smtp.c revision 1.8
1/* $NetBSD: smtp.c,v 1.8 2014/07/06 19:45:50 tron Exp $ */ 2 3/*++ 4/* NAME 5/* smtp 8 6/* SUMMARY 7/* Postfix SMTP+LMTP client 8/* SYNOPSIS 9/* \fBsmtp\fR [generic Postfix daemon options] 10/* DESCRIPTION 11/* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail 12/* delivery protocols. It processes message delivery requests from 13/* the queue manager. Each request specifies a queue file, a sender 14/* address, a domain or host to deliver to, and recipient information. 15/* This program expects to be run from the \fBmaster\fR(8) process 16/* manager. 17/* 18/* The SMTP+LMTP client updates the queue file and marks recipients 19/* as finished, or it informs the queue manager that delivery should 20/* be tried again at a later time. Delivery status reports are sent 21/* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as 22/* appropriate. 23/* 24/* The SMTP+LMTP client looks up a list of mail exchanger addresses for 25/* the destination host, sorts the list by preference, and connects 26/* to each listed address until it finds a server that responds. 27/* 28/* When a server is not reachable, or when mail delivery fails due 29/* to a recoverable error condition, the SMTP+LMTP client will try to 30/* deliver the mail to an alternate host. 31/* 32/* After a successful mail transaction, a connection may be saved 33/* to the \fBscache\fR(8) connection cache server, so that it 34/* may be used by any SMTP+LMTP client for a subsequent transaction. 35/* 36/* By default, connection caching is enabled temporarily for 37/* destinations that have a high volume of mail in the active 38/* queue. Connection caching can be enabled permanently for 39/* specific destinations. 40/* SMTP DESTINATION SYNTAX 41/* .ad 42/* .fi 43/* SMTP destinations have the following form: 44/* .IP \fIdomainname\fR 45/* .IP \fIdomainname\fR:\fIport\fR 46/* Look up the mail exchangers for the specified domain, and 47/* connect to the specified port (default: \fBsmtp\fR). 48/* .IP [\fIhostname\fR] 49/* .IP [\fIhostname\fR]:\fIport\fR 50/* Look up the address(es) of the specified host, and connect to 51/* the specified port (default: \fBsmtp\fR). 52/* .IP [\fIaddress\fR] 53/* .IP [\fIaddress\fR]:\fIport\fR 54/* Connect to the host at the specified address, and connect 55/* to the specified port (default: \fBsmtp\fR). An IPv6 address 56/* must be formatted as [\fBipv6\fR:\fIaddress\fR]. 57/* LMTP DESTINATION SYNTAX 58/* .ad 59/* .fi 60/* LMTP destinations have the following form: 61/* .IP \fBunix\fR:\fIpathname\fR 62/* Connect to the local UNIX-domain server that is bound to the specified 63/* \fIpathname\fR. If the process runs chrooted, an absolute pathname 64/* is interpreted relative to the Postfix queue directory. 65/* .IP \fBinet\fR:\fIhostname\fR 66/* .IP \fBinet\fR:\fIhostname\fR:\fIport\fR 67/* .IP \fBinet\fR:[\fIaddress\fR] 68/* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR 69/* Connect to the specified TCP port on the specified local or 70/* remote host. If no port is specified, connect to the port defined as 71/* \fBlmtp\fR in \fBservices\fR(4). 72/* If no such service is found, the \fBlmtp_tcp_port\fR configuration 73/* parameter (default value of 24) will be used. 74/* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. 75/* .PP 76/* SECURITY 77/* .ad 78/* .fi 79/* The SMTP+LMTP client is moderately security-sensitive. It 80/* talks to SMTP or LMTP servers and to DNS servers on the 81/* network. The SMTP+LMTP client can be run chrooted at fixed 82/* low privilege. 83/* STANDARDS 84/* RFC 821 (SMTP protocol) 85/* RFC 822 (ARPA Internet Text Messages) 86/* RFC 1651 (SMTP service extensions) 87/* RFC 1652 (8bit-MIME transport) 88/* RFC 1870 (Message Size Declaration) 89/* RFC 2033 (LMTP protocol) 90/* RFC 2034 (SMTP Enhanced Error Codes) 91/* RFC 2045 (MIME: Format of Internet Message Bodies) 92/* RFC 2046 (MIME: Media Types) 93/* RFC 2554 (AUTH command) 94/* RFC 2821 (SMTP protocol) 95/* RFC 2920 (SMTP Pipelining) 96/* RFC 3207 (STARTTLS command) 97/* RFC 3461 (SMTP DSN Extension) 98/* RFC 3463 (Enhanced Status Codes) 99/* RFC 4954 (AUTH command) 100/* RFC 5321 (SMTP protocol) 101/* DIAGNOSTICS 102/* Problems and transactions are logged to \fBsyslogd\fR(8). 103/* Corrupted message files are marked so that the queue manager can 104/* move them to the \fBcorrupt\fR queue for further inspection. 105/* 106/* Depending on the setting of the \fBnotify_classes\fR parameter, 107/* the postmaster is notified of bounces, protocol problems, and of 108/* other trouble. 109/* BUGS 110/* SMTP and LMTP connection caching does not work with TLS. The necessary 111/* support for TLS object passivation and re-activation does not 112/* exist without closing the session, which defeats the purpose. 113/* 114/* SMTP and LMTP connection caching assumes that SASL credentials 115/* are valid for all destinations that map onto the same IP 116/* address and TCP port. 117/* CONFIGURATION PARAMETERS 118/* .ad 119/* .fi 120/* Before Postfix version 2.3, the LMTP client is a separate 121/* program that implements only a subset of the functionality 122/* available with SMTP: there is no support for TLS, and 123/* connections are cached in-process, making it ineffective 124/* when the client is used for multiple domains. 125/* 126/* Most smtp_\fIxxx\fR configuration parameters have an 127/* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP 128/* feature. This document describes only those LMTP-related 129/* parameters that aren't simply "mirror" parameters. 130/* 131/* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) 132/* processes run for only a limited amount of time. Use the command 133/* "\fBpostfix reload\fR" to speed up a change. 134/* 135/* The text below provides only a parameter summary. See 136/* \fBpostconf\fR(5) for more details including examples. 137/* COMPATIBILITY CONTROLS 138/* .ad 139/* .fi 140/* .IP "\fBignore_mx_lookup_error (no)\fR" 141/* Ignore DNS MX lookups that produce no response. 142/* .IP "\fBsmtp_always_send_ehlo (yes)\fR" 143/* Always send EHLO at the start of an SMTP session. 144/* .IP "\fBsmtp_never_send_ehlo (no)\fR" 145/* Never send EHLO at the start of an SMTP session. 146/* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" 147/* Defer mail delivery when no MX record resolves to an IP address. 148/* .IP "\fBsmtp_line_length_limit (998)\fR" 149/* The maximal length of message header and body lines that Postfix 150/* will send via SMTP. 151/* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" 152/* How long the Postfix SMTP client pauses before sending 153/* ".<CR><LF>" in order to work around the PIX firewall 154/* "<CR><LF>.<CR><LF>" bug. 155/* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" 156/* How long a message must be queued before the Postfix SMTP client 157/* turns on the PIX firewall "<CR><LF>.<CR><LF>" 158/* bug workaround for delivery through firewalls with "smtp fixup" 159/* mode turned on. 160/* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" 161/* A list that specifies zero or more workarounds for CISCO PIX 162/* firewall bugs. 163/* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" 164/* Lookup tables, indexed by the remote SMTP server address, with 165/* per-destination workarounds for CISCO PIX firewall bugs. 166/* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" 167/* Quote addresses in Postfix SMTP client MAIL FROM and RCPT TO commands 168/* as required 169/* by RFC 5321. 170/* .IP "\fBsmtp_reply_filter (empty)\fR" 171/* A mechanism to transform replies from remote SMTP servers one 172/* line at a time. 173/* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR" 174/* Skip remote SMTP servers that greet with a 5XX status code. 175/* .IP "\fBsmtp_skip_quit_response (yes)\fR" 176/* Do not wait for the response to the SMTP QUIT command. 177/* .PP 178/* Available in Postfix version 2.0 and earlier: 179/* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR" 180/* Skip SMTP servers that greet with a 4XX status code (go away, try 181/* again later). 182/* .PP 183/* Available in Postfix version 2.2 and later: 184/* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" 185/* Lookup tables, indexed by the remote SMTP server address, with 186/* case insensitive lists of EHLO keywords (pipelining, starttls, auth, 187/* etc.) that the Postfix SMTP client will ignore in the EHLO response from a 188/* remote SMTP server. 189/* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" 190/* A case insensitive list of EHLO keywords (pipelining, starttls, 191/* auth, etc.) that the Postfix SMTP client will ignore in the EHLO 192/* response from a remote SMTP server. 193/* .IP "\fBsmtp_generic_maps (empty)\fR" 194/* Optional lookup tables that perform address rewriting in the 195/* Postfix SMTP client, typically to transform a locally valid address into 196/* a globally valid address when sending mail across the Internet. 197/* .PP 198/* Available in Postfix version 2.2.9 and later: 199/* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" 200/* Allow DNS CNAME records to override the servername that the 201/* Postfix SMTP client uses for logging, SASL password lookup, TLS 202/* policy decisions, or TLS certificate verification. 203/* .PP 204/* Available in Postfix version 2.3 and later: 205/* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" 206/* Lookup tables, indexed by the remote LMTP server address, with 207/* case insensitive lists of LHLO keywords (pipelining, starttls, 208/* auth, etc.) that the Postfix LMTP client will ignore in the LHLO 209/* response 210/* from a remote LMTP server. 211/* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" 212/* A case insensitive list of LHLO keywords (pipelining, starttls, 213/* auth, etc.) that the Postfix LMTP client will ignore in the LHLO 214/* response 215/* from a remote LMTP server. 216/* .PP 217/* Available in Postfix version 2.4.4 and later: 218/* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" 219/* When authenticating to a remote SMTP or LMTP server with the 220/* default setting "no", send no SASL authoriZation ID (authzid); send 221/* only the SASL authentiCation ID (authcid) plus the authcid's password. 222/* .PP 223/* Available in Postfix version 2.5 and later: 224/* .IP "\fBsmtp_header_checks (empty)\fR" 225/* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. 226/* .IP "\fBsmtp_mime_header_checks (empty)\fR" 227/* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP 228/* client. 229/* .IP "\fBsmtp_nested_header_checks (empty)\fR" 230/* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP 231/* client. 232/* .IP "\fBsmtp_body_checks (empty)\fR" 233/* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. 234/* .PP 235/* Available in Postfix version 2.6 and later: 236/* .IP "\fBtcp_windowsize (0)\fR" 237/* An optional workaround for routers that break TCP window scaling. 238/* .PP 239/* Available in Postfix version 2.8 and later: 240/* .IP "\fBsmtp_dns_resolver_options (empty)\fR" 241/* DNS Resolver options for the Postfix SMTP client. 242/* .PP 243/* Available in Postfix version 2.9 and later: 244/* .IP "\fBsmtp_per_record_deadline (no)\fR" 245/* Change the behavior of the smtp_*_timeout time limits, from a 246/* time limit per read or write system call, to a time limit to send 247/* or receive a complete record (an SMTP command line, SMTP response 248/* line, SMTP message content line, or TLS protocol message). 249/* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" 250/* Whether or not to append the "AUTH=<>" option to the MAIL 251/* FROM command in SASL-authenticated SMTP sessions. 252/* .PP 253/* Available in Postfix version 2.11 and later: 254/* .IP "\fBsmtp_dns_support_level (empty)\fR" 255/* Level of DNS support in the Postfix SMTP client. 256/* MIME PROCESSING CONTROLS 257/* .ad 258/* .fi 259/* Available in Postfix version 2.0 and later: 260/* .IP "\fBdisable_mime_output_conversion (no)\fR" 261/* Disable the conversion of 8BITMIME format to 7BIT format. 262/* .IP "\fBmime_boundary_length_limit (2048)\fR" 263/* The maximal length of MIME multipart boundary strings. 264/* .IP "\fBmime_nesting_limit (100)\fR" 265/* The maximal recursion level that the MIME processor will handle. 266/* EXTERNAL CONTENT INSPECTION CONTROLS 267/* .ad 268/* .fi 269/* Available in Postfix version 2.1 and later: 270/* .IP "\fBsmtp_send_xforward_command (no)\fR" 271/* Send the non-standard XFORWARD command when the Postfix SMTP server 272/* EHLO response announces XFORWARD support. 273/* SASL AUTHENTICATION CONTROLS 274/* .ad 275/* .fi 276/* .IP "\fBsmtp_sasl_auth_enable (no)\fR" 277/* Enable SASL authentication in the Postfix SMTP client. 278/* .IP "\fBsmtp_sasl_password_maps (empty)\fR" 279/* Optional Postfix SMTP client lookup tables with one username:password 280/* entry 281/* per remote hostname or domain, or sender address when sender-dependent 282/* authentication is enabled. 283/* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" 284/* Postfix SMTP client SASL security options; as of Postfix 2.3 285/* the list of available 286/* features depends on the SASL client implementation that is selected 287/* with \fBsmtp_sasl_type\fR. 288/* .PP 289/* Available in Postfix version 2.2 and later: 290/* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" 291/* If non-empty, a Postfix SMTP client filter for the remote SMTP 292/* server's list of offered SASL mechanisms. 293/* .PP 294/* Available in Postfix version 2.3 and later: 295/* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" 296/* Enable sender-dependent authentication in the Postfix SMTP client; this is 297/* available only with SASL authentication, and disables SMTP connection 298/* caching to ensure that mail from different senders will use the 299/* appropriate credentials. 300/* .IP "\fBsmtp_sasl_path (empty)\fR" 301/* Implementation-specific information that the Postfix SMTP client 302/* passes through to 303/* the SASL plug-in implementation that is selected with 304/* \fBsmtp_sasl_type\fR. 305/* .IP "\fBsmtp_sasl_type (cyrus)\fR" 306/* The SASL plug-in type that the Postfix SMTP client should use 307/* for authentication. 308/* .PP 309/* Available in Postfix version 2.5 and later: 310/* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" 311/* An optional table to prevent repeated SASL authentication 312/* failures with the same remote SMTP server hostname, username and 313/* password. 314/* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" 315/* The maximal age of an smtp_sasl_auth_cache_name entry before it 316/* is removed. 317/* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" 318/* When a remote SMTP server rejects a SASL authentication request 319/* with a 535 reply code, defer mail delivery instead of returning 320/* mail as undeliverable. 321/* .PP 322/* Available in Postfix version 2.9 and later: 323/* .IP "\fBsmtp_send_dummy_mail_auth (no)\fR" 324/* Whether or not to append the "AUTH=<>" option to the MAIL 325/* FROM command in SASL-authenticated SMTP sessions. 326/* STARTTLS SUPPORT CONTROLS 327/* .ad 328/* .fi 329/* Detailed information about STARTTLS configuration may be found 330/* in the TLS_README document. 331/* .IP "\fBsmtp_tls_security_level (empty)\fR" 332/* The default SMTP TLS security level for the Postfix SMTP client; 333/* when a non-empty value is specified, this overrides the obsolete 334/* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 335/* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" 336/* The SASL authentication security options that the Postfix SMTP 337/* client uses for TLS encrypted SMTP sessions. 338/* .IP "\fBsmtp_starttls_timeout (300s)\fR" 339/* Time limit for Postfix SMTP client write and read operations 340/* during TLS startup and shutdown handshake procedures. 341/* .IP "\fBsmtp_tls_CAfile (empty)\fR" 342/* A file containing CA certificates of root CAs trusted to sign 343/* either remote SMTP server certificates or intermediate CA certificates. 344/* .IP "\fBsmtp_tls_CApath (empty)\fR" 345/* Directory with PEM format certificate authority certificates 346/* that the Postfix SMTP client uses to verify a remote SMTP server 347/* certificate. 348/* .IP "\fBsmtp_tls_cert_file (empty)\fR" 349/* File with the Postfix SMTP client RSA certificate in PEM format. 350/* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" 351/* The minimum TLS cipher grade that the Postfix SMTP client will 352/* use with 353/* mandatory TLS encryption. 354/* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" 355/* List of ciphers or cipher types to exclude from the Postfix 356/* SMTP client cipher 357/* list at all TLS security levels. 358/* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" 359/* Additional list of ciphers or cipher types to exclude from the 360/* Postfix SMTP client cipher list at mandatory TLS security levels. 361/* .IP "\fBsmtp_tls_dcert_file (empty)\fR" 362/* File with the Postfix SMTP client DSA certificate in PEM format. 363/* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" 364/* File with the Postfix SMTP client DSA private key in PEM format. 365/* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" 366/* File with the Postfix SMTP client RSA private key in PEM format. 367/* .IP "\fBsmtp_tls_loglevel (0)\fR" 368/* Enable additional Postfix SMTP client logging of TLS activity. 369/* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR" 370/* Log the hostname of a remote SMTP server that offers STARTTLS, 371/* when TLS is not already enabled for that server. 372/* .IP "\fBsmtp_tls_policy_maps (empty)\fR" 373/* Optional lookup tables with the Postfix SMTP client TLS security 374/* policy by next-hop destination; when a non-empty value is specified, 375/* this overrides the obsolete smtp_tls_per_site parameter. 376/* .IP "\fBsmtp_tls_mandatory_protocols (!SSLv2)\fR" 377/* List of SSL/TLS protocols that the Postfix SMTP client will use with 378/* mandatory TLS encryption. 379/* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" 380/* The verification depth for remote SMTP server certificates. 381/* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" 382/* How the Postfix SMTP client verifies the server certificate 383/* peername for the "secure" TLS security level. 384/* .IP "\fBsmtp_tls_session_cache_database (empty)\fR" 385/* Name of the file containing the optional Postfix SMTP client 386/* TLS session cache. 387/* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" 388/* The expiration time of Postfix SMTP client TLS session cache 389/* information. 390/* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" 391/* How the Postfix SMTP client verifies the server certificate 392/* peername for the 393/* "verify" TLS security level. 394/* .IP "\fBtls_daemon_random_bytes (32)\fR" 395/* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 396/* process requests from the \fBtlsmgr\fR(8) server in order to seed its 397/* internal pseudo random number generator (PRNG). 398/* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" 399/* The OpenSSL cipherlist for "HIGH" grade ciphers. 400/* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" 401/* The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. 402/* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" 403/* The OpenSSL cipherlist for "LOW" or higher grade ciphers. 404/* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" 405/* The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. 406/* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 407/* The OpenSSL cipherlist for "NULL" grade ciphers that provide 408/* authentication without encryption. 409/* .PP 410/* Available in Postfix version 2.4 and later: 411/* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" 412/* The SASL authentication security options that the Postfix SMTP 413/* client uses for TLS encrypted SMTP sessions with a verified server 414/* certificate. 415/* .PP 416/* Available in Postfix version 2.5 and later: 417/* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" 418/* List of acceptable remote SMTP server certificate fingerprints for 419/* the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = 420/* fingerprint). 421/* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR" 422/* The message digest algorithm used to construct remote SMTP server 423/* certificate fingerprints. 424/* .PP 425/* Available in Postfix version 2.6 and later: 426/* .IP "\fBsmtp_tls_protocols (!SSLv2)\fR" 427/* List of TLS protocols that the Postfix SMTP client will exclude or 428/* include with opportunistic TLS encryption. 429/* .IP "\fBsmtp_tls_ciphers (export)\fR" 430/* The minimum TLS cipher grade that the Postfix SMTP client 431/* will use with opportunistic TLS encryption. 432/* .IP "\fBsmtp_tls_eccert_file (empty)\fR" 433/* File with the Postfix SMTP client ECDSA certificate in PEM format. 434/* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" 435/* File with the Postfix SMTP client ECDSA private key in PEM format. 436/* .PP 437/* Available in Postfix version 2.7 and later: 438/* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" 439/* Try to detect a mail hijacking attack based on a TLS protocol 440/* vulnerability (CVE-2009-3555), where an attacker prepends malicious 441/* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 442/* .PP 443/* Available in Postfix version 2.8 and later: 444/* .IP "\fBtls_disable_workarounds (see 'postconf -d' output)\fR" 445/* List or bit-mask of OpenSSL bug work-arounds to disable. 446/* .PP 447/* Available in Postfix version 2.11 and later: 448/* .IP "\fBsmtp_tls_trust_anchor_file (empty)\fR" 449/* Zero or more PEM-format files with trust-anchor certificates 450/* and/or public keys. 451/* .IP "\fBsmtp_tls_force_insecure_host_tlsa_lookup (no)\fR" 452/* Lookup the associated DANE TLSA RRset even when a hostname is 453/* not an alias and its address records lie in an unsigned zone. 454/* .IP "\fBtls_dane_trust_anchor_digest_enable (yes)\fR" 455/* RFC 6698 trust-anchor digest support in the Postfix TLS library. 456/* .IP "\fBtlsmgr_service_name (tlsmgr)\fR" 457/* The name of the \fBtlsmgr\fR(8) service entry in master.cf. 458/* OBSOLETE STARTTLS CONTROLS 459/* .ad 460/* .fi 461/* The following configuration parameters exist for compatibility 462/* with Postfix versions before 2.3. Support for these will 463/* be removed in a future release. 464/* .IP "\fBsmtp_use_tls (no)\fR" 465/* Opportunistic mode: use TLS when a remote SMTP server announces 466/* STARTTLS support, otherwise send the mail in the clear. 467/* .IP "\fBsmtp_enforce_tls (no)\fR" 468/* Enforcement mode: require that remote SMTP servers use TLS 469/* encryption, and never send mail in the clear. 470/* .IP "\fBsmtp_tls_enforce_peername (yes)\fR" 471/* With mandatory TLS encryption, require that the remote SMTP 472/* server hostname matches the information in the remote SMTP server 473/* certificate. 474/* .IP "\fBsmtp_tls_per_site (empty)\fR" 475/* Optional lookup tables with the Postfix SMTP client TLS usage 476/* policy by next-hop destination and by remote SMTP server hostname. 477/* .IP "\fBsmtp_tls_cipherlist (empty)\fR" 478/* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 479/* cipher list. 480/* RESOURCE AND RATE CONTROLS 481/* .ad 482/* .fi 483/* .IP "\fBsmtp_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 484/* The maximal number of parallel deliveries to the same destination 485/* via the smtp message delivery transport. 486/* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR" 487/* The maximal number of recipients per message for the smtp 488/* message delivery transport. 489/* .IP "\fBsmtp_connect_timeout (30s)\fR" 490/* The Postfix SMTP client time limit for completing a TCP connection, or 491/* zero (use the operating system built-in time limit). 492/* .IP "\fBsmtp_helo_timeout (300s)\fR" 493/* The Postfix SMTP client time limit for sending the HELO or EHLO command, 494/* and for receiving the initial remote SMTP server response. 495/* .IP "\fBlmtp_lhlo_timeout (300s)\fR" 496/* The Postfix LMTP client time limit for sending the LHLO command, 497/* and for receiving the initial remote LMTP server response. 498/* .IP "\fBsmtp_xforward_timeout (300s)\fR" 499/* The Postfix SMTP client time limit for sending the XFORWARD command, 500/* and for receiving the remote SMTP server response. 501/* .IP "\fBsmtp_mail_timeout (300s)\fR" 502/* The Postfix SMTP client time limit for sending the MAIL FROM command, 503/* and for receiving the remote SMTP server response. 504/* .IP "\fBsmtp_rcpt_timeout (300s)\fR" 505/* The Postfix SMTP client time limit for sending the SMTP RCPT TO 506/* command, and for receiving the remote SMTP server response. 507/* .IP "\fBsmtp_data_init_timeout (120s)\fR" 508/* The Postfix SMTP client time limit for sending the SMTP DATA command, 509/* and for receiving the remote SMTP server response. 510/* .IP "\fBsmtp_data_xfer_timeout (180s)\fR" 511/* The Postfix SMTP client time limit for sending the SMTP message content. 512/* .IP "\fBsmtp_data_done_timeout (600s)\fR" 513/* The Postfix SMTP client time limit for sending the SMTP ".", and 514/* for receiving the remote SMTP server response. 515/* .IP "\fBsmtp_quit_timeout (300s)\fR" 516/* The Postfix SMTP client time limit for sending the QUIT command, 517/* and for receiving the remote SMTP server response. 518/* .PP 519/* Available in Postfix version 2.1 and later: 520/* .IP "\fBsmtp_mx_address_limit (5)\fR" 521/* The maximal number of MX (mail exchanger) IP addresses that can 522/* result from Postfix SMTP client mail exchanger lookups, or zero (no 523/* limit). 524/* .IP "\fBsmtp_mx_session_limit (2)\fR" 525/* The maximal number of SMTP sessions per delivery request before 526/* the Postfix SMTP client 527/* gives up or delivers to a fall-back relay host, or zero (no 528/* limit). 529/* .IP "\fBsmtp_rset_timeout (20s)\fR" 530/* The Postfix SMTP client time limit for sending the RSET command, 531/* and for receiving the remote SMTP server response. 532/* .PP 533/* Available in Postfix version 2.2 and earlier: 534/* .IP "\fBlmtp_cache_connection (yes)\fR" 535/* Keep Postfix LMTP client connections open for up to $max_idle 536/* seconds. 537/* .PP 538/* Available in Postfix version 2.2 and later: 539/* .IP "\fBsmtp_connection_cache_destinations (empty)\fR" 540/* Permanently enable SMTP connection caching for the specified 541/* destinations. 542/* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR" 543/* Temporarily enable SMTP connection caching while a destination 544/* has a high volume of mail in the active queue. 545/* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" 546/* The amount of time during which Postfix will use an SMTP 547/* connection repeatedly. 548/* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR" 549/* When SMTP connection caching is enabled, the amount of time that 550/* an unused SMTP client socket is kept open before it is closed. 551/* .PP 552/* Available in Postfix version 2.3 and later: 553/* .IP "\fBconnection_cache_protocol_timeout (5s)\fR" 554/* Time limit for connection cache connect, send or receive 555/* operations. 556/* .PP 557/* Available in Postfix version 2.9 and later: 558/* .IP "\fBsmtp_per_record_deadline (no)\fR" 559/* Change the behavior of the smtp_*_timeout time limits, from a 560/* time limit per read or write system call, to a time limit to send 561/* or receive a complete record (an SMTP command line, SMTP response 562/* line, SMTP message content line, or TLS protocol message). 563/* .PP 564/* Available in Postfix version 2.11 and later: 565/* .IP "\fBsmtp_connection_reuse_count_limit (0)\fR" 566/* When SMTP connection caching is enabled, the number of times 567/* that an SMTP session may be reused before it is closed, or zero (no 568/* limit). 569/* TROUBLE SHOOTING CONTROLS 570/* .ad 571/* .fi 572/* .IP "\fBdebug_peer_level (2)\fR" 573/* The increment in verbose logging level when a remote client or 574/* server matches a pattern in the debug_peer_list parameter. 575/* .IP "\fBdebug_peer_list (empty)\fR" 576/* Optional list of remote client or server hostname or network 577/* address patterns that cause the verbose logging level to increase 578/* by the amount specified in $debug_peer_level. 579/* .IP "\fBerror_notice_recipient (postmaster)\fR" 580/* The recipient of postmaster notifications about mail delivery 581/* problems that are caused by policy, resource, software or protocol 582/* errors. 583/* .IP "\fBinternal_mail_filter_classes (empty)\fR" 584/* What categories of Postfix-generated mail are subject to 585/* before-queue content inspection by non_smtpd_milters, header_checks 586/* and body_checks. 587/* .IP "\fBnotify_classes (resource, software)\fR" 588/* The list of error classes that are reported to the postmaster. 589/* MISCELLANEOUS CONTROLS 590/* .ad 591/* .fi 592/* .IP "\fBbest_mx_transport (empty)\fR" 593/* Where the Postfix SMTP client should deliver mail when it detects 594/* a "mail loops back to myself" error condition. 595/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 596/* The default location of the Postfix main.cf and master.cf 597/* configuration files. 598/* .IP "\fBdaemon_timeout (18000s)\fR" 599/* How much time a Postfix daemon process may take to handle a 600/* request before it is terminated by a built-in watchdog timer. 601/* .IP "\fBdelay_logging_resolution_limit (2)\fR" 602/* The maximal number of digits after the decimal point when logging 603/* sub-second delay values. 604/* .IP "\fBdisable_dns_lookups (no)\fR" 605/* Disable DNS lookups in the Postfix SMTP and LMTP clients. 606/* .IP "\fBinet_interfaces (all)\fR" 607/* The network interface addresses that this mail system receives 608/* mail on. 609/* .IP "\fBinet_protocols (all)\fR" 610/* The Internet protocols Postfix will attempt to use when making 611/* or accepting connections. 612/* .IP "\fBipc_timeout (3600s)\fR" 613/* The time limit for sending or receiving information over an internal 614/* communication channel. 615/* .IP "\fBlmtp_assume_final (no)\fR" 616/* When a remote LMTP server announces no DSN support, assume that 617/* the 618/* server performs final delivery, and send "delivered" delivery status 619/* notifications instead of "relayed". 620/* .IP "\fBlmtp_tcp_port (24)\fR" 621/* The default TCP port that the Postfix LMTP client connects to. 622/* .IP "\fBmax_idle (100s)\fR" 623/* The maximum amount of time that an idle Postfix daemon process waits 624/* for an incoming connection before terminating voluntarily. 625/* .IP "\fBmax_use (100)\fR" 626/* The maximal number of incoming connections that a Postfix daemon 627/* process will service before terminating voluntarily. 628/* .IP "\fBprocess_id (read-only)\fR" 629/* The process ID of a Postfix command or daemon process. 630/* .IP "\fBprocess_name (read-only)\fR" 631/* The process name of a Postfix command or daemon process. 632/* .IP "\fBproxy_interfaces (empty)\fR" 633/* The network interface addresses that this mail system receives mail 634/* on by way of a proxy or network address translation unit. 635/* .IP "\fBsmtp_address_preference (any)\fR" 636/* The address type ("ipv6", "ipv4" or "any") that the Postfix 637/* SMTP client will try first, when a destination has IPv6 and IPv4 638/* addresses with equal MX preference. 639/* .IP "\fBsmtp_bind_address (empty)\fR" 640/* An optional numerical network address that the Postfix SMTP client 641/* should bind to when making an IPv4 connection. 642/* .IP "\fBsmtp_bind_address6 (empty)\fR" 643/* An optional numerical network address that the Postfix SMTP client 644/* should bind to when making an IPv6 connection. 645/* .IP "\fBsmtp_helo_name ($myhostname)\fR" 646/* The hostname to send in the SMTP EHLO or HELO command. 647/* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" 648/* The hostname to send in the LMTP LHLO command. 649/* .IP "\fBsmtp_host_lookup (dns)\fR" 650/* What mechanisms the Postfix SMTP client uses to look up a host's 651/* IP address. 652/* .IP "\fBsmtp_randomize_addresses (yes)\fR" 653/* Randomize the order of equal-preference MX host addresses. 654/* .IP "\fBsyslog_facility (mail)\fR" 655/* The syslog facility of Postfix logging. 656/* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 657/* The mail system name that is prepended to the process name in syslog 658/* records, so that "smtpd" becomes, for example, "postfix/smtpd". 659/* .PP 660/* Available with Postfix 2.2 and earlier: 661/* .IP "\fBfallback_relay (empty)\fR" 662/* Optional list of relay hosts for SMTP destinations that can't be 663/* found or that are unreachable. 664/* .PP 665/* Available with Postfix 2.3 and later: 666/* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" 667/* Optional list of relay hosts for SMTP destinations that can't be 668/* found or that are unreachable. 669/* SEE ALSO 670/* generic(5), output address rewriting 671/* header_checks(5), message header content inspection 672/* body_checks(5), body parts content inspection 673/* qmgr(8), queue manager 674/* bounce(8), delivery status reports 675/* scache(8), connection cache server 676/* postconf(5), configuration parameters 677/* master(5), generic daemon options 678/* master(8), process manager 679/* tlsmgr(8), TLS session and PRNG management 680/* syslogd(8), system logging 681/* README FILES 682/* .ad 683/* .fi 684/* Use "\fBpostconf readme_directory\fR" or 685/* "\fBpostconf html_directory\fR" to locate this information. 686/* .na 687/* .nf 688/* SASL_README, Postfix SASL howto 689/* TLS_README, Postfix STARTTLS howto 690/* LICENSE 691/* .ad 692/* .fi 693/* The Secure Mailer license must be distributed with this software. 694/* AUTHOR(S) 695/* Wietse Venema 696/* IBM T.J. Watson Research 697/* P.O. Box 704 698/* Yorktown Heights, NY 10598, USA 699/* 700/* Command pipelining in cooperation with: 701/* Jon Ribbens 702/* Oaktree Internet Solutions Ltd., 703/* Internet House, 704/* Canal Basin, 705/* Coventry, 706/* CV1 4LY, United Kingdom. 707/* 708/* SASL support originally by: 709/* Till Franke 710/* SuSE Rhein/Main AG 711/* 65760 Eschborn, Germany 712/* 713/* TLS support originally by: 714/* Lutz Jaenicke 715/* BTU Cottbus 716/* Allgemeine Elektrotechnik 717/* Universitaetsplatz 3-4 718/* D-03044 Cottbus, Germany 719/* 720/* Revised TLS and SMTP connection cache support by: 721/* Victor Duchovni 722/* Morgan Stanley 723/*--*/ 724 725/* System library. */ 726 727#include <sys_defs.h> 728#include <unistd.h> 729#include <stdlib.h> 730#include <string.h> 731#include <fcntl.h> 732#include <dict.h> 733#include <stringops.h> 734 735/* Utility library. */ 736 737#include <msg.h> 738#include <mymalloc.h> 739#include <name_mask.h> 740#include <name_code.h> 741 742/* Global library. */ 743 744#include <deliver_request.h> 745#include <mail_params.h> 746#include <mail_version.h> 747#include <mail_conf.h> 748#include <debug_peer.h> 749#include <flush_clnt.h> 750#include <scache.h> 751#include <string_list.h> 752#include <maps.h> 753#include <ext_prop.h> 754 755/* DNS library. */ 756 757#include <dns.h> 758 759/* Single server skeleton. */ 760 761#include <mail_server.h> 762 763/* Application-specific. */ 764 765#include "smtp.h" 766#include "smtp_sasl.h" 767 768 /* 769 * Tunable parameters. These have compiled-in defaults that can be overruled 770 * by settings in the global Postfix configuration file. 771 */ 772int var_smtp_conn_tmout; 773int var_smtp_helo_tmout; 774int var_smtp_xfwd_tmout; 775int var_smtp_mail_tmout; 776int var_smtp_rcpt_tmout; 777int var_smtp_data0_tmout; 778int var_smtp_data1_tmout; 779int var_smtp_data2_tmout; 780int var_smtp_rset_tmout; 781int var_smtp_quit_tmout; 782char *var_inet_interfaces; 783char *var_notify_classes; 784int var_smtp_skip_5xx_greeting; 785int var_ign_mx_lookup_err; 786int var_skip_quit_resp; 787char *var_fallback_relay; 788char *var_bestmx_transp; 789char *var_error_rcpt; 790int var_smtp_always_ehlo; 791int var_smtp_never_ehlo; 792char *var_smtp_sasl_opts; 793char *var_smtp_sasl_path; 794char *var_smtp_sasl_passwd; 795bool var_smtp_sasl_enable; 796char *var_smtp_sasl_mechs; 797char *var_smtp_sasl_type; 798char *var_smtp_bind_addr; 799char *var_smtp_bind_addr6; 800bool var_smtp_rand_addr; 801int var_smtp_pix_thresh; 802int var_smtp_pix_delay; 803int var_smtp_line_limit; 804char *var_smtp_helo_name; 805char *var_smtp_host_lookup; 806bool var_smtp_quote_821_env; 807bool var_smtp_defer_mxaddr; 808bool var_smtp_send_xforward; 809int var_smtp_mxaddr_limit; 810int var_smtp_mxsess_limit; 811int var_smtp_cache_conn; 812int var_smtp_reuse_time; 813int var_smtp_reuse_count; 814char *var_smtp_cache_dest; 815char *var_scache_service; /* You can now leave this here. */ 816bool var_smtp_cache_demand; 817char *var_smtp_ehlo_dis_words; 818char *var_smtp_ehlo_dis_maps; 819char *var_smtp_addr_pref; 820 821char *var_smtp_tls_level; 822bool var_smtp_use_tls; 823bool var_smtp_enforce_tls; 824char *var_smtp_tls_per_site; 825char *var_smtp_tls_policy; 826 827#ifdef USE_TLS 828char *var_smtp_sasl_tls_opts; 829char *var_smtp_sasl_tlsv_opts; 830int var_smtp_starttls_tmout; 831char *var_smtp_tls_CAfile; 832char *var_smtp_tls_CApath; 833char *var_smtp_tls_cert_file; 834char *var_smtp_tls_mand_ciph; 835char *var_smtp_tls_excl_ciph; 836char *var_smtp_tls_mand_excl; 837char *var_smtp_tls_dcert_file; 838char *var_smtp_tls_dkey_file; 839bool var_smtp_tls_enforce_peername; 840char *var_smtp_tls_key_file; 841char *var_smtp_tls_loglevel; 842bool var_smtp_tls_note_starttls_offer; 843char *var_smtp_tls_mand_proto; 844char *var_smtp_tls_sec_cmatch; 845int var_smtp_tls_scert_vd; 846char *var_smtp_tls_vfy_cmatch; 847char *var_smtp_tls_fpt_cmatch; 848char *var_smtp_tls_fpt_dgst; 849char *var_smtp_tls_tafile; 850char *var_smtp_tls_proto; 851char *var_smtp_tls_ciph; 852char *var_smtp_tls_eccert_file; 853char *var_smtp_tls_eckey_file; 854bool var_smtp_tls_blk_early_mail_reply; 855bool var_smtp_tls_force_tlsa; 856 857#endif 858 859char *var_smtp_generic_maps; 860char *var_prop_extension; 861bool var_smtp_sender_auth; 862char *var_lmtp_tcp_port; 863int var_scache_proto_tmout; 864bool var_smtp_cname_overr; 865char *var_smtp_pix_bug_words; 866char *var_smtp_pix_bug_maps; 867char *var_cyrus_conf_path; 868char *var_smtp_head_chks; 869char *var_smtp_mime_chks; 870char *var_smtp_nest_chks; 871char *var_smtp_body_chks; 872char *var_smtp_resp_filter; 873bool var_lmtp_assume_final; 874char *var_smtp_dns_res_opt; 875char *var_smtp_dns_support; 876bool var_smtp_rec_deadline; 877bool var_smtp_dummy_mail_auth; 878 879 /* Special handling of 535 AUTH errors. */ 880char *var_smtp_sasl_auth_cache_name; 881int var_smtp_sasl_auth_cache_time; 882bool var_smtp_sasl_auth_soft_bounce; 883 884 /* 885 * Global variables. 886 */ 887int smtp_mode; 888int smtp_host_lookup_mask; 889int smtp_dns_support; 890STRING_LIST *smtp_cache_dest; 891SCACHE *smtp_scache; 892MAPS *smtp_ehlo_dis_maps; 893MAPS *smtp_generic_maps; 894int smtp_ext_prop_mask; 895unsigned smtp_dns_res_opt; 896MAPS *smtp_pix_bug_maps; 897HBC_CHECKS *smtp_header_checks; /* limited header checks */ 898HBC_CHECKS *smtp_body_checks; /* limited body checks */ 899 900#ifdef USE_TLS 901 902 /* 903 * OpenSSL client state (opaque handle) 904 */ 905TLS_APPL_STATE *smtp_tls_ctx; 906 907#endif 908 909 /* 910 * IPv6 preference. 911 */ 912static int smtp_addr_pref; 913 914/* deliver_message - deliver message with extreme prejudice */ 915 916static int deliver_message(const char *service, DELIVER_REQUEST *request) 917{ 918 SMTP_STATE *state; 919 int result; 920 921 if (msg_verbose) 922 msg_info("deliver_message: from %s", request->sender); 923 924 /* 925 * Sanity checks. The smtp server is unprivileged and chrooted, so we can 926 * afford to distribute the data censoring code, instead of having it all 927 * in one place. 928 */ 929 if (request->nexthop[0] == 0) 930 msg_fatal("empty nexthop hostname"); 931 if (request->rcpt_list.len <= 0) 932 msg_fatal("recipient count: %d", request->rcpt_list.len); 933 934 /* 935 * Initialize. Bundle all information about the delivery request, so that 936 * we can produce understandable diagnostics when something goes wrong 937 * many levels below. The alternative would be to make everything global. 938 */ 939 state = smtp_state_alloc(); 940 state->request = request; 941 state->src = request->fp; 942 state->service = service; 943 state->misc_flags |= smtp_addr_pref; 944 SMTP_RCPT_INIT(state); 945 946 /* 947 * Establish an SMTP session and deliver this message to all requested 948 * recipients. At the end, notify the postmaster of any protocol errors. 949 * Optionally deliver mail locally when this machine is the best mail 950 * exchanger. 951 */ 952 result = smtp_connect(state); 953 954 /* 955 * Clean up. 956 */ 957 smtp_state_free(state); 958 959 return (result); 960} 961 962/* smtp_service - perform service for client */ 963 964static void smtp_service(VSTREAM *client_stream, char *service, char **argv) 965{ 966 DELIVER_REQUEST *request; 967 int status; 968 969 /* 970 * Sanity check. This service takes no command-line arguments. 971 */ 972 if (argv[0]) 973 msg_fatal("unexpected command-line argument: %s", argv[0]); 974 975 /* 976 * This routine runs whenever a client connects to the UNIX-domain socket 977 * dedicated to remote SMTP delivery service. What we see below is a 978 * little protocol to (1) tell the queue manager that we are ready, (2) 979 * read a request from the queue manager, and (3) report the completion 980 * status of that request. All connection-management stuff is handled by 981 * the common code in single_server.c. 982 */ 983 if ((request = deliver_request_read(client_stream)) != 0) { 984 status = deliver_message(service, request); 985 deliver_request_done(client_stream, request, status); 986 } 987} 988 989/* post_init - post-jail initialization */ 990 991static void post_init(char *unused_name, char **unused_argv) 992{ 993 static const NAME_MASK lookup_masks[] = { 994 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, 995 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 996 0, 997 }; 998 static const NAME_MASK dns_res_opt_masks[] = { 999 SMTP_DNS_RES_OPT_DEFNAMES, RES_DEFNAMES, 1000 SMTP_DNS_RES_OPT_DNSRCH, RES_DNSRCH, 1001 0, 1002 }; 1003 static const NAME_CODE dns_support[] = { 1004 SMTP_DNS_SUPPORT_DISABLED, SMTP_DNS_DISABLED, 1005 SMTP_DNS_SUPPORT_ENABLED, SMTP_DNS_ENABLED, 1006#if (RES_USE_DNSSEC != 0) && (RES_USE_EDNS0 != 0) 1007 SMTP_DNS_SUPPORT_DNSSEC, SMTP_DNS_DNSSEC, 1008#endif 1009 0, SMTP_DNS_INVALID, 1010 }; 1011 1012 if (*var_smtp_dns_support == 0) { 1013 /* Backwards compatible empty setting */ 1014 smtp_dns_support = 1015 var_disable_dns ? SMTP_DNS_DISABLED : SMTP_DNS_ENABLED; 1016 } else { 1017 smtp_dns_support = 1018 name_code(dns_support, NAME_CODE_FLAG_NONE, var_smtp_dns_support); 1019 if (smtp_dns_support == SMTP_DNS_INVALID) 1020 msg_fatal("invalid %s: \"%s\"", SMTP_X(DNS_SUPPORT), 1021 var_smtp_dns_support); 1022 var_disable_dns = (smtp_dns_support == SMTP_DNS_DISABLED); 1023 } 1024 1025 /* 1026 * Select hostname lookup mechanisms. 1027 */ 1028 if (smtp_dns_support == SMTP_DNS_DISABLED) 1029 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; 1030 else 1031 smtp_host_lookup_mask = 1032 name_mask(SMTP_X(HOST_LOOKUP), lookup_masks, var_smtp_host_lookup); 1033 if (msg_verbose) 1034 msg_info("host name lookup methods: %s", 1035 str_name_mask(SMTP_X(HOST_LOOKUP), lookup_masks, 1036 smtp_host_lookup_mask)); 1037 1038 /* 1039 * Session cache instance. 1040 */ 1041 if (*var_smtp_cache_dest || var_smtp_cache_demand) 1042#if 0 1043 smtp_scache = scache_multi_create(); 1044#else 1045 smtp_scache = scache_clnt_create(var_scache_service, 1046 var_scache_proto_tmout, 1047 var_ipc_idle_limit, 1048 var_ipc_ttl_limit); 1049#endif 1050 1051 /* 1052 * Select DNS query flags. 1053 */ 1054 smtp_dns_res_opt = name_mask(SMTP_X(DNS_RES_OPT), dns_res_opt_masks, 1055 var_smtp_dns_res_opt); 1056} 1057 1058/* pre_init - pre-jail initialization */ 1059 1060static void pre_init(char *unused_name, char **unused_argv) 1061{ 1062 int use_tls; 1063 static const NAME_CODE addr_pref_map[] = { 1064 INET_PROTO_NAME_IPV6, SMTP_MISC_FLAG_PREF_IPV6, 1065 INET_PROTO_NAME_IPV4, SMTP_MISC_FLAG_PREF_IPV4, 1066 INET_PROTO_NAME_ANY, 0, 1067 0, -1, 1068 }; 1069 1070 /* 1071 * Turn on per-peer debugging. 1072 */ 1073 debug_peer_init(); 1074 1075 /* 1076 * SASL initialization. 1077 */ 1078 if (var_smtp_sasl_enable) 1079#ifdef USE_SASL_AUTH 1080 smtp_sasl_initialize(); 1081#else 1082 msg_warn("%s is true, but SASL support is not compiled in", 1083 SMTP_X(SASL_ENABLE)); 1084#endif 1085 1086 if (*var_smtp_tls_level != 0) 1087#ifdef USE_TLS 1088 switch (tls_level_lookup(var_smtp_tls_level)) { 1089 case TLS_LEV_SECURE: 1090 case TLS_LEV_VERIFY: 1091 case TLS_LEV_DANE_ONLY: 1092 case TLS_LEV_FPRINT: 1093 case TLS_LEV_ENCRYPT: 1094 var_smtp_use_tls = var_smtp_enforce_tls = 1; 1095 break; 1096 case TLS_LEV_DANE: 1097 case TLS_LEV_MAY: 1098 var_smtp_use_tls = 1; 1099 var_smtp_enforce_tls = 0; 1100 break; 1101 case TLS_LEV_NONE: 1102 var_smtp_use_tls = var_smtp_enforce_tls = 0; 1103 break; 1104 default: 1105 /* tls_level_lookup() logs no warning. */ 1106 /* session_tls_init() assumes that var_smtp_tls_level is sane. */ 1107 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); 1108 } 1109#endif 1110 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); 1111 1112 /* 1113 * Initialize the TLS data before entering the chroot jail 1114 */ 1115 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { 1116#ifdef USE_TLS 1117 TLS_CLIENT_INIT_PROPS props; 1118 1119 /* 1120 * We get stronger type safety and a cleaner interface by combining 1121 * the various parameters into a single tls_client_props structure. 1122 * 1123 * Large parameter lists are error-prone, so we emulate a language 1124 * feature that C does not have natively: named parameter lists. 1125 */ 1126 smtp_tls_ctx = 1127 TLS_CLIENT_INIT(&props, 1128 log_param = SMTP_X(TLS_LOGLEVEL), 1129 log_level = var_smtp_tls_loglevel, 1130 verifydepth = var_smtp_tls_scert_vd, 1131 cache_type = X_SMTP(TLS_MGR_SCACHE), 1132 cert_file = var_smtp_tls_cert_file, 1133 key_file = var_smtp_tls_key_file, 1134 dcert_file = var_smtp_tls_dcert_file, 1135 dkey_file = var_smtp_tls_dkey_file, 1136 eccert_file = var_smtp_tls_eccert_file, 1137 eckey_file = var_smtp_tls_eckey_file, 1138 CAfile = var_smtp_tls_CAfile, 1139 CApath = var_smtp_tls_CApath, 1140 mdalg = var_smtp_tls_fpt_dgst); 1141 smtp_tls_list_init(); 1142#else 1143 msg_warn("TLS has been selected, but TLS support is not compiled in"); 1144#endif 1145 } 1146 1147 /* 1148 * Flush client. 1149 */ 1150 flush_init(); 1151 1152 /* 1153 * Session cache domain list. 1154 */ 1155 if (*var_smtp_cache_dest) 1156 smtp_cache_dest = string_list_init(MATCH_FLAG_RETURN, var_smtp_cache_dest); 1157 1158 /* 1159 * EHLO keyword filter. 1160 */ 1161 if (*var_smtp_ehlo_dis_maps) 1162 smtp_ehlo_dis_maps = maps_create(SMTP_X(EHLO_DIS_MAPS), 1163 var_smtp_ehlo_dis_maps, 1164 DICT_FLAG_LOCK); 1165 1166 /* 1167 * PIX bug workarounds. 1168 */ 1169 if (*var_smtp_pix_bug_maps) 1170 smtp_pix_bug_maps = maps_create(SMTP_X(PIX_BUG_MAPS), 1171 var_smtp_pix_bug_maps, 1172 DICT_FLAG_LOCK); 1173 1174 /* 1175 * Generic maps. 1176 */ 1177 if (*var_prop_extension) 1178 smtp_ext_prop_mask = 1179 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); 1180 if (*var_smtp_generic_maps) 1181 smtp_generic_maps = 1182 maps_create(SMTP_X(GENERIC_MAPS), var_smtp_generic_maps, 1183 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1184 1185 /* 1186 * Header/body checks. 1187 */ 1188 smtp_header_checks = hbc_header_checks_create( 1189 SMTP_X(HEAD_CHKS), var_smtp_head_chks, 1190 SMTP_X(MIME_CHKS), var_smtp_mime_chks, 1191 SMTP_X(NEST_CHKS), var_smtp_nest_chks, 1192 smtp_hbc_callbacks); 1193 smtp_body_checks = hbc_body_checks_create( 1194 SMTP_X(BODY_CHKS), var_smtp_body_chks, 1195 smtp_hbc_callbacks); 1196 1197 /* 1198 * Server reply filter. 1199 */ 1200 if (*var_smtp_resp_filter) 1201 smtp_chat_resp_filter = 1202 dict_open(var_smtp_resp_filter, O_RDONLY, 1203 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1204 1205 /* 1206 * Address family preference. 1207 */ 1208 if (*var_smtp_addr_pref) { 1209 smtp_addr_pref = name_code(addr_pref_map, NAME_CODE_FLAG_NONE, 1210 var_smtp_addr_pref); 1211 if (smtp_addr_pref < 0) 1212 msg_fatal("bad %s value: %s", SMTP_X(ADDR_PREF), var_smtp_addr_pref); 1213 } 1214} 1215 1216/* pre_accept - see if tables have changed */ 1217 1218static void pre_accept(char *unused_name, char **unused_argv) 1219{ 1220 const char *table; 1221 1222 if ((table = dict_changed_name()) != 0) { 1223 msg_info("table %s has changed -- restarting", table); 1224 exit(0); 1225 } 1226} 1227 1228MAIL_VERSION_STAMP_DECLARE; 1229 1230/* main - pass control to the single-threaded skeleton */ 1231 1232int main(int argc, char **argv) 1233{ 1234 char *sane_procname; 1235 1236#include "smtp_params.c" 1237#include "lmtp_params.c" 1238 1239 /* 1240 * Fingerprint executables and core dumps. 1241 */ 1242 MAIL_VERSION_STAMP_ALLOCATE; 1243 1244 /* 1245 * XXX At this point, var_procname etc. are not initialized. 1246 * 1247 * The process name, "smtp" or "lmtp", determines the protocol, the DSN 1248 * server reply type, SASL service information lookup, and more. Prepare 1249 * for the possibility there may be another personality. 1250 */ 1251 sane_procname = sane_basename((VSTRING *) 0, argv[0]); 1252 if (strcmp(sane_procname, "smtp") == 0) 1253 smtp_mode = 1; 1254 else if (strcmp(sane_procname, "lmtp") == 0) 1255 smtp_mode = 0; 1256 else 1257 msg_fatal("unexpected process name \"%s\" - " 1258 "specify \"smtp\" or \"lmtp\"", var_procname); 1259 1260 /* 1261 * Initialize with the LMTP or SMTP parameter name space. 1262 */ 1263 single_server_main(argc, argv, smtp_service, 1264 MAIL_SERVER_TIME_TABLE, smtp_mode ? 1265 smtp_time_table : lmtp_time_table, 1266 MAIL_SERVER_INT_TABLE, smtp_mode ? 1267 smtp_int_table : lmtp_int_table, 1268 MAIL_SERVER_STR_TABLE, smtp_mode ? 1269 smtp_str_table : lmtp_str_table, 1270 MAIL_SERVER_BOOL_TABLE, smtp_mode ? 1271 smtp_bool_table : lmtp_bool_table, 1272 MAIL_SERVER_PRE_INIT, pre_init, 1273 MAIL_SERVER_POST_INIT, post_init, 1274 MAIL_SERVER_PRE_ACCEPT, pre_accept, 1275 0); 1276} 1277