Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/ibm-public/postfix/dist Resolve conflicts from last...
details: https://anonhg.NetBSD.org/src/rev/65b07d6e6406
branches: trunk
changeset: 783658:65b07d6e6406
user: tron <tron%NetBSD.org@localhost>
date: Wed Jan 02 19:18:29 2013 +0000
description:
Resolve conflicts from last import.
diffstat:
external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README | 17 +
external/ibm-public/postfix/dist/README_FILES/INSTALL | 83 +-
external/ibm-public/postfix/dist/README_FILES/TLS_README | 1295 +++----
external/ibm-public/postfix/dist/conf/main.cf | 10 +-
external/ibm-public/postfix/dist/conf/master.cf | 6 +-
external/ibm-public/postfix/dist/conf/postfix-files | 9 +-
external/ibm-public/postfix/dist/html/ADDRESS_VERIFICATION_README.html | 18 +
external/ibm-public/postfix/dist/html/INSTALL.html | 90 +-
external/ibm-public/postfix/dist/html/TLS_README.html | 1612 +++------
external/ibm-public/postfix/dist/html/postconf.5.html | 973 ++++-
external/ibm-public/postfix/dist/makedefs | 15 +-
external/ibm-public/postfix/dist/man/man5/postconf.5 | 854 ++++-
external/ibm-public/postfix/dist/pflogsumm-conn-delays-dsn-patch | 14 -
external/ibm-public/postfix/dist/postfix-install | 4 +-
external/ibm-public/postfix/dist/proto/ADDRESS_VERIFICATION_README.html | 18 +
external/ibm-public/postfix/dist/proto/INSTALL.html | 90 +-
external/ibm-public/postfix/dist/proto/TLS_README.html | 1612 +++------
external/ibm-public/postfix/dist/proto/postconf.proto | 907 ++++-
external/ibm-public/postfix/dist/src/cleanup/cleanup.c | 19 +-
external/ibm-public/postfix/dist/src/cleanup/cleanup.h | 8 +-
external/ibm-public/postfix/dist/src/cleanup/cleanup_init.c | 4 +-
external/ibm-public/postfix/dist/src/global/mail_params.h | 106 +-
external/ibm-public/postfix/dist/src/local/unknown.c | 7 +-
external/ibm-public/postfix/dist/src/postconf/auto.awk | 33 -
external/ibm-public/postfix/dist/src/postscreen/postscreen_access.c | 256 -
external/ibm-public/postfix/dist/src/smtp/smtp.c | 119 +-
external/ibm-public/postfix/dist/src/smtpd/smtpd.c | 462 +-
external/ibm-public/postfix/dist/src/tls/tls_client.c | 159 +-
external/ibm-public/postfix/dist/src/tls/tls_server.c | 83 +-
external/ibm-public/postfix/dist/src/util/match_ops.h | 37 -
external/ibm-public/postfix/dist/src/util/sys_defs.h | 88 +-
31 files changed, 4946 insertions(+), 4062 deletions(-)
diffs (truncated from 14919 to 300 lines):
diff -r 125fb52a3c84 -r 65b07d6e6406 external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README
--- a/external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README Wed Jan 02 18:58:23 2013 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/ADDRESS_VERIFICATION_README Wed Jan 02 19:18:29 2013 +0000
@@ -123,6 +123,13 @@
fail with mis-configured sites that reject MAIL FROM: <>, while probes from
"double-bounce@$myorigin" would succeed.
+ * The downside of using a non-empty sender address is that the address may
+ end op on spammer mailing lists. Although Postfix always discards mail to
+ the double-bounce address, this still results in wasted network bandwidth
+ and server capacity. To defeat address harvesting, Postfix 2.9 and later
+ support time-dependent sender addresses when you specify a non-zero
+ address_verify_sender_ttl value.
+
R�Re�ec�ci�ip�pi�ie�en�nt�t a�ad�dd�dr�re�es�ss�s v�ve�er�ri�if�fi�ic�ca�at�ti�io�on�n
As mentioned earlier, recipient address verification is useful to block mail
@@ -287,6 +294,16 @@
# Note: avoid hash files here. Use btree instead.
address_verify_map = btree:$data_directory/verify_cache
+ # Shared persistent cache (requires Postfix 2.9 or later).
+ address_verify_map = proxy:btree:$data_directory/verify_cache
+ # Disable automatic cache cleanup in all Postfix instances except
+ # for one instance that will be responsible for cache cleanup.
+ # address_verify_cache_cleanup_interval = 0
+
+ # Shared memory cache (requires Postfix 2.9 or later).
+ # See memcache_table(5) for details.
+ address_verify_map = memcache:/etc/postfix/verify-memcache.cf
+
# Default setting for Postfix 2.6 and earlier.
# This uses non-persistent storage only.
address_verify_map =
diff -r 125fb52a3c84 -r 65b07d6e6406 external/ibm-public/postfix/dist/README_FILES/INSTALL
--- a/external/ibm-public/postfix/dist/README_FILES/INSTALL Wed Jan 02 18:58:23 2013 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/INSTALL Wed Jan 02 19:18:29 2013 +0000
@@ -223,7 +223,86 @@
Note: the data_directory parameter (for caches and pseudo-random numbers) was
introduced with Postfix version 2.5.
-4�4.�.5�5 -�- S�Su�up�pp�po�or�rt�t f�fo�or�r t�th�ho�ou�us�sa�an�nd�ds�s o�of�f p�pr�ro�oc�ce�es�ss�se�es�s
+4�4.�.5�5 -�- O�Ov�ve�er�rr�ri�id�di�in�ng�g o�ot�th�he�er�r c�co�om�mp�pi�il�le�e-�-t�ti�im�me�e f�fe�ea�at�tu�ur�re�es�s
+
+The general method to override Postfix compile-time features is as follows:
+
+ % make makefiles name=value name=value...
+ % make
+
+The following is an extensive list of names and values.
+
+ _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _�
+|N�Na�am�me�e/�/V�Va�al�lu�ue�e |D�De�es�sc�cr�ri�ip�pt�ti�io�on�n |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|AUXLIBS="object_library..." |Specifies one or more non-default object |
+| |libraries. |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|CC=compiler_command |Specifies a non-default compiler. On many |
+| |systems, the default is gcc. |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+| |Specifies non-default compiler arguments, for |
+|CCARGS="compiler_arguments..."|example, a non-default include directory. The |
+| |following directives turn off Postfix features|
+| |at compile time: |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with Berkeley DB support. By |
+||-DNO_DB |default, Berkeley DB support is compiled in on|
+|| |platforms that are known to support this |
+|| |feature. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with Solaris /dev/poll support. |
+||-DNO_DEVPOLL |By default, /dev/poll support is compiled in |
+|| |on Solaris versions that are known to support |
+|| |this feature. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with Linux EPOLL support. By |
+||-DNO_EPOLL |default, EPOLL support is compiled in on |
+|| |platforms that are known to support this |
+|| |feature. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with IPv6 support. By default, |
+|| |IPv6 support is compiled in on platforms that |
+||-DNO_IPV6 |are known to have IPv6 support. Note: this |
+|| |directive is for debugging and testing only. |
+|| |It is not guaranteed to work on all platforms.|
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with FreeBSD / NetBSD / OpenBSD /|
+||-DNO_KQUEUE |MacOSX KQUEUE support. By default, KQUEUE |
+|| |support is compiled in on platforms that are |
+|| |known to support it. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with NIS or NISPLUS support. NIS |
+||-DNO_NIS |is not available on some recent Linux or |
+|| |Solaris distributions. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Do not build with PCRE support. By default, |
+||-DNO_PCRE |PCRE support is compiled in when the pcre- |
+|| |config utility is installed. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Disable support for POSIX getpwnam_r/ |
+||-DNO_POSIX_GETPW_R |getpwuid_r. By default Postfix uses these |
+|| |where they are known to be available. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+|| |Use setjmp()/longjmp() instead of sigsetjmp()/|
+||-DNO_SIGSETJMP |siglongjmp(). By default, Postfix uses |
+|| |sigsetjmp()/siglongjmp() when they are known |
+|| |to be available. |
+|_�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+| |Specifies a non-default compiler debugging |
+|DEBUG=debug_level |level. The default is -g. Specify DEBUG= to |
+| |turn off debugging. |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+| |Specifies a non-default optimization level. |
+|OPT=optimization_level |The default is -O. Specify OPT= to turn off |
+| |optimization. |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+| |Specifies non-default gcc compiler warning |
+|WARN="warning_flags..." |options for use when "make" is invoked in a |
+| |source subdirectory only. |
+|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� _� _� |
+
+4�4.�.6�6 -�- S�Su�up�pp�po�or�rt�t f�fo�or�r t�th�ho�ou�us�sa�an�nd�ds�s o�of�f p�pr�ro�oc�ce�es�ss�se�es�s
The number of connections that Postfix can manage simultaneously is limited by
the number of processes that it can run. This number in turn is limited by the
@@ -255,7 +334,7 @@
configured to handle thousands of connections. See the TUNING_README guide for
examples of how to increase the number of open sockets or files.
-4�4.�.6�6 -�- C�Co�om�mp�pi�il�li�in�ng�g P�Po�os�st�tf�fi�ix�x,�, a�at�t l�la�as�st�t
+4�4.�.7�7 -�- C�Co�om�mp�pi�il�li�in�ng�g P�Po�os�st�tf�fi�ix�x,�, a�at�t l�la�as�st�t
If the command
diff -r 125fb52a3c84 -r 65b07d6e6406 external/ibm-public/postfix/dist/README_FILES/TLS_README
--- a/external/ibm-public/postfix/dist/README_FILES/TLS_README Wed Jan 02 18:58:23 2013 +0000
+++ b/external/ibm-public/postfix/dist/README_FILES/TLS_README Wed Jan 02 19:18:29 2013 +0000
@@ -10,29 +10,25 @@
is written as carefully as Wietse's own code, every 1000 lines introduce one
additional bug into Postfix.
-At this time, you should no longer be using OpenSSL releases prior to the most
-recent 0.9.8 release unless all relevant security fixes have been backported to
-the earlier release by you or your O/S vendor. OpenSSL 0.9.7 and earlier are no
-longer maintained by the OpenSSL team.
-
W�Wh�ha�at�t P�Po�os�st�tf�fi�ix�x T�TL�LS�S s�su�up�pp�po�or�rt�t d�do�oe�es�s f�fo�or�r y�yo�ou�u
Transport Layer Security (TLS, formerly called SSL) provides certificate-based
authentication and encrypted sessions. An encrypted session protects the
information that is transmitted with SMTP mail or with SASL authentication.
-This document describes a TLS user interface that was introduced with Postfix
-version 2.3. Support for an older user interface is documented in
-TLS_LEGACY_README, which also describes the differences between Postfix and the
-third-party patch on which Postfix version 2.2 TLS support was based.
+ NOTE: This document describes a TLS user interface that was introduced
+ with Postfix version 2.3. Support for an older user interface is documented
+ in TLS_LEGACY_README, which also describes the differences between Postfix
+ and the third-party patch on which Postfix version 2.2 TLS support was
+ based.
Topics covered in this document:
* How Postfix TLS support works
- * Building Postfix with TLS support
* SMTP Server specific settings
* SMTP Client specific settings
* TLS manager specific settings
+ * Building Postfix with TLS support
* Reporting problems
* Credits
@@ -48,12 +44,15 @@
* The smtpd(8) server implements the SMTP over TLS server side.
- * The smtp(8) client implements the SMTP over TLS client side.
+ * The smtp(8) client implements the SMTP (and LMTP) over TLS client side.
* The tlsmgr(8) server maintains the pseudo-random number generator (PRNG)
that seeds the TLS engines in the smtpd(8) server and smtp(8) client
processes, and maintains the TLS session key cache files.
+Not shown in the figure are the tlsproxy(8) server and the postscreen(8)
+server. These use TLS in the same manner as smtpd(8).
+
<---seed---- ----seed--->
Network-> smtpd(8) tlsmgr(8) smtp(8) ->Network
<-key/cert-> <-key/cert->
@@ -66,57 +65,6 @@
session state session
key cache file key cache
-B�Bu�ui�il�ld�di�in�ng�g P�Po�os�st�tf�fi�ix�x w�wi�it�th�h T�TL�LS�S s�su�up�pp�po�or�rt�t
-
-These instructions assume that you build Postfix from source code as described
-in the INSTALL document. Some modification may be required if you build Postfix
-from a vendor-specific source package.
-
-To build Postfix with TLS support, first we need to generate the make(1) files
-with the necessary definitions. This is done by invoking the command "make
-makefiles" in the Postfix top-level directory and with arguments as shown next.
-
-N�NO�OT�TE�E:�: D�Do�o n�no�ot�t u�us�se�e G�Gn�nu�u T�TL�LS�S.�. I�It�t w�wi�il�ll�l s�sp�po�on�nt�ta�an�ne�eo�ou�us�sl�ly�y t�te�er�rm�mi�in�na�at�te�e a�a P�Po�os�st�tf�fi�ix�x d�da�ae�em�mo�on�n
-p�pr�ro�oc�ce�es�ss�s w�wi�it�th�h e�ex�xi�it�t s�st�ta�at�tu�us�s c�co�od�de�e 2�2,�, i�in�ns�st�te�ea�ad�d o�of�f a�al�ll�lo�ow�wi�in�ng�g P�Po�os�st�tf�fi�ix�x t�to�o 1�1)�) r�re�ep�po�or�rt�t
t�th�he�e
-e�er�rr�ro�or�r t�to�o t�th�he�e m�ma�ai�il�ll�lo�og�g f�fi�il�le�e,�, a�an�nd�d t�to�o 2�2)�) p�pr�ro�ov�vi�id�de�e p�pl�la�ai�in�nt�te�ex�xt�t s�se�er�rv�vi�ic�ce�e w�wh�he�er�re�e t�th�hi�is�s
i�is�s
-a�ap�pp�pr�ro�op�pr�ri�ia�at�te�e.�.
-
- * If the OpenSSL include files (such as ssl.h) are in directory /usr/include/
- openssl, and the OpenSSL libraries (such as libssl.so and libcrypto.so) are
- in directory /usr/lib:
-
- % m�ma�ak�ke�e t�ti�id�dy�y # if you have left-over files from a previous build
- % m�ma�ak�ke�e m�ma�ak�ke�ef�fi�il�le�es�s C�CC�CA�AR�RG�GS�S=�="�"-�-D�DU�US�SE�E_�_T�TL�LS�S"�" A�AU�UX�XL�LI�IB�BS�S=�="�"-�-l�ls�ss�sl�l -�-l�lc�cr�ry�yp�pt�to�o"�"
-
- * If the OpenSSL include files (such as ssl.h) are in directory /usr/local/
- include/openssl, and the OpenSSL libraries (such as libssl.so and
- libcrypto.so) are in directory /usr/local/lib:
-
- % m�ma�ak�ke�e t�ti�id�dy�y # if you have left-over files from a previous build
- % m�ma�ak�ke�e m�ma�ak�ke�ef�fi�il�le�es�s C�CC�CA�AR�RG�GS�S=�="�"-�-D�DU�US�SE�E_�_T�TL�LS�S -�-I�I/�/u�us�sr�r/�/l�lo�oc�ca�al�l/�/i�in�nc�cl�lu�ud�de�e"�" \�\
- A�AU�UX�XL�LI�IB�BS�S=�="�"-�-L�L/�/u�us�sr�r/�/l�lo�oc�ca�al�l/�/l�li�ib�b -�-l�ls�ss�sl�l -�-l�lc�cr�ry�yp�pt�to�o"�"
-
- On Solaris, specify the -R option as shown below:
-
- % m�ma�ak�ke�e t�ti�id�dy�y # if you have left-over files from a previous build
- % m�ma�ak�ke�e m�ma�ak�ke�ef�fi�il�le�es�s C�CC�CA�AR�RG�GS�S=�="�"-�-D�DU�US�SE�E_�_T�TL�LS�S -�-I�I/�/u�us�sr�r/�/l�lo�oc�ca�al�l/�/i�in�nc�cl�lu�ud�de�e"�" \�\
- A�AU�UX�XL�LI�IB�BS�S=�="�"-�-R�R/�/u�us�sr�r/�/l�lo�oc�ca�al�l/�/l�li�ib�b -�-L�L/�/u�us�sr�r/�/l�lo�oc�ca�al�l/�/l�li�ib�b -�-l�ls�ss�sl�l -�-l�lc�cr�ry�yp�pt�to�o"�"
-
-If you need to apply other customizations (such as Berkeley DB databases,
-MySQL, PostgreSQL, LDAP or SASL), see the respective Postfix README documents,
-and combine their "make makefiles" instructions with the instructions above:
-
- % m�ma�ak�ke�e t�ti�id�dy�y # if you have left-over files from a previous build
- % m�ma�ak�ke�e m�ma�ak�ke�ef�fi�il�le�es�s C�CC�CA�AR�RG�GS�S=�="�"-�-D�DU�US�SE�E_�_T�TL�LS�S \�\
- (�(o�ot�th�he�er�r -�-D�D o�or�r -�-I�I o�op�pt�ti�io�on�ns�s)�)"�" \�\
- A�AU�UX�XL�LI�IB�BS�S=�="�"-�-l�ls�ss�sl�l -�-l�lc�cr�ry�yp�pt�to�o \�\
- (�(o�ot�th�he�er�r -�-l�l o�op�pt�ti�io�on�ns�s f�fo�or�r l�li�ib�br�ra�ar�ri�ie�es�s i�in�n /�/u�us�sr�r/�/l�li�ib�b)�) \�\
- (�(-�-L�L/�/p�pa�at�th�h/�/n�na�am�me�e +�+ -�-l�l o�op�pt�ti�io�on�ns�s f�fo�or�r o�ot�th�he�er�r l�li�ib�br�ra�ar�ri�ie�es�s)�)"�"
-
-To complete the build process, see the Postfix INSTALL instructions. Postfix
-has TLS support turned off by default, so you can start using Postfix as soon
-as it is installed.
-
S�SM�MT�TP�P S�Se�er�rv�ve�er�r s�sp�pe�ec�ci�if�fi�ic�c s�se�et�tt�ti�in�ng�gs�s
Topics covered in this section:
@@ -145,7 +93,7 @@
generate, and be prepared to present to most clients, a self-signed or private-
CA signed certificate. The remote SMTP client will generally not be able to
authenticate the self-signed certificate, but unless the client is running
-Postfix 2.3 or similar software, it will still insist on a server certificate.
+Postfix or similar software, it will still insist on a server certificate.
For servers that are n�no�ot�t public Internet MX hosts, Postfix supports
configurations with no certificates. This entails the use of just the anonymous
@@ -259,15 +207,27 @@
increase the log level from 0..4. Each logging level also includes the
information that is logged at a lower logging level.
- 0 Disable logging of TLS activity.
-
- 1 Log TLS handshake and certificate information.
-
- 2 Log levels during TLS negotiation.
-
- 3 Log hexadecimal and ASCII dump of TLS negotiation process
-
- 4 Log hexadecimal and ASCII dump of complete transmission after STARTTLS
+ _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _�
+ |L�Le�ev�ve�el�l|P�Po�os�st�tf�fi�ix�x 2�2.�.9�9 a�an�nd�d l�la�at�te�er�r |E�Ea�ar�rl�li�ie�er�r r�re�el�le�ea�as�se�es�s.�. |
+ |_� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� |
+ |0 |Log only a summary message on TLS |Disable logging of TLS activity.|
+ | |handshake completion -- no logging| |
+ | |of client certificate trust-chain | |
+ | |verification errors if client | |
+ | |certificate verification is not | |
+ | |required. | |
+ |_� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� |
+ |1 |Also log trust-chain verification |Also log TLS handshake and |
+ | |errors and peer certificate |certificate information. |
+ | |summary information. | |
+ |_� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� |
+ |2 |Also log levels during TLS negotiation. |
+ |_� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� |
+ |3 |Also log hexadecimal and ASCII dump of TLS negotiation process. |
+ |_� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� |
+ |4 |Also log hexadecimal and ASCII dump of complete transmission after |
+ | |STARTTLS. |
+ |_� _� _� _� _� _�|_� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _� _�
_� _� _� _� _� _� _� _� _� |
Use log level 3 only in case of problems. Use of log level 4 is strongly
discouraged.
@@ -293,16 +253,12 @@
By default, TLS is disabled in the Postfix SMTP server, so no difference to
plain Postfix is visible. Explicitly switch it on with
-"smtpd_tls_security_level = may" (Postfix 2.3 and later) or "smtpd_use_tls =
-yes" (obsolete but still supported).
Home |
Main Index |
Thread Index |
Old Index