"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "proto/postconf.proto" between
postfix-3.5.8.tar.gz and postfix-3.5.9.tar.gz

About: Postfix is a mail system (an alternative to sendmail).

postconf.proto  (postfix-3.5.8):postconf.proto  (postfix-3.5.9)
skipping to change at line 16814 skipping to change at line 16814
<p> Optional information that the Postfix SMTP server specifies in <p> Optional information that the Postfix SMTP server specifies in
the "policy_context" attribute of a policy service request (originally, the "policy_context" attribute of a policy service request (originally,
to share the same service endpoint among multiple check_policy_service to share the same service endpoint among multiple check_policy_service
clients). </p> clients). </p>
<p> <p>
This feature is available in Postfix 3.1 and later. This feature is available in Postfix 3.1 and later.
</p> </p>
%PARAM smtp_tls_dane_insecure_mx_policy dane %PARAM smtp_tls_dane_insecure_mx_policy see "postconf -d" output
<p> The TLS policy for MX hosts with "secure" TLSA records when the <p> The TLS policy for MX hosts with "secure" TLSA records when the
nexthop destination security level is <b>dane</b>, but the MX nexthop destination security level is <b>dane</b>, but the MX
record was found via an "insecure" MX lookup. The choices are: record was found via an "insecure" MX lookup. The choices are:
</p> </p>
<dl> <dl>
<dt><b>may</b></dt> <dt><b>may</b></dt>
<dd> The TLSA records will be ignored and TLS will be optional. If <dd> The TLSA records will be ignored and TLS will be optional. If
the MX host does not appear to support STARTTLS, or the STARTTLS the MX host does not appear to support STARTTLS, or the STARTTLS
skipping to change at line 16838 skipping to change at line 16838
TLS encryption will be required, authentication will not be performed. TLS encryption will be required, authentication will not be performed.
</dd> </dd>
<dt><b>dane</b> (default)</dt> <dt><b>dane</b> (default)</dt>
<dd>The TLSA records will be used just as with "secure" MX records. <dd>The TLSA records will be used just as with "secure" MX records.
TLS encryption will be required, and, if at least one of the TLSA TLS encryption will be required, and, if at least one of the TLSA
records is "usable", authentication will be required. When records is "usable", authentication will be required. When
authentication succeeds, it will be logged only as "Trusted", not authentication succeeds, it will be logged only as "Trusted", not
"Verified", because the MX host name could have been forged. </dd> "Verified", because the MX host name could have been forged. </dd>
</dl> </dl>
<p> The default setting for Postfix &ge; 3.6 is "dane" with
"smtp_tls_security_level = dane", otherwise "may". This behavior
was backported to Postfix versions 3.5.9, 3.4.19, 3.3.16. 3.2.21.
With earlier
Postfix versions the default setting was always "dane". </p>
<p> Though with "insecure" MX records an active attacker can <p> Though with "insecure" MX records an active attacker can
compromise SMTP transport security by returning forged MX records, compromise SMTP transport security by returning forged MX records,
such attacks are "tamper-evident" since any forged MX hostnames such attacks are "tamper-evident" since any forged MX hostnames
will be recorded in the mail logs. Attackers who place a high value will be recorded in the mail logs. Attackers who place a high value
staying hidden may be deterred from forging MX records. </p> staying hidden may be deterred from forging MX records. </p>
<p> <p>
This feature is available in Postfix 3.1 and later. The <b>may</b> This feature is available in Postfix 3.1 and later. The <b>may</b>
policy is backwards-compatible with earlier Postfix versions. policy is backwards-compatible with earlier Postfix versions.
</p> </p>
skipping to change at line 17697 skipping to change at line 17703
<p> Specify "<b>info_log_address_format = internal</b>" for backwards <p> Specify "<b>info_log_address_format = internal</b>" for backwards
compatibility. </p> compatibility. </p>
<p> Postfix uses the unquoted form internally, because an attacker <p> Postfix uses the unquoted form internally, because an attacker
can specify an email address in different forms by playing games can specify an email address in different forms by playing games
with quotes and backslashes. An attacker should not be able to use with quotes and backslashes. An attacker should not be able to use
such games to circumvent Postfix access policies. </p> such games to circumvent Postfix access policies. </p>
<p> This feature is available in Postfix 3.5 and later. </p> <p> This feature is available in Postfix 3.5 and later. </p>
%PARAM dnssec_probe ns:.
<p> The DNS query type (default: "ns") and DNS query name (default:
".") that Postfix may use to determine whether DNSSEC validation
is available.
</p>
<p> Background: DNSSEC validation is needed for Postfix DANE support;
this ensures that Postfix receives TLSA records with secure TLS
server certificate info. When DNSSEC validation is unavailable,
mail deliveries using <i>opportunistic</i> DANE will not be protected
by server certificate info in TLSA records, and mail deliveries
using <i>mandatory</i> DANE will not be made at all. </p>
<p> By default, a Postfix process will send a DNSSEC probe after
1) the process made a DNS query that requested DNSSEC validation,
2) the process did not receive a DNSSEC validated response to this
query or to an earlier query, and 3) the process did not already
send a DNSSEC probe. <p>
<p> When the DNSSEC probe has no response, or when the response is
not DNSSEC validated, Postfix logs a warning that DNSSEC validation
may be unavailable. </p>
<p> Example: </p>
<pre>
warning: DNSSEC validation may be unavailable
warning: reason: dnssec_probe 'ns:.' received a response that is not DNSSEC vali
dated
warning: reason: dnssec_probe 'ns:.' received no response: Server failure
</pre>
<p> Possible reasons why DNSSEC validation may be unavailable: </p>
<ul>
<li> The local /etc/resolv.conf file specifies a DNS resolver that
does not validate DNSSEC signatures (that's
$queue_directory/etc/resolv.conf when a Postfix daemon runs in a
chroot jail).
<li> The local system library does not pass on the "DNSSEC validated"
bit to Postfix, or Postfix does not know how to ask the library to
do that.
</ul>
<p> By default, the DNSSEC probe asks for the DNS root zone NS
records, because resolvers should always have that information
cached. If Postfix runs on a network where the DNS root zone is not
reachable, specify a different probe, or specify an empty dnssec_probe
value to disable the feature. </p>
<p> This feature was backported from Postfix 3.6 to Postfix versions
3.5.9, 3.4.19, 3.3.16. 3.2.21. </p>
 End of changes. 3 change blocks. 
1 lines changed or deleted 7 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)