DevHeads.net

Postings by Wietse Venema

New SMTP server protocol support: CHUNKING

Postfix snapshot 20180826 introduces server support for RFC 3030
CHUNKING (the BDAT command) without BINARYMIME, in both smtpd(8)
and postscreen(8).

Impact on existing configurations:
- There are no changes for smtpd_mumble_restrictions, smtpd_proxy_filter,
smtpd_milters, or for postscreen settings, except for the additional
option to suppress the SMTP server's CHUNKING service announcement,
for example, with:

/etc/postfix/main.cf:
smtpd_discard_ehlo_keywords = chunking

- There are no changes in the Postfix queue file content, no changes
f

postfix-3.4-20180619 updated connection reuse

postfix-3.4-20180619 fixes today's segfault in the connection reuse
logic. I have been unable to reproduce the problem on my own systems
so I'll depend on other people for confirmation.

Wietse

available: multiple deliveries per TLS-encrypted connection

Postfix snapshot 20180617, released a few minutes ago, introduces
Postfix SMTP client support for multiple deliveries per TLS-encrypted
connection. This is not to be confused with closing a connection
and reusing some TLS state in a new connection.

Below is a fragment from the RELEASE_NOTES file.

Wietse

Major changes with snapshot 20180617
====================================

Preliminary Postfix SMTP client support for multiple deliveries per
TLS-encrypted connection.

progress with TLS connection reuse

Postfix TLS connection reuse will improve delivery performance,
especially for sites that punish clients that send one message per
connection. This feature is evolving in a 'non-production' Postfix
release, currently postfix-3.4-20180603-nonprod.

Instead of changing how Postfix schedules deliveries, this builds
on the Postfix connection caching infrastructure that already exists
for plaintext connections.

Postfix stable release 3.3.1, and legacy releases 3.2.6, 3.1.9, 3.0.13

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.1.html]

Fixed in Postfix 3.3:

* Postfix did not support running as a PID=1 process, which
complicated Postfix deployment in containers. The "postfix
start-fg" command will now run the Postfix master daemon as a
PID=1 process if possible.

ping, please ignore

End-to-end verification. My last post was not distributed to the list.

Postfix 3.3.0 stable release

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.3.0.html]

Postfix stable release 3.3.0 is available. This release ends support
for legacy release Postfix 2.11.

The main changes are:

* Dual license: in addition to the historical IBM Public License
1.0, Postfix is now also distributed with the more recent Eclipse
Public License 2.0. Recipients can choose to take the software
under the license of their choice.

Postfix stable release 3.2.5, and legacy releases 3.1.8, 3.0.12, 2.11.11

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.5.html]

This announcement concerns fixes for problems that were introduced
with Postfix 2.1 and later, and updates the Postfix 3.2 license.

License update: starting with Postfix 3.2.5, Postfix 3.2 is distributed
with a dual license: in addition to the historical IBM Public License
1.0, it is now also distributed with the more recent Eclipse Public
License 2.0. Recipients can choose to take the software under the
license of their choice.

Including the service name in logging

This weekend I added a service_name feature that is documented
as follows:

[begin quote]
service_name (read-only)

The master.cf service name of a Postfix daemon process.

Proposed Postfix license change from IPL 1.0 to EPL 2.0

If you are vendor who distributes Postfix, please pass this email to
your legal counsel and let me know OFF LIST if the proposed licence
change would be a problem. License details are at the end of this message.

As of 1999, Postfix is distributed under the IBM public license (IPL)
version 1.0.

Postfix stable release 3.2.4, and legacy releases 3.1.7 and 3.0.11

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.4.html]

This announcement concerns fixes for problems that were introduced
with Postfix 3.0 and later. Older supported releases are unaffected.

Fixed in Postfix 3.1 and later:

* DANE interoperability. Postfix builds with OpenSSL 1.0.0 or
1.0.1 failed to send email to some sites with "TLSA 2 X X" DNS
records associated with an intermediate CA certificate.

Postfix 3.2.3 stable release available

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.3.html]

This announcement concerns fixes for problems that were introduced
with Postfix 3.2.

Dropping Google AAAA records (was: Force IPv4 by Destination MX)

This is how three years ago I solved IPv6 problems for all domains
that have Google as an MX host.

/etc/postfix/main.cf:
smtp_dns_reply_filter = pcre:/etc/postfix/smtp_dns_reply_filter

/etc/postfix/smtp_dns_reply_filter:
# /domain ttl IN AAAA address/ action, all case-insensitive.
# Note: the domain name ends in ".".
/^\S+\.google.com\.\s+\S+\s+\S+\s+AAAA\s+/ IGNORE

This drops all AAAA records from Google MX hosts, effectively forcing
Postfix to deliver over IPv4.

I adopted this because their PTR lookups did not distinguish between
'try again' and 'does not exist', causing

Postfix stable release 3.2.2 and legacy releases 3.1.6, 3.0.10 and 2.11.10

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.2.html]

This announcement (June 13, 2017) includes changes that were released
with an earlier update (June 10, 2017). The announcement was postponed
to avoid confusion due to repeated notification.

Fixed in all supported releases:

* Security: Berkeley DB versions 2 and later try to read settings
from a file DB_CONFIG in the current directory.

Obsolete NSA exploit for Postfix 2.0 - 2.2

A recent twitter post reveals the existence of an exploit for Postfix,
in a collection of what appear to be NSA tools.

<a href="https://twitter.com/JulianAssange/status/850870683831648256" title="https://twitter.com/JulianAssange/status/850870683831648256">https://twitter.com/JulianAssange/status/850870683831648256</a>

This is an exploit for Postfix 2.0 - 2.2, for a bug that was fixed
11 years ago in Postfix 2.2.11 and later.

There was a memory corruption bug in a Postfix workaround for a
Sendmail bug (CERT advisory CA-2003-07, remote buffer overflow when
message headers contain lots of comment text before an email address).

Technical details: the Postfix strip_address() function, which
removes large comments from a mail header,

Postfix 3.2.0 stable release

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.2.0.html]

Postfix stable release 3.2.0 is available, 20 years after work began
early 1997. This release ends support for legacy release Postfix 2.10.

The main changes in no particular order are:

* Elliptic curve negotiation with OpenSSL <= 1.0.2. This changes
the default smtpd_tls_eecdh_grade setting to "auto", and
introduces a new parameter tls_eecdh_auto_curves with the names
of curves that may be negotiated.

* Stored-procedure support for MySQL databases.

Postfix 20 years ago

Last month it was 20 years ago that I started writing Postfix code.
After coming to IBM research in November 1996, I spent most of
December and January making notes on paper. I knew that writing a
mail system was more work than any of my prior projects.

The oldest tarball, dated 19970220, contains library functions plus
two early versions of the master daemon.

Postfix stable release 3.1.4 and legacy releases 3.0.8, 2.11.9

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.1.4.html]

Postfix stable release 3.1.4 is available, as well as legacy releases
3.0.8 and 2.11.9.

Postfix stable release 3.1.3 and legacy release 3.0.7

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.1.3.html]

Postfix stable release 3.1.3 is available, as well as legacy release
3.0.7.

Fixed with Postfix 3.1.3 and 3.0.7:

* The Postfix SMTP server did not reset a previous session's
failed/total command counts before rejecting a client that
exceeds request or concurrency rates.

Rough postscreen policy design

This is a rough design for the postscreen policy callout.

Wietse

High-level description
======================

After checking the postscreen_access_list, postscreen will call out
to an optional policy service before making DNS queries or sending
the PREGREET banner to the client.

The policy test is just another test that the client must pass
before it can talk to a real Postfix SMTP server.

Postfix stable release 3.1.2 and legacy release 3.0.6

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.1.2.html]

Postfix stable release 3.1.2 is available, as well as legacy release
3.0.6.

Fixed with Postfix 3.1.2:

* Changes to make Postfix build with OpenSSL 1.1.0.

Fixed with Postfix 3.1.2 and 3.0.6:

* The makedefs script ignored readme_directory=pathname overrides.
Fix by Todd C. Olson.

* The tls_session_ticket_cipher documentation says that the default
cipher for TLS session tickets is aes-256-cbc, but the implemented
default was aes-128-cbc.

Postfix stable release 3.1.1 and legacy releases 3.0.5, 2.11.8, and 2.10.10

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.1.1.html]

Postfix stable release 3.1.1 is available, as well as legacy releases
3.0.5, 2.11.8, and 2.10.10.

Fixed in all supported releases:

* The Milter "replace sender" (SMFIR_CHGFROM) request lost an
address that was added with sender_bcc_maps, resulting in a
"rcpt count mismatch" warning.

Postfix stable release 3.1.1 and legacy releases 3.0.5, 2.11.8, and 2.10.10

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.1.1.html]

Postfix stable release 3.1.1 is available, as well as legacy releases
3.0.5, 2.11.8, and 2.10.10.

Fixed in all supported releases:

* The Milter "replace sender" (SMFIR_CHGFROM) request lost an
address that was added with sender_bcc_maps, resulting in a
"rcpt count mismatch" warning.

Proposal: SMTP client policy protocol (for STS)

In order to protect the stability of the Postfix SMTP client, I
propose a new feature that builds on smtp_tls_policy_maps that
allows experimentation with STS and other features.

The design is similar to the way that Postfix SMTP server policies
build on access maps.

1) An optional smtp_check_tls_policy client in the Postfix SMTP
client that speaks TCP or local IPC just like the SMTP server's
check_policy feature.

/etc/postfix/main.cf:
smtp_check_tls_policy = inet:127.0.0.1:12345

2) Each query is a dump of all relevant SMTP client state, one
attribute and value per line:

query:

Postfix legacy release 3.0.4

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.0.4.html]

Postfix legacy release 3.0.4 is available.

There is one fix, back-ported from Postfix 3.1:

* The Postfix SMTP client would throttle (i.e. reduce concurrency
for) a destination after opportunistic TLS failure, causing the
affected messages to accumulate in the deferred queue. This
problem was introduced with Postfix 3.0.

You can find the updated Postfix source code at the mirrors listed
at <a href="http://www.postfix.org/" title="http://www.postfix.org/">http://www.postfix.org/</a>.

Postfix stable release 3.1.0

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.1.0.html]

Postfix stable release 3.1.0 is available.

Postfix stable 3.1 release candidate

I have uploaded the stable release candidate postfix-3.1.0-RC1 to
the primary mirror. I'll let it cool down a bit, and expect to
announce postfix-3.1.0 in a few days.

Wietse

Postfix 3.1 stable release in a week or so

Postfix 3.1 was feature-frozen a week or so ago, and it will take
another week or so to before it is ready as the next stable release.

This will be an incremental release, compared to the transition
from 2.11 to 3.0.

Feature: postqueue JSON output

This weekend I added preliminary support for JSON-formatted queue
listings. See below for a fragment from the postqueue manpage.

Now, a Postfix queue may contain millions of messages, and each
message may contain lots of recipients. A robust application would
not read the entire JSON queue listing into memory. Instead, it
would process the JSON queue listing one message object at a time
(this should be easy because the output is formatted as in RFC 7159,
including the two-space indent).

I need to clean up the code and add quoting for control characters
etc.

Postfix stable release 3.0.3 and legacy releases 2.11.7, 2.10.9, and 2.9.15

[An on-line version of this announcement will be available at
http://www.postfix.org/announcements/postfix-3.0.3.html]

Postfix stable release 3.0.3 is available, as well as legacy releases
2.11.7, 2.10.9, and 2.9.15.

Fixed in Postfix 2.9 and later:

* The Postfix Milter client aborted with a panic while adding a
message header, after adding a short message header with the
header_checks PREPEND action. Fixed by invoking the header
output function while PREPENDing a message header.

* False alarms while scanning the Postfix queue.