diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2018-11-03 23:13:34 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2018-11-05 16:55:33 +0000 |
| commit | ee8b809061baea861fc87c41bcb72a62d76b0047 (patch) | |
| tree | 015dadad49f70deb9a2bc0887452ced9824b9f8b /doc | |
| parent | b536a578fbabdc9d39da53d54a8d7700ba537431 (diff) | |
Squashed commit of PIPE_CONNECT
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 1 | ||||
| -rw-r--r-- | doc/doc-txt/NewStuff | 3 | ||||
| -rw-r--r-- | doc/doc-txt/OptionLists.txt | 4 | ||||
| -rw-r--r-- | doc/doc-txt/experimental-spec.txt | 80 |
4 files changed, 86 insertions, 2 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index c84c9b4d1..4e99e6c0d 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -36965,6 +36965,7 @@ immediately after the time and date. &%pipelining%&: A field is added to delivery and accept log lines when the ESMTP PIPELINING extension was used. The field is a single "L". + On accept lines, where PIPELINING was offered but not used by the client, the field has a minus appended. .next diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index cc9721ada..fb336b8af 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -17,7 +17,8 @@ Version 4.92 2. The ${readsocket } expansion item now takes a "tls" option, doing the obvious thing. - 3. EXPERIMENTAL_REQUIRETLS. See the experimental.spec file. + 3. EXPERIMENTAL_REQUIRETLS and EXPERIMENTAL_PIPE_CONNECT optional build + features. See the experimental.spec file. 4. If built with SUPPORT_I18N a "utf8_downconvert" option on the smtp transport. diff --git a/doc/doc-txt/OptionLists.txt b/doc/doc-txt/OptionLists.txt index 8d20f6fe2..fec47946a 100644 --- a/doc/doc-txt/OptionLists.txt +++ b/doc/doc-txt/OptionLists.txt @@ -54,7 +54,7 @@ acl_not_smtp_mime string* unset main acl_smtp_auth string* unset main 4.00 acl_smtp_connect string* unset main 4.11 acl_smtp_data string* unset main 4.00 -acl_smtp_data_prdr string* unset main 4.82 with experimental_prdr +acl_smtp_data_prdr string* unset main 4.82 with experimental_prdr, 4.83 unless disable_prdr acl_smtp_dkim string* unset main 4.70 unless disable_dkim acl_smtp_etrn string* unset main 4.00 acl_smtp_expn string* unset main 4.00 @@ -300,6 +300,7 @@ hosts_max_try_hardlimit integer 50 smtp hosts_nopass_tls host list unset smtp 4.00 hosts_noproxy_tls host list "*" smtp 4.90 hosts_override boolean false smtp 2.11 +hosts_pipe_connect host_list unset smtp 4.93 if experimental_pipe_connect hosts_randomize boolean false manualroute 4.00 false smtp 3.14 hosts_require_auth host list unset smtp 4.00 @@ -412,6 +413,7 @@ pid_file_path string ++ main pipe_as_creator boolean false pipe pipe_transport string* unset redirect 4.00 pipelining_advertise_hosts host list "*" main 4.14 +pipelining__connect_advertise_hosts host list "*" main 4.92 if experimental_pipe_connect port integer 0 iplookup 4.00 string "smtp" smtp preserve_message_logs boolean false main diff --git a/doc/doc-txt/experimental-spec.txt b/doc/doc-txt/experimental-spec.txt index 49935fb40..d5a75f5b3 100644 --- a/doc/doc-txt/experimental-spec.txt +++ b/doc/doc-txt/experimental-spec.txt @@ -904,6 +904,86 @@ Note that REQUIRETLS is only advertised once a TLS connection is achieved like "swaks -s 127.0.0.1 -tls -q HELO". + + +Early pipelining support +------------------------ +Ref: https://datatracker.ietf.org/doc/draft-harris-early-pipe/ + +If compiled with EXPERIMENTAL_PIPE_CONNECT support is included for this feature. +The server advertises the feature in its EHLO response, currently using the name +"X_PIPE_CONNECT" (this will change, some time in the future). +A client may cache this information, along with the rest of the EHLO response, +and use it for later connections. Those later ones can send esmtp commands before +a banner is received. + +Up to 1.5 roundtrip times can be taken out of cleartext connections, 2.5 on +STARTTLS connections. + +In combination with the traditional PIPELINING feature the following example +sequences are possible (among others): + +(client) (server) + +EHLO,MAIL,RCPT,DATA -> + <- banner,EHLO-resp,MAIL-ack,RCPT-ack,DATA-goahead +message-data -> +------ + +EHLO,MAIL,RCPT,BDAT -> + <- banner,EHLO-resp,MAIL-ack,RCPT-ack +message-data -> +------ + +EHLO,STARTTLS -> + <- banner,EHLO-resp,TLS-goahead +TLS1.2-client-hello -> + <- TLS-server-hello,cert,hello-done +client-Kex,change-cipher,finished -> + <- change-cipher,finshed +EHLO,MAIL,RCPT,DATA -> + <- EHLO-resp,MAIL-ack,RCPT-ack,DATA-goahead + +------ +(tls-on-connect) +TLS1.2-client-hello -> + <- TLS-server-hello,cert,hello-done +client-Kex,change-cipher,finished -> + <- change-cipher,finshed + <- banner +EHLO,MAIL,RCPT,DATA -> + <- EHLO-resp,MAIL-ack,RCPT-ack,DATA-goahead + +Where the initial client packet is SMTP, it can combine with the TCP Fast Open +feature and be sent in the TCP SYN. + + +A main-section option "pipelining_connect_advertise_hosts" (default: *) +and an smtp transport option "hosts_pipe_connect" (default: unset) +control the feature. + +If the "pipelining" log_selector is enabled, the "L" field in server <= +log lines has a period appended if the feature was advertised but not used; +or has an asterisk appended if the feature was used. In client => lines +the "L" field has an asterisk appended if the feature was used. + +The "retry_data_expire" option controls cache invalidation. +Entries are also rewritten (or cleared) if the adverised features +change. + + +NOTE: since the EHLO command must be constructed before the connection is +made it cannot depend on the interface IP address that will be used. +Transport configurations should be checked for this. An example avoidance: + + helo_data = ${if def:sending_ip_address \ + {${lookup dnsdb{>! ptr=$sending_ip_address} \ + {${sg{$value} {^([^!]*).*\$} {\$1}}} fail}} \ + {$primary_hostname}} + + + + -------------------------------------------------------------- End of file -------------------------------------------------------------- |