1 /* $NetBSD: smtp.c,v 1.3 2010/06/17 18:18:15 tron Exp $ */ 2 3 /*++ 4 /* NAME 5 /* smtp 8 6 /* SUMMARY 7 /* Postfix SMTP+LMTP client 8 /* SYNOPSIS 9 /* \fBsmtp\fR [generic Postfix daemon options] 10 /* DESCRIPTION 11 /* The Postfix SMTP+LMTP client implements the SMTP and LMTP mail 12 /* delivery protocols. It processes message delivery requests from 13 /* the queue manager. Each request specifies a queue file, a sender 14 /* address, a domain or host to deliver to, and recipient information. 15 /* This program expects to be run from the \fBmaster\fR(8) process 16 /* manager. 17 /* 18 /* The SMTP+LMTP client updates the queue file and marks recipients 19 /* as finished, or it informs the queue manager that delivery should 20 /* be tried again at a later time. Delivery status reports are sent 21 /* to the \fBbounce\fR(8), \fBdefer\fR(8) or \fBtrace\fR(8) daemon as 22 /* appropriate. 23 /* 24 /* The SMTP+LMTP client looks up a list of mail exchanger addresses for 25 /* the destination host, sorts the list by preference, and connects 26 /* to each listed address until it finds a server that responds. 27 /* 28 /* When a server is not reachable, or when mail delivery fails due 29 /* to a recoverable error condition, the SMTP+LMTP client will try to 30 /* deliver the mail to an alternate host. 31 /* 32 /* After a successful mail transaction, a connection may be saved 33 /* to the \fBscache\fR(8) connection cache server, so that it 34 /* may be used by any SMTP+LMTP client for a subsequent transaction. 35 /* 36 /* By default, connection caching is enabled temporarily for 37 /* destinations that have a high volume of mail in the active 38 /* queue. Connection caching can be enabled permanently for 39 /* specific destinations. 40 /* SMTP DESTINATION SYNTAX 41 /* .ad 42 /* .fi 43 /* SMTP destinations have the following form: 44 /* .IP \fIdomainname\fR 45 /* .IP \fIdomainname\fR:\fIport\fR 46 /* Look up the mail exchangers for the specified domain, and 47 /* connect to the specified port (default: \fBsmtp\fR). 48 /* .IP [\fIhostname\fR] 49 /* .IP [\fIhostname\fR]:\fIport\fR 50 /* Look up the address(es) of the specified host, and connect to 51 /* the specified port (default: \fBsmtp\fR). 52 /* .IP [\fIaddress\fR] 53 /* .IP [\fIaddress\fR]:\fIport\fR 54 /* Connect to the host at the specified address, and connect 55 /* to the specified port (default: \fBsmtp\fR). An IPv6 address 56 /* must be formatted as [\fBipv6\fR:\fIaddress\fR]. 57 /* LMTP DESTINATION SYNTAX 58 /* .ad 59 /* .fi 60 /* LMTP destinations have the following form: 61 /* .IP \fBunix\fR:\fIpathname\fR 62 /* Connect to the local UNIX-domain server that is bound to the specified 63 /* \fIpathname\fR. If the process runs chrooted, an absolute pathname 64 /* is interpreted relative to the Postfix queue directory. 65 /* .IP \fBinet\fR:\fIhostname\fR 66 /* .IP \fBinet\fB:\fIhostname\fR:\fIport\fR 67 /* .IP \fBinet\fR:[\fIaddress\fR] 68 /* .IP \fBinet\fR:[\fIaddress\fR]:\fIport\fR 69 /* Connect to the specified TCP port on the specified local or 70 /* remote host. If no port is specified, connect to the port defined as 71 /* \fBlmtp\fR in \fBservices\fR(4). 72 /* If no such service is found, the \fBlmtp_tcp_port\fR configuration 73 /* parameter (default value of 24) will be used. 74 /* An IPv6 address must be formatted as [\fBipv6\fR:\fIaddress\fR]. 75 /* .PP 76 /* SECURITY 77 /* .ad 78 /* .fi 79 /* The SMTP+LMTP client is moderately security-sensitive. It 80 /* talks to SMTP or LMTP servers and to DNS servers on the 81 /* network. The SMTP+LMTP client can be run chrooted at fixed 82 /* low privilege. 83 /* STANDARDS 84 /* RFC 821 (SMTP protocol) 85 /* RFC 822 (ARPA Internet Text Messages) 86 /* RFC 1651 (SMTP service extensions) 87 /* RFC 1652 (8bit-MIME transport) 88 /* RFC 1870 (Message Size Declaration) 89 /* RFC 2033 (LMTP protocol) 90 /* RFC 2034 (SMTP Enhanced Error Codes) 91 /* RFC 2045 (MIME: Format of Internet Message Bodies) 92 /* RFC 2046 (MIME: Media Types) 93 /* RFC 2554 (AUTH command) 94 /* RFC 2821 (SMTP protocol) 95 /* RFC 2920 (SMTP Pipelining) 96 /* RFC 3207 (STARTTLS command) 97 /* RFC 3461 (SMTP DSN Extension) 98 /* RFC 3463 (Enhanced Status Codes) 99 /* RFC 4954 (AUTH command) 100 /* DIAGNOSTICS 101 /* Problems and transactions are logged to \fBsyslogd\fR(8). 102 /* Corrupted message files are marked so that the queue manager can 103 /* move them to the \fBcorrupt\fR queue for further inspection. 104 /* 105 /* Depending on the setting of the \fBnotify_classes\fR parameter, 106 /* the postmaster is notified of bounces, protocol problems, and of 107 /* other trouble. 108 /* BUGS 109 /* SMTP and LMTP connection caching does not work with TLS. The necessary 110 /* support for TLS object passivation and re-activation does not 111 /* exist without closing the session, which defeats the purpose. 112 /* 113 /* SMTP and LMTP connection caching assumes that SASL credentials 114 /* are valid for all destinations that map onto the same IP 115 /* address and TCP port. 116 /* CONFIGURATION PARAMETERS 117 /* .ad 118 /* .fi 119 /* Before Postfix version 2.3, the LMTP client is a separate 120 /* program that implements only a subset of the functionality 121 /* available with SMTP: there is no support for TLS, and 122 /* connections are cached in-process, making it ineffective 123 /* when the client is used for multiple domains. 124 /* 125 /* Most smtp_\fIxxx\fR configuration parameters have an 126 /* lmtp_\fIxxx\fR "mirror" parameter for the equivalent LMTP 127 /* feature. This document describes only those LMTP-related 128 /* parameters that aren't simply "mirror" parameters. 129 /* 130 /* Changes to \fBmain.cf\fR are picked up automatically, as \fBsmtp\fR(8) 131 /* processes run for only a limited amount of time. Use the command 132 /* "\fBpostfix reload\fR" to speed up a change. 133 /* 134 /* The text below provides only a parameter summary. See 135 /* \fBpostconf\fR(5) for more details including examples. 136 /* COMPATIBILITY CONTROLS 137 /* .ad 138 /* .fi 139 /* .IP "\fBignore_mx_lookup_error (no)\fR" 140 /* Ignore DNS MX lookups that produce no response. 141 /* .IP "\fBsmtp_always_send_ehlo (yes)\fR" 142 /* Always send EHLO at the start of an SMTP session. 143 /* .IP "\fBsmtp_never_send_ehlo (no)\fR" 144 /* Never send EHLO at the start of an SMTP session. 145 /* .IP "\fBsmtp_defer_if_no_mx_address_found (no)\fR" 146 /* Defer mail delivery when no MX record resolves to an IP address. 147 /* .IP "\fBsmtp_line_length_limit (990)\fR" 148 /* The maximal length of message header and body lines that Postfix 149 /* will send via SMTP. 150 /* .IP "\fBsmtp_pix_workaround_delay_time (10s)\fR" 151 /* How long the Postfix SMTP client pauses before sending 152 /* ".<CR><LF>" in order to work around the PIX firewall 153 /* "<CR><LF>.<CR><LF>" bug. 154 /* .IP "\fBsmtp_pix_workaround_threshold_time (500s)\fR" 155 /* How long a message must be queued before the Postfix SMTP client 156 /* turns on the PIX firewall "<CR><LF>.<CR><LF>" 157 /* bug workaround for delivery through firewalls with "smtp fixup" 158 /* mode turned on. 159 /* .IP "\fBsmtp_pix_workarounds (disable_esmtp, delay_dotcrlf)\fR" 160 /* A list that specifies zero or more workarounds for CISCO PIX 161 /* firewall bugs. 162 /* .IP "\fBsmtp_pix_workaround_maps (empty)\fR" 163 /* Lookup tables, indexed by the remote SMTP server address, with 164 /* per-destination workarounds for CISCO PIX firewall bugs. 165 /* .IP "\fBsmtp_quote_rfc821_envelope (yes)\fR" 166 /* Quote addresses in SMTP MAIL FROM and RCPT TO commands as required 167 /* by RFC 2821. 168 /* .IP "\fBsmtp_reply_filter (empty)\fR" 169 /* A mechanism to transform replies from remote SMTP servers one 170 /* line at a time. 171 /* .IP "\fBsmtp_skip_5xx_greeting (yes)\fR" 172 /* Skip SMTP servers that greet with a 5XX status code (go away, do 173 /* not try again later). 174 /* .IP "\fBsmtp_skip_quit_response (yes)\fR" 175 /* Do not wait for the response to the SMTP QUIT command. 176 /* .PP 177 /* Available in Postfix version 2.0 and earlier: 178 /* .IP "\fBsmtp_skip_4xx_greeting (yes)\fR" 179 /* Skip SMTP servers that greet with a 4XX status code (go away, try 180 /* again later). 181 /* .PP 182 /* Available in Postfix version 2.2 and later: 183 /* .IP "\fBsmtp_discard_ehlo_keyword_address_maps (empty)\fR" 184 /* Lookup tables, indexed by the remote SMTP server address, with 185 /* case insensitive lists of EHLO keywords (pipelining, starttls, auth, 186 /* etc.) that the Postfix SMTP client will ignore in the EHLO response from a 187 /* remote SMTP server. 188 /* .IP "\fBsmtp_discard_ehlo_keywords (empty)\fR" 189 /* A case insensitive list of EHLO keywords (pipelining, starttls, 190 /* auth, etc.) that the Postfix SMTP client will ignore in the EHLO 191 /* response from a remote SMTP server. 192 /* .IP "\fBsmtp_generic_maps (empty)\fR" 193 /* Optional lookup tables that perform address rewriting in the 194 /* SMTP client, typically to transform a locally valid address into 195 /* a globally valid address when sending mail across the Internet. 196 /* .PP 197 /* Available in Postfix version 2.2.9 and later: 198 /* .IP "\fBsmtp_cname_overrides_servername (version dependent)\fR" 199 /* Allow DNS CNAME records to override the servername that the 200 /* Postfix SMTP client uses for logging, SASL password lookup, TLS 201 /* policy decisions, or TLS certificate verification. 202 /* .PP 203 /* Available in Postfix version 2.3 and later: 204 /* .IP "\fBlmtp_discard_lhlo_keyword_address_maps (empty)\fR" 205 /* Lookup tables, indexed by the remote LMTP server address, with 206 /* case insensitive lists of LHLO keywords (pipelining, starttls, 207 /* auth, etc.) that the LMTP client will ignore in the LHLO response 208 /* from a remote LMTP server. 209 /* .IP "\fBlmtp_discard_lhlo_keywords (empty)\fR" 210 /* A case insensitive list of LHLO keywords (pipelining, starttls, 211 /* auth, etc.) that the LMTP client will ignore in the LHLO response 212 /* from a remote LMTP server. 213 /* .PP 214 /* Available in Postfix version 2.4.4 and later: 215 /* .IP "\fBsend_cyrus_sasl_authzid (no)\fR" 216 /* When authenticating to a remote SMTP or LMTP server with the 217 /* default setting "no", send no SASL authoriZation ID (authzid); send 218 /* only the SASL authentiCation ID (authcid) plus the authcid's password. 219 /* .PP 220 /* Available in Postfix version 2.5 and later: 221 /* .IP "\fBsmtp_header_checks (empty)\fR" 222 /* Restricted \fBheader_checks\fR(5) tables for the Postfix SMTP client. 223 /* .IP "\fBsmtp_mime_header_checks (empty)\fR" 224 /* Restricted \fBmime_header_checks\fR(5) tables for the Postfix SMTP 225 /* client. 226 /* .IP "\fBsmtp_nested_header_checks (empty)\fR" 227 /* Restricted \fBnested_header_checks\fR(5) tables for the Postfix SMTP 228 /* client. 229 /* .IP "\fBsmtp_body_checks (empty)\fR" 230 /* Restricted \fBbody_checks\fR(5) tables for the Postfix SMTP client. 231 /* .PP 232 /* Available in Postfix version 2.6 and later: 233 /* .IP "\fBtcp_windowsize (0)\fR" 234 /* An optional workaround for routers that break TCP window scaling. 235 /* MIME PROCESSING CONTROLS 236 /* .ad 237 /* .fi 238 /* Available in Postfix version 2.0 and later: 239 /* .IP "\fBdisable_mime_output_conversion (no)\fR" 240 /* Disable the conversion of 8BITMIME format to 7BIT format. 241 /* .IP "\fBmime_boundary_length_limit (2048)\fR" 242 /* The maximal length of MIME multipart boundary strings. 243 /* .IP "\fBmime_nesting_limit (100)\fR" 244 /* The maximal recursion level that the MIME processor will handle. 245 /* EXTERNAL CONTENT INSPECTION CONTROLS 246 /* .ad 247 /* .fi 248 /* Available in Postfix version 2.1 and later: 249 /* .IP "\fBsmtp_send_xforward_command (no)\fR" 250 /* Send the non-standard XFORWARD command when the Postfix SMTP server 251 /* EHLO response announces XFORWARD support. 252 /* SASL AUTHENTICATION CONTROLS 253 /* .ad 254 /* .fi 255 /* .IP "\fBsmtp_sasl_auth_enable (no)\fR" 256 /* Enable SASL authentication in the Postfix SMTP client. 257 /* .IP "\fBsmtp_sasl_password_maps (empty)\fR" 258 /* Optional SMTP client lookup tables with one username:password entry 259 /* per remote hostname or domain, or sender address when sender-dependent 260 /* authentication is enabled. 261 /* .IP "\fBsmtp_sasl_security_options (noplaintext, noanonymous)\fR" 262 /* Postfix SMTP client SASL security options; as of Postfix 2.3 263 /* the list of available 264 /* features depends on the SASL client implementation that is selected 265 /* with \fBsmtp_sasl_type\fR. 266 /* .PP 267 /* Available in Postfix version 2.2 and later: 268 /* .IP "\fBsmtp_sasl_mechanism_filter (empty)\fR" 269 /* If non-empty, a Postfix SMTP client filter for the remote SMTP 270 /* server's list of offered SASL mechanisms. 271 /* .PP 272 /* Available in Postfix version 2.3 and later: 273 /* .IP "\fBsmtp_sender_dependent_authentication (no)\fR" 274 /* Enable sender-dependent authentication in the Postfix SMTP client; this is 275 /* available only with SASL authentication, and disables SMTP connection 276 /* caching to ensure that mail from different senders will use the 277 /* appropriate credentials. 278 /* .IP "\fBsmtp_sasl_path (empty)\fR" 279 /* Implementation-specific information that the Postfix SMTP client 280 /* passes through to 281 /* the SASL plug-in implementation that is selected with 282 /* \fBsmtp_sasl_type\fR. 283 /* .IP "\fBsmtp_sasl_type (cyrus)\fR" 284 /* The SASL plug-in type that the Postfix SMTP client should use 285 /* for authentication. 286 /* .PP 287 /* Available in Postfix version 2.5 and later: 288 /* .IP "\fBsmtp_sasl_auth_cache_name (empty)\fR" 289 /* An optional table to prevent repeated SASL authentication 290 /* failures with the same remote SMTP server hostname, username and 291 /* password. 292 /* .IP "\fBsmtp_sasl_auth_cache_time (90d)\fR" 293 /* The maximal age of an smtp_sasl_auth_cache_name entry before it 294 /* is removed. 295 /* .IP "\fBsmtp_sasl_auth_soft_bounce (yes)\fR" 296 /* When a remote SMTP server rejects a SASL authentication request 297 /* with a 535 reply code, defer mail delivery instead of returning 298 /* mail as undeliverable. 299 /* STARTTLS SUPPORT CONTROLS 300 /* .ad 301 /* .fi 302 /* Detailed information about STARTTLS configuration may be found 303 /* in the TLS_README document. 304 /* .IP "\fBsmtp_tls_security_level (empty)\fR" 305 /* The default SMTP TLS security level for the Postfix SMTP client; 306 /* when a non-empty value is specified, this overrides the obsolete 307 /* parameters smtp_use_tls, smtp_enforce_tls, and smtp_tls_enforce_peername. 308 /* .IP "\fBsmtp_sasl_tls_security_options ($smtp_sasl_security_options)\fR" 309 /* The SASL authentication security options that the Postfix SMTP 310 /* client uses for TLS encrypted SMTP sessions. 311 /* .IP "\fBsmtp_starttls_timeout (300s)\fR" 312 /* Time limit for Postfix SMTP client write and read operations 313 /* during TLS startup and shutdown handshake procedures. 314 /* .IP "\fBsmtp_tls_CAfile (empty)\fR" 315 /* A file containing CA certificates of root CAs trusted to sign 316 /* either remote SMTP server certificates or intermediate CA certificates. 317 /* .IP "\fBsmtp_tls_CApath (empty)\fR" 318 /* Directory with PEM format certificate authority certificates 319 /* that the Postfix SMTP client uses to verify a remote SMTP server 320 /* certificate. 321 /* .IP "\fBsmtp_tls_cert_file (empty)\fR" 322 /* File with the Postfix SMTP client RSA certificate in PEM format. 323 /* .IP "\fBsmtp_tls_mandatory_ciphers (medium)\fR" 324 /* The minimum TLS cipher grade that the Postfix SMTP client will 325 /* use with 326 /* mandatory TLS encryption. 327 /* .IP "\fBsmtp_tls_exclude_ciphers (empty)\fR" 328 /* List of ciphers or cipher types to exclude from the Postfix 329 /* SMTP client cipher 330 /* list at all TLS security levels. 331 /* .IP "\fBsmtp_tls_mandatory_exclude_ciphers (empty)\fR" 332 /* Additional list of ciphers or cipher types to exclude from the 333 /* SMTP client cipher list at mandatory TLS security levels. 334 /* .IP "\fBsmtp_tls_dcert_file (empty)\fR" 335 /* File with the Postfix SMTP client DSA certificate in PEM format. 336 /* .IP "\fBsmtp_tls_dkey_file ($smtp_tls_dcert_file)\fR" 337 /* File with the Postfix SMTP client DSA private key in PEM format. 338 /* .IP "\fBsmtp_tls_key_file ($smtp_tls_cert_file)\fR" 339 /* File with the Postfix SMTP client RSA private key in PEM format. 340 /* .IP "\fBsmtp_tls_loglevel (0)\fR" 341 /* Enable additional Postfix SMTP client logging of TLS activity. 342 /* .IP "\fBsmtp_tls_note_starttls_offer (no)\fR" 343 /* Log the hostname of a remote SMTP server that offers STARTTLS, 344 /* when TLS is not already enabled for that server. 345 /* .IP "\fBsmtp_tls_policy_maps (empty)\fR" 346 /* Optional lookup tables with the Postfix SMTP client TLS security 347 /* policy by next-hop destination; when a non-empty value is specified, 348 /* this overrides the obsolete smtp_tls_per_site parameter. 349 /* .IP "\fBsmtp_tls_mandatory_protocols (SSLv3, TLSv1)\fR" 350 /* List of SSL/TLS protocols that the Postfix SMTP client will use with 351 /* mandatory TLS encryption. 352 /* .IP "\fBsmtp_tls_scert_verifydepth (9)\fR" 353 /* The verification depth for remote SMTP server certificates. 354 /* .IP "\fBsmtp_tls_secure_cert_match (nexthop, dot-nexthop)\fR" 355 /* The server certificate peername verification method for the 356 /* "secure" TLS security level. 357 /* .IP "\fBsmtp_tls_session_cache_database (empty)\fR" 358 /* Name of the file containing the optional Postfix SMTP client 359 /* TLS session cache. 360 /* .IP "\fBsmtp_tls_session_cache_timeout (3600s)\fR" 361 /* The expiration time of Postfix SMTP client TLS session cache 362 /* information. 363 /* .IP "\fBsmtp_tls_verify_cert_match (hostname)\fR" 364 /* The server certificate peername verification method for the 365 /* "verify" TLS security level. 366 /* .IP "\fBtls_daemon_random_bytes (32)\fR" 367 /* The number of pseudo-random bytes that an \fBsmtp\fR(8) or \fBsmtpd\fR(8) 368 /* process requests from the \fBtlsmgr\fR(8) server in order to seed its 369 /* internal pseudo random number generator (PRNG). 370 /* .IP "\fBtls_high_cipherlist (ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH)\fR" 371 /* The OpenSSL cipherlist for "HIGH" grade ciphers. 372 /* .IP "\fBtls_medium_cipherlist (ALL:!EXPORT:!LOW:+RC4:@STRENGTH)\fR" 373 /* The OpenSSL cipherlist for "MEDIUM" or higher grade ciphers. 374 /* .IP "\fBtls_low_cipherlist (ALL:!EXPORT:+RC4:@STRENGTH)\fR" 375 /* The OpenSSL cipherlist for "LOW" or higher grade ciphers. 376 /* .IP "\fBtls_export_cipherlist (ALL:+RC4:@STRENGTH)\fR" 377 /* The OpenSSL cipherlist for "EXPORT" or higher grade ciphers. 378 /* .IP "\fBtls_null_cipherlist (eNULL:!aNULL)\fR" 379 /* The OpenSSL cipherlist for "NULL" grade ciphers that provide 380 /* authentication without encryption. 381 /* .PP 382 /* Available in Postfix version 2.4 and later: 383 /* .IP "\fBsmtp_sasl_tls_verified_security_options ($smtp_sasl_tls_security_options)\fR" 384 /* The SASL authentication security options that the Postfix SMTP 385 /* client uses for TLS encrypted SMTP sessions with a verified server 386 /* certificate. 387 /* .PP 388 /* Available in Postfix version 2.5 and later: 389 /* .IP "\fBsmtp_tls_fingerprint_cert_match (empty)\fR" 390 /* List of acceptable remote SMTP server certificate fingerprints 391 /* for the "fingerprint" TLS security level (\fBsmtp_tls_security_level\fR = 392 /* fingerprint). 393 /* .IP "\fBsmtp_tls_fingerprint_digest (md5)\fR" 394 /* The message digest algorithm used to construct remote SMTP server 395 /* certificate fingerprints. 396 /* .PP 397 /* Available in Postfix version 2.6 and later: 398 /* .IP "\fBsmtp_tls_protocols (!SSLv2)\fR" 399 /* List of TLS protocols that the Postfix SMTP client will exclude or 400 /* include with opportunistic TLS encryption. 401 /* .IP "\fBsmtp_tls_ciphers (export)\fR" 402 /* The minimum TLS cipher grade that the Postfix SMTP client 403 /* will use with opportunistic TLS encryption. 404 /* .IP "\fBsmtp_tls_eccert_file (empty)\fR" 405 /* File with the Postfix SMTP client ECDSA certificate in PEM format. 406 /* .IP "\fBsmtp_tls_eckey_file ($smtp_tls_eccert_file)\fR" 407 /* File with the Postfix SMTP client ECDSA private key in PEM format. 408 /* .PP 409 /* Available in Postfix version 2.7 and later: 410 /* .IP "\fBsmtp_tls_block_early_mail_reply (no)\fR" 411 /* Try to detect a mail hijacking attack based on a TLS protocol 412 /* vulnerability (CVE-2009-3555), where an attacker prepends malicious 413 /* HELO, MAIL, RCPT, DATA commands to a Postfix SMTP client TLS session. 414 /* OBSOLETE STARTTLS CONTROLS 415 /* .ad 416 /* .fi 417 /* The following configuration parameters exist for compatibility 418 /* with Postfix versions before 2.3. Support for these will 419 /* be removed in a future release. 420 /* .IP "\fBsmtp_use_tls (no)\fR" 421 /* Opportunistic mode: use TLS when a remote SMTP server announces 422 /* STARTTLS support, otherwise send the mail in the clear. 423 /* .IP "\fBsmtp_enforce_tls (no)\fR" 424 /* Enforcement mode: require that remote SMTP servers use TLS 425 /* encryption, and never send mail in the clear. 426 /* .IP "\fBsmtp_tls_enforce_peername (yes)\fR" 427 /* With mandatory TLS encryption, require that the remote SMTP 428 /* server hostname matches the information in the remote SMTP server 429 /* certificate. 430 /* .IP "\fBsmtp_tls_per_site (empty)\fR" 431 /* Optional lookup tables with the Postfix SMTP client TLS usage 432 /* policy by next-hop destination and by remote SMTP server hostname. 433 /* .IP "\fBsmtp_tls_cipherlist (empty)\fR" 434 /* Obsolete Postfix < 2.3 control for the Postfix SMTP client TLS 435 /* cipher list. 436 /* RESOURCE AND RATE CONTROLS 437 /* .ad 438 /* .fi 439 /* .IP "\fBsmtp_destination_concurrency_limit ($default_destination_concurrency_limit)\fR" 440 /* The maximal number of parallel deliveries to the same destination 441 /* via the smtp message delivery transport. 442 /* .IP "\fBsmtp_destination_recipient_limit ($default_destination_recipient_limit)\fR" 443 /* The maximal number of recipients per message for the smtp 444 /* message delivery transport. 445 /* .IP "\fBsmtp_connect_timeout (30s)\fR" 446 /* The SMTP client time limit for completing a TCP connection, or 447 /* zero (use the operating system built-in time limit). 448 /* .IP "\fBsmtp_helo_timeout (300s)\fR" 449 /* The SMTP client time limit for sending the HELO or EHLO command, 450 /* and for receiving the initial server response. 451 /* .IP "\fBlmtp_lhlo_timeout (300s)\fR" 452 /* The LMTP client time limit for sending the LHLO command, and 453 /* for receiving the initial server response. 454 /* .IP "\fBsmtp_xforward_timeout (300s)\fR" 455 /* The SMTP client time limit for sending the XFORWARD command, and 456 /* for receiving the server response. 457 /* .IP "\fBsmtp_mail_timeout (300s)\fR" 458 /* The SMTP client time limit for sending the MAIL FROM command, and 459 /* for receiving the server response. 460 /* .IP "\fBsmtp_rcpt_timeout (300s)\fR" 461 /* The SMTP client time limit for sending the SMTP RCPT TO command, and 462 /* for receiving the server response. 463 /* .IP "\fBsmtp_data_init_timeout (120s)\fR" 464 /* The SMTP client time limit for sending the SMTP DATA command, and for 465 /* receiving the server response. 466 /* .IP "\fBsmtp_data_xfer_timeout (180s)\fR" 467 /* The SMTP client time limit for sending the SMTP message content. 468 /* .IP "\fBsmtp_data_done_timeout (600s)\fR" 469 /* The SMTP client time limit for sending the SMTP ".", and for receiving 470 /* the server response. 471 /* .IP "\fBsmtp_quit_timeout (300s)\fR" 472 /* The SMTP client time limit for sending the QUIT command, and for 473 /* receiving the server response. 474 /* .PP 475 /* Available in Postfix version 2.1 and later: 476 /* .IP "\fBsmtp_mx_address_limit (5)\fR" 477 /* The maximal number of MX (mail exchanger) IP addresses that can 478 /* result from mail exchanger lookups, or zero (no limit). 479 /* .IP "\fBsmtp_mx_session_limit (2)\fR" 480 /* The maximal number of SMTP sessions per delivery request before 481 /* giving up or delivering to a fall-back relay host, or zero (no 482 /* limit). 483 /* .IP "\fBsmtp_rset_timeout (20s)\fR" 484 /* The SMTP client time limit for sending the RSET command, and 485 /* for receiving the server response. 486 /* .PP 487 /* Available in Postfix version 2.2 and earlier: 488 /* .IP "\fBlmtp_cache_connection (yes)\fR" 489 /* Keep Postfix LMTP client connections open for up to $max_idle 490 /* seconds. 491 /* .PP 492 /* Available in Postfix version 2.2 and later: 493 /* .IP "\fBsmtp_connection_cache_destinations (empty)\fR" 494 /* Permanently enable SMTP connection caching for the specified 495 /* destinations. 496 /* .IP "\fBsmtp_connection_cache_on_demand (yes)\fR" 497 /* Temporarily enable SMTP connection caching while a destination 498 /* has a high volume of mail in the active queue. 499 /* .IP "\fBsmtp_connection_reuse_time_limit (300s)\fR" 500 /* The amount of time during which Postfix will use an SMTP 501 /* connection repeatedly. 502 /* .IP "\fBsmtp_connection_cache_time_limit (2s)\fR" 503 /* When SMTP connection caching is enabled, the amount of time that 504 /* an unused SMTP client socket is kept open before it is closed. 505 /* .PP 506 /* Available in Postfix version 2.3 and later: 507 /* .IP "\fBconnection_cache_protocol_timeout (5s)\fR" 508 /* Time limit for connection cache connect, send or receive 509 /* operations. 510 /* TROUBLE SHOOTING CONTROLS 511 /* .ad 512 /* .fi 513 /* .IP "\fBdebug_peer_level (2)\fR" 514 /* The increment in verbose logging level when a remote client or 515 /* server matches a pattern in the debug_peer_list parameter. 516 /* .IP "\fBdebug_peer_list (empty)\fR" 517 /* Optional list of remote client or server hostname or network 518 /* address patterns that cause the verbose logging level to increase 519 /* by the amount specified in $debug_peer_level. 520 /* .IP "\fBerror_notice_recipient (postmaster)\fR" 521 /* The recipient of postmaster notifications about mail delivery 522 /* problems that are caused by policy, resource, software or protocol 523 /* errors. 524 /* .IP "\fBinternal_mail_filter_classes (empty)\fR" 525 /* What categories of Postfix-generated mail are subject to 526 /* before-queue content inspection by non_smtpd_milters, header_checks 527 /* and body_checks. 528 /* .IP "\fBnotify_classes (resource, software)\fR" 529 /* The list of error classes that are reported to the postmaster. 530 /* MISCELLANEOUS CONTROLS 531 /* .ad 532 /* .fi 533 /* .IP "\fBbest_mx_transport (empty)\fR" 534 /* Where the Postfix SMTP client should deliver mail when it detects 535 /* a "mail loops back to myself" error condition. 536 /* .IP "\fBconfig_directory (see 'postconf -d' output)\fR" 537 /* The default location of the Postfix main.cf and master.cf 538 /* configuration files. 539 /* .IP "\fBdaemon_timeout (18000s)\fR" 540 /* How much time a Postfix daemon process may take to handle a 541 /* request before it is terminated by a built-in watchdog timer. 542 /* .IP "\fBdelay_logging_resolution_limit (2)\fR" 543 /* The maximal number of digits after the decimal point when logging 544 /* sub-second delay values. 545 /* .IP "\fBdisable_dns_lookups (no)\fR" 546 /* Disable DNS lookups in the Postfix SMTP and LMTP clients. 547 /* .IP "\fBinet_interfaces (all)\fR" 548 /* The network interface addresses that this mail system receives 549 /* mail on. 550 /* .IP "\fBinet_protocols (ipv4)\fR" 551 /* The Internet protocols Postfix will attempt to use when making 552 /* or accepting connections. 553 /* .IP "\fBipc_timeout (3600s)\fR" 554 /* The time limit for sending or receiving information over an internal 555 /* communication channel. 556 /* .IP "\fBlmtp_assume_final (no)\fR" 557 /* When an LMTP server announces no DSN support, assume that the 558 /* server performs final delivery, and send "delivered" delivery status 559 /* notifications instead of "relayed". 560 /* .IP "\fBlmtp_tcp_port (24)\fR" 561 /* The default TCP port that the Postfix LMTP client connects to. 562 /* .IP "\fBmax_idle (100s)\fR" 563 /* The maximum amount of time that an idle Postfix daemon process waits 564 /* for an incoming connection before terminating voluntarily. 565 /* .IP "\fBmax_use (100)\fR" 566 /* The maximal number of incoming connections that a Postfix daemon 567 /* process will service before terminating voluntarily. 568 /* .IP "\fBprocess_id (read-only)\fR" 569 /* The process ID of a Postfix command or daemon process. 570 /* .IP "\fBprocess_name (read-only)\fR" 571 /* The process name of a Postfix command or daemon process. 572 /* .IP "\fBproxy_interfaces (empty)\fR" 573 /* The network interface addresses that this mail system receives mail 574 /* on by way of a proxy or network address translation unit. 575 /* .IP "\fBsmtp_bind_address (empty)\fR" 576 /* An optional numerical network address that the Postfix SMTP client 577 /* should bind to when making an IPv4 connection. 578 /* .IP "\fBsmtp_bind_address6 (empty)\fR" 579 /* An optional numerical network address that the Postfix SMTP client 580 /* should bind to when making an IPv6 connection. 581 /* .IP "\fBsmtp_helo_name ($myhostname)\fR" 582 /* The hostname to send in the SMTP EHLO or HELO command. 583 /* .IP "\fBlmtp_lhlo_name ($myhostname)\fR" 584 /* The hostname to send in the LMTP LHLO command. 585 /* .IP "\fBsmtp_host_lookup (dns)\fR" 586 /* What mechanisms the Postfix SMTP client uses to look up a host's IP 587 /* address. 588 /* .IP "\fBsmtp_randomize_addresses (yes)\fR" 589 /* Randomize the order of equal-preference MX host addresses. 590 /* .IP "\fBsyslog_facility (mail)\fR" 591 /* The syslog facility of Postfix logging. 592 /* .IP "\fBsyslog_name (see 'postconf -d' output)\fR" 593 /* The mail system name that is prepended to the process name in syslog 594 /* records, so that "smtpd" becomes, for example, "postfix/smtpd". 595 /* .PP 596 /* Available with Postfix 2.2 and earlier: 597 /* .IP "\fBfallback_relay (empty)\fR" 598 /* Optional list of relay hosts for SMTP destinations that can't be 599 /* found or that are unreachable. 600 /* .PP 601 /* Available with Postfix 2.3 and later: 602 /* .IP "\fBsmtp_fallback_relay ($fallback_relay)\fR" 603 /* Optional list of relay hosts for SMTP destinations that can't be 604 /* found or that are unreachable. 605 /* SEE ALSO 606 /* generic(5), output address rewriting 607 /* header_checks(5), message header content inspection 608 /* body_checks(5), body parts content inspection 609 /* qmgr(8), queue manager 610 /* bounce(8), delivery status reports 611 /* scache(8), connection cache server 612 /* postconf(5), configuration parameters 613 /* master(5), generic daemon options 614 /* master(8), process manager 615 /* tlsmgr(8), TLS session and PRNG management 616 /* syslogd(8), system logging 617 /* README FILES 618 /* .ad 619 /* .fi 620 /* Use "\fBpostconf readme_directory\fR" or 621 /* "\fBpostconf html_directory\fR" to locate this information. 622 /* .na 623 /* .nf 624 /* SASL_README, Postfix SASL howto 625 /* TLS_README, Postfix STARTTLS howto 626 /* LICENSE 627 /* .ad 628 /* .fi 629 /* The Secure Mailer license must be distributed with this software. 630 /* AUTHOR(S) 631 /* Wietse Venema 632 /* IBM T.J. Watson Research 633 /* P.O. Box 704 634 /* Yorktown Heights, NY 10598, USA 635 /* 636 /* Command pipelining in cooperation with: 637 /* Jon Ribbens 638 /* Oaktree Internet Solutions Ltd., 639 /* Internet House, 640 /* Canal Basin, 641 /* Coventry, 642 /* CV1 4LY, United Kingdom. 643 /* 644 /* SASL support originally by: 645 /* Till Franke 646 /* SuSE Rhein/Main AG 647 /* 65760 Eschborn, Germany 648 /* 649 /* TLS support originally by: 650 /* Lutz Jaenicke 651 /* BTU Cottbus 652 /* Allgemeine Elektrotechnik 653 /* Universitaetsplatz 3-4 654 /* D-03044 Cottbus, Germany 655 /* 656 /* Revised TLS and SMTP connection cache support by: 657 /* Victor Duchovni 658 /* Morgan Stanley 659 /*--*/ 660 661 /* System library. */ 662 663 #include <sys_defs.h> 664 #include <unistd.h> 665 #include <stdlib.h> 666 #include <string.h> 667 #include <fcntl.h> 668 #include <dict.h> 669 #include <stringops.h> 670 671 /* Utility library. */ 672 673 #include <msg.h> 674 #include <mymalloc.h> 675 #include <name_mask.h> 676 #include <name_code.h> 677 678 /* Global library. */ 679 680 #include <deliver_request.h> 681 #include <mail_params.h> 682 #include <mail_version.h> 683 #include <mail_conf.h> 684 #include <debug_peer.h> 685 #include <flush_clnt.h> 686 #include <scache.h> 687 #include <string_list.h> 688 #include <maps.h> 689 #include <ext_prop.h> 690 691 /* Single server skeleton. */ 692 693 #include <mail_server.h> 694 695 /* Application-specific. */ 696 697 #include "smtp.h" 698 #include "smtp_sasl.h" 699 700 /* 701 * Tunable parameters. These have compiled-in defaults that can be overruled 702 * by settings in the global Postfix configuration file. 703 */ 704 int var_smtp_conn_tmout; 705 int var_smtp_helo_tmout; 706 int var_smtp_xfwd_tmout; 707 int var_smtp_mail_tmout; 708 int var_smtp_rcpt_tmout; 709 int var_smtp_data0_tmout; 710 int var_smtp_data1_tmout; 711 int var_smtp_data2_tmout; 712 int var_smtp_rset_tmout; 713 int var_smtp_quit_tmout; 714 char *var_inet_interfaces; 715 char *var_notify_classes; 716 int var_smtp_skip_5xx_greeting; 717 int var_ign_mx_lookup_err; 718 int var_skip_quit_resp; 719 char *var_fallback_relay; 720 char *var_bestmx_transp; 721 char *var_error_rcpt; 722 int var_smtp_always_ehlo; 723 int var_smtp_never_ehlo; 724 char *var_smtp_sasl_opts; 725 char *var_smtp_sasl_path; 726 char *var_smtp_sasl_passwd; 727 bool var_smtp_sasl_enable; 728 char *var_smtp_sasl_mechs; 729 char *var_smtp_sasl_type; 730 char *var_smtp_bind_addr; 731 char *var_smtp_bind_addr6; 732 bool var_smtp_rand_addr; 733 int var_smtp_pix_thresh; 734 int var_smtp_pix_delay; 735 int var_smtp_line_limit; 736 char *var_smtp_helo_name; 737 char *var_smtp_host_lookup; 738 bool var_smtp_quote_821_env; 739 bool var_smtp_defer_mxaddr; 740 bool var_smtp_send_xforward; 741 int var_smtp_mxaddr_limit; 742 int var_smtp_mxsess_limit; 743 int var_smtp_cache_conn; 744 int var_smtp_reuse_time; 745 char *var_smtp_cache_dest; 746 char *var_scache_service; 747 bool var_smtp_cache_demand; 748 char *var_smtp_ehlo_dis_words; 749 char *var_smtp_ehlo_dis_maps; 750 751 char *var_smtp_tls_level; 752 bool var_smtp_use_tls; 753 bool var_smtp_enforce_tls; 754 char *var_smtp_tls_per_site; 755 char *var_smtp_tls_policy; 756 757 #ifdef USE_TLS 758 char *var_smtp_sasl_tls_opts; 759 char *var_smtp_sasl_tlsv_opts; 760 int var_smtp_starttls_tmout; 761 char *var_smtp_tls_CAfile; 762 char *var_smtp_tls_CApath; 763 char *var_smtp_tls_cert_file; 764 char *var_smtp_tls_mand_ciph; 765 char *var_smtp_tls_excl_ciph; 766 char *var_smtp_tls_mand_excl; 767 char *var_smtp_tls_dcert_file; 768 char *var_smtp_tls_dkey_file; 769 bool var_smtp_tls_enforce_peername; 770 char *var_smtp_tls_key_file; 771 int var_smtp_tls_loglevel; 772 bool var_smtp_tls_note_starttls_offer; 773 char *var_smtp_tls_mand_proto; 774 char *var_smtp_tls_sec_cmatch; 775 int var_smtp_tls_scert_vd; 776 char *var_smtp_tls_vfy_cmatch; 777 char *var_smtp_tls_fpt_cmatch; 778 char *var_smtp_tls_fpt_dgst; 779 char *var_smtp_tls_proto; 780 char *var_smtp_tls_ciph; 781 char *var_smtp_tls_eccert_file; 782 char *var_smtp_tls_eckey_file; 783 bool var_smtp_tls_blk_early_mail_reply; 784 785 #endif 786 787 char *var_smtp_generic_maps; 788 char *var_prop_extension; 789 bool var_smtp_sender_auth; 790 char *var_lmtp_tcp_port; 791 int var_scache_proto_tmout; 792 bool var_smtp_cname_overr; 793 char *var_smtp_pix_bug_words; 794 char *var_smtp_pix_bug_maps; 795 char *var_cyrus_conf_path; 796 char *var_smtp_head_chks; 797 char *var_smtp_mime_chks; 798 char *var_smtp_nest_chks; 799 char *var_smtp_body_chks; 800 char *var_smtp_resp_filter; 801 bool var_lmtp_assume_final; 802 803 /* Special handling of 535 AUTH errors. */ 804 char *var_smtp_sasl_auth_cache_name; 805 int var_smtp_sasl_auth_cache_time; 806 bool var_smtp_sasl_auth_soft_bounce; 807 808 /* 809 * Global variables. 810 */ 811 int smtp_host_lookup_mask; 812 STRING_LIST *smtp_cache_dest; 813 SCACHE *smtp_scache; 814 MAPS *smtp_ehlo_dis_maps; 815 MAPS *smtp_generic_maps; 816 int smtp_ext_prop_mask; 817 MAPS *smtp_pix_bug_maps; 818 HBC_CHECKS *smtp_header_checks; /* limited header checks */ 819 HBC_CHECKS *smtp_body_checks; /* limited body checks */ 820 821 #ifdef USE_TLS 822 823 /* 824 * OpenSSL client state (opaque handle) 825 */ 826 TLS_APPL_STATE *smtp_tls_ctx; 827 828 #endif 829 830 /* deliver_message - deliver message with extreme prejudice */ 831 832 static int deliver_message(const char *service, DELIVER_REQUEST *request) 833 { 834 SMTP_STATE *state; 835 int result; 836 837 if (msg_verbose) 838 msg_info("deliver_message: from %s", request->sender); 839 840 /* 841 * Sanity checks. The smtp server is unprivileged and chrooted, so we can 842 * afford to distribute the data censoring code, instead of having it all 843 * in one place. 844 */ 845 if (request->nexthop[0] == 0) 846 msg_fatal("empty nexthop hostname"); 847 if (request->rcpt_list.len <= 0) 848 msg_fatal("recipient count: %d", request->rcpt_list.len); 849 850 /* 851 * Initialize. Bundle all information about the delivery request, so that 852 * we can produce understandable diagnostics when something goes wrong 853 * many levels below. The alternative would be to make everything global. 854 */ 855 state = smtp_state_alloc(); 856 state->request = request; 857 state->src = request->fp; 858 state->service = service; 859 SMTP_RCPT_INIT(state); 860 861 /* 862 * Establish an SMTP session and deliver this message to all requested 863 * recipients. At the end, notify the postmaster of any protocol errors. 864 * Optionally deliver mail locally when this machine is the best mail 865 * exchanger. 866 */ 867 result = smtp_connect(state); 868 869 /* 870 * Clean up. 871 */ 872 smtp_state_free(state); 873 874 return (result); 875 } 876 877 /* smtp_service - perform service for client */ 878 879 static void smtp_service(VSTREAM *client_stream, char *service, char **argv) 880 { 881 DELIVER_REQUEST *request; 882 int status; 883 884 /* 885 * Sanity check. This service takes no command-line arguments. 886 */ 887 if (argv[0]) 888 msg_fatal("unexpected command-line argument: %s", argv[0]); 889 890 /* 891 * This routine runs whenever a client connects to the UNIX-domain socket 892 * dedicated to remote SMTP delivery service. What we see below is a 893 * little protocol to (1) tell the queue manager that we are ready, (2) 894 * read a request from the queue manager, and (3) report the completion 895 * status of that request. All connection-management stuff is handled by 896 * the common code in single_server.c. 897 */ 898 if ((request = deliver_request_read(client_stream)) != 0) { 899 status = deliver_message(service, request); 900 deliver_request_done(client_stream, request, status); 901 } 902 } 903 904 /* post_init - post-jail initialization */ 905 906 static void post_init(char *unused_name, char **unused_argv) 907 { 908 static const NAME_MASK lookup_masks[] = { 909 SMTP_HOST_LOOKUP_DNS, SMTP_HOST_FLAG_DNS, 910 SMTP_HOST_LOOKUP_NATIVE, SMTP_HOST_FLAG_NATIVE, 911 0, 912 }; 913 914 /* 915 * Select hostname lookup mechanisms. 916 */ 917 if (var_disable_dns) 918 smtp_host_lookup_mask = SMTP_HOST_FLAG_NATIVE; 919 else 920 smtp_host_lookup_mask = name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks, 921 var_smtp_host_lookup); 922 if (msg_verbose) 923 msg_info("host name lookup methods: %s", 924 str_name_mask(VAR_SMTP_HOST_LOOKUP, lookup_masks, 925 smtp_host_lookup_mask)); 926 927 /* 928 * Session cache instance. 929 */ 930 if (*var_smtp_cache_dest || var_smtp_cache_demand) 931 #if 0 932 smtp_scache = scache_multi_create(); 933 #else 934 smtp_scache = scache_clnt_create(var_scache_service, 935 var_scache_proto_tmout, 936 var_ipc_idle_limit, 937 var_ipc_ttl_limit); 938 #endif 939 } 940 941 /* pre_init - pre-jail initialization */ 942 943 static void pre_init(char *unused_name, char **unused_argv) 944 { 945 int use_tls; 946 947 /* 948 * Turn on per-peer debugging. 949 */ 950 debug_peer_init(); 951 952 /* 953 * SASL initialization. 954 */ 955 if (var_smtp_sasl_enable) 956 #ifdef USE_SASL_AUTH 957 smtp_sasl_initialize(); 958 #else 959 msg_warn("%s is true, but SASL support is not compiled in", 960 VAR_SMTP_SASL_ENABLE); 961 #endif 962 963 if (*var_smtp_tls_level != 0) 964 #ifdef USE_TLS 965 switch (tls_level_lookup(var_smtp_tls_level)) { 966 case TLS_LEV_SECURE: 967 case TLS_LEV_VERIFY: 968 case TLS_LEV_FPRINT: 969 case TLS_LEV_ENCRYPT: 970 var_smtp_use_tls = var_smtp_enforce_tls = 1; 971 break; 972 case TLS_LEV_MAY: 973 var_smtp_use_tls = 1; 974 var_smtp_enforce_tls = 0; 975 break; 976 case TLS_LEV_NONE: 977 var_smtp_use_tls = var_smtp_enforce_tls = 0; 978 break; 979 default: 980 /* tls_level_lookup() logs no warning. */ 981 /* session_tls_init() assumes that var_smtp_tls_level is sane. */ 982 msg_fatal("Invalid TLS level \"%s\"", var_smtp_tls_level); 983 } 984 #endif 985 use_tls = (var_smtp_use_tls || var_smtp_enforce_tls); 986 987 /* 988 * Initialize the TLS data before entering the chroot jail 989 */ 990 if (use_tls || var_smtp_tls_per_site[0] || var_smtp_tls_policy[0]) { 991 #ifdef USE_TLS 992 TLS_CLIENT_INIT_PROPS props; 993 994 /* 995 * We get stronger type safety and a cleaner interface by combining 996 * the various parameters into a single tls_client_props structure. 997 * 998 * Large parameter lists are error-prone, so we emulate a language 999 * feature that C does not have natively: named parameter lists. 1000 */ 1001 smtp_tls_ctx = 1002 TLS_CLIENT_INIT(&props, 1003 log_level = var_smtp_tls_loglevel, 1004 verifydepth = var_smtp_tls_scert_vd, 1005 cache_type = strcmp(var_procname, "smtp") == 0 ? 1006 TLS_MGR_SCACHE_SMTP : TLS_MGR_SCACHE_LMTP, 1007 cert_file = var_smtp_tls_cert_file, 1008 key_file = var_smtp_tls_key_file, 1009 dcert_file = var_smtp_tls_dcert_file, 1010 dkey_file = var_smtp_tls_dkey_file, 1011 eccert_file = var_smtp_tls_eccert_file, 1012 eckey_file = var_smtp_tls_eckey_file, 1013 CAfile = var_smtp_tls_CAfile, 1014 CApath = var_smtp_tls_CApath, 1015 fpt_dgst = var_smtp_tls_fpt_dgst); 1016 smtp_tls_list_init(); 1017 #else 1018 msg_warn("TLS has been selected, but TLS support is not compiled in"); 1019 #endif 1020 } 1021 1022 /* 1023 * Flush client. 1024 */ 1025 flush_init(); 1026 1027 /* 1028 * Session cache domain list. 1029 */ 1030 if (*var_smtp_cache_dest) 1031 smtp_cache_dest = string_list_init(MATCH_FLAG_NONE, var_smtp_cache_dest); 1032 1033 /* 1034 * EHLO keyword filter. 1035 */ 1036 if (*var_smtp_ehlo_dis_maps) 1037 smtp_ehlo_dis_maps = maps_create(VAR_SMTP_EHLO_DIS_MAPS, 1038 var_smtp_ehlo_dis_maps, 1039 DICT_FLAG_LOCK); 1040 1041 /* 1042 * PIX bug workarounds. 1043 */ 1044 if (*var_smtp_pix_bug_maps) 1045 smtp_pix_bug_maps = maps_create(VAR_SMTP_PIX_BUG_MAPS, 1046 var_smtp_pix_bug_maps, 1047 DICT_FLAG_LOCK); 1048 1049 /* 1050 * Generic maps. 1051 */ 1052 if (*var_prop_extension) 1053 smtp_ext_prop_mask = 1054 ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); 1055 if (*var_smtp_generic_maps) 1056 smtp_generic_maps = 1057 maps_create(VAR_SMTP_GENERIC_MAPS, var_smtp_generic_maps, 1058 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1059 1060 /* 1061 * Header/body checks. 1062 */ 1063 smtp_header_checks = hbc_header_checks_create( 1064 VAR_SMTP_HEAD_CHKS, var_smtp_head_chks, 1065 VAR_SMTP_MIME_CHKS, var_smtp_mime_chks, 1066 VAR_SMTP_NEST_CHKS, var_smtp_nest_chks, 1067 smtp_hbc_callbacks); 1068 smtp_body_checks = hbc_body_checks_create( 1069 VAR_SMTP_BODY_CHKS, var_smtp_body_chks, 1070 smtp_hbc_callbacks); 1071 1072 /* 1073 * Server reply filter. 1074 */ 1075 if (*var_smtp_resp_filter) 1076 smtp_chat_resp_filter = 1077 dict_open(var_smtp_resp_filter, O_RDONLY, 1078 DICT_FLAG_LOCK | DICT_FLAG_FOLD_FIX); 1079 } 1080 1081 /* pre_accept - see if tables have changed */ 1082 1083 static void pre_accept(char *unused_name, char **unused_argv) 1084 { 1085 const char *table; 1086 1087 if ((table = dict_changed_name()) != 0) { 1088 msg_info("table %s has changed -- restarting", table); 1089 exit(0); 1090 } 1091 } 1092 1093 MAIL_VERSION_STAMP_DECLARE; 1094 1095 /* main - pass control to the single-threaded skeleton */ 1096 1097 int main(int argc, char **argv) 1098 { 1099 #include "smtp_params.c" 1100 #include "lmtp_params.c" 1101 int smtp_mode; 1102 1103 /* 1104 * Fingerprint executables and core dumps. 1105 */ 1106 MAIL_VERSION_STAMP_ALLOCATE; 1107 1108 /* 1109 * XXX At this point, var_procname etc. are not initialized. 1110 */ 1111 smtp_mode = (strcmp(sane_basename((VSTRING *) 0, argv[0]), "smtp") == 0); 1112 1113 /* 1114 * Initialize with the LMTP or SMTP parameter name space. 1115 */ 1116 single_server_main(argc, argv, smtp_service, 1117 MAIL_SERVER_TIME_TABLE, smtp_mode ? 1118 smtp_time_table : lmtp_time_table, 1119 MAIL_SERVER_INT_TABLE, smtp_mode ? 1120 smtp_int_table : lmtp_int_table, 1121 MAIL_SERVER_STR_TABLE, smtp_mode ? 1122 smtp_str_table : lmtp_str_table, 1123 MAIL_SERVER_BOOL_TABLE, smtp_mode ? 1124 smtp_bool_table : lmtp_bool_table, 1125 MAIL_SERVER_PRE_INIT, pre_init, 1126 MAIL_SERVER_POST_INIT, post_init, 1127 MAIL_SERVER_PRE_ACCEPT, pre_accept, 1128 0); 1129 } 1130