postfix-3.1-20151031

postfix/.indent.pro

@@ -404,5 +404,4 @@
 -Tssl_comp_stack_t
 -Ttime_t
 -Ttlsa_filter
--Tx509_extension_stack_t
 -Tx509_stack_t

postfix/HISTORY

@@ -21989,3 +21989,24 @@ Apologies for any names omitted.
 	warnings, and skip the failing pattern as in dict_regexp.c.
 	Also, fixed the error text when running into the matcher's
 	backtracking limit. File: util/dict_pcre.c.
+
+20151017
+
+	Feature: smtpd_client_auth_rate_limit enforces a rate
+	limit on the number of AUTH commands per client IP address.
+	mantools/postlink, proto/postconf.proto, anvil/anvil.c,
+	global/anvil_clnt.c, global/anvil_clnt.h, global/mail_params.h,
+	smtpd/smtpd.c.
+
+20151018
+
+	Added RFC 7672 (SMTP security via opportunistic DANE TLS)
+	and RFC 7505 ("Null MX" No Service Resource Record) to the
+	lists of supported RFCs in manpages. Viktor Dukhovni. Files:
+	smtp/smtp.c, smtpd/smtpd.c.
+
+20151031
+
+	Bitrot: OpenSSL API cleanups. Viktor Dukhovni. Files:
+	.indent.pro, tls/tls.h, tls/tls_dane.c, tls/tls_fprint.c,
+	tls/tls_misc.c, tls/tls_server.c, tls/tls_verify.c.

postfix/README_FILES/TUNING_README

@@ -173,6 +173,10 @@ the smtpd(8) server against abuse by out-of-control clients.
         The maximum number of new TLS sessions (without using the TLS session
         cache) that an SMTP client may negotiate in the time interval specified
         with anvil_rate_time_unit (default: 60s).
+    smtpd_client_auth_rate_limit (default: no limit)
+        The maximum number of AUTH commands that an SMTP client may send in the
+        time interval specified with anvil_rate_time_unit (default: 60s).
+        Available in Postfix 3.1 and later.
     smtpd_client_event_limit_exceptions (default: $mynetworks)
         SMTP clients that are excluded from connection and rate limits
         specified above.

postfix/html/TUNING_README.html

@@ -267,6 +267,11 @@ <h2><a name="conn_limit">Measures against clients that make too many connections
 time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default: 60s).
 </dd>
 
+<dt> <a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (default: no limit) </dt> <dd>
+The maximum number of AUTH commands that an SMTP client may send
+in the time interval specified with <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> (default:
+60s). Available in Postfix 3.1 and later. </dd>
+
 <dt> <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> (default: $<a href="postconf.5.html#mynetworks">mynetworks</a>)
 </dt> <dd> SMTP clients that are excluded from connection and rate
 limits specified above. </dd>

postfix/html/anvil.8.html

@@ -106,6 +106,19 @@
            <b>status=0</b>
            <b>rate=</b><i>number</i>
 
+<b>AUTH RATE CONTROL</b>
+       To register an AUTH request send the following request to the  <a href="anvil.8.html"><b>anvil</b>(8)</a>
+       server:
+
+           <b>request=auth</b>
+           <b>ident=</b><i>string</i>
+
+       The  <a href="anvil.8.html"><b>anvil</b>(8)</a>  server answers with the number of auth requests per unit
+       time for the (service, client) combination specified with <b>ident</b>:
+
+           <b>status=0</b>
+           <b>rate=</b><i>number</i>
+
 <b>SECURITY</b>
        The <a href="anvil.8.html"><b>anvil</b>(8)</a> server does not talk to the network or to local users, and
        can run chrooted at fixed low privilege.

postfix/html/lmtp.8.html

@@ -109,6 +109,7 @@
        <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
        <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
        <a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+       <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
 
 <b>DIAGNOSTICS</b>
        Problems and transactions are logged to <b>syslogd</b>(8).  Corrupted  message

postfix/html/postconf.5.html

@@ -13240,6 +13240,37 @@ <h2> Postfix main.cf file format </h2>
 </pre>
 
 
+</DD>
+
+<DT><b><a name="smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a>
+(default: 0)</b></DT><DD>
+
+<p>
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands.  The time unit is specified
+with the <a href="postconf.5.html#anvil_rate_time_unit">anvil_rate_time_unit</a> configuration parameter.
+</p>
+
+<p>
+By default, there is no limit on the number AUTH commands that a
+client may send.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
+
 </DD>
 
 <DT><b><a name="smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a>

postfix/html/smtp.8.html

@@ -109,6 +109,7 @@
        <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
        <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
        <a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+       <a href="http://tools.ietf.org/html/rfc7672">RFC 7672</a> (SMTP security via opportunistic DANE TLS)
 
 <b>DIAGNOSTICS</b>
        Problems and transactions are logged to <b>syslogd</b>(8).  Corrupted  message

postfix/html/smtpd.8.html

@@ -59,6 +59,7 @@
        <a href="http://tools.ietf.org/html/rfc5321">RFC 5321</a> (SMTP protocol)
        <a href="http://tools.ietf.org/html/rfc6531">RFC 6531</a> (Internationalized SMTP)
        <a href="http://tools.ietf.org/html/rfc6533">RFC 6533</a> (Internationalized Delivery Status Notifications)
+       <a href="http://tools.ietf.org/html/rfc7505">RFC 7505</a> ("Null MX" No Service Resource Record)
 
 <b>DIAGNOSTICS</b>
        Problems and transactions are logged to <b>syslogd</b>(8).
@@ -339,8 +340,8 @@
               tation that is selected with <b><a href="postconf.5.html#smtpd_sasl_type">smtpd_sasl_type</a></b>.
 
        <b><a href="postconf.5.html#smtpd_sender_login_maps">smtpd_sender_login_maps</a> (empty)</b>
-              Optional  lookup table with the SASL login names that own sender
-              (MAIL FROM) addresses.
+              Optional  lookup  table  with  the SASL login names that own the
+              sender (MAIL FROM) addresses.
 
        Available in Postfix version 2.1 and later:
 
@@ -840,6 +841,13 @@
               record (an SMTP command line, SMTP response line,  SMTP  message
               content line, or TLS protocol message).
 
+       Available in Postfix version 3.1 and later:
+
+       <b><a href="postconf.5.html#smtpd_client_auth_rate_limit">smtpd_client_auth_rate_limit</a> (0)</b>
+              The  maximal  number of AUTH commands that any client is allowed
+              to send to this service per time unit, regardless of whether  or
+              not Postfix actually accepts those commands.
+
 <b>TARPIT CONTROLS</b>
        When  a  remote  SMTP  client makes errors, the Postfix SMTP server can
        insert delays before responding. This can help to  slow  down  run-away

postfix/man/man5/postconf.5

@@ -8764,6 +8764,21 @@ smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
 .fi
 .ad
 .ft R
+.SH smtpd_client_auth_rate_limit (default: 0)
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands.  The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+.PP
+By default, there is no limit on the number AUTH commands that a
+client may send.
+.PP
+To disable this feature, specify a limit of 0.
+.PP
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+.PP
+This feature is available in Postfix 3.1 and later.
 .SH smtpd_client_connection_count_limit (default: 50)
 How many simultaneous connections any client is allowed to
 make to this service.  By default, the limit is set to half

postfix/man/man8/anvil.8

@@ -140,6 +140,27 @@ The \fBanvil\fR(8) server answers with the number of new
 TLS session requests per unit time for the (service, client)
 combination specified with \fBident\fR:
 
+.nf
+    \fBstatus=0\fR
+    \fBrate=\fInumber\fR
+.fi
+.SH "AUTH RATE CONTROL"
+.na
+.nf
+.ad
+.fi
+To register an AUTH request send the following request
+to the \fBanvil\fR(8) server:
+
+.nf
+    \fBrequest=auth\fR
+    \fBident=\fIstring\fR
+.fi
+
+The \fBanvil\fR(8) server answers with the number of auth
+requests per unit time for the (service, client) combination
+specified with \fBident\fR:
+
 .nf
     \fBstatus=0\fR
     \fBrate=\fInumber\fR

postfix/man/man8/smtp.8

@@ -112,6 +112,7 @@ RFC 4954 (AUTH command)
 RFC 5321 (SMTP protocol)
 RFC 6531 (Internationalized SMTP)
 RFC 6533 (Internationalized Delivery Status Notifications)
+RFC 7672 (SMTP security via opportunistic DANE TLS)
 .SH DIAGNOSTICS
 .ad
 .fi

postfix/man/man8/smtpd.8

@@ -65,6 +65,7 @@ RFC 4954 (AUTH command)
 RFC 5321 (SMTP protocol)
 RFC 6531 (Internationalized SMTP)
 RFC 6533 (Internationalized Delivery Status Notifications)
+RFC 7505 ("Null MX" No Service Resource Record)
 .SH DIAGNOSTICS
 .ad
 .fi
@@ -329,7 +330,7 @@ the list of available
 features depends on the SASL server implementation that is selected
 with \fBsmtpd_sasl_type\fR.
 .IP "\fBsmtpd_sender_login_maps (empty)\fR"
-Optional lookup table with the SASL login names that own sender
+Optional lookup table with the SASL login names that own the sender
 (MAIL FROM) addresses.
 .PP
 Available in Postfix version 2.1 and later:
@@ -745,6 +746,12 @@ time limits, from a
 time limit per read or write system call, to a time limit to send
 or receive a complete record (an SMTP command line, SMTP response
 line, SMTP message content line, or TLS protocol message).
+.PP
+Available in Postfix version 3.1 and later:
+.IP "\fBsmtpd_client_auth_rate_limit (0)\fR"
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands.
 .SH "TARPIT CONTROLS"
 .na
 .nf

postfix/mantools/postlink

@@ -521,6 +521,7 @@ while (<>) {
     s;\bsmtpd_autho[-</bB>]*\n*[ <bB>]*rized_xclient_hosts\b;<a href="postconf.5.html#smtpd_authorized_xclient_hosts">$&</a>;g;
     s;\bsmtpd_autho[-</bB>]*\n*[ <bB>]*rized_xforward_hosts\b;<a href="postconf.5.html#smtpd_authorized_xforward_hosts">$&</a>;g;
     s;\bsmtpd_ban[-</bB>]*\n*[ <bB>]*ner\b;<a href="postconf.5.html#smtpd_banner">$&</a>;g;
+    s;\bsmtpd_client_auth_rate_limit\b;<a href="postconf.5.html#smtpd_client_auth_rate_limit">$&</a>;g;
     s;\bsmtpd_client_connec[-</bB>]*\n*[ <bB>]*tion_count_limit\b;<a href="postconf.5.html#smtpd_client_connection_count_limit">$&</a>;g;
     s;\bsmtpd_client_event_limit_exceptions\b;<a href="postconf.5.html#smtpd_client_event_limit_exceptions">$&</a>;g;
     s;\bsmtpd_client_connec[-</bB>]*\n*[ <bB>]*tion_rate_limit\b;<a href="postconf.5.html#smtpd_client_connection_rate_limit">$&</a>;g;

postfix/proto/TUNING_README.html

@@ -267,6 +267,11 @@ <h2><a name="conn_limit">Measures against clients that make too many connections
 time interval specified with anvil_rate_time_unit (default: 60s).
 </dd>
 
+<dt> smtpd_client_auth_rate_limit (default: no limit) </dt> <dd>
+The maximum number of AUTH commands that an SMTP client may send
+in the time interval specified with anvil_rate_time_unit (default:
+60s). Available in Postfix 3.1 and later. </dd>
+
 <dt> smtpd_client_event_limit_exceptions (default: $mynetworks)
 </dt> <dd> SMTP clients that are excluded from connection and rate
 limits specified above. </dd>

postfix/proto/postconf.proto

@@ -5022,6 +5022,33 @@ Example:
 smtpd_client_new_tls_session_rate_limit = 100
 </pre>
 
+%PARAM smtpd_client_auth_rate_limit 0
+
+<p>
+The maximal number of AUTH commands that any client is allowed to
+send to this service per time unit, regardless of whether or not
+Postfix actually accepts those commands.  The time unit is specified
+with the anvil_rate_time_unit configuration parameter.
+</p>
+
+<p>
+By default, there is no limit on the number AUTH commands that a
+client may send.
+</p>
+
+<p>
+To disable this feature, specify a limit of 0.
+</p>
+
+<p>
+WARNING: The purpose of this feature is to limit abuse. It must
+not be used to regulate legitimate mail traffic.
+</p>
+
+<p>
+This feature is available in Postfix 3.1 and later.
+</p>
+
 %PARAM smtpd_client_restrictions 
 
 <p>