This document describes only those LMTP-related
189 /* parameters that aren't simply "mirror" parameters.
190 /*
191 /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8)
192 /* processes run for only a limited amount of time. Use the command
193 /* "\fBpostfix reload\fR" to speed up a change.
194 /*
195 /* The text below provides only a parameter summary. See
196 /* \fBpostconf\fR(5) for more details including examples.
197 /* COMPATIBILITY CONTROLS
198 /* .ad
199 /* .fi
200 /* .IP "\fBignore_mx_lookup_error (no)\fR"
201 /* Ignore DNS MX lookups that produce no response.
202 /* .IP "\fBsmtp_always_send_ehlo (yes)\fR"
203 /* Always send EHLO at the start of an SMTP session.
204 /* .IP "\fBsmtp_never_send_ehlo (no)\fR"
205 /* Never send EHLO at the start of an SMTP session.
206 /* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR"
207 /* Defer mail delivery when no MX record resolves to an IP address.
208 /* .IP "\fBsmtp_line_length_limit (998)\fR"
209 /* The maximal length of message header and body lines that Postfix
210 /* will send via SMTP.
211 /* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR"
212 /* How long the Postfix SMTP client pauses before sending
213 /* ".<CR><LF>" in order to work around the PIX firewall
214 /* "<CR><LF>.<CR><LF>" bug.
215 /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR"
216 /* How long a message must be queued before the Postfix SMTP client
217 /* turns on the PIX firewall "<CR><LF>.<CR><LF>"
218 /* bug workaround for delivery through firewalls with "smtp fixup"
219 /* mode turned on.
220 /* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR"
221 /* A list that specifies zero or more workarounds for CISCO PIX
222 /* firewall bugs.
223 /* .IP "\fBsmtp_pix_workaround_maps (empty)\fR"
224 /* Lookup tables, indexed by the remote SMTP server address, with
225 /* per-destination workarounds for CISCO PIX firewall bugs.
226 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR"
227 /* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands
228 /* as required
229 /* by RFC 5321.
230 /* .IP "\fBsmtp_reply_filter (empty)\fR"
231 /* A mechanism to transform replies from remote SMTP servers one
232 /* line at a time.
233 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR"
234 /* Skip remote SMTP servers that greet with a 5XX status code.
235 /* .IP "\fBsmtp_skip_quit_response (yes)\fR"
236 /* Do not wait for the response to the SMTP QUIT command.
237 /* .PP
238 /* Available in Postfix version 2.0 and earlier:
239 /* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR"
240 /* Skip SMTP servers that greet with a 4XX status code (go away, try
241 /* again later).
242 /* .PP
243 /* Available in Postfix version 2.2 and later:
244 /* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR"
245 /* Lookup tables, indexed by the remote SMTP server address, with
246 /* case insensitive lists of EHLO keywords (pipelining, starttls, auth,
247 /* etc.) that the Postfix SMTP client will ignore in the EHLO response from a
248 /* remote SMTP server.
249 /* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR"
250 /* A case insensitive list of EHLO keywords (pipelining, starttls,
251 /* auth, etc.) that the Postfix SMTP client will ignore in the EHLO
252 /* response from a remote SMTP server.
253 /* .IP "\fBsmtp_generic_maps (empty)\fR"
254 /* Optional lookup tables that perform address rewriting in the
255 /* Postfix SMTP client, typically to transform a locally valid address into
256 /* a globally valid address when sending mail across the Internet.
257 /* .PP
258 /* Available in Postfix version 2.2.9 and later:
259 /* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR"
260 /* When the remote SMTP servername is a DNS CNAME, replace the
261 /* servername with the result from CNAME expansion for the purpose of
262 /* logging, SASL password lookup, TLS
263 /* policy decisions, or TLS certificate verification.
264 /* .PP
265 /* Available in Postfix version 2.3 and later:
266 /* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR"
267 /* Lookup tables, indexed by the remote LMTP server address, with
268 /* case insensitive lists of LHLO keywords (pipelining, starttls,
269 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO
270 /* response
271 /* from a remote LMTP server.
272 /* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR"
273 /* A case insensitive list of LHLO keywords (pipelining, starttls,
274 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO
275 /* response
276 /* from a remote LMTP server.
277 /* .PP
278 /* Available in Postfix version 2.4.4 and later:
279 /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR"
280 /* When authenticating to a remote SMTP or LMTP server with the
281 /* default setting "no", send no SASL authoriZation ID (authzid); send
282 /* only the SASL authentiCation ID (authcid) plus the authcid's password.
283 /* .PP
284 /* Available in Postfix version 2.5 and later:
285 /* .IP "\fBsmtp_header_checks (empty)\fR"
286 /* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client.
287 /* .IP "\fBsmtp_mime_header_checks (empty)\fR"
288 /* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP
289 /* client.
290 /* .IP "\fBsmtp_nested_header_checks (empty)\fR"
291 /* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP
292 /* client.
293 /* .IP "\fBsmtp_body_checks (empty)\fR"
294 /* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client.
295 /* .PP
296 /* Available in Postfix version 2.6 and later:
297 /* .IP "\fBtcp_windowsize (0)\fR"
298 /* An optional workaround for routers that break TCP window scaling.
299 /* .PP
300 /* Available in Postfix version 2.8 and later:
301 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR"
302 /* DNS Resolver options for the Postfix SMTP client.
303 /* .PP
304 /* Available in Postfix version 2.9 - 3.6:
305 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
306 /* Change the behavior of the smtp_*_timeout time limits, from a
307 /* time limit per read or write system call, to a time limit to send
308 /* or receive a complete record (an SMTP command line, SMTP response
309 /* line, SMTP message content line, or TLS protocol message).
310 /* .PP
311 /* Available in Postfix version 2.9 and later:
312 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
313 /* Whether or not to append the "AUTH=<>" option to the MAIL
314 /* FROM command in SASL-authenticated SMTP sessions.
315 /* .PP
316 /* Available in Postfix version 2.11 and later:
317 /* .IP "\fBsmtp_dns_support_level (empty)\fR"
318 /* Level of DNS support in the Postfix SMTP client.
319 /* .PP
320 /* Available in Postfix version 3.0 and later:
321 /* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR"
322 /* Optional filter for the \fBsmtp\fR(8) delivery agent to change the
323 /* delivery status code or explanatory text of successful or unsuccessful
324 /* deliveries.
325 /* .IP "\fBsmtp_dns_reply_filter (empty)\fR"
326 /* Optional filter for Postfix SMTP client DNS lookup results.
327 /* .PP
328 /* Available in Postfix version 3.3 and later:
329 /* .IP "\fBsmtp_balance_inet_protocols (yes)\fR"
330 /* When a remote destination resolves to a combination of IPv4 and
331 /* IPv6 addresses, ensure that the Postfix SMTP client can try both
332 /* address types before it runs into the smtp_mx_address_limit.
333 /* .PP
334 /* Available in Postfix 3.5 and later:
335 /* .IP "\fBinfo_log_address_format (external)\fR"
336 /* The email address form that will be used in non-debug logging
337 /* (info, warning, etc.).
338 /* .PP
339 /* Available in Postfix 3.6 and later:
340 /* .IP "\fBdnssec_probe (ns:.)\fR"
341 /* The DNS query type (default: "ns") and DNS query name (default:
342 /* ".") that Postfix may use to determine whether DNSSEC validation
343 /* is available.
344 /* .IP "\fBknown_tcp_ports (lmtp=24, smtp=25, smtps=submissions=465, submission=587)\fR"
345 /* Optional setting that avoids lookups in the \fBservices\fR(5) database.
346 /* .PP
347 /* Available in Postfix version 3.7 and later:
348 /* .IP "\fBsmtp_per_request_deadline (no)\fR"
349 /* Change the behavior of the smtp_*_timeout time limits, from a
350 /* time limit per plaintext or TLS read or write call, to a combined
351 /* time limit for sending a complete SMTP request and for receiving a
352 /* complete SMTP response.
353 /* .IP "\fBsmtp_min_data_rate (500)\fR"
354 /* The minimum plaintext data transfer rate in bytes/second for
355 /* DATA requests, when deadlines are enabled with smtp_per_request_deadline.
356 /* .IP "\fBheader_from_format (standard)\fR"
357 /* The format of the Postfix-generated \fBFrom:\fR header.
358 /* .PP
359 /* Available in Postfix version 3.8 and later:
360 /* .IP "\fBuse_srv_lookup (empty)\fR"
361 /* Enables discovery for the specified service(s) using DNS SRV
362 /* records.
363 /* .IP "\fBignore_srv_lookup_error (no)\fR"
364 /* When SRV record lookup fails, fall back to MX or IP address
365 /* lookup as if SRV record lookup was not enabled.
366 /* .IP "\fBallow_srv_lookup_fallback (no)\fR"
367 /* When SRV record lookup fails or no SRV record exists, fall back
368 /* to MX or IP address lookup as if SRV record lookup was not enabled.
369 /* MIME PROCESSING CONTROLS
370 /* .ad
371 /* .fi
372 /* Available in Postfix version 2.0 and later:
373 /* .IP "\fBdisable_mime_output_conversion (no)\fR"
374 /* Disable the conversion of 8BITMIME format to 7BIT format.
375 /* .IP "\fBmime_boundary_length_limit (2048)\fR"
376 /* The maximal length of MIME multipart boundary strings.
377 /* .IP "\fBmime_nesting_limit (100)\fR"
378 /* The maximal recursion level that the MIME processor will handle.
379 /* EXTERNAL CONTENT INSPECTION CONTROLS
380 /* .ad
381 /* .fi
382 /* Available in Postfix version 2.1 and later:
383 /* .IP "\fBsmtp_send_xforward_command (no)\fR"
384 /* Send the non-standard XFORWARD command when the Postfix SMTP server
385 /* EHLO response announces XFORWARD support.
386 /* SASL AUTHENTICATION CONTROLS
387 /* .ad
388 /* .fi
389 /* .IP "\fBsmtp_sasl_auth_enable (no)\fR"
390 /* Enable SASL authentication in the Postfix SMTP client.
391 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR"
392 /* Optional Postfix SMTP client lookup tables with one username:password
393 /* entry per sender, remote hostname or next-hop domain.
394 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR"
395 /* Postfix SMTP client SASL security options; as of Postfix 2.3
396 /* the list of available
397 /* features depends on the SASL client implementation that is selected
398 /* with \fBsmtp_sasl_type\fR.
399 /* .PP
400 /* Available in Postfix version 2.2 and later:
401 /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR"
402 /* If non-empty, a Postfix SMTP client filter for the remote SMTP
403 /* server's list of offered SASL mechanisms.
404 /* .PP
405 /* Available in Postfix version 2.3 and later:
406 /* .IP "\fBsmtp_sender_dependent_authentication (no)\fR"
407 /* Enable sender-dependent authentication in the Postfix SMTP client; this is
408 /* available only with SASL authentication, and disables SMTP connection
409 /* caching to ensure that mail from different senders will use the
410 /* appropriate credentials.
411 /* .IP "\fBsmtp_sasl_path (empty)\fR"
412 /* Implementation-specific information that the Postfix SMTP client
413 /* passes through to
414 /* the SASL plug-in implementation that is selected with
415 /* \fBsmtp_sasl_type\fR.
416 /* .IP "\fBsmtp_sasl_type (cyrus)\fR"
417 /* The SASL plug-in type that the Postfix SMTP client should use
418 /* for authentication.
419 /* .PP
420 /* Available in Postfix version 2.5 and later:
421 /* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR"
422 /* An optional table to prevent repeated SASL authentication
423 /* failures with the same remote SMTP server hostname, username and
424 /* password.
425 /* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR"
426 /* The maximal age of an smtp_sasl_auth_cache_name entry before it
427 /* is removed.
428 /* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR"
429 /* When a remote SMTP server rejects a SASL authentication request
430 /* with a 535 reply code, defer mail delivery instead of returning
431 /* mail as undeliverable.
432 /* .PP
433 /* Available in Postfix version 2.9 and later:
434 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR"
435 /* Whether or not to append the "AUTH=<>" option to the MAIL
436 /* FROM command in SASL-authenticated SMTP sessions.
437 /* STARTTLS SUPPORT CONTROLS
438 /* .ad
439 /* .fi
440 /* Detailed information about STARTTLS configuration may be found
441 /* in the TLS_README document.
442 /* .IP "\fBsmtp_tls_security_level (empty)\fR"
443 /* The default SMTP TLS security level for the Postfix SMTP client.
444 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR"
445 /* The SASL authentication security options that the Postfix SMTP
446 /* client uses for TLS encrypted SMTP sessions.
447 /* .IP "\fBsmtp_starttls_timeout (300s)\fR"
448 /* Time limit for Postfix SMTP client write and read operations
449 /* during TLS startup and shutdown handshake procedures.
450 /* .IP "\fBsmtp_tls_CAfile (empty)\fR"
451 /* A file containing CA certificates of root CAs trusted to sign
452 /* either remote SMTP server certificates or intermediate CA certificates.
453 /* .IP "\fBsmtp_tls_CApath (empty)\fR"
454 /* Directory with PEM format Certification Authority certificates
455 /* that the Postfix SMTP client uses to verify a remote SMTP server
456 /* certificate.
457 /* .IP "\fBsmtp_tls_cert_file (empty)\fR"
458 /* File with the Postfix SMTP client RSA certificate in PEM format.
459 /* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR"
460 /* The minimum TLS cipher grade that the Postfix SMTP client will
461 /* use with
462 /* mandatory TLS encryption.
463 /* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR"
464 /* List of ciphers or cipher types to exclude from the Postfix
465 /* SMTP client cipher
466 /* list at all TLS security levels.
467 /* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR"
468 /* Additional list of ciphers or cipher types to exclude from the
469 /* Postfix SMTP client cipher list at mandatory TLS security levels.
470 /* .IP "\fBsmtp_tls_dcert_file (empty)\fR"
471 /* File with the Postfix SMTP client DSA certificate in PEM format.
472 /* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR"
473 /* File with the Postfix SMTP client DSA private key in PEM format.
474 /* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR"
475 /* File with the Postfix SMTP client RSA private key in PEM format.
476 /* .IP "\fBsmtp_tls_loglevel (0)\fR"
477 /* Enable additional Postfix SMTP client logging of TLS activity.
478 /* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR"
479 /* Log the hostname of a remote SMTP server that offers STARTTLS,
480 /* when TLS is not already enabled for that server.
481 /* .IP "\fBsmtp_tls_policy_maps (empty)\fR"
482 /* Optional lookup tables with the Postfix SMTP client TLS security
483 /* policy by next-hop destination; when a non-empty value is specified,
484 /* this overrides the obsolete smtp_tls_per_site parameter.
485 /* .IP "\fBsmtp_tls_mandatory_protocols (see 'postconf -d' output)\fR"
486 /* TLS protocols that the Postfix SMTP client will use with mandatory
487 /* TLS encryption.
488 /* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR"
489 /* The verification depth for remote SMTP server certificates.
490 /* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR"
491 /* How the Postfix SMTP client verifies the server certificate
492 /* peername for the "secure" TLS security level.
493 /* .IP "\fBsmtp_tls_session_cache_database (empty)\fR"
494 /* Name of the file containing the optional Postfix SMTP client
495 /* TLS session cache.
496 /* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR"
497 /* The expiration time of Postfix SMTP client TLS session cache
498 /* information.
499 /* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR"
500 /* How the Postfix SMTP client verifies the server certificate
501 /* peername for the
502 /* "verify" TLS security level.
503 /* .IP "\fBtls_daemon_random_bytes (32)\fR"
504 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8)
505 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its
506 /* internal pseudo random number generator (PRNG).
507 /* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR"
508 /* The OpenSSL cipherlist for "high" grade ciphers.
509 /* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR"
510 /* The OpenSSL cipherlist for "medium" or higher grade ciphers.
511 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR"
512 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide
513 /* authentication without encryption.
514 /* .PP
515 /* Available in in Postfix version 2.3..3.7:
516 /* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR"
517 /* The OpenSSL cipherlist for "low" or higher grade ciphers.
518 /* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR"
519 /* The OpenSSL cipherlist for "export" or higher grade ciphers.
520 /* .PP
521 /* Available in Postfix version 2.4 and later:
522 /* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR"
523 /* The SASL authentication security options that the Postfix SMTP
524 /* client uses for TLS encrypted SMTP sessions with a verified server
525 /* certificate.
526 /* .PP
527 /* Available in Postfix version 2.5 and later:
528 /* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR"
529 /* List of acceptable remote SMTP server certificate fingerprints for
530 /* the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR =
531 /* fingerprint).
532 /* .IP "\fBsmtp_tls_fingerprint_digest (see 'postconf -d' output)\fR"
533 /* The message digest algorithm used to construct remote SMTP server
534 /* certificate fingerprints.
535 /* .PP
536 /* Available in Postfix version 2.6 and later:
537 /* .IP "\fBsmtp_tls_protocols (see postconf -d output)\fR"
538 /* TLS protocols that the Postfix SMTP client will use with
539 /* opportunistic TLS encryption.
540 /* .IP "\fBsmtp_tls_ciphers (medium)\fR"
541 /* The minimum TLS cipher grade that the Postfix SMTP client
542 /* will use with opportunistic TLS encryption.
543 /* .IP "\fBsmtp_tls_eccert_file (empty)\fR"
544 /* File with the Postfix SMTP client ECDSA certificate in PEM format.
545 /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR"
546 /* File with the Postfix SMTP client ECDSA private key in PEM format.
547 /* .PP
548 /* Available in Postfix version 2.7 and later:
549 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR"
550 /* Try to detect a mail hijacking attack based on a TLS protocol
551 /* vulnerability (CVE-2009-3555), where an attacker prepends malicious
552 /* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session.
553 /* .PP
554 /* Available in Postfix version 2.8 and later:
555 /* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR"
556 /* List or bit-mask of OpenSSL bug work-arounds to disable.
557 /* .PP
558 /* Available in Postfix version 2.11-3.1:
559 /* .IP "\fBtls_dane_digest_agility (on)\fR"
560 /* Configure RFC7671 DANE TLSA digest algorithm agility.
561 /* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR"
562 /* Enable support for RFC 6698 (DANE TLSA) DNS records that contain
563 /* digests of trust-anchors with certificate usage "2".
564 /* .PP
565 /* Available in Postfix version 2.11 and later:
566 /* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR"
567 /* Zero or more PEM-format files with trust-anchor certificates
568 /* and/or public keys.
569 /* .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR"
570 /* Lookup the associated DANE TLSA RRset even when a hostname is
571 /* not an alias and its address records lie in an unsigned zone.
572 /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR"
573 /* The name of the \fBtlsmgr\fR(8) service entry in master.cf.
574 /* .PP
575 /* Available in Postfix version 3.0 and later:
576 /* .IP "\fBsmtp_tls_wrappermode (no)\fR"
577 /* Request that the Postfix SMTP client connects using the
578 /* SUBMISSIONS/SMTPS protocol instead of using the STARTTLS command.
579 /* .PP
580 /* Available in Postfix version 3.1 and later:
581 /* .IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR"
582 /* The TLS policy for MX hosts with "secure" TLSA records when the
583 /* nexthop destination security level is \fBdane\fR, but the MX
584 /* record was found via an "insecure" MX lookup.
585 /* .PP
586 /* Available in Postfix version 3.2 and later:
587 /* .IP "\fBtls_eecdh_auto_curves (see 'postconf -d' output)\fR"
588 /* The prioritized list of elliptic curves supported by the Postfix
589 /* SMTP client and server.
590 /* .PP
591 /* Available in Postfix version 3.4 and later:
592 /* .IP "\fBsmtp_tls_connection_reuse (no)\fR"
593 /* Try to make multiple deliveries per TLS-encrypted connection.
594 /* .IP "\fBsmtp_tls_chain_files (empty)\fR"
595 /* List of one or more PEM files, each holding one or more private keys
596 /* directly followed by a corresponding certificate chain.
597 /* .IP "\fBsmtp_tls_servername (empty)\fR"
598 /* Optional name to send to the remote SMTP server in the TLS Server
599 /* Name Indication (SNI) extension.
600 /* .PP
601 /* Available in Postfix 3.5, 3.4.6, 3.3.5, 3.2.10, 3.1.13 and later:
602 /* .IP "\fBtls_fast_shutdown_enable (yes)\fR"
603 /* A workaround for implementations that hang Postfix while shutting
604 /* down a TLS session, until Postfix times out.
605 /* .PP
606 /* Available in Postfix version 3.8 and later:
607 /* .IP "\fBtls_ffdhe_auto_groups (see 'postconf -d' output)\fR"
608 /* The prioritized list of finite-field Diffie-Hellman ephemeral
609 /* (FFDHE) key exchange groups supported by the Postfix SMTP client and
610 /* server.
611 /* .PP
612 /* Available in Postfix 3.9, 3.8.1, 3.7.6, 3.6.10, 3.5.20 and later:
613 /* .IP "\fBtls_config_file (default)\fR"
614 /* Optional configuration file with baseline OpenSSL settings.
615 /* .IP "\fBtls_config_name (empty)\fR"
616 /* The application name passed by Postfix to OpenSSL library
617 /* initialization functions.
618 /* OBSOLETE STARTTLS CONTROLS
619 /* .ad
620 /* .fi
621 /* The following configuration parameters exist for compatibility
622 /* with Postfix versions before 2.3. Support for these will
623 /* be removed in a future release.
624 /* .IP "\fBsmtp_use_tls (no)\fR"
625 /* Opportunistic mode: use TLS when a remote SMTP server announces
626 /* STARTTLS support, otherwise send the mail in the clear.
627 /* .IP "\fBsmtp_enforce_tls (no)\fR"
628 /* Enforcement mode: require that remote SMTP servers use TLS
629 /* encryption, and never send mail in the clear.
630 /* .IP "\fBsmtp_tls_enforce_peername (yes)\fR"
631 /* With mandatory TLS encryption, require that the remote SMTP
632 /* server hostname matches the information in the remote SMTP server
633 /* certificate.
634 /* .IP "\fBsmtp_tls_per_site (empty)\fR"
635 /* Optional lookup tables with the Postfix SMTP client TLS usage
636 /* policy by next-hop destination and by remote SMTP server hostname.
637 /* .IP "\fBsmtp_tls_cipherlist (empty)\fR"
638 /* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS
639 /* cipher list.
640 /* RESOURCE AND RATE CONTROLS
641 /* .ad
642 /* .fi
643 /* .IP "\fBsmtp_connect_timeout (30s)\fR"
644 /* The Postfix SMTP client time limit for completing a TCP connection, or
645 /* zero (use the operating system built-in time limit).
646 /* .IP "\fBsmtp_helo_timeout (300s)\fR"
647 /* The Postfix SMTP client time limit for sending the HELO or EHLO command,
648 /* and for receiving the initial remote SMTP server response.
649 /* .IP "\fBlmtp_lhlo_timeout (300s)\fR"
650 /* The Postfix LMTP client time limit for sending the LHLO command,
651 /* and for receiving the initial remote LMTP server response.
652 /* .IP "\fBsmtp_xforward_timeout (300s)\fR"
653 /* The Postfix SMTP client time limit for sending the XFORWARD command,
654 /* and for receiving the remote SMTP server response.
655 /* .IP "\fBsmtp_mail_timeout (300s)\fR"
656 /* The Postfix SMTP client time limit for sending the MAIL FROM command,
657 /* and for receiving the remote SMTP server response.
658 /* .IP "\fBsmtp_rcpt_timeout (300s)\fR"
659 /* The Postfix SMTP client time limit for sending the SMTP RCPT TO
660 /* command, and for receiving the remote SMTP server response.
661 /* .IP "\fBsmtp_data_init_timeout (120s)\fR"
662 /* The Postfix SMTP client time limit for sending the SMTP DATA command,
663 /* and for receiving the remote SMTP server response.
664 /* .IP "\fBsmtp_data_xfer_timeout (180s)\fR"
665 /* The Postfix SMTP client time limit for sending the SMTP message content.
666 /* .IP "\fBsmtp_data_done_timeout (600s)\fR"
667 /* The Postfix SMTP client time limit for sending the SMTP ".", and
668 /* for receiving the remote SMTP server response.
669 /* .IP "\fBsmtp_quit_timeout (300s)\fR"
670 /* The Postfix SMTP client time limit for sending the QUIT command,
671 /* and for receiving the remote SMTP server response.
672 /* .PP
673 /* Available in Postfix version 2.1 and later:
674 /* .IP "\fBsmtp_mx_address_limit (5)\fR"
675 /* The maximal number of MX (mail exchanger) IP addresses that can
676 /* result from Postfix SMTP client mail exchanger lookups, or zero (no
677 /* limit).
678 /* .IP "\fBsmtp_mx_session_limit (2)\fR"
679 /* The maximal number of SMTP sessions per delivery request before
680 /* the Postfix SMTP client
681 /* gives up or delivers to a fall-back relay host, or zero (no
682 /* limit).
683 /* .IP "\fBsmtp_rset_timeout (20s)\fR"
684 /* The Postfix SMTP client time limit for sending the RSET command,
685 /* and for receiving the remote SMTP server response.
686 /* .PP
687 /* Available in Postfix version 2.2 and earlier:
688 /* .IP "\fBlmtp_cache_connection (yes)\fR"
689 /* Keep Postfix LMTP client connections open for up to $max_idle
690 /* seconds.
691 /* .PP
692 /* Available in Postfix version 2.2 and later:
693 /* .IP "\fBsmtp_connection_cache_destinations (empty)\fR"
694 /* Permanently enable SMTP connection caching for the specified
695 /* destinations.
696 /* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR"
697 /* Temporarily enable SMTP connection caching while a destination
698 /* has a high volume of mail in the active queue.
699 /* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR"
700 /* The amount of time during which Postfix will use an SMTP
701 /* connection repeatedly.
702 /* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR"
703 /* When SMTP connection caching is enabled, the amount of time that
704 /* an unused SMTP client socket is kept open before it is closed.
705 /* .PP
706 /* Available in Postfix version 2.3 and later:
707 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR"
708 /* Time limit for connection cache connect, send or receive
709 /* operations.
710 /* .PP
711 /* Available in Postfix version 2.9 - 3.6:
712 /* .IP "\fBsmtp_per_record_deadline (no)\fR"
713 /* Change the behavior of the smtp_*_timeout time limits, from a
714 /* time limit per read or write system call, to a time limit to send
715 /* or receive a complete record (an SMTP command line, SMTP response
716 /* line, SMTP message content line, or TLS protocol message).
717 /* .PP
718 /* Available in Postfix version 2.11 and later:
719 /* .IP "\fBsmtp_connection_reuse_count_limit (0)\fR"
720 /* When SMTP connection caching is enabled, the number of times
721 /* that an SMTP session may be reused before it is closed, or zero (no
722 /* limit).
723 /* .PP
724 /* Available in Postfix version 3.4 and later:
725 /* .IP "\fBsmtp_tls_connection_reuse (no)\fR"
726 /* Try to make multiple deliveries per TLS-encrypted connection.
727 /* .PP
728 /* Available in Postfix version 3.7 and later:
729 /* .IP "\fBsmtp_per_request_deadline (no)\fR"
730 /* Change the behavior of the smtp_*_timeout time limits, from a
731 /* time limit per plaintext or TLS read or write call, to a combined
732 /* time limit for sending a complete SMTP request and for receiving a
733 /* complete SMTP response.
734 /* .IP "\fBsmtp_min_data_rate (500)\fR"
735 /* The minimum plaintext data transfer rate in bytes/second for
736 /* DATA requests, when deadlines are enabled with smtp_per_request_deadline.
737 /* .PP
738 /* Implemented in the qmgr(8) daemon:
739 /* .IP "\fBtransport_destination_concurrency_limit ($default_destination_concurrency_limit)\fR"
740 /* A transport-specific override for the
741 /* default_destination_concurrency_limit parameter value, where
742 /* \fItransport\fR is the master.cf name of the message delivery
743 /* transport.
744 /* .IP "\fBtransport_destination_recipient_limit ($default_destination_recipient_limit)\fR"
745 /* A transport-specific override for the
746 /* default_destination_recipient_limit parameter value, where
747 /* \fItransport\fR is the master.cf name of the message delivery
748 /* transport.
749 /* SMTPUTF8 CONTROLS
750 /* .ad
751 /* .fi
752 /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0.
753 /* .IP "\fBsmtputf8_enable (yes)\fR"
754 /* Enable preliminary SMTPUTF8 support for the protocols described
755 /* in RFC 6531, RFC 6532, and RFC 6533.
756 /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR"
757 /* Detect that a message requires SMTPUTF8 support for the specified
758 /* mail origin classes.
759 /* .PP
760 /* Available in Postfix version 3.2 and later:
761 /* .IP "\fBenable_idna2003_compatibility (no)\fR"
762 /* Enable 'transitional' compatibility between IDNA2003 and IDNA2008,
763 /* when converting UTF-8 domain names to/from the ASCII form that is
764 /* used for DNS lookups.
765 /* TROUBLE SHOOTING CONTROLS
766 /* .ad
767 /* .fi
768 /* .IP "\fBdebug_peer_level (2)\fR"
769 /* The increment in verbose logging level when a nexthop destination,
770 /* remote client or server name or network address matches a pattern
771 /* given with the debug_peer_list parameter.
772 /* .IP "\fBdebug_peer_list (empty)\fR"
773 /* Optional list of nexthop destination, remote client or server
774 /* name or network address patterns that, if matched, cause the verbose
775 /* logging level to increase by the amount specified in $debug_peer_level.
776 /* .IP "\fBerror_notice_recipient (postmaster)\fR"
777 /* The recipient of postmaster notifications about mail delivery
778 /* problems that are caused by policy, resource, software or protocol
779 /* errors.
780 /* .IP "\fBinternal_mail_filter_classes (empty)\fR"
781 /* What categories of Postfix-generated mail are subject to
782 /* before-queue content inspection by non_smtpd_milters, header_checks
783 /* and body_checks.
784 /* .IP "\fBnotify_classes (resource, software)\fR"
785 /* The list of error classes that are reported to the postmaster.
786 /* MISCELLANEOUS CONTROLS
787 /* .ad
788 /* .fi
789 /* .IP "\fBbest_mx_transport (empty)\fR"
790 /* Where the Postfix SMTP client should deliver mail when it detects
791 /* a "mail loops back to myself" error condition.
792 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
793 /* The default location of the Postfix main.cf and master.cf
794 /* configuration files.
795 /* .IP "\fBdaemon_timeout (18000s)\fR"
796 /* How much time a Postfix daemon process may take to handle a
797 /* request before it is terminated by a built-in watchdog timer.
798 /* .IP "\fBdelay_logging_resolution_limit (2)\fR"
799 /* The maximal number of digits after the decimal point when logging
800 /* sub-second delay values.
801 /* .IP "\fBdisable_dns_lookups (no)\fR"
802 /* Disable DNS lookups in the Postfix SMTP and LMTP clients.
803 /* .IP "\fBinet_interfaces (all)\fR"
804 /* The local network interface addresses that this mail system receives
805 /* mail on.
806 /* .IP "\fBinet_protocols (see 'postconf -d output')\fR"
807 /* The Internet protocols Postfix will attempt to use when making
808 /* or accepting connections.
809 /* .IP "\fBipc_timeout (3600s)\fR"
810 /* The time limit for sending or receiving information over an internal
811 /* communication channel.
812 /* .IP "\fBlmtp_assume_final (no)\fR"
813 /* When a remote LMTP server announces no DSN support, assume that
814 /* the
815 /* server performs final delivery, and send "delivered" delivery status
816 /* notifications instead of "relayed".
817 /* .IP "\fBlmtp_tcp_port (24)\fR"
818 /* The default TCP port that the Postfix LMTP client connects to.
819 /* .IP "\fBmax_idle (100s)\fR"
820 /* The maximum amount of time that an idle Postfix daemon process waits
821 /* for an incoming connection before terminating voluntarily.
822 /* .IP "\fBmax_use (100)\fR"
823 /* The maximal number of incoming connections that a Postfix daemon
824 /* process will service before terminating voluntarily.
825 /* .IP "\fBprocess_id (read-only)\fR"
826 /* The process ID of a Postfix command or daemon process.
827 /* .IP "\fBprocess_name (read-only)\fR"
828 /* The process name of a Postfix command or daemon process.
829 /* .IP "\fBproxy_interfaces (empty)\fR"
830 /* The remote network interface addresses that this mail system receives mail
831 /* on by way of a proxy or network address translation unit.
832 /* .IP "\fBsmtp_address_preference (any)\fR"
833 /* The address type ("ipv6", "ipv4" or "any") that the Postfix
834 /* SMTP client will try first, when a destination has IPv6 and IPv4
835 /* addresses with equal MX preference.
836 /* .IP "\fBsmtp_bind_address (empty)\fR"
837 /* An optional numerical network address that the Postfix SMTP client
838 /* should bind to when making an IPv4 connection.
839 /* .IP "\fBsmtp_bind_address6 (empty)\fR"
840 /* An optional numerical network address that the Postfix SMTP client
841 /* should bind to when making an IPv6 connection.
842 /* .IP "\fBsmtp_helo_name ($myhostname)\fR"
843 /* The hostname to send in the SMTP HELO or EHLO command.
844 /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR"
845 /* The hostname to send in the LMTP LHLO command.
846 /* .IP "\fBsmtp_host_lookup (dns)\fR"
847 /* What mechanisms the Postfix SMTP client uses to look up a host's
848 /* IP address.
849 /* .IP "\fBsmtp_randomize_addresses (yes)\fR"
850 /* Randomize the order of equal-preference MX host addresses.
851 /* .IP "\fBsyslog_facility (mail)\fR"
852 /* The syslog facility of Postfix logging.
853 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR"
854 /* A prefix that is prepended to the process name in syslog
855 /* records, so that, for example, "smtpd" becomes "prefix/smtpd".
856 /* .PP
857 /* Available with Postfix 2.2 and earlier:
858 /* .IP "\fBfallback_relay (empty)\fR"
859 /* Optional list of relay hosts for SMTP destinations that can't be
860 /* found or that are unreachable.
861 /* .PP
862 /* Available with Postfix 2.3 and later:
863 /* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR"
864 /* Optional list of relay destinations that will be used when an
865 /* SMTP destination is not found, or when delivery fails due to a
866 /* non-permanent error.
867 /* .PP
868 /* Available with Postfix 3.0 and later:
869 /* .IP "\fBsmtp_address_verify_target (rcpt)\fR"
870 /* In the context of email address verification, the SMTP protocol
871 /* stage that determines whether an email address is deliverable.
872 /* .PP
873 /* Available with Postfix 3.1 and later:
874 /* .IP "\fBlmtp_fallback_relay (empty)\fR"
875 /* Optional list of relay hosts for LMTP destinations that can't be
876 /* found or that are unreachable.
877 /* .PP
878 /* Available with Postfix 3.2 and later:
879 /* .IP "\fBsmtp_tcp_port (smtp)\fR"
880 /* The default TCP port that the Postfix SMTP client connects to.
881 /* .PP
882 /* Available in Postfix 3.3 and later:
883 /* .IP "\fBservice_name (read-only)\fR"
884 /* The master.cf service name of a Postfix daemon process.
885 /* .PP
886 /* Available in Postfix 3.7 and later:
887 /* .IP "\fBsmtp_bind_address_enforce (no)\fR"
888 /* Defer delivery when the Postfix SMTP client cannot apply the
889 /* smtp_bind_address or smtp_bind_address6 setting.
890 /* SEE ALSO
891 /* generic(5), output address rewriting
892 /* header_checks(5), message header content inspection
893 /* body_checks(5), body parts content inspection
894 /* qmgr(8), queue manager
895 /* bounce(8), delivery status reports
896 /* scache(8), connection cache server
897 /* postconf(5), configuration parameters
898 /* master(5), generic daemon options
899 /* master(8), process manager
900 /* tlsmgr(8), TLS session and PRNG management
901 /* postlogd(8), Postfix logging
902 /* syslogd(8), system logging
903 /* README FILES
904 /* .ad
905 /* .fi
906 /* Use "\fBpostconf readme_directory\fR" or
907 /* "\fBpostconf html_directory\fR" to locate this information.
908 /* .na
909 /* .nf
910 /* SASL_README, Postfix SASL howto
911 /* TLS_README, Postfix STARTTLS howto
912 /* LICENSE
913 /* .ad
914 /* .fi
915 /* The Secure Mailer license must be distributed with this software.
916 /* AUTHOR(S)
917 /* Wietse Venema
918 /* IBM T.J. Watson Research
919 /* P.O. Box 704
920 /* Yorktown Heights, NY 10598, USA
921 /*
922 /* Wietse Venema
923 /* Google, Inc.
924 /* 111 8th Avenue
925 /* New York, NY 10011, USA
926 /*
927 /* Command pipelining in cooperation with:
928 /* Jon Ribbens
929 /* Oaktree Internet Solutions Ltd.,
930 /* Internet House,
931 /* Canal Basin,
932 /* Coventry,
933 /* CV1 4LY, United Kingdom.
934 /*
935 /* SASL support originally by:
936 /* Till Franke
937 /* SuSE Rhein/Main AG
938 /* 65760 Eschborn, Germany
939 /*
940 /* TLS support originally by:
941 /* Lutz Jaenicke
942 /* BTU Cottbus
943 /* Allgemeine Elektrotechnik
944 /* Universitaetsplatz 3-4
945 /* D-03044 Cottbus, Germany
946 /*
947 /* Revised TLS and SMTP connection cache support by:
948 /* Victor Duchovni
949 /* Morgan Stanley
950 /*--*/
951
952 /* System library. */
953
954 #include <sys_defs.h>
955 #include <unistd.h>
956 #include <stdlib.h>
957 #include <string.h>
958 #include <fcntl.h>
959 #include <dict.h>
960 #include <stringops.h>
961
962 /* Utility library. */
963
964 #include <msg.h>
965 #include <mymalloc.h>
966 #include <name_mask.h>
967 #include <name_code.h>
968 #include <byte_mask.h>
969
970 /* Global library. */
971
972 #include <deliver_request.h>
973 #include <delivered_hdr.h>
974 #include <mail_proto.h>
975 #include <mail_params.h>
976 #include <mail_version.h>
977 #include <mail_conf.h>
978 #include <debug_peer.h>
979 #include <flush_clnt.h>
980 #include <scache.h>
981 #include <string_list.h>
982 #include <maps.h>
983 #include <ext_prop.h>
984 #include <hfrom_format.h>
985
986 /* DNS library. */
987
988 #include <dns.h>
989
990 /* Single server skeleton. */
991
992 #include <mail_server.h>
993
994 /* Application-specific. */
995
996 #include "smtp.h"
997 #include "smtp_sasl.h"
998
999 /*
1000 * Tunable parameters. These have compiled-in defaults that can be overruled
1001 * by settings in the global Postfix configuration file.
1002 */
1003 int var_smtp_conn_tmout;
1004 int var_smtp_helo_tmout;
1005 int var_smtp_xfwd_tmout;
1006 int var_smtp_mail_tmout;
1007 int var_smtp_rcpt_tmout;
1008 int var_smtp_data0_tmout;
1009 int var_smtp_data1_tmout;
1010 int var_smtp_data2_tmout;
1011 int var_smtp_rset_tmout;
1012 int var_smtp_quit_tmout;
1013 char *var_notify_classes;
1014 int var_smtp_skip_5xx_greeting;
1015 int var_ign_mx_lookup_err;
1016 int var_skip_quit_resp;
1017 char *var_fallback_relay;
1018 char *var_bestmx_transp;
1019 char *var_error_rcpt;
1020 int var_smtp_always_ehlo;
1021 int var_smtp_never_ehlo;
1022 char *var_smtp_sasl_opts;
1023 char *var_smtp_sasl_path;
1024 char *var_smtp_sasl_passwd;
1025 bool var_smtp_sasl_enable;
1026 char *var_smtp_sasl_mechs;
1027 char *var_smtp_sasl_type;
1028 char *var_smtp_bind_addr;
1029 char *var_smtp_bind_addr6;
1030 char *var_smtp_vrfy_tgt;
1031 bool var_smtp_rand_addr;
1032 int var_smtp_pix_thresh;
1033 int var_queue_run_delay;
1034 int var_min_backoff_time;
1035 int var_smtp_pix_delay;
1036 int var_smtp_line_limit;
1037 char *var_smtp_helo_name;
1038 char *var_smtp_host_lookup;
1039 bool var_smtp_quote_821_env;
1040 bool var_smtp_defer_mxaddr;
1041 bool var_smtp_send_xforward;
1042 int var_smtp_mxaddr_limit;
1043 int var_smtp_mxsess_limit;
1044 int var_smtp_cache_conn;
1045 int var_smtp_reuse_time;
1046 int var_smtp_reuse_count;
1047 char *var_smtp_cache_dest;
1048 char *var_scache_service; /* You can now leave this here. */
1049 bool var_smtp_cache_demand;
1050 char *var_smtp_ehlo_dis_words;
1051 char *var_smtp_ehlo_dis_maps;
1052 char *var_smtp_addr_pref;
1053
1054 char *var_smtp_tls_level;
1055 bool var_smtp_use_tls;
1056 bool var_smtp_enforce_tls;
1057 char *var_smtp_tls_per_site;
1058 char *var_smtp_tls_policy;
1059 bool var_smtp_tls_wrappermode;
1060 bool var_smtp_tls_conn_reuse;
1061 char *var_tlsproxy_service;
1062
1063 #ifdef USE_TLS
1064 char *var_smtp_sasl_tls_opts;
1065 char *var_smtp_sasl_tlsv_opts;
1066 int var_smtp_starttls_tmout;
1067 char *var_smtp_tls_CAfile;
1068 char *var_smtp_tls_CApath;
1069 char *var_smtp_tls_chain_files;
1070 char *var_smtp_tls_cert_file;
1071 char *var_smtp_tls_mand_ciph;
1072 char *var_smtp_tls_excl_ciph;
1073 char *var_smtp_tls_mand_excl;
1074 char *var_smtp_tls_dcert_file;
1075 char *var_smtp_tls_dkey_file;
1076 bool var_smtp_tls_enforce_peername;
1077 char *var_smtp_tls_key_file;
1078 char *var_smtp_tls_loglevel;
1079 bool var_smtp_tls_note_starttls_offer;
1080 char *var_smtp_tls_mand_proto;
1081 char *var_smtp_tls_sec_cmatch;
1082 int var_smtp_tls_scert_vd;
1083 char *var_smtp_tls_vfy_cmatch;
1084 char *var_smtp_tls_fpt_cmatch;
1085 char *var_smtp_tls_fpt_dgst;
1086 char *var_smtp_tls_tafile;
1087 char *var_smtp_tls_proto;
1088 char *var_smtp_tls_ciph;
1089 char *var_smtp_tls_eccert_file;
1090 char *var_smtp_tls_eckey_file;
1091 char *var_smtp_tls_sni;
1092 bool var_smtp_tls_blk_early_mail_reply;
1093 bool var_smtp_tls_force_tlsa;
1094 char *var_smtp_tls_insecure_mx_policy;
1095
1096 #endif
1097
1098 char *var_smtp_generic_maps;
1099 char *var_prop_extension;
1100 bool var_smtp_sender_auth;
1101 char *var_smtp_tcp_port;
1102 int var_scache_proto_tmout;
1103 bool var_smtp_cname_overr;
1104 char *var_smtp_pix_bug_words;
1105 char *var_smtp_pix_bug_maps;
1106 char *var_cyrus_conf_path;
1107 char *var_smtp_head_chks;
1108 char *var_smtp_mime_chks;
1109 char *var_smtp_nest_chks;
1110 char *var_smtp_body_chks;
1111 char *var_smtp_resp_filter;
1112 bool var_lmtp_assume_final;
1113 char *var_smtp_dns_res_opt;
1114 char *var_smtp_dns_support;
1115 bool var_smtp_dummy_mail_auth;
1116 char *var_smtp_dsn_filter;
1117 char *var_smtp_dns_re_filter;
1118 bool var_smtp_balance_inet_proto;
1119 bool var_smtp_req_deadline;
1120 int var_smtp_min_data_rate;
1121 char *var_use_srv_lookup;
1122 bool var_ign_srv_lookup_err;
1123 bool var_allow_srv_fallback;
1124
1125 /* Special handling of 535 AUTH errors. */
1126 char *var_smtp_sasl_auth_cache_name;
1127 int var_smtp_sasl_auth_cache_time;
1128 bool var_smtp_sasl_auth_soft_bounce;
1129
1130 char *var_hfrom_format;
1131 bool var_smtp_bind_addr_enforce;
1132
1133 /*
1134 * Global variables.
1135 */
1136 int smtp_mode;
1137 int smtp_host_lookup_mask;
1138 int smtp_dns_support;
1139 STRING_LIST *smtp_cache_dest;
1140 SCACHE *smtp_scache;
1141 MAPS *smtp_ehlo_dis_maps;
1142 MAPS *smtp_generic_maps;
1143 int smtp_ext_prop_mask;
1144 unsigned smtp_dns_res_opt;
1145 MAPS *smtp_pix_bug_maps;
1146 HBC_CHECKS *smtp_header_checks; /* limited header checks */
1147 HBC_CHECKS *smtp_body_checks; /* limited body checks */
1148 SMTP_CLI_ATTR smtp_cli_attr; /* parsed command-line */
1149 int smtp_hfrom_format; /* postmaster notifications */
1150 STRING_LIST *smtp_use_srv_lookup;
1151
1152 #ifdef USE_TLS
1153
1154 /*
1155 * OpenSSL client state (opaque handle)
1156 */
1157 TLS_APPL_STATE *smtp_tls_ctx;
1158 int smtp_tls_insecure_mx_policy;
1159
1160 #endif
1161
1162 /*
1163 * IPv6 preference.
1164 */
1165 static int smtp_addr_pref;
1166
1167 /* get_cli_attr - get command-line attributes */
1168
get_cli_attr(SMTP_CLI_ATTR * attr,char ** argv)1169 static void get_cli_attr(SMTP_CLI_ATTR *attr, char **argv)
1170 {
1171 const char myname[] = "get_cli_attr";
1172 const char *last_flags = "flags="; /* i.e. empty */
1173 static const BYTE_MASK flags_map[] = {
1174 'D', SMTP_CLI_FLAG_DELIVERED_TO,
1175 'O', SMTP_CLI_FLAG_ORIG_RCPT,
1176 'R', SMTP_CLI_FLAG_RETURN_PATH,
1177 'X', SMTP_CLI_FLAG_FINAL_DELIVERY,
1178 0,
1179 };
1180
1181 /*
1182 * Initialize.
1183 */
1184 attr->flags = 0;
1185
1186 /*
1187 * Iterate over the command-line attribute list. Errors are fatal.
1188 */
1189 for ( /* void */ ; *argv != 0; argv++) {
1190
1191 /*
1192 * flags=stuff. Errors are fatal.
1193 */
1194 if (strncasecmp("flags=", *argv, sizeof("flags=") - 1) == 0) {
1195 last_flags = *argv;
1196 if (msg_verbose)
1197 msg_info("%s: %s", myname, last_flags);
1198 attr->flags = byte_mask(*argv, flags_map,
1199 *argv + sizeof("flags=") - 1);
1200 }
1201
1202 /*
1203 * Bad.
1204 */
1205 else
1206 msg_fatal("unknown attribute name: %s", *argv);
1207 }
1208
1209 /*
1210 * Backwards compatibility, redundancy, and obsolescence.
1211 */
1212 if (!smtp_mode && var_lmtp_assume_final
1213 && (attr->flags & SMTP_CLI_FLAG_FINAL_DELIVERY) == 0) {
1214 attr->flags |= SMTP_CLI_FLAG_FINAL_DELIVERY;
1215 msg_warn("%s is obsolete; instead, specify \"%sX\" in %s",
1216 VAR_LMTP_ASSUME_FINAL, last_flags, MASTER_CONF_FILE);
1217 }
1218 }
1219
1220 /* deliver_message - deliver message with extreme prejudice */
1221
deliver_message(const char * service,DELIVER_REQUEST * request)1222 static int deliver_message(const char *service, DELIVER_REQUEST *request)
1223 {
1224 SMTP_STATE *state;
1225 int result;
1226
1227 if (msg_verbose)
1228 msg_info("deliver_message: from %s", request->sender);
1229
1230 /*
1231 * Sanity checks. The smtp server is unprivileged and chrooted, so we can
1232 * afford to distribute the data censoring code, instead of having it all
1233 * in one place.
1234 */
1235 if (request->nexthop[0] == 0)
1236 msg_fatal("empty nexthop hostname");
1237 if (request->rcpt_list.len <= 0)
1238 msg_fatal("recipient count: %d", request->rcpt_list.len);
1239
1240 /*
1241 * D flag checks.
1242 */
1243 if (smtp_cli_attr.flags & SMTP_CLI_FLAG_DELIVERED_TO) {
1244
1245 /*
1246 * The D flag cannot be specified for multi-recipient deliveries.
1247 */
1248 if (request->rcpt_list.len > 1) {
1249 msg_warn("flag `D' requires %s_destination_recipient_limit = 1",
1250 service);
1251 return (reject_deliver_request(service, request, "4.3.5",
1252 "mail system configuration error"));
1253 }
1254
1255 /*
1256 * The recipient cannot appear in a Delivered-To: header.
1257 */
1258 else {
1259 DELIVERED_HDR_INFO *delivered_info = delivered_hdr_init(
1260 request->fp, request->data_offset, FOLD_ADDR_ALL);
1261 VSTRING *generic_rcpt = vstring_alloc(100);
1262 int have_delivered_loop;
1263
1264 smtp_rewrite_generic_internal(generic_rcpt,
1265 request->rcpt_list.info->address);
1266 have_delivered_loop = delivered_hdr_find(
1267 delivered_info, STR(generic_rcpt));
1268 vstring_free(generic_rcpt);
1269 delivered_hdr_free(delivered_info);
1270 if (have_delivered_loop) {
1271 return (reject_deliver_request(service, request, "5.4.6",
1272 "mail forwarding loop for %s",
1273 request->rcpt_list.info->address));
1274 }
1275 }
1276 }
1277
1278 /*
1279 * The O flag cannot be specified for multi-recipient deliveries.
1280 */
1281 if ((smtp_cli_attr.flags & SMTP_CLI_FLAG_ORIG_RCPT)
1282 && request->rcpt_list.len > 1) {
1283 msg_warn("flag `O' requires %s_destination_recipient_limit = 1",
1284 service);
1285 return (reject_deliver_request(service, request, "4.3.5",
1286 "mail system configuration error"));
1287 }
1288
1289 /*
1290 * Initialize. Bundle all information about the delivery request, so that
1291 * we can produce understandable diagnostics when something goes wrong
1292 * many levels below. The alternative would be to make everything global.
1293 */
1294 state = smtp_state_alloc();
1295 state->request = request;
1296 state->src = request->fp;
1297 state->service = service;
1298 state->misc_flags |= smtp_addr_pref;
1299 state->debug_peer_per_nexthop =
1300 debug_peer_check(request->nexthop, "noaddr");
1301 SMTP_RCPT_INIT(state);
1302
1303 /*
1304 * Establish an SMTP session and deliver this message to all requested
1305 * recipients. At the end, notify the postmaster of any protocol errors.
1306 * Optionally deliver mail locally when this machine is the best mail
1307 * exchanger.
1308 */
1309 result = smtp_connect(state);
1310
1311 /*
1312 * Clean up.
1313 */
1314 smtp_state_free(state);
1315
1316 return (result);
1317 }
1318
1319 /* smtp_service - perform service for client */
1320
smtp_service(VSTREAM * client_stream,char * service,char ** unused_argv)1321 static void smtp_service(VSTREAM *client_stream, char *service,
1322 char **unused_argv)
1323 {
1324 DELIVER_REQUEST *request;
1325 int status;
1326
1327 /*
1328 * This routine runs whenever a client connects to the UNIX-domain socket
1329 * dedicated to remote SMTP delivery service. What we see below is a
1330 * little protocol to (1) tell the queue manager that we are ready, (2)
1331 * read a request from the queue manager, and (3) report the completion
1332 * status of that request. All connection-management stuff is handled by
1333 * the common code in single_server.c.
1334 */
1335 if ((request = deliver_request_read(client_stream)) != 0) {
1336 status = deliver_message(service, request);
1337 deliver_request_done(client_stream, request, status);
1338 }
1339 }
1340
1341 /* post_init - post-jail initialization */
1342
post_init(char * unused_name,char ** argv)1343 static void post_init(char *unused_name, char **argv)
1344 {
1345 static const NAME_MASK lookup_masks[] = {
1346 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS,
1347 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE,
1348 0,
1349 };
1350 static const NAME_MASK dns_res_opt_masks[] = {
1351 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES,
1352 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH,
1353 0,
1354 };
1355 static const NAME_CODE dns_support[] = {
1356 SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED,
1357 SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED,
1358 #if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0)
1359 SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC,
1360 #endif
1361 0, SMTP_DNS_INVALID,
1362 };
1363
1364 if (*var_smtp_dns_support == 0) {
1365 /* Backwards compatible empty setting */
1366 smtp_dns_support =
1367 var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED;
1368 } else {
1369 smtp_dns_support =
1370 name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support);
1371 if (smtp_dns_support == SMTP_DNS_INVALID)
1372 msg_fatal("invalid %s: \"%s\"", VAR_LMTP_SMTP(DNS_SUPPORT),
1373 var_smtp_dns_support);
1374 var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED);
1375 }
1376
1377 #ifdef USE_TLS
1378 if (smtp_mode) {
1379 smtp_tls_insecure_mx_policy =
1380 tls_level_lookup(var_smtp_tls_insecure_mx_policy);
1381 switch (smtp_tls_insecure_mx_policy) {
1382 case TLS_LEV_MAY:
1383 case TLS_LEV_ENCRYPT:
1384 case TLS_LEV_DANE:
1385 break;
1386 default:
1387 msg_fatal("invalid %s: \"%s\"", VAR_SMTP_TLS_INSECURE_MX_POLICY,
1388 var_smtp_tls_insecure_mx_policy);
1389 }
1390 }
1391 #endif
1392
1393 /*
1394 * Select hostname lookup mechanisms.
1395 */
1396 if (smtp_dns_support == SMTP_DNS_DISABLED)
1397 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE;
1398 else
1399 smtp_host_lookup_mask =
1400 name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks,
1401 var_smtp_host_lookup);
1402 if (msg_verbose)
1403 msg_info("host name lookup methods: %s",
1404 str_name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks,
1405 smtp_host_lookup_mask));
1406
1407 /*
1408 * Session cache instance.
1409 */
1410 if (*var_smtp_cache_dest || var_smtp_cache_demand)
1411 #if 0
1412 smtp_scache = scache_multi_create();
1413 #else
1414 smtp_scache = scache_clnt_create(var_scache_service,
1415 var_scache_proto_tmout,
1416 var_ipc_idle_limit,
1417 var_ipc_ttl_limit);
1418 #endif
1419
1420 /*
1421 * Select DNS query flags.
1422 */
1423 smtp_dns_res_opt = name_mask(VAR_LMTP_SMTP(DNS_RES_OPT), dns_res_opt_masks,
1424 var_smtp_dns_res_opt);
1425
1426 /*
1427 * Address verification.
1428 */
1429 smtp_vrfy_init();
1430
1431 /*
1432 * Look up service command-line attributes; these do not change during
1433 * the process lifetime.
1434 */
1435 get_cli_attr(&smtp_cli_attr, argv);
1436
1437 /*
1438 * header_from format, for postmaster notifications.
1439 */
1440 smtp_hfrom_format = hfrom_format_parse(VAR_HFROM_FORMAT, var_hfrom_format);
1441
1442 /*
1443 * Service discovery with SRV record lookup.
1444 */
1445 if (*var_use_srv_lookup)
1446 smtp_use_srv_lookup = string_list_init(VAR_USE_SRV_LOOKUP,
1447 MATCH_FLAG_RETURN,
1448 var_use_srv_lookup);
1449 }
1450
1451 /* pre_init - pre-jail initialization */
1452
pre_init(char * unused_name,char ** unused_argv)1453 static void pre_init(char *unused_name, char **unused_argv)
1454 {
1455 int use_tls;
1456 static const NAME_CODE addr_pref_map[] = {
1457 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6,
1458 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4,
1459 INET_PROTO_NAME_ANY, 0,
1460 0, -1,
1461 };
1462
1463 /*
1464 * Turn on per-peer debugging.
1465 */
1466 debug_peer_init();
1467
1468 /*
1469 * SASL initialization.
1470 */
1471 if (var_smtp_sasl_enable)
1472 #ifdef USE_SASL_AUTH
1473 smtp_sasl_initialize();
1474 #else
1475 msg_warn("%s is true, but SASL support is not compiled in",
1476 VAR_LMTP_SMTP(SASL_ENABLE));
1477 #endif
1478
1479 if (*var_smtp_tls_level != 0)
1480 #ifdef USE_TLS
1481 switch (tls_level_lookup(var_smtp_tls_level)) {
1482 case TLS_LEV_SECURE:
1483 case TLS_LEV_VERIFY:
1484 case TLS_LEV_DANE_ONLY:
1485 case TLS_LEV_FPRINT:
1486 case TLS_LEV_ENCRYPT:
1487 var_smtp_use_tls = var_smtp_enforce_tls = 1;
1488 break;
1489 case TLS_LEV_DANE:
1490 case TLS_LEV_MAY:
1491 var_smtp_use_tls = 1;
1492 var_smtp_enforce_tls = 0;
1493 break;
1494 case TLS_LEV_NONE:
1495 var_smtp_use_tls = var_smtp_enforce_tls = 0;
1496 break;
1497 default:
1498 /* tls_level_lookup() logs no warning. */
1499 /* session_tls_init() assumes that var_smtp_tls_level is sane. */
1500 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level);
1501 }
1502 #endif
1503 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls);
1504
1505 /*
1506 * Initialize the TLS data before entering the chroot jail
1507 */
1508 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) {
1509 #ifdef USE_TLS
1510 TLS_CLIENT_INIT_PROPS props;
1511
1512 tls_pre_jail_init(TLS_ROLE_CLIENT);
1513
1514 /*
1515 * We get stronger type safety and a cleaner interface by combining
1516 * the various parameters into a single tls_client_props structure.
1517 *
1518 * Large parameter lists are error-prone, so we emulate a language
1519 * feature that C does not have natively: named parameter lists.
1520 *
1521 * With tlsproxy(8) turned on, this is still needed for DANE-related
1522 * initializations.
1523 */
1524 smtp_tls_ctx =
1525 TLS_CLIENT_INIT(&props,
1526 log_param = VAR_LMTP_SMTP(TLS_LOGLEVEL),
1527 log_level = var_smtp_tls_loglevel,
1528 verifydepth = var_smtp_tls_scert_vd,
1529 cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE),
1530 chain_files = var_smtp_tls_chain_files,
1531 cert_file = var_smtp_tls_cert_file,
1532 key_file = var_smtp_tls_key_file,
1533 dcert_file = var_smtp_tls_dcert_file,
1534 dkey_file = var_smtp_tls_dkey_file,
1535 eccert_file = var_smtp_tls_eccert_file,
1536 eckey_file = var_smtp_tls_eckey_file,
1537 CAfile = var_smtp_tls_CAfile,
1538 CApath = var_smtp_tls_CApath,
1539 mdalg = var_smtp_tls_fpt_dgst);
1540 smtp_tls_list_init();
1541 tls_dane_loglevel(VAR_LMTP_SMTP(TLS_LOGLEVEL), var_smtp_tls_loglevel);
1542 #else
1543 msg_warn("TLS has been selected, but TLS support is not compiled in");
1544 #endif
1545 }
1546
1547 /*
1548 * Flush client.
1549 */
1550 flush_init();
1551
1552 /*
1553 * Session cache domain list.
1554 */
1555 if (*var_smtp_cache_dest)
1556 smtp_cache_dest = string_list_init(VAR_SMTP_CACHE_DEST,
1557 MATCH_FLAG_RETURN,
1558 var_smtp_cache_dest);
1559
1560 /*
1561 * EHLO keyword filter.
1562 */
1563 if (*var_smtp_ehlo_dis_maps)
1564 smtp_ehlo_dis_maps = maps_create(VAR_LMTP_SMTP(EHLO_DIS_MAPS),
1565 var_smtp_ehlo_dis_maps,
1566 DICT_FLAG_LOCK);
1567
1568 /*
1569 * PIX bug workarounds.
1570 */
1571 if (*var_smtp_pix_bug_maps)
1572 smtp_pix_bug_maps = maps_create(VAR_LMTP_SMTP(PIX_BUG_MAPS),
1573 var_smtp_pix_bug_maps,
1574 DICT_FLAG_LOCK);
1575
1576 /*
1577 * Generic maps.
1578 */
1579 if (*var_prop_extension)
1580 smtp_ext_prop_mask =
1581 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
1582 if (*var_smtp_generic_maps)
1583 smtp_generic_maps =
1584 maps_create(VAR_LMTP_SMTP(GENERIC_MAPS), var_smtp_generic_maps,
1585 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX
1586 | DICT_FLAG_UTF8_REQUEST);
1587
1588 /*
1589 * Header/body checks.
1590 */
1591 smtp_header_checks = hbc_header_checks_create(
1592 VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks,
1593 VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks,
1594 VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks,
1595 smtp_hbc_callbacks);
1596 smtp_body_checks = hbc_body_checks_create(
1597 VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks,
1598 smtp_hbc_callbacks);
1599
1600 /*
1601 * Server reply filter.
1602 */
1603 if (*var_smtp_resp_filter)
1604 smtp_chat_resp_filter =
1605 dict_open(var_smtp_resp_filter, O_RDONLY,
1606 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX);
1607
1608 /*
1609 * Address family preference.
1610 */
1611 if (*var_smtp_addr_pref) {
1612 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE,
1613 var_smtp_addr_pref);
1614 if (smtp_addr_pref < 0)
1615 msg_fatal("bad %s value: %s", VAR_LMTP_SMTP(ADDR_PREF),
1616 var_smtp_addr_pref);
1617 }
1618
1619 /*
1620 * DNS reply filter.
1621 */
1622 if (*var_smtp_dns_re_filter)
1623 dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER),
1624 var_smtp_dns_re_filter);
1625 }
1626
1627 /* pre_accept - see if tables have changed */
1628
pre_accept(char * unused_name,char ** unused_argv)1629 static void pre_accept(char *unused_name, char **unused_argv)
1630 {
1631 const char *table;
1632
1633 if ((table = dict_changed_name()) != 0) {
1634 msg_info("table %s has changed -- restarting", table);
1635 exit(0);
1636 }
1637 }
1638
1639 MAIL_VERSION_STAMP_DECLARE;
1640
1641 /* main - pass control to the single-threaded skeleton */
1642
main(int argc,char ** argv)1643 int main(int argc, char **argv)
1644 {
1645 char *sane_procname;
1646
1647 #include "smtp_params.c"
1648 #include "lmtp_params.c"
1649
1650 /*
1651 * Fingerprint executables and core dumps.
1652 */
1653 MAIL_VERSION_STAMP_ALLOCATE;
1654
1655 /*
1656 * XXX At this point, var_procname etc. are not initialized.
1657 *
1658 * The process name, "smtp" or "lmtp", determines the protocol, the DSN
1659 * server reply type, SASL service information lookup, and more. Prepare
1660 * for the possibility there may be another personality.
1661 */
1662 sane_procname = sane_basename((VSTRING *) 0, argv[0]);
1663 if (strcmp(sane_procname, "smtp") == 0)
1664 smtp_mode = 1;
1665 else if (strcmp(sane_procname, "lmtp") == 0)
1666 smtp_mode = 0;
1667 else
1668 /* TODO: logging is not initialized. */
1669 msg_fatal("unexpected process name \"%s\" - "
1670 "specify \"smtp\" or \"lmtp\"", var_procname);
1671
1672 /*
1673 * Initialize with the LMTP or SMTP parameter name space.
1674 */
1675 single_server_main(argc, argv, smtp_service,
1676 CA_MAIL_SERVER_TIME_TABLE(smtp_mode ?
1677 smtp_time_table : lmtp_time_table),
1678 CA_MAIL_SERVER_INT_TABLE(smtp_mode ?
1679 smtp_int_table : lmtp_int_table),
1680 CA_MAIL_SERVER_STR_TABLE(smtp_mode ?
1681 smtp_str_table : lmtp_str_table),
1682 CA_MAIL_SERVER_BOOL_TABLE(smtp_mode ?
1683 smtp_bool_table : lmtp_bool_table),
1684 CA_MAIL_SERVER_NBOOL_TABLE(smtp_mode ?
1685 smtp_nbool_table : lmtp_nbool_table),
1686 CA_MAIL_SERVER_PRE_INIT(pre_init),
1687 CA_MAIL_SERVER_POST_INIT(post_init),
1688 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept),
1689 CA_MAIL_SERVER_BOUNCE_INIT(VAR_SMTP_DSN_FILTER,
1690 &var_smtp_dsn_filter),
1691 0);
1692 }
1693