xref: /netbsd-src/external/ibm-public/postfix/dist/html/BDAT_README.html (revision 2718af68c3efc72c9769069b5c7f9ed36f6b9def) 
1<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
2        "http://www.w3.org/TR/html4/loose.dtd">
3
4<html>
5
6<head>
7
8<title>Postfix BDAT (CHUNKING) support</title>
9
10<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
11
12</head>
13
14<body>
15
16<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
17BDAT (CHUNKING) support</h1>
18
19<hr>
20
21<h2>Overview </h2>
22
23<p> Postfix SMTP server supports <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> CHUNKING (the BDAT command)
24without BINARYMIME, in both <a href="smtpd.8.html">smtpd(8)</a> and <a href="postscreen.8.html">postscreen(8)</a>. It is enabled
25by default. </p>
26
27<p> Topics covered in this document: </p>
28
29<ul>
30
31<li><a href="#disable"> Disabling BDAT support</a>
32
33<li><a href="#impact"> Impact on existing configurations</a>
34
35<li><a href="#example"> Example SMTP session</a>
36
37<li> <a href="#benefits">Benefits of CHUNKING (BDAT) support without BINARYMIME</a>
38
39<li> <a href="#downsides">Downsides of CHUNKING (BDAT) support</a>
40
41</ul>
42
43<h2> <a name="disable"> Disabling BDAT support </a> </h2>
44
45<p> BDAT support is enabled by default. To disable BDAT support
46globally: </p>
47
48<blockquote>
49<pre>
50/etc/postfix/<a href="postconf.5.html">main.cf</a>:
51    # The logging alternative:
52    <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking
53    # The non-logging alternative:
54    <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a> = chunking, silent_discard
55</pre>
56</blockquote>
57
58<p> Specify '-o <a href="postconf.5.html#smtpd_discard_ehlo_keywords">smtpd_discard_ehlo_keywords</a>=' in <a href="master.5.html">master.cf</a>
59for the submission and smtps services, if you have clients
60that benefit from CHUNKING support. </p>
61
62<h2> <a name="impact"> Impact on existing configurations </a> </h2>
63
64<ul>
65
66<li> <p> There are no changes for smtpd_mumble_restrictions,
67<a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a>, <a href="postconf.5.html#smtpd_milters">smtpd_milters</a>, or for postscreen settings,
68except for the above mentioned option to suppress the SMTP server's
69CHUNKING service announcement. </p>
70
71<li> <p> There are no changes in the Postfix queue file content,
72no changes for down-stream SMTP servers or after-queue content
73filters, and no changes in the envelope or message content that
74Milters will receive. </p>
75
76</ul>
77
78<h2> <a name="example"> Example SMTP session</a> </h2>
79
80<p> The main differences are that the Postfix SMTP server announces
81"CHUNKING" support in the EHLO response, and that instead of sending
82one DATA request, the remote SMTP client may send one or more BDAT
83requests. In the example below, "S:" indicates server responses,
84and "C:" indicates client requests (bold font). </p>
85
86<blockquote>
87<pre>
88    S: 220 server.example.com
89    C: <b>EHLO client.example.com</b>
90    S: 250-server.example.com
91    S: 250-PIPELINING
92    S: 250-SIZE 153600000
93    S: 250-VRFY
94    S: 250-ETRN
95    S: 250-STARTTLS
96    S: 250-AUTH PLAIN LOGIN
97    S: 250-ENHANCEDSTATUSCODES
98    S: 250-8BITMIME
99    S: 250-DSN
100    S: 250-SMTPUTF8
101    S: 250 CHUNKING
102    C: <b>MAIL FROM:&lt;sender@example.com&gt;</b>
103    S: 250 2.1.0 Ok
104    C: <b>RCPT TO:&lt;recipient@example.com&gt;</b>
105    S: 250 2.1.5 Ok
106    C: <b>BDAT 10000</b>
107    C: <b>..followed by 10000 bytes...</b>
108    S: 250 2.0.0 Ok: 10000 bytes
109    C: <b>BDAT 123</b>
110    C: <b>..followed by 123 bytes...</b>
111    S: 250 2.0.0 Ok: 123 bytes
112    C: <b>BDAT 0 LAST</b>
113    S: 250 2.0.0 Ok: 10123 bytes queued as 41yYhh41qmznjbD
114    C: <b>QUIT</b>
115    S: 221 2.0.0 Bye
116</pre>
117</blockquote>
118
119<p> Internally in Postfix, there is no difference between mail that
120was received with BDAT or with DATA. Postfix smtpd_mumble_restrictions,
121policy delegation queries, <a href="postconf.5.html#smtpd_proxy_filter">smtpd_proxy_filter</a> and Milters all behave
122as if Postfix received (MAIL + RCPT + DATA + end-of-data). However,
123Postfix will log BDAT-related failures as "xxx after BDAT" to avoid
124complicating troubleshooting (xxx = 'lost connection' or 'timeout'),
125and will log a warning when a client sends a malformed BDAT command.
126</p>
127
128<h2> <a name="benefits">Benefits of CHUNKING (BDAT) support without
129BINARYMIME</a> </h2>
130
131<p> Support for CHUNKING (BDAT) was added to improve interoperability
132with some clients, a benefit that would reportedly exist even without
133Postfix support for BINARYMIME. Since June 2018, Wietse's mail
134server has received BDAT commands from a variety of systems. </p>
135
136<p> Postfix does not support BINARYMIME at this time because: </p>
137
138<ul>
139
140<li> <p> BINARYMIME support would require moderately invasive
141changes to Postfix, to support email content that is not line-oriented.
142With BINARYMIME, the Content-Length: message header specifies the
143length of content that may or may not have line boundaries. Without
144BINARYMIME support, email RFCs require that binary content is
145base64-encoded, and formatted as lines of text. </p>
146
147<li> <p> For delivery to non-BINARYMIME systems including UNIX mbox,
148the available options are to convert binary content into 8bit text,
149one of the 7bit forms (base64 or quoted-printable), or to return
150email as undeliverable. Any conversion would obviously break digital
151signatures, so conversion would have to happen before signing. </p>
152
153</ul>
154
155<h2> <a name="downsides">Downsides of CHUNKING (BDAT) support</a>
156</h2>
157
158<p> The <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> authors did not specify any limitations on how
159clients may pipeline commands (i.e. send commands without waiting
160for a server response). If a server announces PIPELINING support,
161like Postfix does, then a remote SMTP client can pipeline all
162commands following EHLO, for example, MAIL/RCPT/BDAT/BDAT/MAIL/RCPT/BDAT,
163without ever having to wait for a server response. This means that
164with BDAT, the Postfix SMTP server cannot distinguish between a
165well-behaved client and a spambot, based on their command pipelining
166behavior. If you require "<a href="postconf.5.html#reject_unauth_pipelining">reject_unauth_pipelining</a>" to block spambots,
167then turn off Postfix's CHUNKING announcement as described above.
168</p>
169
170<p> In <a href="http://tools.ietf.org/html/rfc4468">RFC 4468</a>, the authors write that a client may pipeline
171commands, and that after sending BURL LAST or BDAT LAST, a client
172must wait for the server's response. But as this text does not
173appear in <a href="http://tools.ietf.org/html/rfc3030">RFC 3030</a> which defines BDAT, is it a useless restriction
174that Postfix will not enforce. </p>
175
176</body>
177
178</html>
179