1 /* $NetBSD: smtp.c,v 1.4 2011/03/02 19:56:39 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* smtp 8 6 /* SUMMARY 7 /* Postfix SMTP+LMTP client 8 /* SYNOPSIS 9 /* \fBsmtp\fR [generic Postfix daemon options] 10 /* DESCRIPTION 11 /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail 12 /* delivery protocols. It processes message delivery requests from 13 /* the queue manager. Each request specifies a queue file, a sender 14 /* address, a domain or host to deliver to, and recipient information. 15 /* This program expects to be run from the \fBmaster\fR(8) process 16 /* manager. 17 /* 18 /* The SMTP+LMTP client updates the queue file and marks recipients 19 /* as finished, or it informs the queue manager that delivery should 20 /* be tried again at a later time. Delivery status reports are sent 21 /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as 22 /* appropriate. 23 /* 24 /* The SMTP+LMTP client looks up a list of mail exchanger addresses for 25 /* the destination host, sorts the list by preference, and connects 26 /* to each listed address until it finds a server that responds. 27 /* 28 /* When a server is not reachable, or when mail delivery fails due 29 /* to a recoverable error condition, the SMTP+LMTP client will try to 30 /* deliver the mail to an alternate host. 31 /* 32 /* After a successful mail transaction, a connection may be saved 33 /* to the \fBscache\fR(8) connection cache server, so that it 34 /* may be used by any SMTP+LMTP client for a subsequent transaction. 35 /* 36 /* By default, connection caching is enabled temporarily for 37 /* destinations that have a high volume of mail in the active 38 /* queue. Connection caching can be enabled permanently for 39 /* specific destinations. 40 /* SMTP DESTINATION SYNTAX 41 /* .ad 42 /* .fi 43 /* SMTP destinations have the following form: 44 /* .IP \fIdomainname\fR 45 /* .IP \fIdomainname\fR:\fIport\fR 46 /* Look up the mail exchangers for the specified domain, and 47 /* connect to the specified port (default: \fBsmtp\fR). 48 /* .IP [\fIhostname\fR] 49 /* .IP [\fIhostname\fR]:\fIport\fR 50 /* Look up the address(es) of the specified host, and connect to 51 /* the specified port (default: \fBsmtp\fR). 52 /* .IP [\fIaddress\fR] 53 /* .IP [\fIaddress\fR]:\fIport\fR 54 /* Connect to the host at the specified address, and connect 55 /* to the specified port (default: \fBsmtp\fR). An IPv6 address 56 /* must be formatted as [\fBipv6\fR:\fIaddress\fR]. 57 /* LMTP DESTINATION SYNTAX 58 /* .ad 59 /* .fi 60 /* LMTP destinations have the following form: 61 /* .IP \fBunix\fR:\fIpathname\fR 62 /* Connect to the local UNIX-domain server that is bound to the specified 63 /* \fIpathname\fR. If the process runs chrooted, an absolute pathname 64 /* is interpreted relative to the Postfix queue directory. 65 /* .IP \fBinet\fR:\fIhostname\fR 66 /* .IP \fBinet\fB:\fIhostname\fR:\fIport\fR 67 /* .IP \fBinet\fR:[\fIaddress\fR] 68 /* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR 69 /* Connect to the specified TCP port on the specified local or 70 /* remote host. If no port is specified, connect to the port defined as 71 /* \fBlmtp\fR in \fBservices\fR(4). 72 /* If no such service is found, the \fBlmtp_tcp_port\fR configuration 73 /* parameter (default value of 24) will be used. 74 /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. 75 /* .PP 76 /* SECURITY 77 /* .ad 78 /* .fi 79 /* The SMTP+LMTP client is moderately security-sensitive. It 80 /* talks to SMTP or LMTP servers and to DNS servers on the 81 /* network. The SMTP+LMTP client can be run chrooted at fixed 82 /* low privilege. 83 /* STANDARDS 84 /* RFC 821 (SMTP protocol) 85 /* RFC 822 (ARPA Internet Text Messages) 86 /* RFC 1651 (SMTP service extensions) 87 /* RFC 1652 (8bit-MIME transport) 88 /* RFC 1870 (Message Size Declaration) 89 /* RFC 2033 (LMTP protocol) 90 /* RFC 2034 (SMTP Enhanced Error Codes) 91 /* RFC 2045 (MIME: Format of Internet Message Bodies) 92 /* RFC 2046 (MIME: Media Types) 93 /* RFC 2554 (AUTH command) 94 /* RFC 2821 (SMTP protocol) 95 /* RFC 2920 (SMTP Pipelining) 96 /* RFC 3207 (STARTTLS command) 97 /* RFC 3461 (SMTP DSN Extension) 98 /* RFC 3463 (Enhanced Status Codes) 99 /* RFC 4954 (AUTH command) 100 /* DIAGNOSTICS 101 /* Problems and transactions are logged to \fBsyslogd\fR(8). 102 /* Corrupted message files are marked so that the queue manager can 103 /* move them to the \fBcorrupt\fR queue for further inspection. 104 /* 105 /* Depending on the setting of the \fBnotify_classes\fR parameter, 106 /* the postmaster is notified of bounces, protocol problems, and of 107 /* other trouble. 108 /* BUGS 109 /* SMTP and LMTP connection caching does not work with TLS. The necessary 110 /* support for TLS object passivation and re-activation does not 111 /* exist without closing the session, which defeats the purpose. 112 /* 113 /* SMTP and LMTP connection caching assumes that SASL credentials 114 /* are valid for all destinations that map onto the same IP 115 /* address and TCP port. 116 /* CONFIGURATION PARAMETERS 117 /* .ad 118 /* .fi 119 /* Before Postfix version 2.3, the LMTP client is a separate 120 /* program that implements only a subset of the functionality 121 /* available with SMTP: there is no support for TLS, and 122 /* connections are cached in-process, making it ineffective 123 /* when the client is used for multiple domains. 124 /* 125 /* Most smtp_\fIxxx\fR configuration parameters have an 126 /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP 127 /* feature. This document describes only those LMTP-related 128 /* parameters that aren't simply "mirror" parameters. 129 /* 130 /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) 131 /* processes run for only a limited amount of time. Use the command 132 /* "\fBpostfix reload\fR" to speed up a change. 133 /* 134 /* The text below provides only a parameter summary. See 135 /* \fBpostconf\fR(5) for more details including examples. 136 /* COMPATIBILITY CONTROLS 137 /* .ad 138 /* .fi 139 /* .IP "\fBignore_mx_lookup_error (no)\fR" 140 /* Ignore DNS MX lookups that produce no response. 141 /* .IP "\fBsmtp_always_send_ehlo (yes)\fR" 142 /* Always send EHLO at the start of an SMTP session. 143 /* .IP "\fBsmtp_never_send_ehlo (no)\fR" 144 /* Never send EHLO at the start of an SMTP session. 145 /* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" 146 /* Defer mail delivery when no MX record resolves to an IP address. 147 /* .IP "\fBsmtp_line_length_limit (990)\fR" 148 /* The maximal length of message header and body lines that Postfix 149 /* will send via SMTP. 150 /* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" 151 /* How long the Postfix SMTP client pauses before sending 152 /* ".<CR><LF>" in order to work around the PIX firewall 153 /* "<CR><LF>.<CR><LF>" bug. 154 /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" 155 /* How long a message must be queued before the Postfix SMTP client 156 /* turns on the PIX firewall "<CR><LF>.<CR><LF>" 157 /* bug workaround for delivery through firewalls with "smtp fixup" 158 /* mode turned on. 159 /* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" 160 /* A list that specifies zero or more workarounds for CISCO PIX 161 /* firewall bugs. 162 /* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" 163 /* Lookup tables, indexed by the remote SMTP server address, with 164 /* per-destination workarounds for CISCO PIX firewall bugs. 165 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" 166 /* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required 167 /* by RFC 2821. 168 /* .IP "\fBsmtp_reply_filter (empty)\fR" 169 /* A mechanism to transform replies from remote SMTP servers one 170 /* line at a time. 171 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR" 172 /* Skip SMTP servers that greet with a 5XX status code (go away, do 173 /* not try again later). 174 /* .IP "\fBsmtp_skip_quit_response (yes)\fR" 175 /* Do not wait for the response to the SMTP QUIT command. 176 /* .PP 177 /* Available in Postfix version 2.0 and earlier: 178 /* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR" 179 /* Skip SMTP servers that greet with a 4XX status code (go away, try 180 /* again later). 181 /* .PP 182 /* Available in Postfix version 2.2 and later: 183 /* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" 184 /* Lookup tables, indexed by the remote SMTP server address, with 185 /* case insensitive lists of EHLO keywords (pipelining, starttls, auth, 186 /* etc.) that the Postfix SMTP client will ignore in the EHLO response from a 187 /* remote SMTP server. 188 /* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" 189 /* A case insensitive list of EHLO keywords (pipelining, starttls, 190 /* auth, etc.) that the Postfix SMTP client will ignore in the EHLO 191 /* response from a remote SMTP server. 192 /* .IP "\fBsmtp_generic_maps (empty)\fR" 193 /* Optional lookup tables that perform address rewriting in the 194 /* SMTP client, typically to transform a locally valid address into 195 /* a globally valid address when sending mail across the Internet. 196 /* .PP 197 /* Available in Postfix version 2.2.9 and later: 198 /* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" 199 /* Allow DNS CNAME records to override the servername that the 200 /* Postfix SMTP client uses for logging, SASL password lookup, TLS 201 /* policy decisions, or TLS certificate verification. 202 /* .PP 203 /* Available in Postfix version 2.3 and later: 204 /* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" 205 /* Lookup tables, indexed by the remote LMTP server address, with 206 /* case insensitive lists of LHLO keywords (pipelining, starttls, 207 /* auth, etc.) that the LMTP client will ignore in the LHLO response 208 /* from a remote LMTP server. 209 /* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" 210 /* A case insensitive list of LHLO keywords (pipelining, starttls, 211 /* auth, etc.) that the LMTP client will ignore in the LHLO response 212 /* from a remote LMTP server. 213 /* .PP 214 /* Available in Postfix version 2.4.4 and later: 215 /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" 216 /* When authenticating to a remote SMTP or LMTP server with the 217 /* default setting "no", send no SASL authoriZation ID (authzid); send 218 /* only the SASL authentiCation ID (authcid) plus the authcid's password. 219 /* .PP 220 /* Available in Postfix version 2.5 and later: 221 /* .IP "\fBsmtp_header_checks (empty)\fR" 222 /* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. 223 /* .IP "\fBsmtp_mime_header_checks (empty)\fR" 224 /* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP 225 /* client. 226 /* .IP "\fBsmtp_nested_header_checks (empty)\fR" 227 /* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP 228 /* client. 229 /* .IP "\fBsmtp_body_checks (empty)\fR" 230 /* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. 231 /* .PP 232 /* Available in Postfix version 2.6 and later: 233 /* .IP "\fBtcp_windowsize (0)\fR" 234 /* An optional workaround for routers that break TCP window scaling. 235 /* .PP 236 /* Available in Postfix version 2.8 and later: 237 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR" 238 /* DNS Resolver options for the Postfix SMTP client. 239 /* MIME PROCESSING CONTROLS 240 /* .ad 241 /* .fi 242 /* Available in Postfix version 2.0 and later: 243 /* .IP "\fBdisable_mime_output_conversion (no)\fR" 244 /* Disable the conversion of 8BITMIME format to 7BIT format. 245 /* .IP "\fBmime_boundary_length_limit (2048)\fR" 246 /* The maximal length of MIME multipart boundary strings. 247 /* .IP "\fBmime_nesting_limit (100)\fR" 248 /* The maximal recursion level that the MIME processor will handle. 249 /* EXTERNAL CONTENT INSPECTION CONTROLS 250 /* .ad 251 /* .fi 252 /* Available in Postfix version 2.1 and later: 253 /* .IP "\fBsmtp_send_xforward_command (no)\fR" 254 /* Send the non-standard XFORWARD command when the Postfix SMTP server 255 /* EHLO response announces XFORWARD support. 256 /* SASL AUTHENTICATION CONTROLS 257 /* .ad 258 /* .fi 259 /* .IP "\fBsmtp_sasl_auth_enable (no)\fR" 260 /* Enable SASL authentication in the Postfix SMTP client. 261 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR" 262 /* Optional SMTP client lookup tables with one username:password entry 263 /* per remote hostname or domain, or sender address when sender-dependent 264 /* authentication is enabled. 265 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" 266 /* Postfix SMTP client SASL security options; as of Postfix 2.3 267 /* the list of available 268 /* features depends on the SASL client implementation that is selected 269 /* with \fBsmtp_sasl_type\fR. 270 /* .PP 271 /* Available in Postfix version 2.2 and later: 272 /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" 273 /* If non-empty, a Postfix SMTP client filter for the remote SMTP 274 /* server's list of offered SASL mechanisms. 275 /* .PP 276 /* Available in Postfix version 2.3 and later: 277 /* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" 278 /* Enable sender-dependent authentication in the Postfix SMTP client; this is 279 /* available only with SASL authentication, and disables SMTP connection 280 /* caching to ensure that mail from different senders will use the 281 /* appropriate credentials. 282 /* .IP "\fBsmtp_sasl_path (empty)\fR" 283 /* Implementation-specific information that the Postfix SMTP client 284 /* passes through to 285 /* the SASL plug-in implementation that is selected with 286 /* \fBsmtp_sasl_type\fR. 287 /* .IP "\fBsmtp_sasl_type (cyrus)\fR" 288 /* The SASL plug-in type that the Postfix SMTP client should use 289 /* for authentication. 290 /* .PP 291 /* Available in Postfix version 2.5 and later: 292 /* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" 293 /* An optional table to prevent repeated SASL authentication 294 /* failures with the same remote SMTP server hostname, username and 295 /* password. 296 /* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" 297 /* The maximal age of an smtp_sasl_auth_cache_name entry before it 298 /* is removed. 299 /* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" 300 /* When a remote SMTP server rejects a SASL authentication request 301 /* with a 535 reply code, defer mail delivery instead of returning 302 /* mail as undeliverable. 303 /* STARTTLS SUPPORT CONTROLS 304 /* .ad 305 /* .fi 306 /* Detailed information about STARTTLS configuration may be found 307 /* in the TLS_README document. 308 /* .IP "\fBsmtp_tls_security_level (empty)\fR" 309 /* The default SMTP TLS security level for the Postfix SMTP client; 310 /* when a non-empty value is specified, this overrides the obsolete 311 /* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 312 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" 313 /* The SASL authentication security options that the Postfix SMTP 314 /* client uses for TLS encrypted SMTP sessions. 315 /* .IP "\fBsmtp_starttls_timeout (300s)\fR" 316 /* Time limit for Postfix SMTP client write and read operations 317 /* during TLS startup and shutdown handshake procedures. 318 /* .IP "\fBsmtp_tls_CAfile (empty)\fR" 319 /* A file containing CA certificates of root CAs trusted to sign 320 /* either remote SMTP server certificates or intermediate CA certificates. 321 /* .IP "\fBsmtp_tls_CApath (empty)\fR" 322 /* Directory with PEM format certificate authority certificates 323 /* that the Postfix SMTP client uses to verify a remote SMTP server 324 /* certificate. 325 /* .IP "\fBsmtp_tls_cert_file (empty)\fR" 326 /* File with the Postfix SMTP client RSA certificate in PEM format. 327 /* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" 328 /* The minimum TLS cipher grade that the Postfix SMTP client will 329 /* use with 330 /* mandatory TLS encryption. 331 /* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" 332 /* List of ciphers or cipher types to exclude from the Postfix 333 /* SMTP client cipher 334 /* list at all TLS security levels. 335 /* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" 336 /* Additional list of ciphers or cipher types to exclude from the 337 /* SMTP client cipher list at mandatory TLS security levels. 338 /* .IP "\fBsmtp_tls_dcert_file (empty)\fR" 339 /* File with the Postfix SMTP client DSA certificate in PEM format. 340 /* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" 341 /* File with the Postfix SMTP client DSA private key in PEM format. 342 /* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" 343 /* File with the Postfix SMTP client RSA private key in PEM format. 344 /* .IP "\fBsmtp_tls_loglevel (0)\fR" 345 /* Enable additional Postfix SMTP client logging of TLS activity. 346 /* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR" 347 /* Log the hostname of a remote SMTP server that offers STARTTLS, 348 /* when TLS is not already enabled for that server. 349 /* .IP "\fBsmtp_tls_policy_maps (empty)\fR" 350 /* Optional lookup tables with the Postfix SMTP client TLS security 351 /* policy by next-hop destination; when a non-empty value is specified, 352 /* this overrides the obsolete smtp_tls_per_site parameter. 353 /* .IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR" 354 /* List of SSL/TLS protocols that the Postfix SMTP client will use with 355 /* mandatory TLS encryption. 356 /* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" 357 /* The verification depth for remote SMTP server certificates. 358 /* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" 359 /* The server certificate peername verification method for the 360 /* "secure" TLS security level. 361 /* .IP "\fBsmtp_tls_session_cache_database (empty)\fR" 362 /* Name of the file containing the optional Postfix SMTP client 363 /* TLS session cache. 364 /* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" 365 /* The expiration time of Postfix SMTP client TLS session cache 366 /* information. 367 /* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" 368 /* The server certificate peername verification method for the 369 /* "verify" TLS security level. 370 /* .IP "\fBtls_daemon_random_bytes (32)\fR" 371 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 372 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its 373 /* internal pseudo random number generator (PRNG). 374 /* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" 375 /* The OpenSSL cipherlist for "HIGH" grade ciphers. 376 /* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" 377 /* The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. 378 /* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" 379 /* The OpenSSL cipherlist for "LOW" or higher grade ciphers. 380 /* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" 381 /* The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. 382 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 383 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide 384 /* authentication without encryption. 385 /* .PP 386 /* Available in Postfix version 2.4 and later: 387 /* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" 388 /* The SASL authentication security options that the Postfix SMTP 389 /* client uses for TLS encrypted SMTP sessions with a verified server 390 /* certificate. 391 /* .PP 392 /* Available in Postfix version 2.5 and later: 393 /* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" 394 /* List of acceptable remote SMTP server certificate fingerprints 395 /* for the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = 396 /* fingerprint). 397 /* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR" 398 /* The message digest algorithm used to construct remote SMTP server 399 /* certificate fingerprints. 400 /* .PP 401 /* Available in Postfix version 2.6 and later: 402 /* .IP "\fBsmtp_tls_protocols (!SSLv2)\fR" 403 /* List of TLS protocols that the Postfix SMTP client will exclude or 404 /* include with opportunistic TLS encryption. 405 /* .IP "\fBsmtp_tls_ciphers (export)\fR" 406 /* The minimum TLS cipher grade that the Postfix SMTP client 407 /* will use with opportunistic TLS encryption. 408 /* .IP "\fBsmtp_tls_eccert_file (empty)\fR" 409 /* File with the Postfix SMTP client ECDSA certificate in PEM format. 410 /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" 411 /* File with the Postfix SMTP client ECDSA private key in PEM format. 412 /* .PP 413 /* Available in Postfix version 2.7 and later: 414 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" 415 /* Try to detect a mail hijacking attack based on a TLS protocol 416 /* vulnerability (CVE-2009-3555), where an attacker prepends malicious 417 /* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 418 /* .PP 419 /* Available in Postfix version 2.8 and later: 420 /* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" 421 /* List or bit-mask of OpenSSL bug work-arounds to disable. 422 /* OBSOLETE STARTTLS CONTROLS 423 /* .ad 424 /* .fi 425 /* The following configuration parameters exist for compatibility 426 /* with Postfix versions before 2.3. Support for these will 427 /* be removed in a future release. 428 /* .IP "\fBsmtp_use_tls (no)\fR" 429 /* Opportunistic mode: use TLS when a remote SMTP server announces 430 /* STARTTLS support, otherwise send the mail in the clear. 431 /* .IP "\fBsmtp_enforce_tls (no)\fR" 432 /* Enforcement mode: require that remote SMTP servers use TLS 433 /* encryption, and never send mail in the clear. 434 /* .IP "\fBsmtp_tls_enforce_peername (yes)\fR" 435 /* With mandatory TLS encryption, require that the remote SMTP 436 /* server hostname matches the information in the remote SMTP server 437 /* certificate. 438 /* .IP "\fBsmtp_tls_per_site (empty)\fR" 439 /* Optional lookup tables with the Postfix SMTP client TLS usage 440 /* policy by next-hop destination and by remote SMTP server hostname. 441 /* .IP "\fBsmtp_tls_cipherlist (empty)\fR" 442 /* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 443 /* cipher list. 444 /* RESOURCE AND RATE CONTROLS 445 /* .ad 446 /* .fi 447 /* .IP "\fBsmtp_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 448 /* The maximal number of parallel deliveries to the same destination 449 /* via the smtp message delivery transport. 450 /* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR" 451 /* The maximal number of recipients per message for the smtp 452 /* message delivery transport. 453 /* .IP "\fBsmtp_connect_timeout (30s)\fR" 454 /* The SMTP client time limit for completing a TCP connection, or 455 /* zero (use the operating system built-in time limit). 456 /* .IP "\fBsmtp_helo_timeout (300s)\fR" 457 /* The SMTP client time limit for sending the HELO or EHLO command, 458 /* and for receiving the initial server response. 459 /* .IP "\fBlmtp_lhlo_timeout (300s)\fR" 460 /* The LMTP client time limit for sending the LHLO command, and 461 /* for receiving the initial server response. 462 /* .IP "\fBsmtp_xforward_timeout (300s)\fR" 463 /* The SMTP client time limit for sending the XFORWARD command, and 464 /* for receiving the server response. 465 /* .IP "\fBsmtp_mail_timeout (300s)\fR" 466 /* The SMTP client time limit for sending the MAIL FROM command, and 467 /* for receiving the server response. 468 /* .IP "\fBsmtp_rcpt_timeout (300s)\fR" 469 /* The SMTP client time limit for sending the SMTP RCPT TO command, and 470 /* for receiving the server response. 471 /* .IP "\fBsmtp_data_init_timeout (120s)\fR" 472 /* The SMTP client time limit for sending the SMTP DATA command, and for 473 /* receiving the server response. 474 /* .IP "\fBsmtp_data_xfer_timeout (180s)\fR" 475 /* The SMTP client time limit for sending the SMTP message content. 476 /* .IP "\fBsmtp_data_done_timeout (600s)\fR" 477 /* The SMTP client time limit for sending the SMTP ".", and for receiving 478 /* the server response. 479 /* .IP "\fBsmtp_quit_timeout (300s)\fR" 480 /* The SMTP client time limit for sending the QUIT command, and for 481 /* receiving the server response. 482 /* .PP 483 /* Available in Postfix version 2.1 and later: 484 /* .IP "\fBsmtp_mx_address_limit (5)\fR" 485 /* The maximal number of MX (mail exchanger) IP addresses that can 486 /* result from mail exchanger lookups, or zero (no limit). 487 /* .IP "\fBsmtp_mx_session_limit (2)\fR" 488 /* The maximal number of SMTP sessions per delivery request before 489 /* giving up or delivering to a fall-back relay host, or zero (no 490 /* limit). 491 /* .IP "\fBsmtp_rset_timeout (20s)\fR" 492 /* The SMTP client time limit for sending the RSET command, and 493 /* for receiving the server response. 494 /* .PP 495 /* Available in Postfix version 2.2 and earlier: 496 /* .IP "\fBlmtp_cache_connection (yes)\fR" 497 /* Keep Postfix LMTP client connections open for up to $max_idle 498 /* seconds. 499 /* .PP 500 /* Available in Postfix version 2.2 and later: 501 /* .IP "\fBsmtp_connection_cache_destinations (empty)\fR" 502 /* Permanently enable SMTP connection caching for the specified 503 /* destinations. 504 /* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR" 505 /* Temporarily enable SMTP connection caching while a destination 506 /* has a high volume of mail in the active queue. 507 /* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" 508 /* The amount of time during which Postfix will use an SMTP 509 /* connection repeatedly. 510 /* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR" 511 /* When SMTP connection caching is enabled, the amount of time that 512 /* an unused SMTP client socket is kept open before it is closed. 513 /* .PP 514 /* Available in Postfix version 2.3 and later: 515 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR" 516 /* Time limit for connection cache connect, send or receive 517 /* operations. 518 /* TROUBLE SHOOTING CONTROLS 519 /* .ad 520 /* .fi 521 /* .IP "\fBdebug_peer_level (2)\fR" 522 /* The increment in verbose logging level when a remote client or 523 /* server matches a pattern in the debug_peer_list parameter. 524 /* .IP "\fBdebug_peer_list (empty)\fR" 525 /* Optional list of remote client or server hostname or network 526 /* address patterns that cause the verbose logging level to increase 527 /* by the amount specified in $debug_peer_level. 528 /* .IP "\fBerror_notice_recipient (postmaster)\fR" 529 /* The recipient of postmaster notifications about mail delivery 530 /* problems that are caused by policy, resource, software or protocol 531 /* errors. 532 /* .IP "\fBinternal_mail_filter_classes (empty)\fR" 533 /* What categories of Postfix-generated mail are subject to 534 /* before-queue content inspection by non_smtpd_milters, header_checks 535 /* and body_checks. 536 /* .IP "\fBnotify_classes (resource, software)\fR" 537 /* The list of error classes that are reported to the postmaster. 538 /* MISCELLANEOUS CONTROLS 539 /* .ad 540 /* .fi 541 /* .IP "\fBbest_mx_transport (empty)\fR" 542 /* Where the Postfix SMTP client should deliver mail when it detects 543 /* a "mail loops back to myself" error condition. 544 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 545 /* The default location of the Postfix main.cf and master.cf 546 /* configuration files. 547 /* .IP "\fBdaemon_timeout (18000s)\fR" 548 /* How much time a Postfix daemon process may take to handle a 549 /* request before it is terminated by a built-in watchdog timer. 550 /* .IP "\fBdelay_logging_resolution_limit (2)\fR" 551 /* The maximal number of digits after the decimal point when logging 552 /* sub-second delay values. 553 /* .IP "\fBdisable_dns_lookups (no)\fR" 554 /* Disable DNS lookups in the Postfix SMTP and LMTP clients. 555 /* .IP "\fBinet_interfaces (all)\fR" 556 /* The network interface addresses that this mail system receives 557 /* mail on. 558 /* .IP "\fBinet_protocols (ipv4)\fR" 559 /* The Internet protocols Postfix will attempt to use when making 560 /* or accepting connections. 561 /* .IP "\fBipc_timeout (3600s)\fR" 562 /* The time limit for sending or receiving information over an internal 563 /* communication channel. 564 /* .IP "\fBlmtp_assume_final (no)\fR" 565 /* When an LMTP server announces no DSN support, assume that the 566 /* server performs final delivery, and send "delivered" delivery status 567 /* notifications instead of "relayed". 568 /* .IP "\fBlmtp_tcp_port (24)\fR" 569 /* The default TCP port that the Postfix LMTP client connects to. 570 /* .IP "\fBmax_idle (100s)\fR" 571 /* The maximum amount of time that an idle Postfix daemon process waits 572 /* for an incoming connection before terminating voluntarily. 573 /* .IP "\fBmax_use (100)\fR" 574 /* The maximal number of incoming connections that a Postfix daemon 575 /* process will service before terminating voluntarily. 576 /* .IP "\fBprocess_id (read-only)\fR" 577 /* The process ID of a Postfix command or daemon process. 578 /* .IP "\fBprocess_name (read-only)\fR" 579 /* The process name of a Postfix command or daemon process. 580 /* .IP "\fBproxy_interfaces (empty)\fR" 581 /* The network interface addresses that this mail system receives mail 582 /* on by way of a proxy or network address translation unit. 583 /* .IP "\fBsmtp_address_preference (ipv6)\fR" 584 /* The address type ("ipv6", "ipv4" or "any") that the Postfix 585 /* SMTP client will try first, when a destination has IPv6 and IPv4 586 /* addresses with equal MX preference. 587 /* .IP "\fBsmtp_bind_address (empty)\fR" 588 /* An optional numerical network address that the Postfix SMTP client 589 /* should bind to when making an IPv4 connection. 590 /* .IP "\fBsmtp_bind_address6 (empty)\fR" 591 /* An optional numerical network address that the Postfix SMTP client 592 /* should bind to when making an IPv6 connection. 593 /* .IP "\fBsmtp_helo_name ($myhostname)\fR" 594 /* The hostname to send in the SMTP EHLO or HELO command. 595 /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" 596 /* The hostname to send in the LMTP LHLO command. 597 /* .IP "\fBsmtp_host_lookup (dns)\fR" 598 /* What mechanisms the Postfix SMTP client uses to look up a host's IP 599 /* address. 600 /* .IP "\fBsmtp_randomize_addresses (yes)\fR" 601 /* Randomize the order of equal-preference MX host addresses. 602 /* .IP "\fBsyslog_facility (mail)\fR" 603 /* The syslog facility of Postfix logging. 604 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 605 /* The mail system name that is prepended to the process name in syslog 606 /* records, so that "smtpd" becomes, for example, "postfix/smtpd". 607 /* .PP 608 /* Available with Postfix 2.2 and earlier: 609 /* .IP "\fBfallback_relay (empty)\fR" 610 /* Optional list of relay hosts for SMTP destinations that can't be 611 /* found or that are unreachable. 612 /* .PP 613 /* Available with Postfix 2.3 and later: 614 /* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" 615 /* Optional list of relay hosts for SMTP destinations that can't be 616 /* found or that are unreachable. 617 /* SEE ALSO 618 /* generic(5), output address rewriting 619 /* header_checks(5), message header content inspection 620 /* body_checks(5), body parts content inspection 621 /* qmgr(8), queue manager 622 /* bounce(8), delivery status reports 623 /* scache(8), connection cache server 624 /* postconf(5), configuration parameters 625 /* master(5), generic daemon options 626 /* master(8), process manager 627 /* tlsmgr(8), TLS session and PRNG management 628 /* syslogd(8), system logging 629 /* README FILES 630 /* .ad 631 /* .fi 632 /* Use "\fBpostconf readme_directory\fR" or 633 /* "\fBpostconf html_directory\fR" to locate this information. 634 /* .na 635 /* .nf 636 /* SASL_README, Postfix SASL howto 637 /* TLS_README, Postfix STARTTLS howto 638 /* LICENSE 639 /* .ad 640 /* .fi 641 /* The Secure Mailer license must be distributed with this software. 642 /* AUTHOR(S) 643 /* Wietse Venema 644 /* IBM T.J. Watson Research 645 /* P.O. Box 704 646 /* Yorktown Heights, NY 10598, USA 647 /* 648 /* Command pipelining in cooperation with: 649 /* Jon Ribbens 650 /* Oaktree Internet Solutions Ltd., 651 /* Internet House, 652 /* Canal Basin, 653 /* Coventry, 654 /* CV1 4LY, United Kingdom. 655 /* 656 /* SASL support originally by: 657 /* Till Franke 658 /* SuSE Rhein/Main AG 659 /* 65760 Eschborn, Germany 660 /* 661 /* TLS support originally by: 662 /* Lutz Jaenicke 663 /* BTU Cottbus 664 /* Allgemeine Elektrotechnik 665 /* Universitaetsplatz 3-4 666 /* D-03044 Cottbus, Germany 667 /* 668 /* Revised TLS and SMTP connection cache support by: 669 /* Victor Duchovni 670 /* Morgan Stanley 671 /*--*/ 672 673 /* System library. */ 674 675 #include <sys_defs.h> 676 #include <unistd.h> 677 #include <stdlib.h> 678 #include <string.h> 679 #include <fcntl.h> 680 #include <dict.h> 681 #include <stringops.h> 682 683 /* Utility library. */ 684 685 #include <msg.h> 686 #include <mymalloc.h> 687 #include <name_mask.h> 688 #include <name_code.h> 689 690 /* Global library. */ 691 692 #include <deliver_request.h> 693 #include <mail_params.h> 694 #include <mail_version.h> 695 #include <mail_conf.h> 696 #include <debug_peer.h> 697 #include <flush_clnt.h> 698 #include <scache.h> 699 #include <string_list.h> 700 #include <maps.h> 701 #include <ext_prop.h> 702 703 /* DNS library. */ 704 705 #include <dns.h> 706 707 /* Single server skeleton. */ 708 709 #include <mail_server.h> 710 711 /* Application-specific. */ 712 713 #include "smtp.h" 714 #include "smtp_sasl.h" 715 716 /* 717 * Tunable parameters. These have compiled-in defaults that can be overruled 718 * by settings in the global Postfix configuration file. 719 */ 720 int var_smtp_conn_tmout; 721 int var_smtp_helo_tmout; 722 int var_smtp_xfwd_tmout; 723 int var_smtp_mail_tmout; 724 int var_smtp_rcpt_tmout; 725 int var_smtp_data0_tmout; 726 int var_smtp_data1_tmout; 727 int var_smtp_data2_tmout; 728 int var_smtp_rset_tmout; 729 int var_smtp_quit_tmout; 730 char *var_inet_interfaces; 731 char *var_notify_classes; 732 int var_smtp_skip_5xx_greeting; 733 int var_ign_mx_lookup_err; 734 int var_skip_quit_resp; 735 char *var_fallback_relay; 736 char *var_bestmx_transp; 737 char *var_error_rcpt; 738 int var_smtp_always_ehlo; 739 int var_smtp_never_ehlo; 740 char *var_smtp_sasl_opts; 741 char *var_smtp_sasl_path; 742 char *var_smtp_sasl_passwd; 743 bool var_smtp_sasl_enable; 744 char *var_smtp_sasl_mechs; 745 char *var_smtp_sasl_type; 746 char *var_smtp_bind_addr; 747 char *var_smtp_bind_addr6; 748 bool var_smtp_rand_addr; 749 int var_smtp_pix_thresh; 750 int var_smtp_pix_delay; 751 int var_smtp_line_limit; 752 char *var_smtp_helo_name; 753 char *var_smtp_host_lookup; 754 bool var_smtp_quote_821_env; 755 bool var_smtp_defer_mxaddr; 756 bool var_smtp_send_xforward; 757 int var_smtp_mxaddr_limit; 758 int var_smtp_mxsess_limit; 759 int var_smtp_cache_conn; 760 int var_smtp_reuse_time; 761 char *var_smtp_cache_dest; 762 char *var_scache_service; /* You can now leave this here. */ 763 bool var_smtp_cache_demand; 764 char *var_smtp_ehlo_dis_words; 765 char *var_smtp_ehlo_dis_maps; 766 char *var_smtp_addr_pref; 767 768 char *var_smtp_tls_level; 769 bool var_smtp_use_tls; 770 bool var_smtp_enforce_tls; 771 char *var_smtp_tls_per_site; 772 char *var_smtp_tls_policy; 773 774 #ifdef USE_TLS 775 char *var_smtp_sasl_tls_opts; 776 char *var_smtp_sasl_tlsv_opts; 777 int var_smtp_starttls_tmout; 778 char *var_smtp_tls_CAfile; 779 char *var_smtp_tls_CApath; 780 char *var_smtp_tls_cert_file; 781 char *var_smtp_tls_mand_ciph; 782 char *var_smtp_tls_excl_ciph; 783 char *var_smtp_tls_mand_excl; 784 char *var_smtp_tls_dcert_file; 785 char *var_smtp_tls_dkey_file; 786 bool var_smtp_tls_enforce_peername; 787 char *var_smtp_tls_key_file; 788 int var_smtp_tls_loglevel; 789 bool var_smtp_tls_note_starttls_offer; 790 char *var_smtp_tls_mand_proto; 791 char *var_smtp_tls_sec_cmatch; 792 int var_smtp_tls_scert_vd; 793 char *var_smtp_tls_vfy_cmatch; 794 char *var_smtp_tls_fpt_cmatch; 795 char *var_smtp_tls_fpt_dgst; 796 char *var_smtp_tls_proto; 797 char *var_smtp_tls_ciph; 798 char *var_smtp_tls_eccert_file; 799 char *var_smtp_tls_eckey_file; 800 bool var_smtp_tls_blk_early_mail_reply; 801 802 #endif 803 804 char *var_smtp_generic_maps; 805 char *var_prop_extension; 806 bool var_smtp_sender_auth; 807 char *var_lmtp_tcp_port; 808 int var_scache_proto_tmout; 809 bool var_smtp_cname_overr; 810 char *var_smtp_pix_bug_words; 811 char *var_smtp_pix_bug_maps; 812 char *var_cyrus_conf_path; 813 char *var_smtp_head_chks; 814 char *var_smtp_mime_chks; 815 char *var_smtp_nest_chks; 816 char *var_smtp_body_chks; 817 char *var_smtp_resp_filter; 818 bool var_lmtp_assume_final; 819 char *var_smtp_dns_res_opt; 820 821 /* Special handling of 535 AUTH errors. */ 822 char *var_smtp_sasl_auth_cache_name; 823 int var_smtp_sasl_auth_cache_time; 824 bool var_smtp_sasl_auth_soft_bounce; 825 826 /* 827 * Global variables. 828 */ 829 int smtp_host_lookup_mask; 830 STRING_LIST *smtp_cache_dest; 831 SCACHE *smtp_scache; 832 MAPS *smtp_ehlo_dis_maps; 833 MAPS *smtp_generic_maps; 834 int smtp_ext_prop_mask; 835 unsigned smtp_dns_res_opt; 836 MAPS *smtp_pix_bug_maps; 837 HBC_CHECKS *smtp_header_checks; /* limited header checks */ 838 HBC_CHECKS *smtp_body_checks; /* limited body checks */ 839 840 #ifdef USE_TLS 841 842 /* 843 * OpenSSL client state (opaque handle) 844 */ 845 TLS_APPL_STATE *smtp_tls_ctx; 846 847 #endif 848 849 /* 850 * IPv6 preference. 851 */ 852 static int smtp_addr_pref; 853 854 /* deliver_message - deliver message with extreme prejudice */ 855 856 static int deliver_message(const char *service, DELIVER_REQUEST *request) 857 { 858 SMTP_STATE *state; 859 int result; 860 861 if (msg_verbose) 862 msg_info("deliver_message: from %s", request->sender); 863 864 /* 865 * Sanity checks. The smtp server is unprivileged and chrooted, so we can 866 * afford to distribute the data censoring code, instead of having it all 867 * in one place. 868 */ 869 if (request->nexthop[0] == 0) 870 msg_fatal("empty nexthop hostname"); 871 if (request->rcpt_list.len <= 0) 872 msg_fatal("recipient count: %d", request->rcpt_list.len); 873 874 /* 875 * Initialize. Bundle all information about the delivery request, so that 876 * we can produce understandable diagnostics when something goes wrong 877 * many levels below. The alternative would be to make everything global. 878 */ 879 state = smtp_state_alloc(); 880 state->request = request; 881 state->src = request->fp; 882 state->service = service; 883 state->misc_flags |= smtp_addr_pref; 884 SMTP_RCPT_INIT(state); 885 886 /* 887 * Establish an SMTP session and deliver this message to all requested 888 * recipients. At the end, notify the postmaster of any protocol errors. 889 * Optionally deliver mail locally when this machine is the best mail 890 * exchanger. 891 */ 892 result = smtp_connect(state); 893 894 /* 895 * Clean up. 896 */ 897 smtp_state_free(state); 898 899 return (result); 900 } 901 902 /* smtp_service - perform service for client */ 903 904 static void smtp_service(VSTREAM *client_stream, char *service, char **argv) 905 { 906 DELIVER_REQUEST *request; 907 int status; 908 909 /* 910 * Sanity check. This service takes no command-line arguments. 911 */ 912 if (argv[0]) 913 msg_fatal("unexpected command-line argument: %s", argv[0]); 914 915 /* 916 * This routine runs whenever a client connects to the UNIX-domain socket 917 * dedicated to remote SMTP delivery service. What we see below is a 918 * little protocol to (1) tell the queue manager that we are ready, (2) 919 * read a request from the queue manager, and (3) report the completion 920 * status of that request. All connection-management stuff is handled by 921 * the common code in single_server.c. 922 */ 923 if ((request = deliver_request_read(client_stream)) != 0) { 924 status = deliver_message(service, request); 925 deliver_request_done(client_stream, request, status); 926 } 927 } 928 929 /* post_init - post-jail initialization */ 930 931 static void post_init(char *unused_name, char **unused_argv) 932 { 933 static const NAME_MASK lookup_masks[] = { 934 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, 935 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 936 0, 937 }; 938 static const NAME_MASK dns_res_opt_masks[] = { 939 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES, 940 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH, 941 0, 942 }; 943 944 /* 945 * Select hostname lookup mechanisms. 946 */ 947 if (var_disable_dns) 948 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; 949 else 950 smtp_host_lookup_mask = name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks, 951 var_smtp_host_lookup); 952 if (msg_verbose) 953 msg_info("host name lookup methods: %s", 954 str_name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks, 955 smtp_host_lookup_mask)); 956 957 /* 958 * Session cache instance. 959 */ 960 if (*var_smtp_cache_dest || var_smtp_cache_demand) 961 #if 0 962 smtp_scache = scache_multi_create(); 963 #else 964 smtp_scache = scache_clnt_create(var_scache_service, 965 var_scache_proto_tmout, 966 var_ipc_idle_limit, 967 var_ipc_ttl_limit); 968 #endif 969 970 /* 971 * Select DNS query flags. 972 */ 973 smtp_dns_res_opt = name_mask(VAR_SMTP_DNS_RES_OPT, dns_res_opt_masks, 974 var_smtp_dns_res_opt); 975 } 976 977 /* pre_init - pre-jail initialization */ 978 979 static void pre_init(char *unused_name, char **unused_argv) 980 { 981 int use_tls; 982 static const NAME_CODE addr_pref_map[] = { 983 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6, 984 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4, 985 INET_PROTO_NAME_ANY, 0, 986 0, -1, 987 }; 988 989 /* 990 * Turn on per-peer debugging. 991 */ 992 debug_peer_init(); 993 994 /* 995 * SASL initialization. 996 */ 997 if (var_smtp_sasl_enable) 998 #ifdef USE_SASL_AUTH 999 smtp_sasl_initialize(); 1000 #else 1001 msg_warn("%s is true, but SASL support is not compiled in", 1002 VAR_SMTP_SASL_ENABLE); 1003 #endif 1004 1005 if (*var_smtp_tls_level != 0) 1006 #ifdef USE_TLS 1007 switch (tls_level_lookup(var_smtp_tls_level)) { 1008 case TLS_LEV_SECURE: 1009 case TLS_LEV_VERIFY: 1010 case TLS_LEV_FPRINT: 1011 case TLS_LEV_ENCRYPT: 1012 var_smtp_use_tls = var_smtp_enforce_tls = 1; 1013 break; 1014 case TLS_LEV_MAY: 1015 var_smtp_use_tls = 1; 1016 var_smtp_enforce_tls = 0; 1017 break; 1018 case TLS_LEV_NONE: 1019 var_smtp_use_tls = var_smtp_enforce_tls = 0; 1020 break; 1021 default: 1022 /* tls_level_lookup() logs no warning. */ 1023 /* session_tls_init() assumes that var_smtp_tls_level is sane. */ 1024 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); 1025 } 1026 #endif 1027 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); 1028 1029 /* 1030 * Initialize the TLS data before entering the chroot jail 1031 */ 1032 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { 1033 #ifdef USE_TLS 1034 TLS_CLIENT_INIT_PROPS props; 1035 1036 /* 1037 * We get stronger type safety and a cleaner interface by combining 1038 * the various parameters into a single tls_client_props structure. 1039 * 1040 * Large parameter lists are error-prone, so we emulate a language 1041 * feature that C does not have natively: named parameter lists. 1042 */ 1043 smtp_tls_ctx = 1044 TLS_CLIENT_INIT(&props, 1045 log_level = var_smtp_tls_loglevel, 1046 verifydepth = var_smtp_tls_scert_vd, 1047 cache_type = strcmp(var_procname, "smtp") == 0 ? 1048 TLS_MGR_SCACHE_SMTP : TLS_MGR_SCACHE_LMTP, 1049 cert_file = var_smtp_tls_cert_file, 1050 key_file = var_smtp_tls_key_file, 1051 dcert_file = var_smtp_tls_dcert_file, 1052 dkey_file = var_smtp_tls_dkey_file, 1053 eccert_file = var_smtp_tls_eccert_file, 1054 eckey_file = var_smtp_tls_eckey_file, 1055 CAfile = var_smtp_tls_CAfile, 1056 CApath = var_smtp_tls_CApath, 1057 fpt_dgst = var_smtp_tls_fpt_dgst); 1058 smtp_tls_list_init(); 1059 #else 1060 msg_warn("TLS has been selected, but TLS support is not compiled in"); 1061 #endif 1062 } 1063 1064 /* 1065 * Flush client. 1066 */ 1067 flush_init(); 1068 1069 /* 1070 * Session cache domain list. 1071 */ 1072 if (*var_smtp_cache_dest) 1073 smtp_cache_dest = string_list_init(MATCH_FLAG_NONE, var_smtp_cache_dest); 1074 1075 /* 1076 * EHLO keyword filter. 1077 */ 1078 if (*var_smtp_ehlo_dis_maps) 1079 smtp_ehlo_dis_maps = maps_create(VAR_SMTP_EHLO_DIS_MAPS, 1080 var_smtp_ehlo_dis_maps, 1081 DICT_FLAG_LOCK); 1082 1083 /* 1084 * PIX bug workarounds. 1085 */ 1086 if (*var_smtp_pix_bug_maps) 1087 smtp_pix_bug_maps = maps_create(VAR_SMTP_PIX_BUG_MAPS, 1088 var_smtp_pix_bug_maps, 1089 DICT_FLAG_LOCK); 1090 1091 /* 1092 * Generic maps. 1093 */ 1094 if (*var_prop_extension) 1095 smtp_ext_prop_mask = 1096 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); 1097 if (*var_smtp_generic_maps) 1098 smtp_generic_maps = 1099 maps_create(VAR_SMTP_GENERIC_MAPS, var_smtp_generic_maps, 1100 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1101 1102 /* 1103 * Header/body checks. 1104 */ 1105 smtp_header_checks = hbc_header_checks_create( 1106 VAR_SMTP_HEAD_CHKS, var_smtp_head_chks, 1107 VAR_SMTP_MIME_CHKS, var_smtp_mime_chks, 1108 VAR_SMTP_NEST_CHKS, var_smtp_nest_chks, 1109 smtp_hbc_callbacks); 1110 smtp_body_checks = hbc_body_checks_create( 1111 VAR_SMTP_BODY_CHKS, var_smtp_body_chks, 1112 smtp_hbc_callbacks); 1113 1114 /* 1115 * Server reply filter. 1116 */ 1117 if (*var_smtp_resp_filter) 1118 smtp_chat_resp_filter = 1119 dict_open(var_smtp_resp_filter, O_RDONLY, 1120 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1121 1122 /* 1123 * Address family preference. 1124 */ 1125 if (*var_smtp_addr_pref) { 1126 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE, 1127 var_smtp_addr_pref); 1128 if (smtp_addr_pref < 0) 1129 msg_fatal("bad %s value: %s", VAR_SMTP_ADDR_PREF, var_smtp_addr_pref); 1130 } 1131 } 1132 1133 /* pre_accept - see if tables have changed */ 1134 1135 static void pre_accept(char *unused_name, char **unused_argv) 1136 { 1137 const char *table; 1138 1139 if ((table = dict_changed_name()) != 0) { 1140 msg_info("table %s has changed -- restarting", table); 1141 exit(0); 1142 } 1143 } 1144 1145 MAIL_VERSION_STAMP_DECLARE; 1146 1147 /* main - pass control to the single-threaded skeleton */ 1148 1149 int main(int argc, char **argv) 1150 { 1151 #include "smtp_params.c" 1152 #include "lmtp_params.c" 1153 int smtp_mode; 1154 1155 /* 1156 * Fingerprint executables and core dumps. 1157 */ 1158 MAIL_VERSION_STAMP_ALLOCATE; 1159 1160 /* 1161 * XXX At this point, var_procname etc. are not initialized. 1162 */ 1163 smtp_mode = (strcmp(sane_basename((VSTRING *) 0, argv[0]), "smtp") == 0); 1164 1165 /* 1166 * Initialize with the LMTP or SMTP parameter name space. 1167 */ 1168 single_server_main(argc, argv, smtp_service, 1169 MAIL_SERVER_TIME_TABLE, smtp_mode ? 1170 smtp_time_table : lmtp_time_table, 1171 MAIL_SERVER_INT_TABLE, smtp_mode ? 1172 smtp_int_table : lmtp_int_table, 1173 MAIL_SERVER_STR_TABLE, smtp_mode ? 1174 smtp_str_table : lmtp_str_table, 1175 MAIL_SERVER_BOOL_TABLE, smtp_mode ? 1176 smtp_bool_table : lmtp_bool_table, 1177 MAIL_SERVER_PRE_INIT, pre_init, 1178 MAIL_SERVER_POST_INIT, post_init, 1179 MAIL_SERVER_PRE_ACCEPT, pre_accept, 1180 0); 1181 } 1182