Viktor Dukhovni via Postfix-users:
> On Tue, Aug 15, 2023 at 11:33:08AM -0400, Wietse Venema via Postfix-users
> wrote:
>
> > With that, the condition evaluates to:
> >
> > 1: session->tls_context == 0 true
> > 2: state->tls->level == TLS_LEV_MAY presumably true
> > 3: PREACTIVE_DELAY >= var_min_backoff_time false
> > 4: !HAVE_SASL_CREDENTIALS ?
> >
> > [...]
> >
> > Condition 3 may need more nuance. The code is OK for non-probe
> > messages; it prefers to retry later with TLS, over immediately
> > falling back to plaintext. When the later retry also fails in the
> > TLS handhake, then Postfix will immediately fall back to plaintext.
> >
> > However, probes don't retry, so maybe we should skip condition 3
> > for probes.
>
> That's my instinct also. Waiting out transient glitches by retrying on
> the next delivery attempt is not an option for probes. And probes don't
> leak message content in the clear, nor even the full envelope, just a
> single sender or recipient.
The patch below should apply to Postfix 3.0 and later. It disables
the 'time before active queue' threshold for probe messages. The
threshold was introduced in 2014:
20140218
Workaround: require that a queue file is older than
$minimal_backoff_time, before falling back from failed TLS
(both during or after the TLS handshake) to plaintext
delivery. Viktor Dukhovni. Files: smtp/smtp.h, smtp/smtp.c,
smtp/lmtp_params.c, smtp/smtp_params.c.
The above is from the postfix-2.12-20140219 HISTORY.
Wietse
diff -ur /var/tmp/postfix-3.9-20230808/src/smtp/smtp.h ./src/smtp/smtp.h
--- /var/tmp/postfix-3.9-20230808/src/smtp/smtp.h 2023-08-07
09:42:24.000000000 -0400
+++ ./src/smtp/smtp.h 2023-08-15 11:47:51.489063698 -0400
@@ -506,17 +506,19 @@
(session->state->request->msg_stats.active_arrival.tv_sec - \
session->state->request->msg_stats.incoming_arrival.tv_sec)
+#define TRACE_REQ_ONLY (DEL_REQ_TRACE_ONLY(state->request->flags))
+
#define PLAINTEXT_FALLBACK_OK_AFTER_STARTTLS_FAILURE \
(session->tls_context == 0 \
&& state->tls->level == TLS_LEV_MAY \
- && PREACTIVE_DELAY >= var_min_backoff_time \
+ && (TRACE_REQ_ONLY || PREACTIVE_DELAY >= var_min_backoff_time) \
&& !HAVE_SASL_CREDENTIALS)
#define PLAINTEXT_FALLBACK_OK_AFTER_TLS_SESSION_FAILURE \
(session->tls_context != 0 \
&& SMTP_RCPT_LEFT(state) > SMTP_RCPT_MARK_COUNT(state) \
&& state->tls->level == TLS_LEV_MAY \
- && PREACTIVE_DELAY >= var_min_backoff_time \
+ && (TRACE_REQ_ONLY || PREACTIVE_DELAY >= var_min_backoff_time) \
&& !HAVE_SASL_CREDENTIALS)
/*
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
