1 /* $NetBSD: smtp.c,v 1.10 2017/02/14 01:16:48 christos Exp $ */ 2 3 /*++ 4 /* NAME 5 /* smtp 8 6 /* SUMMARY 7 /* Postfix SMTP+LMTP client 8 /* SYNOPSIS 9 /* \fBsmtp\fR [generic Postfix daemon options] 10 /* DESCRIPTION 11 /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail 12 /* delivery protocols. It processes message delivery requests from 13 /* the queue manager. Each request specifies a queue file, a sender 14 /* address, a domain or host to deliver to, and recipient information. 15 /* This program expects to be run from the \fBmaster\fR(8) process 16 /* manager. 17 /* 18 /* The SMTP+LMTP client updates the queue file and marks recipients 19 /* as finished, or it informs the queue manager that delivery should 20 /* be tried again at a later time. Delivery status reports are sent 21 /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as 22 /* appropriate. 23 /* 24 /* The SMTP+LMTP client looks up a list of mail exchanger addresses for 25 /* the destination host, sorts the list by preference, and connects 26 /* to each listed address until it finds a server that responds. 27 /* 28 /* When a server is not reachable, or when mail delivery fails due 29 /* to a recoverable error condition, the SMTP+LMTP client will try to 30 /* deliver the mail to an alternate host. 31 /* 32 /* After a successful mail transaction, a connection may be saved 33 /* to the \fBscache\fR(8) connection cache server, so that it 34 /* may be used by any SMTP+LMTP client for a subsequent transaction. 35 /* 36 /* By default, connection caching is enabled temporarily for 37 /* destinations that have a high volume of mail in the active 38 /* queue. Connection caching can be enabled permanently for 39 /* specific destinations. 40 /* SMTP DESTINATION SYNTAX 41 /* .ad 42 /* .fi 43 /* SMTP destinations have the following form: 44 /* .IP \fIdomainname\fR 45 /* .IP \fIdomainname\fR:\fIport\fR 46 /* Look up the mail exchangers for the specified domain, and 47 /* connect to the specified port (default: \fBsmtp\fR). 48 /* .IP [\fIhostname\fR] 49 /* .IP [\fIhostname\fR]:\fIport\fR 50 /* Look up the address(es) of the specified host, and connect to 51 /* the specified port (default: \fBsmtp\fR). 52 /* .IP [\fIaddress\fR] 53 /* .IP [\fIaddress\fR]:\fIport\fR 54 /* Connect to the host at the specified address, and connect 55 /* to the specified port (default: \fBsmtp\fR). An IPv6 address 56 /* must be formatted as [\fBipv6\fR:\fIaddress\fR]. 57 /* LMTP DESTINATION SYNTAX 58 /* .ad 59 /* .fi 60 /* LMTP destinations have the following form: 61 /* .IP \fBunix\fR:\fIpathname\fR 62 /* Connect to the local UNIX-domain server that is bound to the specified 63 /* \fIpathname\fR. If the process runs chrooted, an absolute pathname 64 /* is interpreted relative to the Postfix queue directory. 65 /* .IP \fBinet\fR:\fIhostname\fR 66 /* .IP \fBinet\fR:\fIhostname\fR:\fIport\fR 67 /* .IP \fBinet\fR:[\fIaddress\fR] 68 /* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR 69 /* Connect to the specified TCP port on the specified local or 70 /* remote host. If no port is specified, connect to the port defined as 71 /* \fBlmtp\fR in \fBservices\fR(4). 72 /* If no such service is found, the \fBlmtp_tcp_port\fR configuration 73 /* parameter (default value of 24) will be used. 74 /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. 75 /* .PP 76 /* SECURITY 77 /* .ad 78 /* .fi 79 /* The SMTP+LMTP client is moderately security-sensitive. It 80 /* talks to SMTP or LMTP servers and to DNS servers on the 81 /* network. The SMTP+LMTP client can be run chrooted at fixed 82 /* low privilege. 83 /* STANDARDS 84 /* RFC 821 (SMTP protocol) 85 /* RFC 822 (ARPA Internet Text Messages) 86 /* RFC 1651 (SMTP service extensions) 87 /* RFC 1652 (8bit-MIME transport) 88 /* RFC 1870 (Message Size Declaration) 89 /* RFC 2033 (LMTP protocol) 90 /* RFC 2034 (SMTP Enhanced Error Codes) 91 /* RFC 2045 (MIME: Format of Internet Message Bodies) 92 /* RFC 2046 (MIME: Media Types) 93 /* RFC 2554 (AUTH command) 94 /* RFC 2821 (SMTP protocol) 95 /* RFC 2920 (SMTP Pipelining) 96 /* RFC 3207 (STARTTLS command) 97 /* RFC 3461 (SMTP DSN Extension) 98 /* RFC 3463 (Enhanced Status Codes) 99 /* RFC 4954 (AUTH command) 100 /* RFC 5321 (SMTP protocol) 101 /* RFC 6531 (Internationalized SMTP) 102 /* RFC 6533 (Internationalized Delivery Status Notifications) 103 /* RFC 7672 (SMTP security via opportunistic DANE TLS) 104 /* DIAGNOSTICS 105 /* Problems and transactions are logged to \fBsyslogd\fR(8). 106 /* Corrupted message files are marked so that the queue manager can 107 /* move them to the \fBcorrupt\fR queue for further inspection. 108 /* 109 /* Depending on the setting of the \fBnotify_classes\fR parameter, 110 /* the postmaster is notified of bounces, protocol problems, and of 111 /* other trouble. 112 /* BUGS 113 /* SMTP and LMTP connection caching does not work with TLS. The necessary 114 /* support for TLS object passivation and re-activation does not 115 /* exist without closing the session, which defeats the purpose. 116 /* 117 /* SMTP and LMTP connection caching assumes that SASL credentials 118 /* are valid for all destinations that map onto the same IP 119 /* address and TCP port. 120 /* CONFIGURATION PARAMETERS 121 /* .ad 122 /* .fi 123 /* Before Postfix version 2.3, the LMTP client is a separate 124 /* program that implements only a subset of the functionality 125 /* available with SMTP: there is no support for TLS, and 126 /* connections are cached in-process, making it ineffective 127 /* when the client is used for multiple domains. 128 /* 129 /* Most smtp_\fIxxx\fR configuration parameters have an 130 /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP 131 /* feature. This document describes only those LMTP-related 132 /* parameters that aren't simply "mirror" parameters. 133 /* 134 /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) 135 /* processes run for only a limited amount of time. Use the command 136 /* "\fBpostfix reload\fR" to speed up a change. 137 /* 138 /* The text below provides only a parameter summary. See 139 /* \fBpostconf\fR(5) for more details including examples. 140 /* COMPATIBILITY CONTROLS 141 /* .ad 142 /* .fi 143 /* .IP "\fBignore_mx_lookup_error (no)\fR" 144 /* Ignore DNS MX lookups that produce no response. 145 /* .IP "\fBsmtp_always_send_ehlo (yes)\fR" 146 /* Always send EHLO at the start of an SMTP session. 147 /* .IP "\fBsmtp_never_send_ehlo (no)\fR" 148 /* Never send EHLO at the start of an SMTP session. 149 /* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" 150 /* Defer mail delivery when no MX record resolves to an IP address. 151 /* .IP "\fBsmtp_line_length_limit (998)\fR" 152 /* The maximal length of message header and body lines that Postfix 153 /* will send via SMTP. 154 /* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" 155 /* How long the Postfix SMTP client pauses before sending 156 /* ".<CR><LF>" in order to work around the PIX firewall 157 /* "<CR><LF>.<CR><LF>" bug. 158 /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" 159 /* How long a message must be queued before the Postfix SMTP client 160 /* turns on the PIX firewall "<CR><LF>.<CR><LF>" 161 /* bug workaround for delivery through firewalls with "smtp fixup" 162 /* mode turned on. 163 /* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" 164 /* A list that specifies zero or more workarounds for CISCO PIX 165 /* firewall bugs. 166 /* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" 167 /* Lookup tables, indexed by the remote SMTP server address, with 168 /* per-destination workarounds for CISCO PIX firewall bugs. 169 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" 170 /* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 171 /* as required 172 /* by RFC 5321. 173 /* .IP "\fBsmtp_reply_filter (empty)\fR" 174 /* A mechanism to transform replies from remote SMTP servers one 175 /* line at a time. 176 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR" 177 /* Skip remote SMTP servers that greet with a 5XX status code. 178 /* .IP "\fBsmtp_skip_quit_response (yes)\fR" 179 /* Do not wait for the response to the SMTP QUIT command. 180 /* .PP 181 /* Available in Postfix version 2.0 and earlier: 182 /* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR" 183 /* Skip SMTP servers that greet with a 4XX status code (go away, try 184 /* again later). 185 /* .PP 186 /* Available in Postfix version 2.2 and later: 187 /* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" 188 /* Lookup tables, indexed by the remote SMTP server address, with 189 /* case insensitive lists of EHLO keywords (pipelining, starttls, auth, 190 /* etc.) that the Postfix SMTP client will ignore in the EHLO response from a 191 /* remote SMTP server. 192 /* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" 193 /* A case insensitive list of EHLO keywords (pipelining, starttls, 194 /* auth, etc.) that the Postfix SMTP client will ignore in the EHLO 195 /* response from a remote SMTP server. 196 /* .IP "\fBsmtp_generic_maps (empty)\fR" 197 /* Optional lookup tables that perform address rewriting in the 198 /* Postfix SMTP client, typically to transform a locally valid address into 199 /* a globally valid address when sending mail across the Internet. 200 /* .PP 201 /* Available in Postfix version 2.2.9 and later: 202 /* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" 203 /* When the remote SMTP servername is a DNS CNAME, replace the 204 /* servername with the result from CNAME expansion for the purpose of 205 /* logging, SASL password lookup, TLS 206 /* policy decisions, or TLS certificate verification. 207 /* .PP 208 /* Available in Postfix version 2.3 and later: 209 /* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" 210 /* Lookup tables, indexed by the remote LMTP server address, with 211 /* case insensitive lists of LHLO keywords (pipelining, starttls, 212 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO 213 /* response 214 /* from a remote LMTP server. 215 /* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" 216 /* A case insensitive list of LHLO keywords (pipelining, starttls, 217 /* auth, etc.) that the Postfix LMTP client will ignore in the LHLO 218 /* response 219 /* from a remote LMTP server. 220 /* .PP 221 /* Available in Postfix version 2.4.4 and later: 222 /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" 223 /* When authenticating to a remote SMTP or LMTP server with the 224 /* default setting "no", send no SASL authoriZation ID (authzid); send 225 /* only the SASL authentiCation ID (authcid) plus the authcid's password. 226 /* .PP 227 /* Available in Postfix version 2.5 and later: 228 /* .IP "\fBsmtp_header_checks (empty)\fR" 229 /* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. 230 /* .IP "\fBsmtp_mime_header_checks (empty)\fR" 231 /* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP 232 /* client. 233 /* .IP "\fBsmtp_nested_header_checks (empty)\fR" 234 /* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP 235 /* client. 236 /* .IP "\fBsmtp_body_checks (empty)\fR" 237 /* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. 238 /* .PP 239 /* Available in Postfix version 2.6 and later: 240 /* .IP "\fBtcp_windowsize (0)\fR" 241 /* An optional workaround for routers that break TCP window scaling. 242 /* .PP 243 /* Available in Postfix version 2.8 and later: 244 /* .IP "\fBsmtp_dns_resolver_options (empty)\fR" 245 /* DNS Resolver options for the Postfix SMTP client. 246 /* .PP 247 /* Available in Postfix version 2.9 and later: 248 /* .IP "\fBsmtp_per_record_deadline (no)\fR" 249 /* Change the behavior of the smtp_*_timeout time limits, from a 250 /* time limit per read or write system call, to a time limit to send 251 /* or receive a complete record (an SMTP command line, SMTP response 252 /* line, SMTP message content line, or TLS protocol message). 253 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" 254 /* Whether or not to append the "AUTH=<>" option to the MAIL 255 /* FROM command in SASL-authenticated SMTP sessions. 256 /* .PP 257 /* Available in Postfix version 2.11 and later: 258 /* .IP "\fBsmtp_dns_support_level (empty)\fR" 259 /* Level of DNS support in the Postfix SMTP client. 260 /* .PP 261 /* Available in Postfix version 3.0 and later: 262 /* .IP "\fBsmtp_delivery_status_filter ($default_delivery_status_filter)\fR" 263 /* Optional filter for the \fBsmtp\fR(8) delivery agent to change the 264 /* delivery status code or explanatory text of successful or unsuccessful 265 /* deliveries. 266 /* .IP "\fBsmtp_dns_reply_filter (empty)\fR" 267 /* Optional filter for Postfix SMTP client DNS lookup results. 268 /* MIME PROCESSING CONTROLS 269 /* .ad 270 /* .fi 271 /* Available in Postfix version 2.0 and later: 272 /* .IP "\fBdisable_mime_output_conversion (no)\fR" 273 /* Disable the conversion of 8BITMIME format to 7BIT format. 274 /* .IP "\fBmime_boundary_length_limit (2048)\fR" 275 /* The maximal length of MIME multipart boundary strings. 276 /* .IP "\fBmime_nesting_limit (100)\fR" 277 /* The maximal recursion level that the MIME processor will handle. 278 /* EXTERNAL CONTENT INSPECTION CONTROLS 279 /* .ad 280 /* .fi 281 /* Available in Postfix version 2.1 and later: 282 /* .IP "\fBsmtp_send_xforward_command (no)\fR" 283 /* Send the non-standard XFORWARD command when the Postfix SMTP server 284 /* EHLO response announces XFORWARD support. 285 /* SASL AUTHENTICATION CONTROLS 286 /* .ad 287 /* .fi 288 /* .IP "\fBsmtp_sasl_auth_enable (no)\fR" 289 /* Enable SASL authentication in the Postfix SMTP client. 290 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR" 291 /* Optional Postfix SMTP client lookup tables with one username:password 292 /* entry per sender, remote hostname or next-hop domain. 293 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" 294 /* Postfix SMTP client SASL security options; as of Postfix 2.3 295 /* the list of available 296 /* features depends on the SASL client implementation that is selected 297 /* with \fBsmtp_sasl_type\fR. 298 /* .PP 299 /* Available in Postfix version 2.2 and later: 300 /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" 301 /* If non-empty, a Postfix SMTP client filter for the remote SMTP 302 /* server's list of offered SASL mechanisms. 303 /* .PP 304 /* Available in Postfix version 2.3 and later: 305 /* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" 306 /* Enable sender-dependent authentication in the Postfix SMTP client; this is 307 /* available only with SASL authentication, and disables SMTP connection 308 /* caching to ensure that mail from different senders will use the 309 /* appropriate credentials. 310 /* .IP "\fBsmtp_sasl_path (empty)\fR" 311 /* Implementation-specific information that the Postfix SMTP client 312 /* passes through to 313 /* the SASL plug-in implementation that is selected with 314 /* \fBsmtp_sasl_type\fR. 315 /* .IP "\fBsmtp_sasl_type (cyrus)\fR" 316 /* The SASL plug-in type that the Postfix SMTP client should use 317 /* for authentication. 318 /* .PP 319 /* Available in Postfix version 2.5 and later: 320 /* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" 321 /* An optional table to prevent repeated SASL authentication 322 /* failures with the same remote SMTP server hostname, username and 323 /* password. 324 /* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" 325 /* The maximal age of an smtp_sasl_auth_cache_name entry before it 326 /* is removed. 327 /* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" 328 /* When a remote SMTP server rejects a SASL authentication request 329 /* with a 535 reply code, defer mail delivery instead of returning 330 /* mail as undeliverable. 331 /* .PP 332 /* Available in Postfix version 2.9 and later: 333 /* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" 334 /* Whether or not to append the "AUTH=<>" option to the MAIL 335 /* FROM command in SASL-authenticated SMTP sessions. 336 /* STARTTLS SUPPORT CONTROLS 337 /* .ad 338 /* .fi 339 /* Detailed information about STARTTLS configuration may be found 340 /* in the TLS_README document. 341 /* .IP "\fBsmtp_tls_security_level (empty)\fR" 342 /* The default SMTP TLS security level for the Postfix SMTP client; 343 /* when a non-empty value is specified, this overrides the obsolete 344 /* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 345 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" 346 /* The SASL authentication security options that the Postfix SMTP 347 /* client uses for TLS encrypted SMTP sessions. 348 /* .IP "\fBsmtp_starttls_timeout (300s)\fR" 349 /* Time limit for Postfix SMTP client write and read operations 350 /* during TLS startup and shutdown handshake procedures. 351 /* .IP "\fBsmtp_tls_CAfile (empty)\fR" 352 /* A file containing CA certificates of root CAs trusted to sign 353 /* either remote SMTP server certificates or intermediate CA certificates. 354 /* .IP "\fBsmtp_tls_CApath (empty)\fR" 355 /* Directory with PEM format Certification Authority certificates 356 /* that the Postfix SMTP client uses to verify a remote SMTP server 357 /* certificate. 358 /* .IP "\fBsmtp_tls_cert_file (empty)\fR" 359 /* File with the Postfix SMTP client RSA certificate in PEM format. 360 /* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" 361 /* The minimum TLS cipher grade that the Postfix SMTP client will 362 /* use with 363 /* mandatory TLS encryption. 364 /* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" 365 /* List of ciphers or cipher types to exclude from the Postfix 366 /* SMTP client cipher 367 /* list at all TLS security levels. 368 /* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" 369 /* Additional list of ciphers or cipher types to exclude from the 370 /* Postfix SMTP client cipher list at mandatory TLS security levels. 371 /* .IP "\fBsmtp_tls_dcert_file (empty)\fR" 372 /* File with the Postfix SMTP client DSA certificate in PEM format. 373 /* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" 374 /* File with the Postfix SMTP client DSA private key in PEM format. 375 /* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" 376 /* File with the Postfix SMTP client RSA private key in PEM format. 377 /* .IP "\fBsmtp_tls_loglevel (0)\fR" 378 /* Enable additional Postfix SMTP client logging of TLS activity. 379 /* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR" 380 /* Log the hostname of a remote SMTP server that offers STARTTLS, 381 /* when TLS is not already enabled for that server. 382 /* .IP "\fBsmtp_tls_policy_maps (empty)\fR" 383 /* Optional lookup tables with the Postfix SMTP client TLS security 384 /* policy by next-hop destination; when a non-empty value is specified, 385 /* this overrides the obsolete smtp_tls_per_site parameter. 386 /* .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2, !SSLv3)\fR" 387 /* List of SSL/TLS protocols that the Postfix SMTP client will use with 388 /* mandatory TLS encryption. 389 /* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" 390 /* The verification depth for remote SMTP server certificates. 391 /* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" 392 /* How the Postfix SMTP client verifies the server certificate 393 /* peername for the "secure" TLS security level. 394 /* .IP "\fBsmtp_tls_session_cache_database (empty)\fR" 395 /* Name of the file containing the optional Postfix SMTP client 396 /* TLS session cache. 397 /* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" 398 /* The expiration time of Postfix SMTP client TLS session cache 399 /* information. 400 /* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" 401 /* How the Postfix SMTP client verifies the server certificate 402 /* peername for the 403 /* "verify" TLS security level. 404 /* .IP "\fBtls_daemon_random_bytes (32)\fR" 405 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 406 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its 407 /* internal pseudo random number generator (PRNG). 408 /* .IP "\fBtls_high_cipherlist (see 'postconf -d' output)\fR" 409 /* The OpenSSL cipherlist for "high" grade ciphers. 410 /* .IP "\fBtls_medium_cipherlist (see 'postconf -d' output)\fR" 411 /* The OpenSSL cipherlist for "medium" or higher grade ciphers. 412 /* .IP "\fBtls_low_cipherlist (see 'postconf -d' output)\fR" 413 /* The OpenSSL cipherlist for "low" or higher grade ciphers. 414 /* .IP "\fBtls_export_cipherlist (see 'postconf -d' output)\fR" 415 /* The OpenSSL cipherlist for "export" or higher grade ciphers. 416 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 417 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide 418 /* authentication without encryption. 419 /* .PP 420 /* Available in Postfix version 2.4 and later: 421 /* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" 422 /* The SASL authentication security options that the Postfix SMTP 423 /* client uses for TLS encrypted SMTP sessions with a verified server 424 /* certificate. 425 /* .PP 426 /* Available in Postfix version 2.5 and later: 427 /* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" 428 /* List of acceptable remote SMTP server certificate fingerprints for 429 /* the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = 430 /* fingerprint). 431 /* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR" 432 /* The message digest algorithm used to construct remote SMTP server 433 /* certificate fingerprints. 434 /* .PP 435 /* Available in Postfix version 2.6 and later: 436 /* .IP "\fBsmtp_tls_protocols (!SSLv2, !SSLv3)\fR" 437 /* List of TLS protocols that the Postfix SMTP client will exclude or 438 /* include with opportunistic TLS encryption. 439 /* .IP "\fBsmtp_tls_ciphers (medium)\fR" 440 /* The minimum TLS cipher grade that the Postfix SMTP client 441 /* will use with opportunistic TLS encryption. 442 /* .IP "\fBsmtp_tls_eccert_file (empty)\fR" 443 /* File with the Postfix SMTP client ECDSA certificate in PEM format. 444 /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" 445 /* File with the Postfix SMTP client ECDSA private key in PEM format. 446 /* .PP 447 /* Available in Postfix version 2.7 and later: 448 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" 449 /* Try to detect a mail hijacking attack based on a TLS protocol 450 /* vulnerability (CVE-2009-3555), where an attacker prepends malicious 451 /* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 452 /* .PP 453 /* Available in Postfix version 2.8 and later: 454 /* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" 455 /* List or bit-mask of OpenSSL bug work-arounds to disable. 456 /* .PP 457 /* Available in Postfix version 2.11 and later: 458 /* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR" 459 /* Zero or more PEM-format files with trust-anchor certificates 460 /* and/or public keys. 461 /* .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR" 462 /* Lookup the associated DANE TLSA RRset even when a hostname is 463 /* not an alias and its address records lie in an unsigned zone. 464 /* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" 465 /* RFC 6698 trust-anchor digest support in the Postfix TLS library. 466 /* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" 467 /* The name of the \fBtlsmgr\fR(8) service entry in master.cf. 468 /* .PP 469 /* Available in Postfix version 3.0 and later: 470 /* .IP "\fBsmtp_tls_wrappermode (no)\fR" 471 /* Request that the Postfix SMTP client connects using the 472 /* legacy SMTPS protocol instead of using the STARTTLS command. 473 /* .PP 474 /* Available in Postfix version 3.1 and later: 475 /* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" 476 /* The TLS policy for MX hosts with "secure" TLSA records when the 477 /* nexthop destination security level is \fBdane\fR, but the MX 478 /* record was found via an "insecure" MX lookup. 479 /* OBSOLETE STARTTLS CONTROLS 480 /* .ad 481 /* .fi 482 /* The following configuration parameters exist for compatibility 483 /* with Postfix versions before 2.3. Support for these will 484 /* be removed in a future release. 485 /* .IP "\fBsmtp_use_tls (no)\fR" 486 /* Opportunistic mode: use TLS when a remote SMTP server announces 487 /* STARTTLS support, otherwise send the mail in the clear. 488 /* .IP "\fBsmtp_enforce_tls (no)\fR" 489 /* Enforcement mode: require that remote SMTP servers use TLS 490 /* encryption, and never send mail in the clear. 491 /* .IP "\fBsmtp_tls_enforce_peername (yes)\fR" 492 /* With mandatory TLS encryption, require that the remote SMTP 493 /* server hostname matches the information in the remote SMTP server 494 /* certificate. 495 /* .IP "\fBsmtp_tls_per_site (empty)\fR" 496 /* Optional lookup tables with the Postfix SMTP client TLS usage 497 /* policy by next-hop destination and by remote SMTP server hostname. 498 /* .IP "\fBsmtp_tls_cipherlist (empty)\fR" 499 /* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 500 /* cipher list. 501 /* RESOURCE AND RATE CONTROLS 502 /* .ad 503 /* .fi 504 /* .IP "\fBsmtp_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 505 /* The maximal number of parallel deliveries to the same destination 506 /* via the smtp message delivery transport. 507 /* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR" 508 /* The maximal number of recipients per message for the smtp 509 /* message delivery transport. 510 /* .IP "\fBsmtp_connect_timeout (30s)\fR" 511 /* The Postfix SMTP client time limit for completing a TCP connection, or 512 /* zero (use the operating system built-in time limit). 513 /* .IP "\fBsmtp_helo_timeout (300s)\fR" 514 /* The Postfix SMTP client time limit for sending the HELO or EHLO command, 515 /* and for receiving the initial remote SMTP server response. 516 /* .IP "\fBlmtp_lhlo_timeout (300s)\fR" 517 /* The Postfix LMTP client time limit for sending the LHLO command, 518 /* and for receiving the initial remote LMTP server response. 519 /* .IP "\fBsmtp_xforward_timeout (300s)\fR" 520 /* The Postfix SMTP client time limit for sending the XFORWARD command, 521 /* and for receiving the remote SMTP server response. 522 /* .IP "\fBsmtp_mail_timeout (300s)\fR" 523 /* The Postfix SMTP client time limit for sending the MAIL FROM command, 524 /* and for receiving the remote SMTP server response. 525 /* .IP "\fBsmtp_rcpt_timeout (300s)\fR" 526 /* The Postfix SMTP client time limit for sending the SMTP RCPT TO 527 /* command, and for receiving the remote SMTP server response. 528 /* .IP "\fBsmtp_data_init_timeout (120s)\fR" 529 /* The Postfix SMTP client time limit for sending the SMTP DATA command, 530 /* and for receiving the remote SMTP server response. 531 /* .IP "\fBsmtp_data_xfer_timeout (180s)\fR" 532 /* The Postfix SMTP client time limit for sending the SMTP message content. 533 /* .IP "\fBsmtp_data_done_timeout (600s)\fR" 534 /* The Postfix SMTP client time limit for sending the SMTP ".", and 535 /* for receiving the remote SMTP server response. 536 /* .IP "\fBsmtp_quit_timeout (300s)\fR" 537 /* The Postfix SMTP client time limit for sending the QUIT command, 538 /* and for receiving the remote SMTP server response. 539 /* .PP 540 /* Available in Postfix version 2.1 and later: 541 /* .IP "\fBsmtp_mx_address_limit (5)\fR" 542 /* The maximal number of MX (mail exchanger) IP addresses that can 543 /* result from Postfix SMTP client mail exchanger lookups, or zero (no 544 /* limit). 545 /* .IP "\fBsmtp_mx_session_limit (2)\fR" 546 /* The maximal number of SMTP sessions per delivery request before 547 /* the Postfix SMTP client 548 /* gives up or delivers to a fall-back relay host, or zero (no 549 /* limit). 550 /* .IP "\fBsmtp_rset_timeout (20s)\fR" 551 /* The Postfix SMTP client time limit for sending the RSET command, 552 /* and for receiving the remote SMTP server response. 553 /* .PP 554 /* Available in Postfix version 2.2 and earlier: 555 /* .IP "\fBlmtp_cache_connection (yes)\fR" 556 /* Keep Postfix LMTP client connections open for up to $max_idle 557 /* seconds. 558 /* .PP 559 /* Available in Postfix version 2.2 and later: 560 /* .IP "\fBsmtp_connection_cache_destinations (empty)\fR" 561 /* Permanently enable SMTP connection caching for the specified 562 /* destinations. 563 /* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR" 564 /* Temporarily enable SMTP connection caching while a destination 565 /* has a high volume of mail in the active queue. 566 /* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" 567 /* The amount of time during which Postfix will use an SMTP 568 /* connection repeatedly. 569 /* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR" 570 /* When SMTP connection caching is enabled, the amount of time that 571 /* an unused SMTP client socket is kept open before it is closed. 572 /* .PP 573 /* Available in Postfix version 2.3 and later: 574 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR" 575 /* Time limit for connection cache connect, send or receive 576 /* operations. 577 /* .PP 578 /* Available in Postfix version 2.9 and later: 579 /* .IP "\fBsmtp_per_record_deadline (no)\fR" 580 /* Change the behavior of the smtp_*_timeout time limits, from a 581 /* time limit per read or write system call, to a time limit to send 582 /* or receive a complete record (an SMTP command line, SMTP response 583 /* line, SMTP message content line, or TLS protocol message). 584 /* .PP 585 /* Available in Postfix version 2.11 and later: 586 /* .IP "\fBsmtp_connection_reuse_count_limit (0)\fR" 587 /* When SMTP connection caching is enabled, the number of times 588 /* that an SMTP session may be reused before it is closed, or zero (no 589 /* limit). 590 /* SMTPUTF8 CONTROLS 591 /* .ad 592 /* .fi 593 /* Preliminary SMTPUTF8 support is introduced with Postfix 3.0. 594 /* .IP "\fBsmtputf8_enable (yes)\fR" 595 /* Enable preliminary SMTPUTF8 support for the protocols described 596 /* in RFC 6531..6533. 597 /* .IP "\fBsmtputf8_autodetect_classes (sendmail, verify)\fR" 598 /* Detect that a message requires SMTPUTF8 support for the specified 599 /* mail origin classes. 600 /* TROUBLE SHOOTING CONTROLS 601 /* .ad 602 /* .fi 603 /* .IP "\fBdebug_peer_level (2)\fR" 604 /* The increment in verbose logging level when a remote client or 605 /* server matches a pattern in the debug_peer_list parameter. 606 /* .IP "\fBdebug_peer_list (empty)\fR" 607 /* Optional list of remote client or server hostname or network 608 /* address patterns that cause the verbose logging level to increase 609 /* by the amount specified in $debug_peer_level. 610 /* .IP "\fBerror_notice_recipient (postmaster)\fR" 611 /* The recipient of postmaster notifications about mail delivery 612 /* problems that are caused by policy, resource, software or protocol 613 /* errors. 614 /* .IP "\fBinternal_mail_filter_classes (empty)\fR" 615 /* What categories of Postfix-generated mail are subject to 616 /* before-queue content inspection by non_smtpd_milters, header_checks 617 /* and body_checks. 618 /* .IP "\fBnotify_classes (resource, software)\fR" 619 /* The list of error classes that are reported to the postmaster. 620 /* MISCELLANEOUS CONTROLS 621 /* .ad 622 /* .fi 623 /* .IP "\fBbest_mx_transport (empty)\fR" 624 /* Where the Postfix SMTP client should deliver mail when it detects 625 /* a "mail loops back to myself" error condition. 626 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 627 /* The default location of the Postfix main.cf and master.cf 628 /* configuration files. 629 /* .IP "\fBdaemon_timeout (18000s)\fR" 630 /* How much time a Postfix daemon process may take to handle a 631 /* request before it is terminated by a built-in watchdog timer. 632 /* .IP "\fBdelay_logging_resolution_limit (2)\fR" 633 /* The maximal number of digits after the decimal point when logging 634 /* sub-second delay values. 635 /* .IP "\fBdisable_dns_lookups (no)\fR" 636 /* Disable DNS lookups in the Postfix SMTP and LMTP clients. 637 /* .IP "\fBinet_interfaces (all)\fR" 638 /* The network interface addresses that this mail system receives 639 /* mail on. 640 /* .IP "\fBinet_protocols (all)\fR" 641 /* The Internet protocols Postfix will attempt to use when making 642 /* or accepting connections. 643 /* .IP "\fBipc_timeout (3600s)\fR" 644 /* The time limit for sending or receiving information over an internal 645 /* communication channel. 646 /* .IP "\fBlmtp_assume_final (no)\fR" 647 /* When a remote LMTP server announces no DSN support, assume that 648 /* the 649 /* server performs final delivery, and send "delivered" delivery status 650 /* notifications instead of "relayed". 651 /* .IP "\fBlmtp_tcp_port (24)\fR" 652 /* The default TCP port that the Postfix LMTP client connects to. 653 /* .IP "\fBmax_idle (100s)\fR" 654 /* The maximum amount of time that an idle Postfix daemon process waits 655 /* for an incoming connection before terminating voluntarily. 656 /* .IP "\fBmax_use (100)\fR" 657 /* The maximal number of incoming connections that a Postfix daemon 658 /* process will service before terminating voluntarily. 659 /* .IP "\fBprocess_id (read-only)\fR" 660 /* The process ID of a Postfix command or daemon process. 661 /* .IP "\fBprocess_name (read-only)\fR" 662 /* The process name of a Postfix command or daemon process. 663 /* .IP "\fBproxy_interfaces (empty)\fR" 664 /* The network interface addresses that this mail system receives mail 665 /* on by way of a proxy or network address translation unit. 666 /* .IP "\fBsmtp_address_preference (any)\fR" 667 /* The address type ("ipv6", "ipv4" or "any") that the Postfix 668 /* SMTP client will try first, when a destination has IPv6 and IPv4 669 /* addresses with equal MX preference. 670 /* .IP "\fBsmtp_bind_address (empty)\fR" 671 /* An optional numerical network address that the Postfix SMTP client 672 /* should bind to when making an IPv4 connection. 673 /* .IP "\fBsmtp_bind_address6 (empty)\fR" 674 /* An optional numerical network address that the Postfix SMTP client 675 /* should bind to when making an IPv6 connection. 676 /* .IP "\fBsmtp_helo_name ($myhostname)\fR" 677 /* The hostname to send in the SMTP HELO or EHLO command. 678 /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" 679 /* The hostname to send in the LMTP LHLO command. 680 /* .IP "\fBsmtp_host_lookup (dns)\fR" 681 /* What mechanisms the Postfix SMTP client uses to look up a host's 682 /* IP address. 683 /* .IP "\fBsmtp_randomize_addresses (yes)\fR" 684 /* Randomize the order of equal-preference MX host addresses. 685 /* .IP "\fBsyslog_facility (mail)\fR" 686 /* The syslog facility of Postfix logging. 687 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 688 /* The mail system name that is prepended to the process name in syslog 689 /* records, so that "smtpd" becomes, for example, "postfix/smtpd". 690 /* .PP 691 /* Available with Postfix 2.2 and earlier: 692 /* .IP "\fBfallback_relay (empty)\fR" 693 /* Optional list of relay hosts for SMTP destinations that can't be 694 /* found or that are unreachable. 695 /* .PP 696 /* Available with Postfix 2.3 and later: 697 /* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" 698 /* Optional list of relay hosts for SMTP destinations that can't be 699 /* found or that are unreachable. 700 /* .PP 701 /* Available with Postfix 3.0 and later: 702 /* .IP "\fBsmtp_address_verify_target (rcpt)\fR" 703 /* In the context of email address verification, the SMTP protocol 704 /* stage that determines whether an email address is deliverable. 705 /* .PP 706 /* Available with Postfix 3.1 and later: 707 /* .IP "\fBlmtp_fallback_relay (empty)\fR" 708 /* Optional list of relay hosts for LMTP destinations that can't be 709 /* found or that are unreachable. 710 /* SEE ALSO 711 /* generic(5), output address rewriting 712 /* header_checks(5), message header content inspection 713 /* body_checks(5), body parts content inspection 714 /* qmgr(8), queue manager 715 /* bounce(8), delivery status reports 716 /* scache(8), connection cache server 717 /* postconf(5), configuration parameters 718 /* master(5), generic daemon options 719 /* master(8), process manager 720 /* tlsmgr(8), TLS session and PRNG management 721 /* syslogd(8), system logging 722 /* README FILES 723 /* .ad 724 /* .fi 725 /* Use "\fBpostconf readme_directory\fR" or 726 /* "\fBpostconf html_directory\fR" to locate this information. 727 /* .na 728 /* .nf 729 /* SASL_README, Postfix SASL howto 730 /* TLS_README, Postfix STARTTLS howto 731 /* LICENSE 732 /* .ad 733 /* .fi 734 /* The Secure Mailer license must be distributed with this software. 735 /* AUTHOR(S) 736 /* Wietse Venema 737 /* IBM T.J. Watson Research 738 /* P.O. Box 704 739 /* Yorktown Heights, NY 10598, USA 740 /* 741 /* Wietse Venema 742 /* Google, Inc. 743 /* 111 8th Avenue 744 /* New York, NY 10011, USA 745 /* 746 /* Command pipelining in cooperation with: 747 /* Jon Ribbens 748 /* Oaktree Internet Solutions Ltd., 749 /* Internet House, 750 /* Canal Basin, 751 /* Coventry, 752 /* CV1 4LY, United Kingdom. 753 /* 754 /* SASL support originally by: 755 /* Till Franke 756 /* SuSE Rhein/Main AG 757 /* 65760 Eschborn, Germany 758 /* 759 /* TLS support originally by: 760 /* Lutz Jaenicke 761 /* BTU Cottbus 762 /* Allgemeine Elektrotechnik 763 /* Universitaetsplatz 3-4 764 /* D-03044 Cottbus, Germany 765 /* 766 /* Revised TLS and SMTP connection cache support by: 767 /* Victor Duchovni 768 /* Morgan Stanley 769 /*--*/ 770 771 /* System library. */ 772 773 #include <sys_defs.h> 774 #include <unistd.h> 775 #include <stdlib.h> 776 #include <string.h> 777 #include <fcntl.h> 778 #include <dict.h> 779 #include <stringops.h> 780 781 /* Utility library. */ 782 783 #include <msg.h> 784 #include <mymalloc.h> 785 #include <name_mask.h> 786 #include <name_code.h> 787 788 /* Global library. */ 789 790 #include <deliver_request.h> 791 #include <mail_params.h> 792 #include <mail_version.h> 793 #include <mail_conf.h> 794 #include <debug_peer.h> 795 #include <flush_clnt.h> 796 #include <scache.h> 797 #include <string_list.h> 798 #include <maps.h> 799 #include <ext_prop.h> 800 801 /* DNS library. */ 802 803 #include <dns.h> 804 805 /* Single server skeleton. */ 806 807 #include <mail_server.h> 808 809 /* Application-specific. */ 810 811 #include "smtp.h" 812 #include "smtp_sasl.h" 813 814 /* 815 * Tunable parameters. These have compiled-in defaults that can be overruled 816 * by settings in the global Postfix configuration file. 817 */ 818 int var_smtp_conn_tmout; 819 int var_smtp_helo_tmout; 820 int var_smtp_xfwd_tmout; 821 int var_smtp_mail_tmout; 822 int var_smtp_rcpt_tmout; 823 int var_smtp_data0_tmout; 824 int var_smtp_data1_tmout; 825 int var_smtp_data2_tmout; 826 int var_smtp_rset_tmout; 827 int var_smtp_quit_tmout; 828 char *var_inet_interfaces; 829 char *var_notify_classes; 830 int var_smtp_skip_5xx_greeting; 831 int var_ign_mx_lookup_err; 832 int var_skip_quit_resp; 833 char *var_fallback_relay; 834 char *var_bestmx_transp; 835 char *var_error_rcpt; 836 int var_smtp_always_ehlo; 837 int var_smtp_never_ehlo; 838 char *var_smtp_sasl_opts; 839 char *var_smtp_sasl_path; 840 char *var_smtp_sasl_passwd; 841 bool var_smtp_sasl_enable; 842 char *var_smtp_sasl_mechs; 843 char *var_smtp_sasl_type; 844 char *var_smtp_bind_addr; 845 char *var_smtp_bind_addr6; 846 char *var_smtp_vrfy_tgt; 847 bool var_smtp_rand_addr; 848 int var_smtp_pix_thresh; 849 int var_queue_run_delay; 850 int var_min_backoff_time; 851 int var_smtp_pix_delay; 852 int var_smtp_line_limit; 853 char *var_smtp_helo_name; 854 char *var_smtp_host_lookup; 855 bool var_smtp_quote_821_env; 856 bool var_smtp_defer_mxaddr; 857 bool var_smtp_send_xforward; 858 int var_smtp_mxaddr_limit; 859 int var_smtp_mxsess_limit; 860 int var_smtp_cache_conn; 861 int var_smtp_reuse_time; 862 int var_smtp_reuse_count; 863 char *var_smtp_cache_dest; 864 char *var_scache_service; /* You can now leave this here. */ 865 bool var_smtp_cache_demand; 866 char *var_smtp_ehlo_dis_words; 867 char *var_smtp_ehlo_dis_maps; 868 char *var_smtp_addr_pref; 869 870 char *var_smtp_tls_level; 871 bool var_smtp_use_tls; 872 bool var_smtp_enforce_tls; 873 char *var_smtp_tls_per_site; 874 char *var_smtp_tls_policy; 875 bool var_smtp_tls_wrappermode; 876 877 #ifdef USE_TLS 878 char *var_smtp_sasl_tls_opts; 879 char *var_smtp_sasl_tlsv_opts; 880 int var_smtp_starttls_tmout; 881 char *var_smtp_tls_CAfile; 882 char *var_smtp_tls_CApath; 883 char *var_smtp_tls_cert_file; 884 char *var_smtp_tls_mand_ciph; 885 char *var_smtp_tls_excl_ciph; 886 char *var_smtp_tls_mand_excl; 887 char *var_smtp_tls_dcert_file; 888 char *var_smtp_tls_dkey_file; 889 bool var_smtp_tls_enforce_peername; 890 char *var_smtp_tls_key_file; 891 char *var_smtp_tls_loglevel; 892 bool var_smtp_tls_note_starttls_offer; 893 char *var_smtp_tls_mand_proto; 894 char *var_smtp_tls_sec_cmatch; 895 int var_smtp_tls_scert_vd; 896 char *var_smtp_tls_vfy_cmatch; 897 char *var_smtp_tls_fpt_cmatch; 898 char *var_smtp_tls_fpt_dgst; 899 char *var_smtp_tls_tafile; 900 char *var_smtp_tls_proto; 901 char *var_smtp_tls_ciph; 902 char *var_smtp_tls_eccert_file; 903 char *var_smtp_tls_eckey_file; 904 bool var_smtp_tls_blk_early_mail_reply; 905 bool var_smtp_tls_force_tlsa; 906 char *var_smtp_tls_insecure_mx_policy; 907 908 #endif 909 910 char *var_smtp_generic_maps; 911 char *var_prop_extension; 912 bool var_smtp_sender_auth; 913 char *var_lmtp_tcp_port; 914 int var_scache_proto_tmout; 915 bool var_smtp_cname_overr; 916 char *var_smtp_pix_bug_words; 917 char *var_smtp_pix_bug_maps; 918 char *var_cyrus_conf_path; 919 char *var_smtp_head_chks; 920 char *var_smtp_mime_chks; 921 char *var_smtp_nest_chks; 922 char *var_smtp_body_chks; 923 char *var_smtp_resp_filter; 924 bool var_lmtp_assume_final; 925 char *var_smtp_dns_res_opt; 926 char *var_smtp_dns_support; 927 bool var_smtp_rec_deadline; 928 bool var_smtp_dummy_mail_auth; 929 char *var_smtp_dsn_filter; 930 char *var_smtp_dns_re_filter; 931 932 /* Special handling of 535 AUTH errors. */ 933 char *var_smtp_sasl_auth_cache_name; 934 int var_smtp_sasl_auth_cache_time; 935 bool var_smtp_sasl_auth_soft_bounce; 936 937 /* 938 * Global variables. 939 */ 940 int smtp_mode; 941 int smtp_host_lookup_mask; 942 int smtp_dns_support; 943 STRING_LIST *smtp_cache_dest; 944 SCACHE *smtp_scache; 945 MAPS *smtp_ehlo_dis_maps; 946 MAPS *smtp_generic_maps; 947 int smtp_ext_prop_mask; 948 unsigned smtp_dns_res_opt; 949 MAPS *smtp_pix_bug_maps; 950 HBC_CHECKS *smtp_header_checks; /* limited header checks */ 951 HBC_CHECKS *smtp_body_checks; /* limited body checks */ 952 953 #ifdef USE_TLS 954 955 /* 956 * OpenSSL client state (opaque handle) 957 */ 958 TLS_APPL_STATE *smtp_tls_ctx; 959 int smtp_tls_insecure_mx_policy; 960 961 #endif 962 963 /* 964 * IPv6 preference. 965 */ 966 static int smtp_addr_pref; 967 968 /* deliver_message - deliver message with extreme prejudice */ 969 970 static int deliver_message(const char *service, DELIVER_REQUEST *request) 971 { 972 SMTP_STATE *state; 973 int result; 974 975 if (msg_verbose) 976 msg_info("deliver_message: from %s", request->sender); 977 978 /* 979 * Sanity checks. The smtp server is unprivileged and chrooted, so we can 980 * afford to distribute the data censoring code, instead of having it all 981 * in one place. 982 */ 983 if (request->nexthop[0] == 0) 984 msg_fatal("empty nexthop hostname"); 985 if (request->rcpt_list.len <= 0) 986 msg_fatal("recipient count: %d", request->rcpt_list.len); 987 988 /* 989 * Initialize. Bundle all information about the delivery request, so that 990 * we can produce understandable diagnostics when something goes wrong 991 * many levels below. The alternative would be to make everything global. 992 */ 993 state = smtp_state_alloc(); 994 state->request = request; 995 state->src = request->fp; 996 state->service = service; 997 state->misc_flags |= smtp_addr_pref; 998 SMTP_RCPT_INIT(state); 999 1000 /* 1001 * Establish an SMTP session and deliver this message to all requested 1002 * recipients. At the end, notify the postmaster of any protocol errors. 1003 * Optionally deliver mail locally when this machine is the best mail 1004 * exchanger. 1005 */ 1006 result = smtp_connect(state); 1007 1008 /* 1009 * Clean up. 1010 */ 1011 smtp_state_free(state); 1012 1013 return (result); 1014 } 1015 1016 /* smtp_service - perform service for client */ 1017 1018 static void smtp_service(VSTREAM *client_stream, char *service, char **argv) 1019 { 1020 DELIVER_REQUEST *request; 1021 int status; 1022 1023 /* 1024 * Sanity check. This service takes no command-line arguments. 1025 */ 1026 if (argv[0]) 1027 msg_fatal("unexpected command-line argument: %s", argv[0]); 1028 1029 /* 1030 * This routine runs whenever a client connects to the UNIX-domain socket 1031 * dedicated to remote SMTP delivery service. What we see below is a 1032 * little protocol to (1) tell the queue manager that we are ready, (2) 1033 * read a request from the queue manager, and (3) report the completion 1034 * status of that request. All connection-management stuff is handled by 1035 * the common code in single_server.c. 1036 */ 1037 if ((request = deliver_request_read(client_stream)) != 0) { 1038 status = deliver_message(service, request); 1039 deliver_request_done(client_stream, request, status); 1040 } 1041 } 1042 1043 /* post_init - post-jail initialization */ 1044 1045 static void post_init(char *unused_name, char **unused_argv) 1046 { 1047 static const NAME_MASK lookup_masks[] = { 1048 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, 1049 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 1050 0, 1051 }; 1052 static const NAME_MASK dns_res_opt_masks[] = { 1053 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES, 1054 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH, 1055 0, 1056 }; 1057 static const NAME_CODE dns_support[] = { 1058 SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED, 1059 SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED, 1060 #if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0) 1061 SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC, 1062 #endif 1063 0, SMTP_DNS_INVALID, 1064 }; 1065 1066 if (*var_smtp_dns_support == 0) { 1067 /* Backwards compatible empty setting */ 1068 smtp_dns_support = 1069 var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED; 1070 } else { 1071 smtp_dns_support = 1072 name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support); 1073 if (smtp_dns_support == SMTP_DNS_INVALID) 1074 msg_fatal("invalid %s: \"%s\"", VAR_LMTP_SMTP(DNS_SUPPORT), 1075 var_smtp_dns_support); 1076 var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED); 1077 } 1078 1079 #ifdef USE_TLS 1080 if (smtp_mode) { 1081 smtp_tls_insecure_mx_policy = 1082 tls_level_lookup(var_smtp_tls_insecure_mx_policy); 1083 switch (smtp_tls_insecure_mx_policy) { 1084 case TLS_LEV_MAY: 1085 case TLS_LEV_ENCRYPT: 1086 case TLS_LEV_DANE: 1087 break; 1088 default: 1089 msg_fatal("invalid %s: \"%s\"", VAR_SMTP_TLS_INSECURE_MX_POLICY, 1090 var_smtp_tls_insecure_mx_policy); 1091 } 1092 } 1093 #endif 1094 1095 /* 1096 * Select hostname lookup mechanisms. 1097 */ 1098 if (smtp_dns_support == SMTP_DNS_DISABLED) 1099 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; 1100 else 1101 smtp_host_lookup_mask = 1102 name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks, 1103 var_smtp_host_lookup); 1104 if (msg_verbose) 1105 msg_info("host name lookup methods: %s", 1106 str_name_mask(VAR_LMTP_SMTP(HOST_LOOKUP), lookup_masks, 1107 smtp_host_lookup_mask)); 1108 1109 /* 1110 * Session cache instance. 1111 */ 1112 if (*var_smtp_cache_dest || var_smtp_cache_demand) 1113 #if 0 1114 smtp_scache = scache_multi_create(); 1115 #else 1116 smtp_scache = scache_clnt_create(var_scache_service, 1117 var_scache_proto_tmout, 1118 var_ipc_idle_limit, 1119 var_ipc_ttl_limit); 1120 #endif 1121 1122 /* 1123 * Select DNS query flags. 1124 */ 1125 smtp_dns_res_opt = name_mask(VAR_LMTP_SMTP(DNS_RES_OPT), dns_res_opt_masks, 1126 var_smtp_dns_res_opt); 1127 1128 /* 1129 * Address verification. 1130 */ 1131 smtp_vrfy_init(); 1132 } 1133 1134 /* pre_init - pre-jail initialization */ 1135 1136 static void pre_init(char *unused_name, char **unused_argv) 1137 { 1138 int use_tls; 1139 static const NAME_CODE addr_pref_map[] = { 1140 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6, 1141 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4, 1142 INET_PROTO_NAME_ANY, 0, 1143 0, -1, 1144 }; 1145 1146 /* 1147 * Turn on per-peer debugging. 1148 */ 1149 debug_peer_init(); 1150 1151 /* 1152 * SASL initialization. 1153 */ 1154 if (var_smtp_sasl_enable) 1155 #ifdef USE_SASL_AUTH 1156 smtp_sasl_initialize(); 1157 #else 1158 msg_warn("%s is true, but SASL support is not compiled in", 1159 VAR_LMTP_SMTP(SASL_ENABLE)); 1160 #endif 1161 1162 if (*var_smtp_tls_level != 0) 1163 #ifdef USE_TLS 1164 switch (tls_level_lookup(var_smtp_tls_level)) { 1165 case TLS_LEV_SECURE: 1166 case TLS_LEV_VERIFY: 1167 case TLS_LEV_DANE_ONLY: 1168 case TLS_LEV_FPRINT: 1169 case TLS_LEV_ENCRYPT: 1170 var_smtp_use_tls = var_smtp_enforce_tls = 1; 1171 break; 1172 case TLS_LEV_DANE: 1173 case TLS_LEV_MAY: 1174 var_smtp_use_tls = 1; 1175 var_smtp_enforce_tls = 0; 1176 break; 1177 case TLS_LEV_NONE: 1178 var_smtp_use_tls = var_smtp_enforce_tls = 0; 1179 break; 1180 default: 1181 /* tls_level_lookup() logs no warning. */ 1182 /* session_tls_init() assumes that var_smtp_tls_level is sane. */ 1183 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); 1184 } 1185 #endif 1186 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); 1187 1188 /* 1189 * Initialize the TLS data before entering the chroot jail 1190 */ 1191 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { 1192 #ifdef USE_TLS 1193 TLS_CLIENT_INIT_PROPS props; 1194 1195 /* 1196 * We get stronger type safety and a cleaner interface by combining 1197 * the various parameters into a single tls_client_props structure. 1198 * 1199 * Large parameter lists are error-prone, so we emulate a language 1200 * feature that C does not have natively: named parameter lists. 1201 */ 1202 smtp_tls_ctx = 1203 TLS_CLIENT_INIT(&props, 1204 log_param = VAR_LMTP_SMTP(TLS_LOGLEVEL), 1205 log_level = var_smtp_tls_loglevel, 1206 verifydepth = var_smtp_tls_scert_vd, 1207 cache_type = LMTP_SMTP_SUFFIX(TLS_MGR_SCACHE), 1208 cert_file = var_smtp_tls_cert_file, 1209 key_file = var_smtp_tls_key_file, 1210 dcert_file = var_smtp_tls_dcert_file, 1211 dkey_file = var_smtp_tls_dkey_file, 1212 eccert_file = var_smtp_tls_eccert_file, 1213 eckey_file = var_smtp_tls_eckey_file, 1214 CAfile = var_smtp_tls_CAfile, 1215 CApath = var_smtp_tls_CApath, 1216 mdalg = var_smtp_tls_fpt_dgst); 1217 smtp_tls_list_init(); 1218 #else 1219 msg_warn("TLS has been selected, but TLS support is not compiled in"); 1220 #endif 1221 } 1222 1223 /* 1224 * Flush client. 1225 */ 1226 flush_init(); 1227 1228 /* 1229 * Session cache domain list. 1230 */ 1231 if (*var_smtp_cache_dest) 1232 smtp_cache_dest = string_list_init(VAR_SMTP_CACHE_DEST, 1233 MATCH_FLAG_RETURN, 1234 var_smtp_cache_dest); 1235 1236 /* 1237 * EHLO keyword filter. 1238 */ 1239 if (*var_smtp_ehlo_dis_maps) 1240 smtp_ehlo_dis_maps = maps_create(VAR_LMTP_SMTP(EHLO_DIS_MAPS), 1241 var_smtp_ehlo_dis_maps, 1242 DICT_FLAG_LOCK); 1243 1244 /* 1245 * PIX bug workarounds. 1246 */ 1247 if (*var_smtp_pix_bug_maps) 1248 smtp_pix_bug_maps = maps_create(VAR_LMTP_SMTP(PIX_BUG_MAPS), 1249 var_smtp_pix_bug_maps, 1250 DICT_FLAG_LOCK); 1251 1252 /* 1253 * Generic maps. 1254 */ 1255 if (*var_prop_extension) 1256 smtp_ext_prop_mask = 1257 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); 1258 if (*var_smtp_generic_maps) 1259 smtp_generic_maps = 1260 maps_create(VAR_LMTP_SMTP(GENERIC_MAPS), var_smtp_generic_maps, 1261 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX 1262 | DICT_FLAG_UTF8_REQUEST); 1263 1264 /* 1265 * Header/body checks. 1266 */ 1267 smtp_header_checks = hbc_header_checks_create( 1268 VAR_LMTP_SMTP(HEAD_CHKS), var_smtp_head_chks, 1269 VAR_LMTP_SMTP(MIME_CHKS), var_smtp_mime_chks, 1270 VAR_LMTP_SMTP(NEST_CHKS), var_smtp_nest_chks, 1271 smtp_hbc_callbacks); 1272 smtp_body_checks = hbc_body_checks_create( 1273 VAR_LMTP_SMTP(BODY_CHKS), var_smtp_body_chks, 1274 smtp_hbc_callbacks); 1275 1276 /* 1277 * Server reply filter. 1278 */ 1279 if (*var_smtp_resp_filter) 1280 smtp_chat_resp_filter = 1281 dict_open(var_smtp_resp_filter, O_RDONLY, 1282 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1283 1284 /* 1285 * Address family preference. 1286 */ 1287 if (*var_smtp_addr_pref) { 1288 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE, 1289 var_smtp_addr_pref); 1290 if (smtp_addr_pref < 0) 1291 msg_fatal("bad %s value: %s", VAR_LMTP_SMTP(ADDR_PREF), 1292 var_smtp_addr_pref); 1293 } 1294 1295 /* 1296 * DNS reply filter. 1297 */ 1298 if (*var_smtp_dns_re_filter) 1299 dns_rr_filter_compile(VAR_LMTP_SMTP(DNS_RE_FILTER), 1300 var_smtp_dns_re_filter); 1301 } 1302 1303 /* pre_accept - see if tables have changed */ 1304 1305 static void pre_accept(char *unused_name, char **unused_argv) 1306 { 1307 const char *table; 1308 1309 if ((table = dict_changed_name()) != 0) { 1310 msg_info("table %s has changed -- restarting", table); 1311 exit(0); 1312 } 1313 } 1314 1315 MAIL_VERSION_STAMP_DECLARE; 1316 1317 /* main - pass control to the single-threaded skeleton */ 1318 1319 int main(int argc, char **argv) 1320 { 1321 char *sane_procname; 1322 1323 #include "smtp_params.c" 1324 #include "lmtp_params.c" 1325 1326 /* 1327 * Fingerprint executables and core dumps. 1328 */ 1329 MAIL_VERSION_STAMP_ALLOCATE; 1330 1331 /* 1332 * XXX At this point, var_procname etc. are not initialized. 1333 * 1334 * The process name, "smtp" or "lmtp", determines the protocol, the DSN 1335 * server reply type, SASL service information lookup, and more. Prepare 1336 * for the possibility there may be another personality. 1337 */ 1338 sane_procname = sane_basename((VSTRING *) 0, argv[0]); 1339 if (strcmp(sane_procname, "smtp") == 0) 1340 smtp_mode = 1; 1341 else if (strcmp(sane_procname, "lmtp") == 0) 1342 smtp_mode = 0; 1343 else 1344 msg_fatal("unexpected process name \"%s\" - " 1345 "specify \"smtp\" or \"lmtp\"", var_procname); 1346 1347 /* 1348 * Initialize with the LMTP or SMTP parameter name space. 1349 */ 1350 single_server_main(argc, argv, smtp_service, 1351 CA_MAIL_SERVER_TIME_TABLE(smtp_mode ? 1352 smtp_time_table : lmtp_time_table), 1353 CA_MAIL_SERVER_INT_TABLE(smtp_mode ? 1354 smtp_int_table : lmtp_int_table), 1355 CA_MAIL_SERVER_STR_TABLE(smtp_mode ? 1356 smtp_str_table : lmtp_str_table), 1357 CA_MAIL_SERVER_BOOL_TABLE(smtp_mode ? 1358 smtp_bool_table : lmtp_bool_table), 1359 CA_MAIL_SERVER_PRE_INIT(pre_init), 1360 CA_MAIL_SERVER_POST_INIT(post_init), 1361 CA_MAIL_SERVER_PRE_ACCEPT(pre_accept), 1362 CA_MAIL_SERVER_BOUNCE_INIT(VAR_SMTP_DSN_FILTER, 1363 &var_smtp_dsn_filter), 1364 0); 1365 } 1366