mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-2.2-20050117

Browse Source
This commit is contained in:
Wietse Venema 2005-01-17 00:00:00 -05:00 committed by Viktor Dukhovni
parent 56e972e7c4
commit 04018b3a75
215 changed files with 9027 additions and 1861 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
postfix/.indent.pro vendored
View File

@ -1,4 +1,5 @@
-TABOUNCE
-TADDR_PATTERN
-TALIAS_TOKEN
-TANVIL_CLNT
-TANVIL_LOCAL
@ -16,6 +17,7 @@
-TBOUNCE_LOG
-TBOUNCE_STAT
-TCFG_PARSER
-TCIDR_MATCH
-TCLEANUP_STATE
-TCLIENT_LIST
-TCLNT_STREAM
@ -81,6 +83,7 @@
-THTABLE
-THTABLE_INFO
-TINET_ADDR_LIST
-TINET_PROTO_INFO
-TINTV
-TINT_TABLE
-TJMP_BUF_WRAPPER
@ -97,6 +100,10 @@
-TMAIL_PRINT
-TMAIL_SCAN
-TMAIL_STREAM
-TMAI_HOSTADDR_STR
-TMAI_HOSTNAME_STR
-TMAI_SERVNAME_STR
-TMAI_SERVPORT_STR
-TMAPS
-TMASTER_PROC
-TMASTER_SERV

8
postfix/COMPATIBILITY
View File

@ -3,7 +3,6 @@
/usr/spool/mail yes (compile time option)
/var/mail yes (compile time option)
/var/spool/mail yes (compile time option)
8bit->7bit MIME yes
:include: yes (mail to /file and |command is off by default)
address probing yes (optional persistent database)
aliases yes (can enable/disable mail to /file or |command)
@ -23,7 +22,7 @@ genericstable no (to be done)
greylist yes (delegated policy script)
home mailbox yes
ident lookup no
ipv6 no (to be done, patches exist)
ipv6 yes (compatibility for ipv4-only kernels/libraries)
ldap tables yes (contributed)
lmtp support yes (client)
luser relay yes
@ -35,12 +34,11 @@ mailertable yes (it's called transport)
mailq yes
majordomo yes (edit approve script to delete /^delivered-to:/i)
mime yes (including 8bit to quoted-printable conversion)
mime conversion not yet; postfix uses just-send-eight
mysql tables yes (contributed)
netinfo tables yes (contributed)
newaliases yes (main alias database only)
nis tables yes
nis+ tables yes
nis+ tables yes (contributed)
no <> in smtp yes (most common address forms)
pgsql tables yes (contributed)
pipeline option yes (server and client)
@ -62,7 +60,7 @@ session caching yes (SMTP shared multi-session; LMTP non-shared single-session)
size option yes, server and client
smarthost yes (specify relayhost in main.cf)
spf yes (delegated policy script)
starttls yes (third party patch)
starttls yes
tcp wrapper no (use built-in blacklist facility)
user+extension yes (also: .forward+extension)
user-extension yes (also: .forward-extension)

163
postfix/HISTORY
View File

@ -9993,6 +9993,32 @@ Apologies for any names omitted.
Bugfix: further postcat corner cases.
20041221-9
Infrastructure: unified IPv4/IPv6 name/address API so that
Postfix can support IPv6 without #ifdef INET6 everywhere.
In particular, we allow #ifdef in libraries but avoid it
in applications. Files: util/myaddrinfo.[hc],
util/sock_addr.[hc], dns/dns_rr_to_pa.c, dns/dns_sa_to_rr.c,
dns/dns_rr_eq_sa.c, dns/dns_rr_to_sa.c, inet_proto.[hc].
Postfix no longer attempts to deliver mail via IPv6 when
the system has no IPv6 connectivity. Network protocol
support is now selected with the "inet_protocols" configuration
parameter, instead of "inet_interfaces". The "inet_protocols"
parameter also controls what DNS lookups Postfix will do.
Infrastructure: eliminated two host/port parsing routines.
Only one survives: host_port(), in an extended form that
allows for missing host or missing service information but
not both. File: util/host_port.c.
20041229
Milestone: Postfix with the unified IPv4/IPv6 socket/name
API builds without compiler error on IPv4-only system and
actually works.
20041228
Bugfix: SMTPD_PROXY_README incorrectly claimed that ":port"
@ -10000,8 +10026,145 @@ Apologies for any names omitted.
without exposing the service to the network. Instead,
":port" causes a client to connect to "localhost".
20041231
Linux workaround: when mynetworks isn't set, a chrooted
process could not read the IPv6 address information from
/proc. We now invoke own_inet_addr() before chrooting,
while processing main.cf. File: global/mail_params.c.
20050101
Workaround for (Linux) systems without IPV6_V6ONLY support
(RFC 3493). When Postfix listened on an IPv4 wild-card
smtp socket, the IPv6 wild-card smtp listener would fail
with EADDRINUSE (and vice versa). File: util/myaddrinfo.c.
20050103
Safety: when the IPV6 netmask can't be determined, assume
/128 (host only). File: util/inet_addr_local.c.
20050104
Re-implemented IPv6 support for net/mask pattern matching.
Files: util/cidr_match.[hc], util/dict_cidr.c,
util/match_ops.[hc], proto/cidr_table.
20050105
Moved mask_addr() to its own module so that it could also
be called by mynetworks() and inet_addr_local() to remove
non-zero host bits from IPv6 network/mask patterns. File:
util/mask_addr.c.
20050108
Re-implemented IPv6 support for network interface lookup
via the Linux /proc file system. File: util/inet_addr_local.c.
20050111
Feature: specify "inet_interfaces = loopback-only" for
servers that must listen on local interfaces only, without
having to specify IPv4 and/or IPv6 addresses in main.cf or
master.cf. File: global/own_inet_addr.c.
Workaround: AIX 5.1 getaddrinfo() can't handle a null host
argument with AI_PASSIVE. Instead we specify an explicit
protocol family, a host of "::" or "0.0.0.0", and turn off
IPV6_V6ONLY. Files: util_myaddrinfo.c, util/inet_listen.c.
Workaround: AIX 5.1 getaddrinfo() can't handle a "0" service
argument. Instead we specify "1". Files: util/inet_addr_host.c.
20040513
Cleanup: now that the over-all structure is proving itself,
clean up some internal APIs to increase robustness and get
rid of some clumsiness. Mainly, the getaddrinfo(3) interface.
Start-up performance: the hash_queue_names default setting
is reduced from eight directories to just defer and deferred.
This reduces time for checking the Postfix queue. Files:
conf/post-install, global/mail_params.h.
20040514
Further cleanup: eliminate duplicate IPv6 results when the
mynetworks value is generated by Postfix. More documentation
of the new internal APIs.
Performance: reduced start-up delay by moving warning-only
startup checks into the background; they now start after
one minute to allow the system to finish booting. File:
conf/postfix-script.
20050115
Further hardening of the IPv6 support: don't trust system
libraries to protect Postfix against malformed IPv6 address
literals. Their syntax is complex enough that errors are
likely. Files: global/resolve_local.c, util/valid_hostname.c.
Further cleanup: RFC 2821 requires the IPv6: prefix with
IPv6 address strings. The smtp and qmqp servers maintain
separate address instances, the bare address and the RFC
2821 compatible form, and use each where appropriate. This
strict separation simplifies address syntax checks as well
as the implementation of XCLIENT and XFORWARD.
20050116
Infrastructure: new valid_mailhost_addr() routine to verify
that an address literal satisfies RFC 2821. An IPv4 address
is in dotted-quad decimal form, and an IPv6 address is in
hexadecimal form, with the "IPv6:" prefix. Files:
global/valid_mailhost_addr.[hc].
Further cleanup: valid_hostname() no longer allows network
addresses or numerical domain names. While it made some
sense with IPv4 dotted quad decimal forms, with IPv6 it
just made no sense anymore. Again, being stricter actually
simplifies code. Files: util/valid_hostname.c and a
surprisingly small number of valid_hostname() callers that
did not reject numerical forms.
Bugfix: in the Postfix 2.2 SMTP client, the debug_peer_init()
call was moved to the after-chroot initialization.
20050117
Milestone: first non-non-production snapshot with IPv6.
Open problems:
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when comparing against local IP addresses?
Med: transform IPv4-in-IPv6 address literals to IPv4 form
when eliminating MX mailer loops?
Med: Postfix requires [] around IPv6 address information
in match lists such as mynetworks, debug_peer_list etc.,
but the [] must not be specified in access(5) maps. Other
places don't care. For now, this gotcha is documented in
IPV6_README and in postconf(5) with each feature that may
use IPv6 address information. The general recommendation
is not to use [] unless absolutely necessary.
Med: the partial address matching of IPv6 addresses in
access(5) maps is a bit lame: it repeatedly truncates the
last ":octetpair" from the printable address representation
until a match is found or until truncation is no longer
possible. Since one or more ":" are usually omitted from
the printable IPv6 address representation, this does not
really try all the possibilities that one might expect to
be tried. For now, this gotcha is documented in access(5).
Low: cap bounce queue life time with regular queue life
time.
Med: implement ${name[?:]value} in main.cf or update the
postconf(5) manual.

483
postfix/IPv6-ChangeLog Normal file
View File

@ -0,0 +1,483 @@
ChangeLog for Dean Strik's IPv6 patch for Postfix. The patch is based on
PLD's patch, which in turn seems to be based on KAME's. For more information:
http://www.ipnet6.org/postfix/
---------------------------------------------------------------------
Version 1.25 Postfix release 2.1.3
Postfix release 2.0.20
Postfix snapshot 2.2-20040616
Bugfix: Misplaced myfree() caused a small memory leak. Reported
by Christian von Roques.
File: util/match_ops.c
Removed the colon (:) from the characters XFORWARD replaces by
a question mark (IPv6 addresses looked like 2001?610?1108?5010??1
in logging). Reported by Philipp Morger.
File: smtpd/smtpd.c
Version 1.24 Postfix release 2.1.1
Postfix release 2.0.20
Postfix snapshot 2.0.19-20040312
Postfix snapshot 2.2-20040504
Bugfix: Prefixlen non-null host portion validation (in CIDR maps
for example) yielded incorrect results sometimes because signed
arithmetic was used instead of unsigned.
File: util/match_ops.c
Patch correction: The TLS+IPv6 patch for Postfix 2.1.0 missed
the master.cf update (used for new installations). Added it
back.
Version 1.23 Postfix release 2.1.0
Postfix release 2.0.20
Postfix snapshot 2.0.19-20040312
Patch fixes: Several code fixes to make the patch compile
and work correctly when compiled without IPv6 support.
Bugfix (Solaris only?): address family length was not updated
which could cause client hostname validation errors.
File: smtpd/smtpd_peer.c
Portability: added support for Darwin 7.3+. This may need
some further testing.
Cleanup: Restructure and redocument interface address
retrieval functions. (This reduced the number of preprocessor
statements from 99 to 93 ;)
File: util/inet_addr_local.c
Cleanup: make several explicit casts to have compilers shut
their pie holes about uninteresting things.
Version 1.22 Postfix release 2.0.19
Postfix snapshot 2.0.19-20040312
Feature: Support "inet_interfaces = IPv4:all" and
"inet_interfaces = IPv6:all", to restrict postfix to use
either IPv4-only or IPv6-only. A more complete implementation
will be part of a future patch. (Slightly modified) patch by
Michal Ludvig, SuSE.
Files: util/interfaces_to_af.[ch], util/inet_addr_local.c,
global/own_inet_addr.c, global/wildcard_inet_addr.[ch],
master/master_ent.ch
Bugfix: In Postfix snapshots, a #define was misplaced with
the effect that IPv6 subnets were not included in auto-
generated $mynetworks (i.e., mynetworks not defined in main.cf,
when also mynetworks_style=subnet) on Linux 2.x systems.
File: utils/sys_defs.h
Version 1.21a Postfix snapshots 2.0.18-2004{0122,0205,0209}
2.0.19-20040312
TLS/snapshot version: Update TLS patch to 0.8.18-20040122.
Performed as a total repatch. 0.8.18 is cleaner with tls_*
variables if TLS is not actually compiled in.
Version 1.21 Postfix releases 2.0.18 - 2.0.19
Postfix snapshot 2.0.16-20031231
Bugfix: The SMTP client could fail to setup a connection,
erroring with a bogus "getaddrinfo(...): hostname nor servname
provided" warning, because the wrong address was selected.
File: smtp/smtp_connect.c
Safety: in dynamically growing data structures, update the
length info after (instead of before) updating the data size.
File: util/inet_addr_list.c
Version 1.20 Postfix release 2.0.16
Postfix snapshot 2.0.16-20031207
Bugfix: The SMTP client would abort when binding to specific
IPv6 addresses.
File: smtp/smtp_connect.c
Synchronisation/bugfix: LMTP source address binding is identical
to the SMTP source binding setup, avoiding the need for
lmtp_bind_address(6) if inet_interfaces is set to a single
host for an address family.
File: lmtp/lmtp_connect.c
Version 1.19 Postfix release 2.0.16
Postfix snapshot 2.0.16-20031207
Bugfix: Synchronisation of TLS patches in snapshots of 1.18[ab]
was not complete, causing a crash of smtpd if used with the new
proxy agent.
File: smtpd/smtpd.c
Bugfix: SMTP source address binding based on a single hostname
in inet_interfaces did not work since the code counted IPv4 and
IPv6 addresses instead of only the used address family. Fixed,
thereby no longer requiring exact specification of
smtp_bind_address(6) in this case.
File: smtp/smtp_connect.c
Bugfix: The QMQP sink server did not compile correctly. This
program, part of smtpstone tools, is not compiled or installed
by default.
File: smtpstone/qmqp-sink.c
Bugfix: NI_WITHSCOPEID was not correctly defined everywhere,
which could result in EAI_BADFLAGS. Changed location of
definition to correct it.
Files: util/sys_defs.h, util/inet_addr_list.h
Version 1.18b Postfix snapshot 2.0.16-20030921
IPv6 support: Added IPv6-enabled code to the new snapshot
check_*_{ns,mx}_access restrictions.
File: smtpd/smtpd_check.c
Version 1.18a Postfix release 2.0.16
Update (TLS patches): Updated Lutz Jaenicke's TLS patch to
version 0.8.16. See pfixtls/ChangeLog for details.
Diff contributed by Tuomo Soini.
The TLS+IPv6 patch now contains the original TLS patch
documentation from Lutz Jaenicke.
Version 1.18 Postfix releases 2.0.14 - 2.0.15
Postfix snapshot 2.0.14-20030812
Bugfix: Perform actual hostname verification in the SMTP
and QMTP servers. This was never supported in the IPv6
patch. Reported by Wolfgang S. Rupprecht.
Files: smtpd/smtpd_peer.c, qmqpd/qmqpd_peer.c
IPv6 address ranges using address/prefixlength (e.g. in
mynetworks and access maps) should be written as
[ipv6:addr:ess]/plen (e.g. [fec0:10:20::]/48). The old
supported syntax, [ipv6:addr:ess/plen] is deprecated and
support will be removed in a later version.
Thanks to Dr. Peter Bieringer and Pekka Savola for discussion.
Files: util/match_ops.c, global/mynetworks.c
Explicitly prefer IPv6 over IPv4 addresses when delivering
to a host when MX lookups are disabled when SMTP address
randomization is on (default).
File: smtp/smtp_addr.c
Compliance: write IPv6 address literals in mail headers
as [IPv6:addr] instead of [addr] as per RFC 2821:4.1.3
tagging requirement, for example [IPv6:fec0:10:20::1].
Pointed out by Dr. Peter Bieringer.
Files: smtpd/smtpd{,_peer,_state}.c, smtpd/smtpd.h
Version 1.17 Postfix release 2.0.13, 2.0.14
Postfix snapshot 2.0.13-20030706, 2.0.14-20030812
Bugfix: Two memory allocation/deallocation bugs were
introduced in patch 1.16. The impact of these bugs could
be 'arbitrary' memory corruption.
File: util/match_ops.c
Version 1.16 Postfix release 2.0.13
Postfix snapshot 2.0.13-20030706
Cleanup: rewrote match_ops.c. This rewrite is partly based on
patch by Takahiro Igarashi. The rewrite enables some better
handling of scoped addresses, and drops all GPL code from the
patch, easying license considerations. Also, allowed for
use of this code by the CIDR maps.
Files: util/match_ops.[ch]
Bugfix: correctly relay for scoped unicast addresses when
applicable. Until now, while Postfix was able to recognize
scoped addresses, it was not able to see e.g. fe80::10%fxp0
as local in mynetworks validation. KAME-only code.
(I've never heard of people using scoped addresses (think
link-local addresses) for mail relaying though...)
Files: util/inet_addr_list.[ch]
Feature (snapshot only): rewrote CIDR maps code to support
IPv6 addresses, using new match_ops code. Allow the use
of [::/0] since it allows one to easily disable further
checks for IPv6 addresses.
File: util/dict_cidr.c
Consistency: require IPv6 addresses in inet_interfaces to
be enclosed in square brackets.
File: util/inet_addr_host.c
Bugfix: (Linux2-only) A #define was misspelled. This could
lead to Postfix being unable to read the system's local IPv6
addresses (e.g. when using inet_interfaces).
Spotted by Jochen Friedrich.
File: util/sys_defs.h
Cleanup: require non-null host portion in CIDR /
prefixlength notations for IPv6 (was IPv4-only).
Version 1.15a Postfix release 2.0.13
Update (TLS patches): Updated Lutz Jaenicke's TLS patch
to version 0.8.15. This version introduces new options
for managing SASL mechanisms. More information at:
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/
Diff contributed by Tuomo Soini.
Version 1.15 Postfix release 2.0.12, 2.0.13
Postfix snapshot 2.0.12-20030621
Bugfix (TLS-snapshots only): a change in Postfix snapshot
2.0.11-20030609 broke initialisation of TLS in smtpd,
causing TLS to both be unadvertised and unaccepted.
This was fixed again by reordering initialisation.
File: smtpd/smtpd.c
Update (TLS patches): Updated Lutz Jaenicke's TLS patch
to version 0.8.14. This version introduces a few fixes and
uses USE_SSL instead of HAS_SSL. More information at:
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/
Diff contributed by Tuomo Soini.
Bugfix (Postfix releases only - this was already added to
the snapshots in patch 1.14). KAME derived systems only.
Correctly decode scoped addresses, including network
interface specifiers.
File: util/inet_addr_local.c
Version 1.14 Postfix releases 2.0.9, 2.0.10, 2.0.11, 2.0.12
Postfix snapshots 2.0.9-20030424, 2.0.10-20030521,
2.0.11-20030609, 2.0.12-20030611
Patch change: made the patch available as an IPv6-only
patch (i.e., without the TLS code). This on popular
request by users and packagers.
A TLS+IPv6 version is still available of course.
Bugfix: correctly decode scoped addresses from now on
(KAME derived systems only). I think the original code
was written by Itojun, so I'm rather puzzled that it
didn't work...
File: util/inet_addr_local.c
Bugfix/portability: Recent KAME snapshots return both
TCP and SCTP address information on getaddrinfo() if
no protocol was specified. This causes the socket counts
to be wrong, confusing child processes.
Merged patch by JINMEI Tatuya of KAME to fix this.
Files: master/master.h, master/master_{ent,conf}.[ch],
util/inet_listen.c
Documentation: added an IPV6_README file to the patch.
This file contains the primary documentation. Also,
added a sample-ipv6.cf to describe the (currently few)
IPv6 related main.cf parameters.
Bugfix: the netmask structures for the *unsupported*
platforms (boldly assume /64) were added to the wrong
list (addresses instead of masks). This bug did not affect
any supported platform though.
File: util/inet_addr_local.c
Portability: added support for HP/Compaq Tru64Unix V5.1
and later. (compiled with CompaqCC only).
Thanks to Sten Spans for providing root access to an
IPv6-connected Tru64 testing machine.
Version 1.13 Postfix releases 2.0.4 - 2.0.9
Postfix snapshots 2.0.3-20030126 - 2.0.7-20030319
Bugfix: Due to a missing storage pointer, DNS lookup
results in the permit_mx_backups code were not processed,
and smtpd would likely crash.
Thanks to Wouter de Jong for reporting the crashes.
File: smtpd/smtpd_check.c
Incompatible change: The addresses given to the parameters
smtp_bind_address6 and lmtp_bind_address6 now need to be
enclosed in square brackets for consistency.
Files: [ls]mtp/[ls]mtp_connect.c
Version 1.12 Postfix releases 2.0.2, 2.0.3
Postfix snapshots 2.0.2-20030115, 2.0.3-20030126
Bugfix/workaround (Solaris): A simplified comparison
function for Solaris' qsort() function, would result
in corruption of network addresses in the SMTP client.
Fixed. Reported with possible fix by Edvard Tuinder.
File: smtp/smtp_addr.c
Version 1.11 Postfix releases 2.0.0.x, 2.0.1, 2.0.2
Postfix snapshots 2.0.0-20030105, 2.0.1-20030112
2.0.2-20030115
Bugfix (Solaris): Properly initialize lifconf structure
when requesting host interface addresses. If you get
warnings about SIOCGLIFCONF with earlier versions,
please upgrade.
File: util/inet_addr_local.c
Patch fix: fixed compilation errors in case the patch is
applied but built without IPv6 support (i.e., on unsupported
platforms).
Version 1.10 Postfix snapshots 1.1.12-200212{19,21}
Postfix releases 2.0.0, 2.0.0.{1,2}
Postfix snapshots 2.0.0-20021223 - 2.0.0-20030101
'Bugfix': don't show spurious warnings on Linux systems
about missing /proc/net/if_inet6 unless verbose mode
is enabled.
File: util/inet_addr_local.c
Bugfix: If unable to create a socket for a specific adress
in the SMTP client (e.g., when trying to create an IPv6
connection while the local host has no configured IPv6
addresses), then stop the attempt.
File: smtp/smtp_connect.c
Small bugfix: never query DNS for <localpart@[domain.tld]>.
This syntax now correctly generates an error immediately.
File: global/resolve_local.c
Updated TLS patch to 0.8.12-1.1.12-20021219-0.9.6h, fixing
a bug with "sendmail -bs".
Version 1.9 Postfix version 1.1.11-20021115
Postfix version 1.1.12-2002{1124,1209-1213}
Bugfix: with getifaddrs() code (*BSD, linux-USAGI), IPv4
netmasks were set to /32 effectively. Work around broken
netmask data structures (*BSD only perhaps).
Bugfix: same data corruption in another place created
entirely wrong IPv4 netmasks. Work around broken
SIOCGIFNETMASK structure.
New code was added for correct IPv6 netmasks. The original
code did not contain IPv6 netmask support at all!
For Solaris, use SIOCGLIF*; Linux: /proc/net/if_inet6.
Getifaddrs() support is used otherwise. This should cover
all supported systems. Other systems also work, prefix
length is always set to /64 then.
Since there are no classes (context: Class A, class B etc
networks) with IPv6, default to IPv6 subnet style if the
mynetworks style is 'class'. I recommend against this style
anyway.
Added support to display IPv6 nets mynetworks output.
Version 1.8 Postfix version 1.1.11-200211{01,15}
An earlier author of the patch made a typo in the GAI_STRERROR()
macro, resulting in bogus error messages when checking for
PTR records. Fixed.
IPv4-mapped addresses in the smtpd are converted to true IPv4
addresses just after the connection has been made. This means
that all IPv4-mapped addresses are now logged as true IPv4
addresses. Hence beside RBL checks, also access maps now treat
IPv4-mapped addresses as native IPv4. Note that ::ffff:...
entries in your access tables will no longer work.
You can now specify IPv6 'parent' networks in your access maps,
e.g. to reject all mail from 3ffe:200:... nodes, add the line
3ffe:200 REJECT
Use of trailing colons is discouraged because postmap will
warn about it possibly being an alias...
NOTE: I'll soon obsolete this again in favor of the more
common address/len notation. This was just so trivial to add
that it didn't hurt and I needed it :)
For easy reference, the version of the TLS/IPv6 patch can be
dynamically queried using the tls_ipv6_version variable.
This gives the short version (like, "1.8").
The service bind address for 'inet' sockets in master.cf (e.g.,
smtpd), must be enclosed in square brackets '[..]' for IPv6
addresses. The old style (without brackets) still works but is
unsupported and may be removed in the future. Example
[::1]:smtp inet n - n - - smtpd
Version 1.7 Postfix version 1.1.11-20021029 - 1.1.11-20021101
Postfix' SMTP client performs randomization of MX addresses
when sending mail. This however could result in A records
being used before AAAA records. This has been corrected.
Note that from Postfix version 1.1.11-20021029 on, there is
a proxy_interfaces parameter. This has of course not been
ported to IPv6 addresses...
Version 1.6 Postfix version 1.1.11-20020928
Added IPv6 support for backup_mx_networks feature; also the
behaviour when DNS lookups fail when checking whether the
local host is an MX for a domain conforms to the IPv4 case:
defer rather than allow.
Version 1.5 Postfix version 1.1.11-20020917
I introduced two bugs when I rewrote my older LMTP IPv6 patch.
These bugs effectively rendered LMTP useless. Now fixed.
Bugs spotted by Kaj Niemi.
Now supports Solaris 8 and 9. Due to lack of testing equipment,
this has been only tested in production on Solaris 9, both
with gcc and the Sun Workshop Compiler.
Version 1.4 Postfix version 1.1.11-20020822 - 1.1.11-20020917
OpenBSD (>=200003) and FreeBSD release 4 and up now use
getifaddrs(). This makes for cleaner code. The old code
seems to be bug-ridden anyway.
Got rid of some compiler warnings. Should be cleaner on
Alpha as well now. Thanks to Sten Spans for providing me
access to an Alpha running FreeBSD4.
Fixed an old bug in smtpd memory alloation if you compiled
without IPv6 support (the wrong buffer size was used. This
was harmless for IPv6-enabled compiles since the sizes were
equal then).
Added ChangeLog to the patch (as IPv6-ChangeLog) (this
was absent in 1.3 contrary to docs).
Version 1.3 Postfix version 1.1.11-20020613 - 1.1.11-20020718
FYI: In postfix version 1.1.11-20020718, DNS lookups for
AAAA can be done natively. The code matches the code in
the patch (though the #ifdef changed from INET6 to T_AAAA).
This change causes the patch for 1.1.11-20020718 to be a
bit smaller.
Version 1.2 Postfix version 1.1.11-20020613
Added IPv6 support for the LMTP client.
Added lmtp_bind_address and lmtp_bind_address6 parameters,
similar to those for smtp.
Added IPv6 support for the QMQP server.
Version 1.1 Postfix version 1.1.11-20020602 - 1.1.11-20020613
Added parameter smtp_bind_address6. By using this parameter,
it is possible to bind to an IPv6 address, independently of
IPv4 address binding.
Lutz fixed a bug in his TLS patch regarding SASL. Incorporated.
Version 1.0.x Postfix version 1.1.8-20020505 - 1.1.11-20020602
Patch derived from PLD's IPv6 patch for Postfix, revision 1.10
which applied to early Postfix snapshots 1.1.x. Updated this
patch to apply to 1.1.8-20020505.
Added compile-time checks for SS_LEN. Some Linux installations,
and maybe other systems, do define SA_LEN, but not SS_LEN.
Several updates of postfix snapshots.

8
postfix/Makefile.in
View File

@ -13,14 +13,14 @@ MANDIRS = proto man html
default: update
makefiles Makefiles:
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; $(SHELL) makedefs) >makedefs.tmp
set +e; if cmp makedefs.tmp conf/makedefs.out; then rm makedefs.tmp; \
else mv makedefs.tmp conf/makedefs.out; fi >/dev/null 2>/dev/null
set -e; for i in $(DIRS); do \
(set -e; echo "[$$i]"; cd $$i; rm -f Makefile; \
$(MAKE) -f Makefile.in Makefile MAKELEVEL=) || exit 1; \
done;
rm -f Makefile; (set -e; $(SHELL) makedefs && cat Makefile.in) >Makefile
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; $(SHELL) makedefs) >makedefs.tmp
set +e; if cmp makedefs.tmp conf/makedefs.out; then rm makedefs.tmp; \
else mv makedefs.tmp conf/makedefs.out; fi >/dev/null 2>/dev/null
rm -f Makefile; (tail +2 conf/makedefs.out; cat Makefile.in) >Makefile
update printfck tests:
set -e; for i in $(DIRS); do \

1
postfix/README_FILES/AAAREADME
View File

@ -8,6 +8,7 @@ GGeenneerraall ccoonnffiigguurraattiioonn
* ADDRESS_REWRITING_README: Address rewriting
* VIRTUAL_README: Virtual domain hosting
* SASL_README: SASL Authentication
* IPV6_README: IP Version 6 Support
* INSTALL: Installation from source code
PPrroobblleemm ssoollvviinngg

10
postfix/README_FILES/FILTER_README
View File

@ -473,7 +473,7 @@ server IP addresses in master.cf:
# (yes) (yes) (yes) (never) (100)
# =================================================================
1.2.3.5:smtp inet n - n - - smtpd
-o content_filter=foo:bar
-o content_filter=filter-service:filter-destination
-o receive_override_options=no_address_mappings
After this, you can follow the same procedure as outlined in the "advanced" or
@ -492,14 +492,14 @@ content filter service.
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100)
# =================================================================
# SMTP service for domains that are content filtered with foo:bar
# SMTP service for domains that are filtered with service1:dest1
1.2.3.4:smtp inet n - n - - smtpd
-o content_filter=foo:bar
-o content_filter=service1:dest1
-o receive_override_options=no_address_mappings
# SMTP service for domains that are content filtered with xxx:yyy
# SMTP service for domains that are filtered with service2:dest2
1.2.3.5:smtp inet n - n - - smtpd
-o content_filter=xxx:yyy
-o content_filter=service2:dest2
-o receive_override_options=no_address_mappings
After this, you can follow the same procedure as outlined in the "advanced" or

250
postfix/README_FILES/IPV6_README Normal file
View File

@ -0,0 +1,250 @@
PPoossttffiixx IIPPvv66 SSuuppppoorrtt
-------------------------------------------------------------------------------
IInnttrroodduuccttiioonn
Postfix 2.2 introduces support for the IPv6 (IP version 6) protocol, whose main
feature of interest is that it uses 128-bit IP addresses instead of the 32-bit
addresses used by IPv4.
With this, Postfix can use the same SMTP protocol over IPv6 as it already uses
over the older IPv4 network, and Postfix can do AAAA record lookups in the DNS
in addition to the older A records. Information about IPv6 can be found at
http://www.ipv6.org/.
This document provides information on the following topics:
* Supported platforms
* Configuration
* Known limitations
* Compatibility with Postfix <2.2 IPv6 support
* IPv6 Support for unsupported platforms
* Credits
SSuuppppoorrtteedd PPllaattffoorrmmss
Postfix version 2.2 supports IPv4 and IPv6 on the following platforms:
* AIX 5.1+
* Darwin 7.3+
* FreeBSD 4+
* Linux 2.4+
* NetBSD 1.5+
* OpenBSD 2+
* Solaris 8+
* Tru64Unix V5.1+
On other platforms Postfix will simply use IPv4 as it has always done.
See below for tips how to port Postfix IPv6 support to other environments.
CCoonnffiigguurraattiioonn
Postfix IPv6 support introduces two new main.cf configuration parameters, and
introduces an important change in address syntax notation in match lists such
as mynetworks or debug_peer_list.
Postfix IPv6 address syntax is a little tricky, because there are a few places
where you must enclose IPv6 address inside [] characters, and a few places
where you must not. It is a good idea to use [] only in the few places where
you have to. Check out the postconf(5) manual whenever you do IPv6 related
configuration work with Postfix.
* The new inet_protocols parameter specifies what IP protocols Postfix will
use. This parameter also controls what DNS lookups Postfix will do.
/etc/postfix/main.cf:
# You must stop/start Postfix after changing this parameter.
inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
inet_protocols = all (enable both IPv4 and IPv6)
inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
inet_protocols = ipv6 (enable IPv6 only)
By default, Postfix uses IPv4 only, because most systems aren't attached to
an IPv6 network.
o On systems with combined IPv4/IPv6 stacks, attempts to deliver mail via
IPv6 would always fail with "network unreachable", and those attempts
would only slow down Postfix.
o Linux kernels don't even load IPv6 protocol support by default. Any
attempt to use it would fail immediately.
Note 1: you must stop and start Postfix after changing the inet_protocols
configuration parameter.
Note 2: if you see error messages like the following, then you're running
Linux and need to turn on IPv6 in the kernel: see http://www.ipv6.org/ for
hints and tips. Unlike other systems, Linux does not have a combined stack
for IPv4 and IPv6, and IPv6 protocol support is not loaded by default.
postconf: warning: inet_protocols: IPv6 support is disabled: Address
family not supported by protocol
postconf: warning: inet_protocols: configuring for IPv4 support only
Note 3: on older Linux and Solaris systems, the setting "inet_protocols =
ipv6" will not prevent Postfix from accepting IPv4 connections. Postfix
will present the client IP addresses in IPv6 format, though. In all other
cases, Postfix always presents IPv4 client IP addresses in the traditional
dotted quad IPv4 format.
* The other new parameter is smtp_bind_address6. This sets the local
interface address for outgoing IPv6 SMTP connections, just like the
smtp_bind_address parameter does for IPv4:
/etc/postfix/main.cf:
smtp_bind_address6 = 2001:240:5c7:0:250:56ff:fe89:1
* If you left the value of the mynetworks parameter at its default (i.e. no
mynetworks setting in main.cf) Postfix will figure out by itself what its
network addresses are. This is what a typical setting looks like:
% postconf mynetworks
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:
240:5c7::]/64
If you did specify the mynetworks parameter value in main.cf, you need
update the mynetworks value to include the IPv6 networks the system is in.
Be sure to specify IPv6 address information inside [], like this:
/etc/postfix/main.cf:
mynetworks = ...IPv4 networks... [::1]/128 [2001:240:5c7::]/64 ...
NNOOTTEE:: wwhheenn ccoonnffiigguurriinngg PPoossttffiixx mmaattcchh lliissttss ssuucchh aass mmyynneettwwoorrkkss oorr
ddeebbuugg__ppeeeerr__lliisstt,, yyoouu mmuusstt ssppeecciiffyy IIPPvv66 aaddddrreessss iinnffoorrmmaattiioonn iinnssiiddee [[]] iinn tthhee
mmaaiinn..ccff ppaarraammeetteerr vvaalluuee aanndd iinn ffiilleess ssppeecciiffiieedd wwiitthh aa ""//ffiillee//nnaammee"" ppaatttteerrnn..
IIPPvv66 aaddddrreesssseess ccoonnttaaiinn tthhee ""::"" cchhaarraacctteerr,, aanndd wwoouulldd ootthheerrwwiissee bbee ccoonnffuusseedd wwiitthh
aa ""ttyyppee::ttaabbllee"" ppaatttteerrnn..
KKnnoowwnn LLiimmiittaattiioonnss
* The order of IPv6/IPv4 outgoing connection attempts is not yet
configurable. Currently, IPv6 is tried before IPv4.
* Postfix currently does not support DNSBL (real-time blackhole list) lookups
for IPv6 client IP addresses; currently there are no blacklists that cover
the IPv6 address space.
* IPv6 does not have class A, B, C, etc. networks. With IPv6 networks, the
setting "mynetworks_style = class" has the same effect as the setting
"mynetworks_style = subnet".
* On Tru64Unix, Postfix can't figure out the local subnet mask and always
assumes a /128 network. This is a problem only with "mynetworks_style =
subnet" and no explicit mynetworks setting in main.cf.
CCoommppaattiibbiilliittyy wwiitthh PPoossttffiixx <<22..22 IIPPvv66 ssuuppppoorrtt
Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch by Dean
Strik and others, but differs in a few minor ways.
* main.cf: The inet_interfaces parameter does not support the notation "ipv6:
all" or "ipv4:all". Use the inet_protocols parameter instead.
* main.cf: Specify "inet_protocols = all" or "inet_protocols = ipv4, ipv6" in
order to enable both IPv4 and IPv6 support.
* main.cf: The inet_protocols parameter also controls what DNS lookups
Postfix will attempt to make when delivering or receiving mail.
* main.cf: Specify "inet_interfaces = loopback-only" to listen on loopback
network interfaces only.
* The lmtp_bind_address and lmtp_bind_address6 features were omitted. The
Postfix LMTP client will be absorbed into the SMTP client, so there is no
reason to keep adding features to the LMTP client.
* The SMTP server now requires that IPv6 addresses in SMTP commands are
specified as [ipv6:ipv6address], as described in RFC 2821.
* The IPv6 network address matching code was rewritten from the ground up,
and is expected to be closer to the specification. The result may be
incompatible with the Postfix/IPv6 patch.
IIPPvv66 SSuuppppoorrtt ffoorr uunnssuuppppoorrtteedd ppllaattffoorrmmss
Getting Postfix IPv6 working on other platforms involves the following steps:
* Specify how Postfix should find the local network interfaces. Postfix needs
this information to avoid mailer loops and to find out if mail for user@
[ipaddress] is a local or remote destination.
If your system has the getifaddrs() routine then add the following to your
platform-specific section in src/util/sys_defs.h:
#ifndef NO_IPV6
# define HAS_IPV6
# define HAVE_GETIFADDRS
#endif
Otherwise, if your system has the SIOCGLIF ioctl() command in /usr/include/
*/*.h, add the following to your platform-specific section in src/util/
sys_defs.h:
#ifndef NO_IPV6
# define HAS_IPV6
# define HAS_SIOCGLIF
#endif
Otherwise, Postfix will have to use the old SIOCGIF commands and get along
with reduced IPv6 functionality (it won't be able to figure out your IPv6
netmasks, which are needed for "mynetworks_style = subnet". Add this to
your platform-specific section in src/util/sys_defs.h:
#ifndef NO_IPV6
# define HAS_IPV6
#endif
* Test if Postfix can figure out its interface information.
After compiling Postfix in the usual manner, step into the src/util
directory and type "make inet_addr_local". Running this file by hand should
produce all the interface addresses and network masks, for example:
% make
% cd src/util
% make inet_addr_local
[... some messages ...]
% ./inet_addr_local
[... some messages ...]
./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
168.100.189.2/255.255.255.224
127.0.0.1/255.0.0.0
fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
2001:240:5c7:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
fe80:5::1/ffff:ffff:ffff:ffff::
::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
The above is for an old FreeBSD machine. Other systems produce slightly
different results, but you get the idea.
If none of all this produces a usable result, send email to the postfix-
users@postfix.org mailing list and we'll try to help you through this.
CCrreeddiittss
The following information is in part based on information that was compiled by
Dean Strik.
* Mark Huizer wrote the original Postfix IPv6 patch.
* Jun-ichiro 'itojun' Hagino of the KAME project made substantial
improvements. Since then, we speak of the KAME patch.
* The PLD Linux Distribution ported the code to other stacks (notably USAGI).
We speak of the PLD patch. A very important feature of the PLD patch was
that it can work with Lutz Jaenicke's TLS patch for Postfix.
* Dean Strik extended IPv6 support to platforms other than KAME and USAGI,
updated the patch to keep up with Postfix development, and provided a
combined IPv6 + TLS patch. Information about his effort can be found on
Dean Strik's Postfix website at http://www.ipnet6.org/postfix/.
* Wietse Venema took Dean Strik's IPv6 patch, merged it into Postfix 2.2, and
took the opportunity to eliminate all IPv4-specific code from Postfix that
could be removed. For systems without IPv6 support in the kernel and system
libraries, Postfix has a simple compatibility layer, so that it will use
IPv4 as before.

3
postfix/README_FILES/SMTPD_POLICY_README
View File

@ -69,6 +69,9 @@ Notes:
* When an attribute value is unavailable, the client either does not send the
attribute, or sends the attribute with an empty value ("name=").
* The client address is an IPv4 dotted quad in the form 1.2.3.4 or it is an
IPv6 address in the form 1:2:3::4:5:6.
* An attribute name must not contain "=", null or newline, and an attribute
value must not contain null or newline.

48
postfix/RELEASE_NOTES
View File

@ -7,6 +7,54 @@ snapshot release). Patches are issued for the official release
and change the patchlevel and the release date. Patches are never
issued for snapshot releases.
Incompatible changes with snapshot Postfix-2.2-20050117
=======================================================
Only the deferred and defer queue directories are hashed by default,
instead of eight queue directories. With modern file systems, this
speeds up Postfix boot time without compromising performance under
high load too much. Hashing is now turned on only for the defer and
deferred queue directories, because those contain lots of mail when
undeliverable mail is backing up.
In order to speed up start-up, some Postfix file permission checks
are run in the background after Postfix is started.
The SMTP server now requires that IPv6 addresses in SMTP commands
are specified as [ipv6:ipv6address], as described in RFC 2821.
Incompatible changes with snapshot Postfix-2.2-20050111+IPV6
============================================================
Postfix version 2.2 IP version 6 support is based on the Postfix/IPv6
patch by Dean Strik, but differs in a few minor ways.
- Network protocol support including DNS lookup is selected with
the inet_protocols parameter instead of the inet_interfaces parameter.
This is needed so that Postfix will not attempt to deliver mail
via IPv6 when the system has no IPv6 connectivity.
- The lmtp_bind_address6 feature was omitted. The Postfix LMTP
client will be absorbed into the SMTP client, so there is no reason
to keep adding features to the LMTP client.
- The cidr-based address matching code was rewritten. The new
behavior is believed to be closer to expectation. The results may
be incompatible with that of the Postfix/IPv6 patch.
Major changes with snapshot Postfix-2.2-20050111+IPV6
=====================================================
Postfix version 2.2 IP version 6 support based on the Postfix/IPv6
patch by Dean Strik and others. IP version 6 support is selected
in main.cf; it is not selected at compile time as with TLS or SASL.
IP version 6 support is always compiled into Postfix on systems
that have Postfix compatible IP version 6 support. On other systems
Postfix will simply use IP version 4 just like it did before. See
the IPV6_README document for what systems are supported, and how
to turn on IPv6 in main.cf.
Major changes with snapshot Postfix-2.2-20041218
================================================

174
postfix/conf/access
View File

@ -14,7 +14,7 @@
# The optional access table directs the Postfix SMTP server
# to selectively reject or accept mail. Access can be
# allowed or denied for specific host names, domain names,
# networks, host network addresses or mail addresses.
# networks, host addresses or mail addresses.
#
# For an example, see the EXAMPLE section at the end of this
# manual page.
@ -110,39 +110,79 @@
#
# net.work
#
# net Matches any host address in the specified network.
# A network address is a sequence of one or more
# octets separated by ".".
# net Matches the specified IPv4 host address or subnet-
# work. An IPv4 host address is a sequence of four
# decimal octets separated by ".".
#
# NOTE: use the cidr lookup table type to specify
# Subnetworks are matched by repeatedly truncating
# the last ".octet" from the remote IPv4 host address
# string until a match is found in the access table,
# or until further truncation is not possible.
#
# NOTE 1: The information in the access map should be
# in canonical form, with unnecessary null characters
# eliminated. Address information must not be
# enclosed with "[]" characters.
#
# NOTE 2: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# net:work:addr:ess
#
# net:work:addr
#
# net:work
#
# net Matches the specified IPv6 host address or subnet-
# work. An IPv6 host address is a sequence of three
# to eight hexadecimal octet pairs separated by ":".
#
# Subnetworks are matched by repeatedly truncating
# the last ":octetpair" from the remote IPv6 host
# address string until a match is found in the access
# table, or until further truncation is not possible.
#
# NOTE 1: the truncation and comparison are done with
# the string representation of the IPv6 host address.
# Thus, not all the ":" subnetworks will be tried.
#
# NOTE 2: The information in the access map should be
# in canonical form, with unnecessary null characters
# eliminated. Address information must not be
# enclosed with "[]" characters.
#
# NOTE 3: use the cidr lookup table type to specify
# network/netmask patterns. See cidr_table(5) for
# details.
#
# IPv6 support is available in Postfix 2.2 and later.
#
# ACCEPT ACTIONS
# OK Accept the address etc. that matches the pattern.
#
# all-numerical
# An all-numerical result is treated as OK. This for-
# mat is generated by address-based relay authoriza-
# mat is generated by address-based relay authoriza-
# tion schemes.
#
# REJECT ACTIONS
# 4NN text
#
# 5NN text
# Reject the address etc. that matches the pattern,
# Reject the address etc. that matches the pattern,
# and respond with the numerical three-digit code and
# text. 4NN means "try again later", while 5NN means
# text. 4NN means "try again later", while 5NN means
# "do not try again".
#
# REJECT optional text...
# Reject the address etc. that matches the pattern.
# Reply with $reject_code optional text... when the
# optional text is specified, otherwise reply with a
# Reject the address etc. that matches the pattern.
# Reply with $reject_code optional text... when the
# optional text is specified, otherwise reply with a
# generic error response message.
#
# DEFER_IF_REJECT optional text...
# Defer the request if some later restriction would
# Defer the request if some later restriction would
# result in a REJECT action. Reply with "450 optional
# text... when the optional text is specified, other-
# wise reply with a generic error response message.
@ -150,10 +190,10 @@
# This feature is available in Postfix 2.1 and later.
#
# DEFER_IF_PERMIT optional text...
# Defer the request if some later restriction would
# result in a an explicit or implicit PERMIT action.
# Reply with "450 optional text... when the optional
# text is specified, otherwise reply with a generic
# Defer the request if some later restriction would
# result in a an explicit or implicit PERMIT action.
# Reply with "450 optional text... when the optional
# text is specified, otherwise reply with a generic
# error response message.
#
# This feature is available in Postfix 2.1 and later.
@ -164,131 +204,131 @@
# reject_unauth_destination, and so on).
#
# DISCARD optional text...
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# Claim successful delivery and silently discard the
# message. Log the optional text if specified, oth-
# erwise log a generic message.
#
# Note: this action currently affects all recipients
# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# DUNNO Pretend that the lookup key was not found. This
# prevents Postfix from trying substrings of the
# lookup key (such as a subdomain name, or a network
# DUNNO Pretend that the lookup key was not found. This
# prevents Postfix from trying substrings of the
# lookup key (such as a subdomain name, or a network
# address subnetwork).
#
# This feature is available in Postfix 2.0 and later.
#
# FILTER transport:destination
# After the message is queued, send the entire mes-
# After the message is queued, send the entire mes-
# sage through the specified external content filter.
# The transport:destination syntax is described in
# the transport(5) manual page. More information
# about external content filters is in the Postfix
# The transport:destination syntax is described in
# the transport(5) manual page. More information
# about external content filters is in the Postfix
# FILTER_README file.
#
# Note: this action overrides the main.cf con-
# Note: this action overrides the main.cf con-
# tent_filter setting, and currently affects all
# recipients of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# HOLD optional text...
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# Place the message on the hold queue, where it will
# sit until someone either deletes it or releases it
# for delivery. Log the optional text if specified,
# otherwise log a generic message.
#
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# Mail that is placed on hold can be examined with
# the postcat(1) command, and can be destroyed or
# released with the postsuper(1) command.
#
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# Note: use "postsuper -r" to release mail that was
# kept on hold for a significant fraction of $maxi-
# mal_queue_lifetime or $bounce_queue_lifetime, or
# longer.
#
# Note: this action currently affects all recipients
# Note: this action currently affects all recipients
# of the message.
#
# This feature is available in Postfix 2.0 and later.
#
# PREPEND headername: headervalue
# Prepend the specified message header to the mes-
# Prepend the specified message header to the mes-
# sage. When this action is used multiple times, the
# first prepended header appears before the second
# first prepended header appears before the second
# etc. prepended header.
#
# Note: this action does not support multi-line mes-
# Note: this action does not support multi-line mes-
# sage headers.
#
# This feature is available in Postfix 2.1 and later.
#
# REDIRECT user@domain
# After the message is queued, send the message to
# After the message is queued, send the message to
# the specified address instead of the intended
# recipient(s).
#
# Note: this action overrides the FILTER action, and
# Note: this action overrides the FILTER action, and
# currently affects all recipients of the message.
#
# This feature is available in Postfix 2.1 and later.
#
# WARN optional text...
# Log a warning with the optional text, together with
# client information and if available, with helo,
# client information and if available, with helo,
# sender, recipient and protocol information.
#
# This feature is available in Postfix 2.1 and later.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire string being looked up. Depending on the appli-
# cation, that string is an entire client hostname, an
# cation, that string is an entire client hostname, an
# entire client IP address, or an entire mail address. Thus,
# no parent domain or parent network search is done,
# user@domain mail addresses are not broken up into their
# user@domain mail addresses are not broken up into their
# user@ and domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
# string.
#
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Actions are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see
# tcp_table(5). This feature is not available in Postfix
# tion of the TCP client/server lookup protocol, see
# tcp_table(5). This feature is not available in Postfix
# version 2.1.
#
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# Each lookup operation uses the entire query string once.
# Depending on the application, that string is an entire
# client hostname, an entire client IP address, or an entire
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# mail address. Thus, no parent domain or parent network
# search is done, user@domain mail addresses are not broken
# up into their user@ and domain constituent parts, nor is
# user+foo broken up into user and foo.
#
# Actions are the same as with indexed file lookups.
#
# EXAMPLE
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# The following example uses an indexed file, so that the
# order of table entries does not matter. The example per-
# mits access by the client at address 1.2.3.4 but rejects
# all other clients in 1.2.3.0/24. Instead of hash lookup
# tables, some systems use dbm. Use the command "postconf
# -m" to find out what lookup tables Postfix supports on
# your system.
#
# /etc/postfix/main.cf:
@ -303,7 +343,7 @@
# editing the file.
#
# BUGS
# The table format does not understand quoting conventions.
# The table format does not understand quoting conventions.
#
# SEE ALSO
# postmap(1), Postfix lookup table manager
@ -312,13 +352,13 @@
# transport(5), transport:nexthop syntax
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# SMTPD_ACCESS_README, built-in SMTP server access control
# DATABASE_README, Postfix lookup table overview
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

15
postfix/conf/post-install
View File

@ -564,22 +564,13 @@ EOF
}
done
# With 20000 active queue files, the active queue directory should
# be hashed, and so should the other directories, because they
# can contain even more mail.
#
# Unfortunately, this sucks mailq performance on unloaded systems.
#
# If you don't want slow mailq, be sure to hash defer and deferred,
# because those two directories can contain lots of files.
# File systems have improved since Postfix came out, and all we
# require now is that defer and deferred are hashed because those
# can contain lots of files.
found=`$POSTCONF -c $config_directory -h hash_queue_names`
missing=
(echo "$found" | grep active >/dev/null) || missing="$missing active"
(echo "$found" | grep bounce >/dev/null) || missing="$missing bounce"
(echo "$found" | grep defer >/dev/null) || missing="$missing defer"
(echo "$found" | grep flush >/dev/null) || missing="$missing flush"
(echo "$found" | grep incoming>/dev/null)|| missing="$missing incoming"
(echo "$found" | grep deferred>/dev/null)|| missing="$missing deferred"
test -n "$missing" && {
echo fixing main.cf hash_queue_names for missing $missing

3
postfix/conf/postfix-files
View File

@ -186,6 +186,7 @@ $sample_directory/sample-compatibility.cf:f:root:-:644:o
$sample_directory/sample-debug.cf:f:root:-:644:o
$sample_directory/sample-filter.cf:f:root:-:644:o:o
$sample_directory/sample-flush.cf:f:root:-:644:o
$sample_directory/sample-ipv6.cf:f:root:-:644:o
$sample_directory/sample-ldap.cf:f:root:-:644:o
$sample_directory/sample-lmtp.cf:f:root:-:644:o
$sample_directory/sample-local.cf:f:root:-:644:o
@ -224,6 +225,7 @@ $readme_directory/ETRN_README:f:root:-:644
$readme_directory/FILTER_README:f:root:-:644
$readme_directory/HOSTING_README:f:root:-:644:o
$readme_directory/INSTALL:f:root:-:644
$readme_directory/IPV6_README:f:root:-:644
$readme_directory/LDAP_README:f:root:-:644
$readme_directory/LINUX_README:f:root:-:644
$readme_directory/LMTP_README:f:root:-:644
@ -267,6 +269,7 @@ $html_directory/DEBUG_README.html:f:root:-:644
$html_directory/ETRN_README.html:f:root:-:644
$html_directory/FILTER_README.html:f:root:-:644
$html_directory/INSTALL.html:f:root:-:644
$html_directory/IPV6_README.html:f:root:-:644
$html_directory/LDAP_README.html:f:root:-:644
$html_directory/LINUX_README.html:f:root:-:644
$html_directory/LMTP_README.html:f:root:-:644

71
postfix/conf/postfix-script
View File

@ -90,10 +90,18 @@ start)
$FATAL the Postfix mail system is already running
exit 1
}
$config_directory/postfix-script check || {
$FATAL Postfix integrity check failed!
exit 1
}
if [ -f $queue_directory/quick-start ]
then
rm -f $queue_directory/quick-start
else
$config_directory/postfix-script check-fatal || {
$FATAL Postfix integrity check failed!
exit 1
}
# Warning checks proceed in the background.
$INFO starting background file permission checks in 60 seconds
(sleep 60; $config_directory/postfix-script check-warn) &
fi
$INFO starting the Postfix mail system
$daemon_directory/master &
;;
@ -108,6 +116,12 @@ drain)
kill -9 `sed 1q pid/master.pid`
;;
quick-stop)
$config_directory/postfix-script stop
touch $queue_directory/quick-start
;;
stop)
$daemon_directory/master -t 2>/dev/null && {
@ -151,6 +165,37 @@ flush)
check)
$config_directory/postfix-script check-fatal || exit 1
$config_directory/postfix-script check-warn
exit 0
;;
check-fatal)
# This command is NOT part of the public interface.
$SHELL $config_directory/post-install create-missing || {
$WARN unable to create missing queue directories
exit 1
}
# Look for incomplete installations.
test -f $config_directory/master.cf || {
$FATAL no $config_directory/master.cf file found
exit 1
}
# See if all queue files are in the right place. This is slow.
# We must scan all queues for mis-named queue files before the
# mail system can run.
$command_directory/postsuper || exit 1
exit 0
;;
check-warn)
# This command is NOT part of the public interface.
for dir in $daemon_directory $config_directory $queue_directory
do
ls -lLd $dir | (grep " root " >/dev/null ||
@ -164,11 +209,6 @@ check)
\( -perm -020 -o -perm -002 \) -type f \
-exec $WARN group or other writable: {} \;
$SHELL $config_directory/post-install create-missing || {
$WARN unable to create missing queue directories
exit 1
}
find `ls -d $queue_directory/* | \
egrep '/(incoming|active|defer|deferred|bounce|hold|trace|corrupt|public|private|flush)$'` \
! \( -type p -o -type s \) ! -user $mail_owner \
@ -207,19 +247,6 @@ check)
done
done
# Look for incomplete installations.
test -f $config_directory/master.cf || {
$FATAL no $config_directory/master.cf file found
exit 1
}
# See if all queue files are in the right place. This is slow.
# We must scan all queues for mis-named queue files before the
# mail system can run.
$command_directory/postsuper || exit 1
find corrupt -type f -exec $WARN damaged message: {} \;
# XXX also: look for weird stuff, weird permissions, etc.

10
postfix/html/FILTER_README.html
View File

@ -802,7 +802,7 @@ content filtering turned on. </p>
# (yes) (yes) (yes) (never) (100)
# =================================================================
1.2.3.5:smtp inet n - n - - smtpd
-o <a href="postconf.5.html#content_filter">content_filter</a>=foo:bar
-o <a href="postconf.5.html#content_filter">content_filter</a>=filter-service:filter-destination
-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
</pre>
@ -828,14 +828,14 @@ address provides a different content filter service. </p>
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100)
# =================================================================
# SMTP service for domains that are content filtered with foo:bar
# SMTP service for domains that are filtered with service1:dest1
1.2.3.4:smtp inet n - n - - smtpd
-o <a href="postconf.5.html#content_filter">content_filter</a>=foo:bar
-o <a href="postconf.5.html#content_filter">content_filter</a>=service1:dest1
-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
# SMTP service for domains that are content filtered with xxx:yyy
# SMTP service for domains that are filtered with service2:dest2
1.2.3.5:smtp inet n - n - - smtpd
-o <a href="postconf.5.html#content_filter">content_filter</a>=xxx:yyy
-o <a href="postconf.5.html#content_filter">content_filter</a>=service2:dest2
-o <a href="postconf.5.html#receive_override_options">receive_override_options</a>=<a href="postconf.5.html#no_address_mappings">no_address_mappings</a>
</pre>
</blockquote>

370
postfix/html/IPV6_README.html Normal file
View File

@ -0,0 +1,370 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix IPv6 Support</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
IPv6 Support</h1>
<hr>
<h2>Introduction</h2>
<p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
protocol, whose main feature of interest is that it uses 128-bit
IP addresses instead of the 32-bit addresses used by IPv4. </p>
<p> With this, Postfix can use the same SMTP protocol over IPv6 as
it already uses over the older IPv4 network, and Postfix can do
AAAA record lookups in the DNS in addition to the older A records.
Information about IPv6 can be found at <a href="http://www.ipv6.org/">http://www.ipv6.org/</a>. </p>
<p> This document provides information on the following topics:
</p>
<ul>
<li><a href="#platforms">Supported platforms</a>
<li><a href="#configuration">Configuration</a>
<li><a href="#limitations">Known limitations</a>
<li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
<li><a href="#porting">IPv6 Support for unsupported platforms</a>
<li><a href="#credits">Credits</a>
</ul>
<h2><a name="platforms">Supported Platforms</a></h2>
<p> Postfix version 2.2 supports IPv4 and IPv6 on the following
platforms: </p>
<ul>
<li> AIX 5.1+
<li> Darwin 7.3+
<li> FreeBSD 4+
<li> Linux 2.4+
<li> NetBSD 1.5+
<li> OpenBSD 2+
<li> Solaris 8+
<li> Tru64Unix V5.1+
</ul>
<p> On other platforms Postfix will simply use IPv4 as it has always
done. </p>
<p> See <a href="#porting">below</a> for tips how to port Postfix
IPv6 support to other environments. </p>
<h2><a name="configuration">Configuration</a></h2>
<p> Postfix IPv6 support introduces two new main.cf configuration
parameters, and introduces an important change in address syntax
notation in match lists such as <tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt> or
<tt><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></tt>. </p>
<p> Postfix IPv6 address syntax is a little tricky, because there
are a few places where you must enclose IPv6 address inside
<tt>[]</tt> characters, and a few places where you must not. It is
a good idea to use <tt>[]</tt> only in the few places where you
have to. Check out the <a href="postconf.5.html">postconf(5)</a> manual whenever you do IPv6
related configuration work with Postfix. </p>
<ul>
<li> <p> The new <tt><a href="postconf.5.html#inet_protocols">inet_protocols</a></tt> parameter specifies what
IP protocols Postfix will use. This parameter also controls what
DNS lookups Postfix will do. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
# You must stop/start Postfix after changing this parameter.
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (DEFAULT: enable IPv4 only)
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all (enable both IPv4 and IPv6)
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6 (enable both IPv4 and IPv6)
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6 (enable IPv6 only)
</pre>
</blockquote>
<p> By default, Postfix uses IPv4 only, because most systems aren't
attached to an IPv6 network. </p>
<ul>
<li> <p> On systems with combined IPv4/IPv6 stacks, attempts to
deliver mail via IPv6 would always fail with "network unreachable",
and those attempts would only slow down Postfix. </p>
<li> <p> Linux kernels don't even load IPv6 protocol support by
default. Any attempt to use it would fail immediately. </p>
</ul>
<p> Note 1: you must stop and start Postfix after changing the
<tt><a href="postconf.5.html#inet_protocols">inet_protocols</a></tt> configuration parameter. </p>
<p> Note 2: if you see error messages like the following, then
you're running Linux and need to turn on IPv6 in the kernel: see
<a href="http://www.ipv6.org/">http://www.ipv6.org/</a> for hints and tips. Unlike other systems,
Linux does not have a combined stack for IPv4 and IPv6, and IPv6
protocol support is not loaded by default. </p>
<blockquote>
<pre>
postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: IPv6 support is disabled: Address family not supported by protocol
postconf: warning: <a href="postconf.5.html#inet_protocols">inet_protocols</a>: configuring for IPv4 support only
</pre>
</blockquote>
<p> Note 3: on older Linux and Solaris systems, the setting
"<tt><a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6</tt>" will not prevent Postfix from
accepting IPv4 connections. Postfix will present the client IP
addresses in IPv6 format, though. In all other cases, Postfix always
presents IPv4 client IP addresses in the traditional dotted quad
IPv4 format. </p>
<li> <p> The other new parameter is <tt><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a></tt>.
This sets the local interface address for outgoing IPv6 SMTP
connections, just like the <tt><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a></tt> parameter
does for IPv4: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
<a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> = 2001:240:5c7:0:250:56ff:fe89:1
</pre>
</blockquote>
<li> <p> If you left the value of the <tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt> parameter at its
default (i.e. no <tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt> setting in main.cf) Postfix will figure
out by itself what its network addresses are. This is what a typical
setting looks like: </p>
<blockquote>
<pre>
% postconf <a href="postconf.5.html#mynetworks">mynetworks</a>
<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:5c7::]/64
</pre>
</blockquote>
<p> If you did specify the <tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt> parameter value in
main.cf, you need update the <tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt> value to include
the IPv6 networks the system is in. Be sure to specify IPv6 address
information inside <tt>[]</tt>, like this: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
<a href="postconf.5.html#mynetworks">mynetworks</a> = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:5c7::]/64 ...
</pre>
</blockquote>
</ul>
<p> <b> NOTE: when configuring Postfix match lists such as
<tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt> or <tt><a href="postconf.5.html#debug_peer_list">debug_peer_list</a></tt>, you must specify
IPv6 address information inside <tt>[]</tt> in the main.cf parameter
value and in files specified with a "<i>/file/name</i>" pattern.
IPv6 addresses contain the ":" character, and would otherwise be
confused with a "<i>type:table</i>" pattern. </b> </p>
<h2><a name="limitations">Known Limitations</a></h2>
<ul>
<li> <p> The order of IPv6/IPv4 outgoing connection attempts is
not yet configurable. Currently, IPv6 is tried before IPv4. </p>
<li> <p> Postfix currently does not support DNSBL (real-time
blackhole list) lookups for IPv6 client IP addresses; currently
there are no blacklists that cover the IPv6 address space. </p>
<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
networks, the setting "<tt><a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = class</tt>" has the
same effect as the setting "<tt><a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet</tt>".
</p>
<li> <p> On Tru64Unix, Postfix can't figure out the local subnet mask
and always assumes a /128 network. This is a problem only with
"<tt><a href="postconf.5.html#mynetworks_style">mynetworks_style</a> = subnet</tt>" and no explicit <tt><a href="postconf.5.html#mynetworks">mynetworks</a></tt>
setting in main.cf. </p>
</ul>
<h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
</h2>
<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
by Dean Strik and others, but differs in a few minor ways. </p>
<ul>
<li> <p> main.cf: The <tt><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></tt> parameter does not support
the notation "<tt>ipv6:all</tt>" or "<tt>ipv4:all</tt>". Use the
<tt><a href="postconf.5.html#inet_protocols">inet_protocols</a></tt> parameter instead. </p>
<li> <p> main.cf: Specify "<tt><a href="postconf.5.html#inet_protocols">inet_protocols</a> = all</tt>" or
"<tt><a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6</tt>" in order to enable both IPv4
and IPv6 support. </p>
<li> <p> main.cf: The <tt><a href="postconf.5.html#inet_protocols">inet_protocols</a></tt> parameter also controls
what DNS lookups Postfix will attempt to make when delivering or
receiving mail. </p>
<li> <p> main.cf: Specify "<tt><a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only</tt>"
to listen on loopback network interfaces only. </p>
<li> <p> The <tt>lmtp_bind_address</tt> and <tt>lmtp_bind_address6</tt>
features were omitted. The Postfix LMTP client will be absorbed
into the SMTP client, so there is no reason to keep adding features
to the LMTP client. </p>
<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
commands are specified as <tt>[ipv6:<i>ipv6address</i>]</tt>, as
described in <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a>. </p>
<li> <p> The IPv6 network address matching code was rewritten from
the ground up, and is expected to be closer to the specification.
The result may be incompatible with the Postfix/IPv6 patch.
</p>
</ul>
<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>
<p> Getting Postfix IPv6 working on other platforms involves the
following steps: </p>
<ul>
<li> <p> Specify how Postfix should find the local network interfaces.
Postfix needs this information to avoid mailer loops and to find out
if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>
<p> If your system has the <tt>getifaddrs()</tt> routine then add
the following to your platform-specific section in
<tt>src/util/sys_defs.h</tt>: </p>
<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
# define HAVE_GETIFADDRS
#endif
</pre>
</blockquote>
<p> Otherwise, if your system has the SIOCGLIF <tt>ioctl()</tt>
command in <tt>/usr/include/*/*.h</tt>, add the following to your
platform-specific section in <tt>src/util/sys_defs.h</tt>: </p>
<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
# define HAS_SIOCGLIF
#endif
</pre>
</blockquote>
<p> Otherwise, Postfix will have to use the old SIOCGIF commands
and get along with reduced IPv6 functionality (it won't be able to
figure out your IPv6 netmasks, which are needed for "<tt><a href="postconf.5.html#mynetworks_style">mynetworks_style</a>
= subnet</tt>". Add this to your platform-specific section in
<tt>src/util/sys_defs.h</tt>: </p>
<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
#endif
</pre>
</blockquote>
<li> <p> Test if Postfix can figure out its interface information. </p>
<p> After compiling Postfix in the usual manner, step into the
<tt>src/util</tt> directory and type "<tt>make inet_addr_local</tt>".
Running this file by hand should produce all the interface addresses
and network masks, for example: </p>
<blockquote>
<pre>
% make
% cd src/util
% make inet_addr_local
[... some messages ...]
% ./inet_addr_local
[... some messages ...]
./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
168.100.189.2/255.255.255.224
127.0.0.1/255.0.0.0
fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
2001:240:5c7:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
fe80:5::1/ffff:ffff:ffff:ffff::
::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
</pre>
</blockquote>
<p> The above is for an old FreeBSD machine. Other systems produce
slightly different results, but you get the idea. </p>
</ul>
<p> If none of all this produces a usable result, send email to the
postfix-users@postfix.org mailing list and we'll try to help you
through this. </p>
<h2><a name="credits">Credits</a></h2>
<p> The following information is in part based on information that
was compiled by Dean Strik. </p>
<ul>
<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>
<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
substantial improvements. Since then, we speak of the KAME patch.
</p>
<li> <p> The PLD Linux Distribution ported the code to other stacks
(notably USAGI). We speak of the PLD patch. A very important
feature of the PLD patch was that it can work with Lutz Jaenicke's
TLS patch for Postfix. </p>
<li> <p> Dean Strik extended IPv6 support to platforms other than
KAME and USAGI, updated the patch to keep up with Postfix development,
and provided a combined IPv6 + TLS patch. Information about his
effort can be found on Dean Strik's Postfix website at
<a href="http://www.ipnet6.org/postfix/">http://www.ipnet6.org/postfix/</a>. </p>
<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
code from Postfix that could be removed. For systems without IPv6
support in the kernel and system libraries, Postfix has a simple
compatibility layer, so that it will use IPv4 as before. </p>
</ul>
</body>
</html>

4
postfix/html/SASL_README.html
View File

@ -34,7 +34,7 @@ the Postfix SMTP client to a remote SMTP server. </p>
<p> When receiving mail, Postfix logs the client-provided username,
authentication method, and sender address to the maillog file, and
optionally grants mail access via the permit_sasl_authenticated
optionally grants mail access via the <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a>
UCE restriction. </p>
<p> Postfix does not record the client's SASL authentication
@ -187,7 +187,7 @@ SMTP server</a></h2>
<pre>
/etc/postfix/main.cf:
<a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> =
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> permit_sasl_authenticated ...
<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a> <a href="postconf.5.html#permit_sasl_authenticated">permit_sasl_authenticated</a> ...
</pre>
</blockquote>

4
postfix/html/SMTPD_POLICY_README.html
View File

@ -108,6 +108,10 @@ size=12345
either does not send the attribute, or sends the attribute with
an empty value ("name="). </p>
<li> <p> The client address is an IPv4 dotted quad in the form
1.2.3.4 or it is an IPv6 address in the form 1:2:3::4:5:6.
</p>
<li> <p> An attribute name must not contain "=", null or newline,
and an attribute value must not contain null or newline. </p>

172
postfix/html/access.5.html
View File

@ -20,7 +20,7 @@ ACCESS(5) ACCESS(5)
The optional <b>access</b> table directs the Postfix SMTP server
to selectively reject or accept mail. Access can be
allowed or denied for specific host names, domain names,
networks, host network addresses or mail addresses.
networks, host addresses or mail addresses.
For an example, see the EXAMPLE section at the end of this
manual page.
@ -116,39 +116,79 @@ ACCESS(5) ACCESS(5)
<i>net.work</i>
<i>net</i> Matches any host address in the specified network.
A network address is a sequence of one or more
octets separated by ".".
<i>net</i> Matches the specified IPv4 host address or subnet-
work. An IPv4 host address is a sequence of four
decimal octets separated by ".".
NOTE: use the <b>cidr</b> lookup table type to specify
Subnetworks are matched by repeatedly truncating
the last ".octet" from the remote IPv4 host address
string until a match is found in the access table,
or until further truncation is not possible.
NOTE 1: The information in the access map should be
in canonical form, with unnecessary null characters
eliminated. Address information must not be
enclosed with "[]" characters.
NOTE 2: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html">cidr_table(5)</a> for
details.
<i>net:work:addr:ess</i>
<i>net:work:addr</i>
<i>net:work</i>
<i>net</i> Matches the specified IPv6 host address or subnet-
work. An IPv6 host address is a sequence of three
to eight hexadecimal octet pairs separated by ":".
Subnetworks are matched by repeatedly truncating
the last ":octetpair" from the remote IPv6 host
address string until a match is found in the access
table, or until further truncation is not possible.
NOTE 1: the truncation and comparison are done with
the string representation of the IPv6 host address.
Thus, not all the ":" subnetworks will be tried.
NOTE 2: The information in the access map should be
in canonical form, with unnecessary null characters
eliminated. Address information must not be
enclosed with "[]" characters.
NOTE 3: use the <b>cidr</b> lookup table type to specify
network/netmask patterns. See <a href="cidr_table.5.html">cidr_table(5)</a> for
details.
IPv6 support is available in Postfix 2.2 and later.
<b>ACCEPT ACTIONS</b>
<b>OK</b> Accept the address etc. that matches the pattern.
<i>all-numerical</i>
An all-numerical result is treated as OK. This for-
mat is generated by address-based relay authoriza-
mat is generated by address-based relay authoriza-
tion schemes.
<b>REJECT ACTIONS</b>
<b>4</b><i>NN text</i>
<b>5</b><i>NN text</i>
Reject the address etc. that matches the pattern,
Reject the address etc. that matches the pattern,
and respond with the numerical three-digit code and
text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
text. <b>4</b><i>NN</i> means "try again later", while <b>5</b><i>NN</i> means
"do not try again".
<b>REJECT</b> <i>optional text...</i>
Reject the address etc. that matches the pattern.
Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
optional text is specified, otherwise reply with a
Reject the address etc. that matches the pattern.
Reply with <i>$reject</i><b>_</b><i>code optional text...</i> when the
optional text is specified, otherwise reply with a
generic error response message.
<b>DEFER_IF_REJECT</b> <i>optional text...</i>
Defer the request if some later restriction would
Defer the request if some later restriction would
result in a REJECT action. Reply with "<b>450</b> <i>optional</i>
<i>text...</i> when the optional text is specified, other-
wise reply with a generic error response message.
@ -156,10 +196,10 @@ ACCESS(5) ACCESS(5)
This feature is available in Postfix 2.1 and later.
<b>DEFER_IF_PERMIT</b> <i>optional text...</i>
Defer the request if some later restriction would
result in a an explicit or implicit PERMIT action.
Reply with "<b>450</b> <i>optional text...</i> when the optional
text is specified, otherwise reply with a generic
Defer the request if some later restriction would
result in a an explicit or implicit PERMIT action.
Reply with "<b>450</b> <i>optional text...</i> when the optional
text is specified, otherwise reply with a generic
error response message.
This feature is available in Postfix 2.1 and later.
@ -170,131 +210,131 @@ ACCESS(5) ACCESS(5)
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a></b>, and so on).
<b>DISCARD</b> <i>optional text...</i>
Claim successful delivery and silently discard the
message. Log the optional text if specified, oth-
Claim successful delivery and silently discard the
message. Log the optional text if specified, oth-
erwise log a generic message.
Note: this action currently affects all recipients
Note: this action currently affects all recipients
of the message.
This feature is available in Postfix 2.0 and later.
<b>DUNNO</b> Pretend that the lookup key was not found. This
prevents Postfix from trying substrings of the
lookup key (such as a subdomain name, or a network
<b>DUNNO</b> Pretend that the lookup key was not found. This
prevents Postfix from trying substrings of the
lookup key (such as a subdomain name, or a network
address subnetwork).
This feature is available in Postfix 2.0 and later.
<b>FILTER</b> <i>transport:destination</i>
After the message is queued, send the entire mes-
After the message is queued, send the entire mes-
sage through the specified external content filter.
The <i>transport:destination</i> syntax is described in
the <a href="transport.5.html">transport(5)</a> manual page. More information
about external content filters is in the Postfix
The <i>transport:destination</i> syntax is described in
the <a href="transport.5.html">transport(5)</a> manual page. More information
about external content filters is in the Postfix
<a href="FILTER_README.html">FILTER_README</a> file.
Note: this action overrides the <b>main.cf <a href="postconf.5.html#content_filter">con</a>-</b>
Note: this action overrides the <b>main.cf <a href="postconf.5.html#content_filter">con</a>-</b>
<b><a href="postconf.5.html#content_filter">tent_filter</a></b> setting, and currently affects all
recipients of the message.
This feature is available in Postfix 2.0 and later.
<b>HOLD</b> <i>optional text...</i>
Place the message on the <b>hold</b> queue, where it will
sit until someone either deletes it or releases it
for delivery. Log the optional text if specified,
Place the message on the <b>hold</b> queue, where it will
sit until someone either deletes it or releases it
for delivery. Log the optional text if specified,
otherwise log a generic message.
Mail that is placed on hold can be examined with
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
Mail that is placed on hold can be examined with
the <a href="postcat.1.html"><b>postcat</b>(1)</a> command, and can be destroyed or
released with the <a href="postsuper.1.html"><b>postsuper</b>(1)</a> command.
Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
Note: use "<b>postsuper -r</b>" to release mail that was
kept on hold for a significant fraction of <b>$<a href="postconf.5.html#maximal_queue_lifetime">maxi</a>-</b>
<b><a href="postconf.5.html#maximal_queue_lifetime">mal_queue_lifetime</a></b> or <b>$<a href="postconf.5.html#bounce_queue_lifetime">bounce_queue_lifetime</a></b>, or
longer.
Note: this action currently affects all recipients
Note: this action currently affects all recipients
of the message.
This feature is available in Postfix 2.0 and later.
<b>PREPEND</b> <i>headername: headervalue</i>
Prepend the specified message header to the mes-
Prepend the specified message header to the mes-
sage. When this action is used multiple times, the
first prepended header appears before the second
first prepended header appears before the second
etc. prepended header.
Note: this action does not support multi-line mes-
Note: this action does not support multi-line mes-
sage headers.
This feature is available in Postfix 2.1 and later.
<b>REDIRECT</b> <i>user@domain</i>
After the message is queued, send the message to
After the message is queued, send the message to
the specified address instead of the intended
recipient(s).
Note: this action overrides the FILTER action, and
Note: this action overrides the FILTER action, and
currently affects all recipients of the message.
This feature is available in Postfix 2.1 and later.
<b>WARN</b> <i>optional text...</i>
Log a warning with the optional text, together with
client information and if available, with helo,
client information and if available, with helo,
sender, recipient and protocol information.
This feature is available in Postfix 2.1 and later.
<b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to
Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
cation, that string is an entire client hostname, an
cation, that string is an entire client hostname, an
entire client IP address, or an entire mail address. Thus,
no parent domain or parent network search is done,
<i>user@domain</i> mail addresses are not broken up into their
<i>user@domain</i> mail addresses are not broken up into their
<i>user@</i> and <i>domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
Actions are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
Actions are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see
<a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available in Postfix
tion of the TCP client/server lookup protocol, see
<a href="tcp_table.5.html"><b>tcp_table</b>(5)</a>. This feature is not available in Postfix
version 2.1.
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire
Each lookup operation uses the entire query string once.
Depending on the application, that string is an entire
client hostname, an entire client IP address, or an entire
mail address. Thus, no parent domain or parent network
search is done, <i>user@domain</i> mail addresses are not broken
up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
mail address. Thus, no parent domain or parent network
search is done, <i>user@domain</i> mail addresses are not broken
up into their <i>user@</i> and <i>domain</i> constituent parts, nor is
<i>user+foo</i> broken up into <i>user</i> and <i>foo</i>.
Actions are the same as with indexed file lookups.
<b>EXAMPLE</b>
The following example uses an indexed file, so that the
order of table entries does not matter. The example per-
mits access by the client at address 1.2.3.4 but rejects
all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
<b>-m</b>" to find out what lookup tables Postfix supports on
The following example uses an indexed file, so that the
order of table entries does not matter. The example per-
mits access by the client at address 1.2.3.4 but rejects
all other clients in 1.2.3.0/24. Instead of <b>hash</b> lookup
tables, some systems use <b>dbm</b>. Use the command "<b>postconf</b>
<b>-m</b>" to find out what lookup tables Postfix supports on
your system.
/etc/postfix/main.cf:
@ -309,7 +349,7 @@ ACCESS(5) ACCESS(5)
editing the file.
<b>BUGS</b>
The table format does not understand quoting conventions.
The table format does not understand quoting conventions.
<b>SEE ALSO</b>
<a href="postmap.1.html">postmap(1)</a>, Postfix lookup table manager
@ -322,7 +362,7 @@ ACCESS(5) ACCESS(5)
<a href="DATABASE_README.html">DATABASE_README</a>, Postfix lookup table overview
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

22
postfix/html/cidr_table.5.html
View File

@ -32,25 +32,31 @@ CIDR_TABLE(5) CIDR_TABLE(5)
<i>network</i><b>_</b><i>address</i><b>/</b><i>network</i><b>_</b><i>mask result</i>
When a search string matches the specified network
block, use the corresponding <i>result</i> value. Specify
0.0.0.0/0 to match every address.
0.0.0.0/0 to match every IPv4 address, and ::/0 to
match every IPv6 address.
Note: address information may be enclosed inside
"[]" but this form is not recommended.
IPv6 support is available in Postfix 2.2 and later.
<i>network</i><b>_</b><i>address result</i>
When a search string matches the specified network
When a search string matches the specified network
address, use the corresponding <i>result</i> value.
blank lines and comments
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
is a `#'.
multi-line text
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
cal line.
<b>SEARCH ORDER</b>
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
<b>EXAMPLE SMTPD ACCESS MAP</b>

2
postfix/html/index.html
View File

@ -38,6 +38,8 @@ configuration examples </a>
<li> <a href="SASL_README.html"> SASL Authentication </a>
<li> <a href="IPV6_README.html"> IP Version 6 Support </a>
<li> <a href="INSTALL.html"> Installation from source code </a>
</ul>

23
postfix/html/master.8.html
View File

@ -94,11 +94,6 @@ MASTER(8) MASTER(8)
<b>postfix reload</b> command after a configuration change.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#default_process_limit">default_process_limit</a> (100)</b>
The default maximal number of Postfix child pro-
cesses that provide a given service.
@ -133,9 +128,13 @@ MASTER(8) MASTER(8)
The network interface addresses that this mail sys-
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
The list of environment parameters that a Postfix
process will import from a non-Postfix parent pro-
The list of environment parameters that a Postfix
process will import from a non-Postfix parent pro-
cess.
<b><a href="postconf.5.html#mail_owner">mail_owner</a> (postfix)</b>
@ -143,22 +142,22 @@ MASTER(8) MASTER(8)
and most Postfix daemon processes.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon pro-
The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the pro-
The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
@ -175,7 +174,7 @@ MASTER(8) MASTER(8)
syslogd(8), system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

190
postfix/html/postconf.5.html
View File

@ -842,6 +842,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#authorized_verp_clients">authorized_verp_clients</a> value, and in files
specified with "/file/name". IP version 6 addresses contain the
":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
@ -2323,13 +2329,19 @@ execute the command "<b>postfix reload</b>".
</DD>
<DT><b><a name="hash_queue_names">hash_queue_names</a>
(default: see "postconf -d" output)</b></DT><DD>
(default: deferred, defer)</b></DT><DD>
<p>
The names of queue directories that are split across multiple
subdirectory levels.
</p>
<p> Before Postfix version 2.2, the default list of hashed queues
was significantly larger. Claims about improvements in file system
technology suggest that hashing of the <a href="QSHAPE_README.html#incoming_queue">incoming</a> and <a href="QSHAPE_README.html#active_queue">active queues</a>
is no longer needed. Fewer hashed directories speed up the time
needed to restart Postfix. </p>
<p>
After changing the <a href="postconf.5.html#hash_queue_names">hash_queue_names</a> or <a href="postconf.5.html#hash_queue_depth">hash_queue_depth</a> parameter,
execute the command "<b>postfix reload</b>".
@ -2518,42 +2530,102 @@ Specify 0 to disable the feature. Valid delays are 0..10.
<DT><b><a name="inet_interfaces">inet_interfaces</a>
(default: all)</b></DT><DD>
<p>
The network interface addresses that this mail system receives mail
on. By default, the software claims all active interfaces on the
machine. The parameter also controls delivery of mail to
user@[ip.address].
</p>
<p> The network interface addresses that this mail system receives
mail on. By default, the software claims all active interfaces on
the machine; with Postfix 2.2 and later, specify "<b>loopback-only</b>"
to select only local interfaces. The parameter also controls
delivery of mail to user@[ip.address]. </p>
<p>
When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> consists of just one IP address that is not a
loopback (net 127) address, the Postfix SMTP client will use this address
as the IP source address for outbound mail. </p>
Note: you need to stop and start Postfix when this parameter changes.
</p>
<p> When <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
this address as the IP source address for outbound mail. </p>
<p>
On a multi-homed firewall with separate Postfix instances listening on the
"inside" and "outside" interfaces, this can prevent each instance from
being able to reach servers on the "other side" of the firewall. Setting
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem. </p>
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> to 0.0.0.0 avoids the potential problem for
IPv4, and setting <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> to :: solves the problem
for IPv6. </p>
<p>
A better solution is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> at the default value
A better solution for multi-homed firewalls is to leave <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
at the default value
and instead use explicit IP addresses in master.cf. This preserves SMTP
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> to a
single IP address is primarily useful with virtual hosting of domains on
single IPv4 and/or IPV6 address is primarily useful with virtual
hosting of domains on
secondary IP addresses, when each IP address serves a different domain
(and has a different $<a href="postconf.5.html#myhostname">myhostname</a> setting). </p>
<p>
See also the <a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> parameter, for network addresses that
are forwarded to us by way of a proxy or address translator.
are forwarded to Postfix by way of a proxy or address translator.
</p>
<p>
Note: you need to stop and start Postfix when this parameter changes.
Examples:
</p>
<pre>
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = all (DEFAULT)
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = loopback-only
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 127.0.0.1
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> = 192.168.1.2, 127.0.0.1
</pre>
</DD>
<DT><b><a name="inet_protocols">inet_protocols</a>
(default: ipv4)</b></DT><DD>
<p> The Internet protocols Postfix will attempt to use when making
or accepting connections. Specify one or more of "ipv4" or "ipv6",
separated by whitespace or commas. The form "all" is equivalent to
"ipv4, ipv6". </p>
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
<p> On systems that pre-date IPV6_V6ONLY support (<a href="http://www.faqs.org/rfcs/rfc3493.html">RFC 3493</a>), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter. On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
IPv6 and IPv4, and each will accept only connections for the
corresponding protocol. </p>
<p> When IPv4 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
Postfix will to DNS type A record lookups, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (<a href="http://www.faqs.org/rfcs/rfc3493.html">RFC 3493</a>). </p>
<p> When IPv6 support is enabled via the <a href="postconf.5.html#inet_protocols">inet_protocols</a> parameter,
Postfix will do DNS type AAAA record lookups. </p>
<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP
client will attempt to connect via IPv6 before attempting to use
IPv4. </p>
<p> This feature is available in Postfix version 2.2 and later. </p>
<p>
Examples:
</p>
<pre>
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4 (DEFAULT)
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = all
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv6
<a href="postconf.5.html#inet_protocols">inet_protocols</a> = ipv4, ipv6
</pre>
</DD>
@ -4070,11 +4142,17 @@ lookup string (the lookup result is ignored). </p>
first match. Specify "!pattern" to exclude an address or network
block from the list. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#mynetworks">mynetworks</a> value, and in files specified with
"/file/name". IP version 6 addresses contain the ":" character,
and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>" pattern. </p>
<p> Examples: </p>
<pre>
<a href="postconf.5.html#mynetworks">mynetworks</a> = 168.100.189.0/28, 127.0.0.0/8
<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28
<a href="postconf.5.html#mynetworks">mynetworks</a> = !192.168.0.1, 192.168.0.0/28
<a href="postconf.5.html#mynetworks">mynetworks</a> = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64
<a href="postconf.5.html#mynetworks">mynetworks</a> = $<a href="postconf.5.html#config_directory">config_directory</a>/mynetworks
<a href="postconf.5.html#mynetworks">mynetworks</a> = hash:/etc/postfix/network_table
</pre>
@ -5451,7 +5529,7 @@ the word "ESMTP" appears in the server greeting banner (example:
<p>
An optional numerical network address that the SMTP client should
bind to when making a connection.
bind to when making an IPv4 connection.
</p>
<p>
@ -5465,11 +5543,47 @@ for example:
smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>=11.22.33.44
</pre>
<p> Note: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies exactly one address that
is a non-loopback address, it is automatically used as the
<a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual IP hosting, but can be
a problem on multi-homed firewalls. See the <a href="postconf.5.html#inet_interfaces">inet_interfaces</a>
documentation for more detail. </p>
<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv4
address, and that address is a non-loopback address, it is
automatically used as the <a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a>. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended. </p>
</DD>
<DT><b><a name="smtp_bind_address6">smtp_bind_address6</a>
(default: empty)</b></DT><DD>
<p>
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
</p>
<p>
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
for example:
</p>
<pre>
/etc/postfix/master.cf:
smtp ... smtp -o <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>=1:2:3:4:5:6:7:8
</pre>
<p> Note 1: when <a href="postconf.5.html#inet_interfaces">inet_interfaces</a> specifies no more than one IPv6
address, and that address is a non-loopback address, it is
automatically used as the <a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a>. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended. </p>
<p> This feature is available in Postfix version 2.2 and later. </p>
</DD>
@ -6211,6 +6325,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_verp_clients">smtpd_authorized_verp_clients</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
@ -6244,6 +6364,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xclient_hosts">smtpd_authorized_xclient_hosts</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
@ -6276,6 +6402,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_authorized_xforward_hosts">smtpd_authorized_xforward_hosts</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
</DD>
@ -6381,6 +6513,12 @@ list of network blocks, hostnames or .domain names (the initial
dot causes the domain to match any name below it).
</p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> value, and
in files specified with "/file/name". IP version 6 addresses
contain the ":" character, and would otherwise be confused with a
"<a href="DATABASE_README.html">type:table</a>" pattern. </p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
@ -7533,6 +7671,12 @@ contents; a "<a href="DATABASE_README.html">type:table</a>" lookup table is matc
matches a lookup string (the lookup result is ignored). Continue
long lines by starting the next line with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the <a href="postconf.5.html#smtpd_sasl_exceptions_networks">smtpd_sasl_exceptions_networks</a> value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "<a href="DATABASE_README.html">type:table</a>"
pattern. </p>
<p>
Example:
</p>
@ -8664,7 +8808,7 @@ it will open the table directly. Before Postfix version 2.2, the
<p> Optional lookup tables with a) names of domains for which all
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix 2.1
remote domains. Available before Postfix version 2.0. With Postfix 2.0
and later, this is replaced by separate controls: <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>
and <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>. </p>

57
postfix/html/postqueue.1.html
View File

@ -62,89 +62,92 @@ POSTQUEUE(1) POSTQUEUE(1)
<b>-s</b> <i>site</i>
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. The site must be eligi-
ble for the "fast flush" service. See <a href="flush.8.html"><b>flush</b>(8)</a> for
more information about the "fast flush" service.
queued for the named <i>site</i>. A numerical site must be
specified as a valid <a href="http://www.faqs.org/rfcs/rfc2821.html">RFC 2821</a> address literal
enclosed in [], just like in email addresses. The
site must be eligible for the "fast flush" service.
See <a href="flush.8.html"><b>flush</b>(8)</a> for more information about the "fast
flush" service.
This option implements the traditional <b>sendmail</b>
This option implements the traditional <b>sendmail</b>
<b>-qR</b><i>site</i> command, by contacting the Postfix <a href="flush.8.html"><b>flush</b>(8)</a>
daemon.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
This program is designed to run with set-group ID privi-
This program is designed to run with set-group ID privi-
leges, so that it can connect to Postfix daemon processes.
<b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) and to the standard
Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
MAIL_CONFIG
Directory with the <b>main.cf</b> file. In order to avoid
exploitation of set-group ID privileges, a non-
Directory with the <b>main.cf</b> file. In order to avoid
exploitation of set-group ID privileges, a non-
standard directory is allowed only if:
<b>o</b> The name is listed in the standard <b>main.cf</b>
file with the <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b>
<b>o</b> The name is listed in the standard <b>main.cf</b>
file with the <b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a></b>
configuration parameter.
<b>o</b> The command is invoked by the super-user.
<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
The following <b>main.cf</b> parameters are especially relevant
to this program. The text below provides only a parameter
summary. See <a href="postconf.5.html">postconf(5)</a> for more details including exam-
summary. See <a href="postconf.5.html">postconf(5)</a> for more details including exam-
ples.
<b><a href="postconf.5.html#alternate_config_directories">alternate_config_directories</a> (empty)</b>
A list of non-default Postfix configuration direc-
A list of non-default Postfix configuration direc-
tories that may be specified with "-c <a href="postconf.5.html#config_directory">config_direc</a>-
<a href="postconf.5.html#config_directory">tory</a>" on the command line, or via the MAIL_CONFIG
<a href="postconf.5.html#config_directory">tory</a>" on the command line, or via the MAIL_CONFIG
environment parameter.
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix main.cf and
The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#fast_flush_domains">fast_flush_domains</a> ($<a href="postconf.5.html#relay_domains">relay_domains</a>)</b>
Optional list of destinations that are eligible for
per-destination logfiles with mail that is queued
per-destination logfiles with mail that is queued
to those destinations.
<b><a href="postconf.5.html#import_environment">import_environment</a> (see 'postconf -d' output)</b>
The list of environment parameters that a Postfix
process will import from a non-Postfix parent pro-
The list of environment parameters that a Postfix
process will import from a non-Postfix parent pro-
cess.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the pro-
The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
<b><a href="postconf.5.html#trigger_timeout">trigger_timeout</a> (10s)</b>
The time limit for sending a trigger to a Postfix
daemon (for example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> dae-
The time limit for sending a trigger to a Postfix
daemon (for example, the <a href="pickup.8.html">pickup(8)</a> or <a href="qmgr.8.html">qmgr(8)</a> dae-
mon).
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#authorized_flush_users">authorized_flush_users</a> (static:anyone)</b>
List of users who are authorized to flush the
List of users who are authorized to flush the
queue.
<b><a href="postconf.5.html#authorized_mailq_users">authorized_mailq_users</a> (static:anyone)</b>
@ -164,11 +167,11 @@ POSTQUEUE(1) POSTQUEUE(1)
<a href="ETRN_README.html">ETRN_README</a>, Postfix ETRN howto
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>HISTORY</b>
The postqueue command was introduced with Postfix version
The postqueue command was introduced with Postfix version
1.1.
<b>AUTHOR(S)</b>

16
postfix/html/qmqp-sink.1.html
View File

@ -10,18 +10,24 @@ QMQP-SINK(1) QMQP-SINK(1)
qmqp-sink - multi-threaded QMQP test server
<b>SYNOPSIS</b>
<b>qmqp-sink</b> [<b>-cv</b>] [<b>-x</b> <i>time</i>] [<b>inet:</b>][<i>host</i>]:<i>port backlog</i>
<b>qmqp-sink</b> [<b>-46cv</b>] [<b>-x</b> <i>time</i>] [<b>inet:</b>][<i>host</i>]:<i>port backlog</i>
<b>qmqp-sink</b> [<b>-cv</b>] [<b>-x</b> <i>time</i>] <b>unix:</b><i>pathname backlog</i>
<b>qmqp-sink</b> [<b>-46cv</b>] [<b>-x</b> <i>time</i>] <b>unix:</b><i>pathname backlog</i>
<b>DESCRIPTION</b>
<b>qmqp-sink</b> listens on the named host (or address) and port.
It receives messages from the network and throws them
away. The purpose is to measure QMQP client performance,
not protocol compliance. Connections can be accepted on
IPV4 endpoints or UNIX-domain sockets. IPV4 is the
default. This program is the complement of the <a href="qmqp-source.1.html"><b>qmqp-</b></a>
<a href="qmqp-source.1.html"><b>source</b>(1)</a> program.
IPv4 or IPv6 endpoints, or on UNIX-domain sockets. IPv4
and IPv6 are the default. This program is the complement
of the <a href="qmqp-source.1.html"><b>qmqp-source</b>(1)</a> program.
<b>-4</b> Support IPv4 only. This option has no effect when
Postfix is built without IPv6 support.
<b>-6</b> Support IPv6 only. This option is not available
when Postfix is built without IPv6 support.
<b>-c</b> Display a running counter that is updated whenever
a delivery is completed.

11
postfix/html/qmqp-source.1.html
View File

@ -18,11 +18,18 @@ QMQP-SOURCE(1) QMQP-SOURCE(1)
<b>qmqp-source</b> connects to the named host and TCP port
(default 628) and sends one or more messages to it, either
sequentially or in parallel. The program speaks the QMQP
protocol. Connections can be made to UNIX-domain and IPV4
servers. IPV4 is the default.
protocol. Connections can be made to UNIX-domain and IPv4
or IPv6 servers. IPv4 and IPv6 are the default.
Options:
<b>-4</b> Connect to the server with IPv4. This option has no
effect when Postfix is built without IPv6 support.
<b>-6</b> Connect to the server with IPv6. This option is not
available when Postfix is built without IPv6 sup-
port.
<b>-c</b> Display a running counter that is incremented each
time a delivery completes.

2
postfix/html/qmqpd.8.html
View File

@ -57,7 +57,7 @@ QMQPD(8) QMQPD(8)
<b><a href="postconf.5.html#receive_override_options">receive_override_options</a> (empty)</b>
Enable or disable recipient validation, built-in
content filtering, or address rewriting.
content filtering, or address mapping.
<b>RESOURCE AND RATE CONTROLS</b>
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>

3
postfix/html/sendmail.1.html
View File

@ -153,6 +153,9 @@ SENDMAIL(1) SENDMAIL(1)
Non-default alias database. Specify <i>pathname</i> or
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-O</b> <i>option=value</i> (ignored)
Backwards compatibility.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)

45
postfix/html/smtp-sink.1.html
View File

@ -20,15 +20,22 @@ SMTP-SINK(1) SMTP-SINK(1)
away. The purpose is to measure client performance, not
protocol compliance.
Connections can be accepted on IPV4 endpoints or UNIX-
domain sockets. IPV4 is the default. This program is the
complement of the <a href="smtp-source.1.html"><b>smtp-source</b>(1)</a> program.
Connections can be accepted on IPv4 or IPv6 endpoints, or
on UNIX-domain sockets. IPv4 and IPv6 are the default.
This program is the complement of the <a href="smtp-source.1.html"><b>smtp-source</b>(1)</a> pro-
gram.
Arguments:
<b>-4</b> Support IPv4 only. This option has no effect when
Postfix is built without IPv6 support.
<b>-6</b> Support IPv6 only. This option is not available
when Postfix is built without IPv6 support.
<b>-a</b> Do not announce SASL authentication support.
<b>-c</b> Display a running counter that is updated whenever
<b>-c</b> Display a running counter that is updated whenever
an SMTP QUIT command is executed.
<b>-C</b> Disable XCLIENT support.
@ -36,14 +43,14 @@ SMTP-SINK(1) SMTP-SINK(1)
<b>-e</b> Do not announce ESMTP support.
<b>-f</b> <i>command,command,...</i>
Reject the specified commands with a hard (5xx)
Reject the specified commands with a hard (5xx)
error code.
<b>-F</b> Disable XFORWARD support.
<b>-h</b> <i>hostname</i>
Use <i>hostname</i> in the SMTP greeting, in the HELO
response, and in the EHLO response. The default
Use <i>hostname</i> in the SMTP greeting, in the HELO
response, and in the EHLO response. The default
hostname is "smtp-sink".
<b>-L</b> Enable LMTP instead of SMTP.
@ -52,26 +59,26 @@ SMTP-SINK(1) SMTP-SINK(1)
Terminate after <i>count</i> sessions. This is for testing
purposes.
<b>-p</b> Do not announce support for ESMTP command pipelin-
<b>-p</b> Do not announce support for ESMTP command pipelin-
ing.
<b>-P</b> Change the server greeting so that it appears to
<b>-P</b> Change the server greeting so that it appears to
come through a CISCO PIX system. Implies <b>-e</b>.
<b>-q</b> <i>command,command,...</i>
Disconnect (without replying) after receiving one
Disconnect (without replying) after receiving one
of the specified commands.
<b>-r</b> <i>command,command,...</i>
Reject the specified commands with a soft (4xx)
Reject the specified commands with a soft (4xx)
error code.
<b>-s</b> <i>command,command,...</i>
Log the named commands to syslogd. Examples of
commands that can be logged are HELO, EHLO, LHLO,
MAIL, RCPT, VRFY, RSET, NOOP, and QUIT. Separate
command names by white space or commas, and use
quotes to protect white space from the shell. Com-
Log the named commands to syslogd. Examples of
commands that can be logged are HELO, EHLO, LHLO,
MAIL, RCPT, VRFY, RSET, NOOP, and QUIT. Separate
command names by white space or commas, and use
quotes to protect white space from the shell. Com-
mand names are case-insensitive.
<b>-v</b> Show the SMTP conversations.
@ -83,7 +90,7 @@ SMTP-SINK(1) SMTP-SINK(1)
<b>-8</b> Do not announce 8BITMIME support.
[<b>inet:</b>][<i>host</i>]:<i>port</i>
Listen on network interface <i>host</i> (default: any
Listen on network interface <i>host</i> (default: any
interface) TCP port <i>port</i>. Both <i>host</i> and <i>port</i> may be
specified in numeric or symbolic form.
@ -91,14 +98,14 @@ SMTP-SINK(1) SMTP-SINK(1)
Listen on the UNIX-domain socket at <i>pathname</i>.
<i>backlog</i>
The maximum length the queue of pending connec-
The maximum length the queue of pending connec-
tions, as defined by the listen(2) call.
<b>SEE ALSO</b>
<a href="smtp-source.1.html">smtp-source(1)</a>, SMTP/LMTP message generator
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

48
postfix/html/smtp-source.1.html
View File

@ -18,33 +18,41 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
<b>smtp-source</b> connects to the named <i>host</i> and TCP <i>port</i>
(default: port 25) and sends one or more messages to it,
either sequentially or in parallel. The program speaks
either SMTP (default) or LMTP. Connections can be made to
UNIX-domain and IPV4 servers. IPV4 is the default.
either SMTP (default) or LMTP. Connections can be made to
UNIX-domain and IPv4 or IPv6 servers. IPv4 and IPv6 are
the default.
Arguments:
<b>-c</b> Display a running counter that is incremented each
<b>-4</b> Connect to the server with IPv4. This option has no
effect when Postfix is built without IPv6 support.
<b>-6</b> Connect to the server with IPv6. This option is not
available when Postfix is built without IPv6 sup-
port.
<b>-c</b> Display a running counter that is incremented each
time an SMTP DATA command completes.
<b>-C</b> <i>count</i>
When a host sends RESET instead of SYN|ACK, try
<i>count</i> times before giving up. The default count is
When a host sends RESET instead of SYN|ACK, try
<i>count</i> times before giving up. The default count is
1. Specify a larger count in order to work around a
problem with TCP/IP stacks that send RESET when the
listen queue is full.
<b>-d</b> Don't disconnect after sending a message; send the
<b>-d</b> Don't disconnect after sending a message; send the
next message over the same connection.
<b>-f</b> <i>from</i>
Use the specified sender address (default:
Use the specified sender address (default:
&lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
<b>-o</b> Old mode: don't send HELO, and don't send message
<b>-o</b> Old mode: don't send HELO, and don't send message
headers.
<b>-l</b> <i>length</i>
Send <i>length</i> bytes as message payload. The length
Send <i>length</i> bytes as message payload. The length
does not include message headers.
<b>-L</b> Speak LMTP rather than SMTP.
@ -52,15 +60,15 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
<b>-m</b> <i>message</i><b>_</b><i>count</i>
Send the specified number of messages (default: 1).
<b>-N</b> Prepend a non-repeating sequence number to each
recipient address. This avoids the artificial 100%
hit rate in the resolve and rewrite client caches
and exercises the trivial-rewrite daemon, better
approximating Postfix performance under real-life
<b>-N</b> Prepend a non-repeating sequence number to each
recipient address. This avoids the artificial 100%
hit rate in the resolve and rewrite client caches
and exercises the trivial-rewrite daemon, better
approximating Postfix performance under real-life
work-loads.
<b>-r</b> <i>recipient</i><b>_</b><i>count</i>
Send the specified number of recipients per trans-
Send the specified number of recipients per trans-
action (default: 1). Recipient names are generated
by prepending a number to the recipient address.
@ -69,15 +77,15 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
lel (default: 1).
<b>-S</b> <i>subject</i>
Send mail with the named subject line (default:
Send mail with the named subject line (default:
none).
<b>-t</b> <i>to</i> Use the specified recipient address (default:
<b>-t</b> <i>to</i> Use the specified recipient address (default:
&lt;foo@<a href="postconf.5.html#myhostname">myhostname</a>&gt;).
<b>-R</b> <i>interval</i>
Wait for a random period of time 0 &lt;= n &lt;= interval
between messages. Suspending one thread does not
between messages. Suspending one thread does not
affect other delivery threads.
<b>-w</b> <i>interval</i>
@ -85,7 +93,7 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
thread does not affect other delivery threads.
[<b>inet:</b>]<i>host</i>[:<i>port</i>]
Connect via TCP to host <i>host</i>, port <i>port</i>. The
Connect via TCP to host <i>host</i>, port <i>port</i>. The
default port is <b>smtp</b>.
<b>unix:</b><i>pathname</i>
@ -98,7 +106,7 @@ SMTP-SOURCE(1) SMTP-SOURCE(1)
<a href="smtp-sink.1.html">smtp-sink(1)</a>, SMTP/LMTP message dump
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

26
postfix/html/smtp.8.html
View File

@ -330,37 +330,47 @@ SMTP(8) SMTP(8)
The network interface addresses that this mail sys-
tem receives mail on.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#ipc_timeout">ipc_timeout</a> (3600s)</b>
The time limit for sending or receiving information
over an internal communication channel.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon pro-
The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a> (empty)</b>
The network interface addresses that this mail sys-
tem receives mail on by way of a proxy or network
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#smtp_bind_address">smtp_bind_address</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making a connection.
client should bind to when making an IPv4 connec-
tion.
<b><a href="postconf.5.html#<a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a>"><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a></a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
<b><a href="postconf.5.html#smtp_bind_address6">smtp_bind_address6</a> (empty)</b>
An optional numerical network address that the SMTP
client should bind to when making an IPv6 connec-
tion.
<b><a href="postconf.5.html#smtp_helo_name">smtp_helo_name</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The hostname to send in the SMTP EHLO or HELO com-
mand.

290
postfix/html/smtpd.8.html
View File

@ -323,182 +323,186 @@ SMTPD(8) SMTPD(8)
tem receives mail on by way of a proxy or network
address translation unit.
<b><a href="postconf.5.html#inet_protocols">inet_protocols</a> (ipv4)</b>
The Internet protocols Postfix will attempt to use
when making or accepting connections.
<b><a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> (<a href="proxymap.8.html">proxy</a>:unix:passwd.byname</b>
<b>$<a href="postconf.5.html#alias_maps">alias_maps</a>)</b>
Lookup tables with all names or addresses of local
recipients: a recipient address is local when its
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
Lookup tables with all names or addresses of local
recipients: a recipient address is local when its
domain matches $<a href="postconf.5.html#mydestination">mydestination</a>, $<a href="postconf.5.html#inet_interfaces">inet_interfaces</a> or
$<a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a>.
<b><a href="postconf.5.html#unknown_local_recipient_reject_code">unknown_local_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
when a recipient address is local, and
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
The numerical Postfix SMTP server response code
when a recipient address is local, and
$<a href="postconf.5.html#local_recipient_maps">local_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient.
Parameters concerning known/unknown recipients of relay
Parameters concerning known/unknown recipients of relay
destinations:
<b><a href="postconf.5.html#relay_domains">relay_domains</a> ($<a href="postconf.5.html#mydestination">mydestination</a>)</b>
What destination domains (and subdomains thereof)
What destination domains (and subdomains thereof)
this system will relay mail to.
<b><a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in
Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#unknown_relay_recipient_reject_code">unknown_relay_recipient_reject_code</a> (550)</b>
The numerical Postfix SMTP server reply code when a
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
recipient address matches $<a href="postconf.5.html#relay_domains">relay_domains</a>, and
<a href="postconf.5.html#relay_recipient_maps">relay_recipient_maps</a> specifies a list of lookup
tables that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual
Parameters concerning known/unknown recipients in virtual
alias domains:
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a> ($<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a>)</b>
Postfix is final destination for the specified list
of virtual alias domains, that is, domains for
which all addresses are aliased to addresses in
of virtual alias domains, that is, domains for
which all addresses are aliased to addresses in
other local or remote domains.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> ($<a href="postconf.5.html#virtual_maps">virtual_maps</a>)</b>
Optional lookup tables that alias specific mail
addresses or domains to other local or remote
Optional lookup tables that alias specific mail
addresses or domains to other local or remote
address.
<b><a href="postconf.5.html#unknown_virtual_alias_reject_code">unknown_virtual_alias_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
matches $<a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a>, and $<a href="postconf.5.html#virtual_alias_maps">vir</a>-
<a href="postconf.5.html#virtual_alias_maps">tual_alias_maps</a> specifies a list of lookup tables
that does not match the recipient address.
Parameters concerning known/unknown recipients in virtual
Parameters concerning known/unknown recipients in virtual
mailbox domains:
<b><a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a> ($<a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a>)</b>
Postfix is final destination for the specified list
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
of domains; mail is delivered via the $<a href="postconf.5.html#virtual_transport">vir</a>-
<a href="postconf.5.html#virtual_transport">tual_transport</a> mail delivery transport.
<b><a href="postconf.5.html#virtual_mailbox_maps">virtual_mailbox_maps</a> (empty)</b>
Optional lookup tables with all valid addresses in
Optional lookup tables with all valid addresses in
the domains that match $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>.
<b><a href="postconf.5.html#unknown_virtual_mailbox_reject_code">unknown_virtual_mailbox_reject_code</a> (550)</b>
The SMTP server reply code when a recipient address
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
matches $<a href="postconf.5.html#virtual_mailbox_domains">virtual_mailbox_domains</a>, and $<a href="postconf.5.html#virtual_mailbox_maps">vir</a>-
<a href="postconf.5.html#virtual_mailbox_maps">tual_mailbox_maps</a> specifies a list of lookup tables
that does not match the recipient address.
<b>RESOURCE AND RATE CONTROLS</b>
The following parameters limit resource usage by the SMTP
The following parameters limit resource usage by the SMTP
server and/or control client request rates.
<b><a href="postconf.5.html#line_length_limit">line_length_limit</a> (2048)</b>
Upon input, long lines are chopped up into pieces
of at most this length; upon delivery, long lines
Upon input, long lines are chopped up into pieces
of at most this length; upon delivery, long lines
are reconstructed.
<b><a href="postconf.5.html#queue_minfree">queue_minfree</a> (0)</b>
The minimal amount of free space in bytes in the
The minimal amount of free space in bytes in the
queue file system that is needed to receive mail.
<b><a href="postconf.5.html#message_size_limit">message_size_limit</a> (10240000)</b>
The maximal size in bytes of a message, including
The maximal size in bytes of a message, including
envelope information.
<b><a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a> (1000)</b>
The maximal number of recipients that the Postfix
The maximal number of recipients that the Postfix
SMTP server accepts per message delivery request.
<b><a href="postconf.5.html#smtpd_timeout">smtpd_timeout</a> (300s)</b>
The time limit for sending a Postfix SMTP server
response and for receiving a remote SMTP client
The time limit for sending a Postfix SMTP server
response and for receiving a remote SMTP client
request.
<b><a href="postconf.5.html#smtpd_history_flush_threshold">smtpd_history_flush_threshold</a> (100)</b>
The maximal number of lines in the Postfix SMTP
server command history before it is flushed upon
The maximal number of lines in the Postfix SMTP
server command history before it is flushed upon
receipt of EHLO, RSET, or end of DATA.
The per SMTP client connection count and request rate lim-
its are implemented in co-operation with the <a href="anvil.8.html">anvil(8)</a> ser-
vice, and are available in Postfix version 2.2 and later.
vice, and are available in Postfix version 2.2 and later.
<b><a href="postconf.5.html#smtpd_client_connection_count_limit">smtpd_client_connection_count_limit</a> (50)</b>
How many simultaneous connections any client is
How many simultaneous connections any client is
allowed to make to this service.
<b><a href="postconf.5.html#smtpd_client_connection_rate_limit">smtpd_client_connection_rate_limit</a> (0)</b>
The maximal number of connection attempts any
client is allowed to make to this service per time
client is allowed to make to this service per time
unit.
<b><a href="postconf.5.html#smtpd_client_message_rate_limit">smtpd_client_message_rate_limit</a> (0)</b>
The maximal number of message delivery requests
that any client is allowed to make to this service
The maximal number of message delivery requests
that any client is allowed to make to this service
per time unit, regardless of whether or not Postfix
actually accepts those messages.
<b><a href="postconf.5.html#smtpd_client_recipient_rate_limit">smtpd_client_recipient_rate_limit</a> (0)</b>
The maximal number of recipient addresses that any
client is allowed to send to this service per time
The maximal number of recipient addresses that any
client is allowed to send to this service per time
unit, regardless of whether or not Postfix actually
accepts those recipients.
<b><a href="postconf.5.html#smtpd_client_event_limit_exceptions">smtpd_client_event_limit_exceptions</a> ($<a href="postconf.5.html#mynetworks">mynetworks</a>)</b>
Clients that are excluded from connection count,
connection rate, message rate or recipient rate
Clients that are excluded from connection count,
connection rate, message rate or recipient rate
restrictions.
<b>TARPIT CONTROLS</b>
When a remote SMTP client makes errors, the Postfix SMTP
server can insert delays before responding. This can help
to slow down run-away software. The behavior is con-
trolled by an error counter that counts the number of
errors within an SMTP session that a client makes without
When a remote SMTP client makes errors, the Postfix SMTP
server can insert delays before responding. This can help
to slow down run-away software. The behavior is con-
trolled by an error counter that counts the number of
errors within an SMTP session that a client makes without
delivering mail.
<b><a href="postconf.5.html#smtpd_error_sleep_time">smtpd_error_sleep_time</a> (1s)</b>
With Postfix 2.1 and later: the SMTP server
response delay after a client has made more than
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
With Postfix 2.1 and later: the SMTP server
response delay after a client has made more than
$<a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> errors, and fewer than
$<a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> errors, without delivering
mail.
<b><a href="postconf.5.html#smtpd_soft_error_limit">smtpd_soft_error_limit</a> (10)</b>
The number of errors a remote SMTP client is
allowed to make without delivering mail before the
The number of errors a remote SMTP client is
allowed to make without delivering mail before the
Postfix SMTP server slows down all its responses.
<b><a href="postconf.5.html#smtpd_hard_error_limit">smtpd_hard_error_limit</a> (20)</b>
The maximal number of errors a remote SMTP client
The maximal number of errors a remote SMTP client
is allowed to make without delivering mail.
<b><a href="postconf.5.html#smtpd_junk_command_limit">smtpd_junk_command_limit</a> (100)</b>
The number of junk commands (NOOP, VRFY, ETRN or
The number of junk commands (NOOP, VRFY, ETRN or
RSET) that a remote SMTP client can send before the
Postfix SMTP server starts to increment the error
Postfix SMTP server starts to increment the error
counter with each junk command.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_recipient_overshoot_limit">smtpd_recipient_overshoot_limit</a> (1000)</b>
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
The number of recipients that a remote SMTP client
can send in excess of the limit specified with
$<a href="postconf.5.html#smtpd_recipient_limit">smtpd_recipient_limit</a>, before the Postfix SMTP
server increments the per-session error count for
server increments the per-session error count for
each excess recipient.
<b>ACCESS POLICY DELEGATION CONTROLS</b>
As of version 2.1, Postfix can be configured to delegate
access policy decisions to an external server that runs
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
As of version 2.1, Postfix can be configured to delegate
access policy decisions to an external server that runs
outside Postfix. See the file <a href="SMTPD_POLICY_README.html">SMTPD_POLICY_README</a> for
more information.
<b><a href="postconf.5.html#smtpd_policy_service_max_idle">smtpd_policy_service_max_idle</a> (300s)</b>
The time after which an idle SMTPD policy service
The time after which an idle SMTPD policy service
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_max_ttl">smtpd_policy_service_max_ttl</a> (1000s)</b>
@ -506,161 +510,161 @@ SMTPD(8) SMTPD(8)
connection is closed.
<b><a href="postconf.5.html#smtpd_policy_service_timeout">smtpd_policy_service_timeout</a> (100s)</b>
The time limit for connecting to, writing to or
The time limit for connecting to, writing to or
receiving from a delegated SMTPD policy server.
<b>ACCESS CONTROLS</b>
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
The <a href="SMTPD_ACCESS_README.html">SMTPD_ACCESS_README</a> document gives an introduction to
all the SMTP server access control features.
<b><a href="postconf.5.html#smtpd_delay_reject">smtpd_delay_reject</a> (yes)</b>
Wait until the RCPT TO command before evaluating
Wait until the RCPT TO command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a>, $smtpd_helo_restric-
tions and $<a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a>, or wait until
the ETRN command before evaluating
the ETRN command before evaluating
$<a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> and $smtpd_helo_restric-
tions.
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b><a href="postconf.5.html#parent_domain_matches_subdomains">parent_domain_matches_subdomains</a> (see 'postconf -d' out-</b>
<b>put)</b>
What Postfix features match subdomains of
"domain.tld" automatically, instead of requiring an
explicit ".domain.tld" pattern.
<b><a href="postconf.5.html#smtpd_client_restrictions">smtpd_client_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client SMTP connection request.
<b><a href="postconf.5.html#smtpd_helo_required">smtpd_helo_required</a> (no)</b>
Require that a remote SMTP client introduces itself
at the beginning of an SMTP session with the HELO
at the beginning of an SMTP session with the HELO
or EHLO command.
<b><a href="postconf.5.html#smtpd_helo_restrictions">smtpd_helo_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the SMTP HELO command.
<b><a href="postconf.5.html#smtpd_sender_restrictions">smtpd_sender_restrictions</a> (empty)</b>
Optional restrictions that the Postfix SMTP server
Optional restrictions that the Postfix SMTP server
applies in the context of the MAIL FROM command.
<b><a href="postconf.5.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a> (<a href="postconf.5.html#permit_mynetworks">permit_mynetworks</a>,</b>
<b><a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a>)</b>
The access restrictions that the Postfix SMTP
server applies in the context of the RCPT TO com-
server applies in the context of the RCPT TO com-
mand.
<b><a href="postconf.5.html#smtpd_etrn_restrictions">smtpd_etrn_restrictions</a> (empty)</b>
Optional SMTP server access restrictions in the
Optional SMTP server access restrictions in the
context of a client ETRN request.
<b><a href="postconf.5.html#allow_untrusted_routing">allow_untrusted_routing</a> (no)</b>
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
Forward mail with sender-specified routing
(user[@%!]remote[@%!]site) from untrusted clients
to destinations matching $<a href="postconf.5.html#relay_domains">relay_domains</a>.
<b><a href="postconf.5.html#smtpd_restriction_classes">smtpd_restriction_classes</a> (empty)</b>
User-defined aliases for groups of access restric-
User-defined aliases for groups of access restric-
tions.
<b><a href="postconf.5.html#smtpd_null_access_lookup_key">smtpd_null_access_lookup_key</a> (</b>&lt;&gt;<b>)</b>
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
The lookup key to be used in SMTP <a href="access.5.html">access(5)</a> tables
instead of the null sender address.
<b><a href="postconf.5.html#permit_mx_backup_networks">permit_mx_backup_networks</a> (empty)</b>
Restrict the use of the <a href="postconf.5.html#permit_mx_backup">permit_mx_backup</a> SMTP
access feature to only domains whose primary MX
access feature to only domains whose primary MX
hosts match the listed networks.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#smtpd_data_restrictions">smtpd_data_restrictions</a> (empty)</b>
Optional access restrictions that the Postfix SMTP
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP DATA com-
mand.
<b><a href="postconf.5.html#smtpd_expansion_filter">smtpd_expansion_filter</a> (see 'postconf -d' output)</b>
What characters are allowed in $name expansions of
What characters are allowed in $name expansions of
RBL reply templates.
Available in Postfix version 2.1 and later:
<b><a href="postconf.5.html#smtpd_reject_unlisted_sender">smtpd_reject_unlisted_sender</a> (no)</b>
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
Request that the Postfix SMTP server rejects mail
from unknown sender addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_sender">reject_unlisted_sender</a> access restriction
is specified.
<b><a href="postconf.5.html#smtpd_reject_unlisted_recipient">smtpd_reject_unlisted_recipient</a> (yes)</b>
Request that the Postfix SMTP server rejects mail
Request that the Postfix SMTP server rejects mail
for unknown recipient addresses, even when no
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
explicit <a href="postconf.5.html#reject_unlisted_recipient">reject_unlisted_recipient</a> access restric-
tion is specified.
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_end_of_data_restrictions">smtpd_end_of_data_restrictions</a> (empty)</b>
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP END-OF-
Optional access restrictions that the Postfix SMTP
server applies in the context of the SMTP END-OF-
DATA command.
<b>SENDER AND RECIPIENT ADDRESS VERIFICATION CONTROLS</b>
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
Postfix version 2.1 introduces sender and recipient
address verification. This feature is implemented by
sending probe email messages that are not actually deliv-
ered. This feature is requested via the <a href="postconf.5.html#reject_unverified_sender">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_sender">fied_sender</a> and <a href="postconf.5.html#reject_unverified_recipient">reject_unverified_recipient</a> access
restrictions. The status of verification probes is main-
tained by the <a href="verify.8.html">verify(8)</a> server. See the file ADDRESS_VER-
<a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
<a href="IFICATION_README.html">IFICATION_README</a> for information about how to configure
and operate the Postfix sender/recipient address verifica-
tion service.
<b><a href="postconf.5.html#address_verify_poll_count">address_verify_poll_count</a> (3)</b>
How many times to query the <a href="verify.8.html">verify(8)</a> service for
the completion of an address verification request
How many times to query the <a href="verify.8.html">verify(8)</a> service for
the completion of an address verification request
in progress.
<b><a href="postconf.5.html#address_verify_poll_delay">address_verify_poll_delay</a> (3s)</b>
The delay between queries for the completion of an
The delay between queries for the completion of an
address verification request in progress.
<b><a href="postconf.5.html#address_verify_sender">address_verify_sender</a> (postmaster)</b>
The sender address to use in address verification
The sender address to use in address verification
probes.
<b><a href="postconf.5.html#unverified_sender_reject_code">unverified_sender_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
The numerical Postfix SMTP server response code
when a recipient address is rejected by the
<a href="postconf.5.html#reject_unverified_sender">reject_unverified_sender</a> restriction.
<b><a href="postconf.5.html#unverified_recipient_reject_code">unverified_recipient_reject_code</a> (450)</b>
The numerical Postfix SMTP server response when a
The numerical Postfix SMTP server response when a
recipient address is rejected by the <a href="postconf.5.html#reject_unverified_recipient">reject_unveri</a>-
<a href="postconf.5.html#reject_unverified_recipient">fied_recipient</a> restriction.
<b>ACCESS CONTROL RESPONSES</b>
The following parameters control numerical SMTP reply
The following parameters control numerical SMTP reply
codes and/or text responses.
<b><a href="postconf.5.html#access_map_reject_code">access_map_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html">access(5)</a> map
The numerical Postfix SMTP server response code
when a client is rejected by an <a href="access.5.html">access(5)</a> map
restriction.
<b><a href="postconf.5.html#defer_code">defer_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "defer" restriction.
<b><a href="postconf.5.html#invalid_hostname_reject_code">invalid_hostname_reject_code</a> (501)</b>
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
The numerical Postfix SMTP server response code
when the client HELO or EHLO command parameter is
rejected by the <a href="postconf.5.html#reject_invalid_hostname">reject_invalid_hostname</a> restric-
tion.
<b><a href="postconf.5.html#maps_rbl_reject_code">maps_rbl_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_rbl_client">reject_rbl_client</a>, <a href="postconf.5.html#reject_rhsbl_client">reject_rhsbl_client</a>,
<a href="postconf.5.html#reject_rhsbl_sender">reject_rhsbl_sender</a> or <a href="postconf.5.html#reject_rhsbl_recipient">reject_rhsbl_recipient</a>
@ -668,47 +672,47 @@ SMTPD(8) SMTPD(8)
<b><a href="postconf.5.html#non_fqdn_reject_code">non_fqdn_reject_code</a> (504)</b>
The numerical Postfix SMTP server reply code when a
client request is rejected by the
client request is rejected by the
<a href="postconf.5.html#reject_non_fqdn_hostname">reject_non_fqdn_hostname</a>, <a href="postconf.5.html#reject_non_fqdn_sender">reject_non_fqdn_sender</a> or
<a href="postconf.5.html#reject_non_fqdn_recipient">reject_non_fqdn_recipient</a> restriction.
<b><a href="postconf.5.html#reject_code">reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
The numerical Postfix SMTP server response code
when a remote SMTP client request is rejected by
the "<b>reject</b>" restriction.
<b><a href="postconf.5.html#relay_domains_reject_code">relay_domains_reject_code</a> (554)</b>
The numerical Postfix SMTP server response code
when a client request is rejected by the
The numerical Postfix SMTP server response code
when a client request is rejected by the
<a href="postconf.5.html#reject_unauth_destination">reject_unauth_destination</a> recipient restriction.
<b><a href="postconf.5.html#unknown_address_reject_code">unknown_address_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
The numerical Postfix SMTP server response code
when a sender or recipient address is rejected by
the <a href="postconf.5.html#reject_unknown_sender_domain">reject_unknown_sender_domain</a> or
<a href="postconf.5.html#reject_unknown_recipient_domain">reject_unknown_recipient_domain</a> restriction.
<b><a href="postconf.5.html#unknown_client_reject_code">unknown_client_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
ping is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
The numerical Postfix SMTP server response code
when a client without valid address &lt;=&gt; name map-
ping is rejected by the <a href="postconf.5.html#reject_unknown_client">reject_unknown_client</a>
restriction.
<b><a href="postconf.5.html#unknown_hostname_reject_code">unknown_hostname_reject_code</a> (450)</b>
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
The numerical Postfix SMTP server response code
when the hostname specified with the HELO or EHLO
command is rejected by the <a href="postconf.5.html#reject_unknown_hostname">reject_unknown_hostname</a>
restriction.
Available in Postfix version 2.0 and later:
<b><a href="postconf.5.html#default_rbl_reply">default_rbl_reply</a> (see 'postconf -d' output)</b>
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
The default SMTP server response template for a
request that is rejected by an RBL-based restric-
tion.
<b><a href="postconf.5.html#multi_recipient_bounce_reject_code">multi_recipient_bounce_reject_code</a> (550)</b>
The numerical Postfix SMTP server response code
The numerical Postfix SMTP server response code
when a remote SMTP client request is blocked by the
<a href="postconf.5.html#reject_multi_recipient_bounce">reject_multi_recipient_bounce</a> restriction.
@ -717,16 +721,16 @@ SMTPD(8) SMTPD(8)
<b>MISCELLANEOUS CONTROLS</b>
<b><a href="postconf.5.html#config_directory">config_directory</a> (see 'postconf -d' output)</b>
The default location of the Postfix main.cf and
The default location of the Postfix main.cf and
master.cf configuration files.
<b><a href="postconf.5.html#daemon_timeout">daemon_timeout</a> (18000s)</b>
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
How much time a Postfix daemon process may take to
handle a request before it is terminated by a
built-in watchdog timer.
<b><a href="postconf.5.html#command_directory">command_directory</a> (see 'postconf -d' output)</b>
The location of all postfix administrative com-
The location of all postfix administrative com-
mands.
<b><a href="postconf.5.html#double_bounce_sender">double_bounce_sender</a> (double-bounce)</b>
@ -747,36 +751,36 @@ SMTPD(8) SMTPD(8)
and most Postfix daemon processes.
<b><a href="postconf.5.html#max_idle">max_idle</a> (100s)</b>
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
The maximum amount of time that an idle Postfix
daemon process waits for the next service request
before exiting.
<b><a href="postconf.5.html#max_use">max_use</a> (100)</b>
The maximal number of connection requests before a
The maximal number of connection requests before a
Postfix daemon process terminates.
<b><a href="postconf.5.html#myhostname">myhostname</a> (see 'postconf -d' output)</b>
The internet hostname of this mail system.
<b><a href="postconf.5.html#mynetworks">mynetworks</a> (see 'postconf -d' output)</b>
The list of "trusted" SMTP clients that have more
The list of "trusted" SMTP clients that have more
privileges than "strangers".
<b><a href="postconf.5.html#myorigin">myorigin</a> ($<a href="postconf.5.html#myhostname">myhostname</a>)</b>
The domain name that locally-posted mail appears to
come from, and that locally posted mail is deliv-
come from, and that locally posted mail is deliv-
ered to.
<b><a href="postconf.5.html#process_id">process_id</a> (read-only)</b>
The process ID of a Postfix command or daemon pro-
The process ID of a Postfix command or daemon pro-
cess.
<b><a href="postconf.5.html#process_name">process_name</a> (read-only)</b>
The process name of a Postfix command or daemon
The process name of a Postfix command or daemon
process.
<b><a href="postconf.5.html#queue_directory">queue_directory</a> (see 'postconf -d' output)</b>
The location of the Postfix top-level queue direc-
The location of the Postfix top-level queue direc-
tory.
<b><a href="postconf.5.html#recipient_delimiter">recipient_delimiter</a> (empty)</b>
@ -784,22 +788,22 @@ SMTPD(8) SMTPD(8)
sions (user+foo).
<b><a href="postconf.5.html#smtpd_banner">smtpd_banner</a> ($<a href="postconf.5.html#myhostname">myhostname</a> ESMTP $<a href="postconf.5.html#mail_name">mail_name</a>)</b>
The text that follows the 220 status code in the
The text that follows the 220 status code in the
SMTP greeting banner.
<b><a href="postconf.5.html#syslog_facility">syslog_facility</a> (mail)</b>
The syslog facility of Postfix logging.
<b><a href="postconf.5.html#syslog_name">syslog_name</a> (postfix)</b>
The mail system name that is prepended to the pro-
The mail system name that is prepended to the pro-
cess name in syslog records, so that "smtpd"
becomes, for example, "postfix/smtpd".
Available in Postfix version 2.2 and later:
<b><a href="postconf.5.html#smtpd_forbidden_commands">smtpd_forbidden_commands</a> (CONNECT, GET, POST)</b>
List of commands that causes the Postfix SMTP
server to immediately terminate the session with a
List of commands that causes the Postfix SMTP
server to immediately terminate the session with a
221 code.
<b>SEE ALSO</b>
@ -826,7 +830,7 @@ SMTPD(8) SMTPD(8)
<a href="XFORWARD_README.html">XFORWARD_README</a>, Postfix XFORWARD extension
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

19
postfix/makedefs
View File

@ -125,6 +125,9 @@ case "$SYSTEM.$RELEASE" in
# Use the native compiler by default
: ${CC=cc}
: ${DEBUG="-g3"}
case $RELEASE in
V[0-4].*) CCARGS="$CCARGS -DNO_IPV6";;
esac
;;
SunOS.4*) SYSTYPE=SUNOS4
SYSLIBS=-lresolv
@ -132,14 +135,17 @@ case "$SYSTEM.$RELEASE" in
SunOS.5*) SYSTYPE=SUNOS5
RANLIB=echo
SYSLIBS="-lresolv -lsocket -lnsl"
# Solaris 8 added usleep() and POSIX regular expressions
case $RELEASE in
5.[0-4]) CCARGS="$CCARGS -DMISSING_USLEEP";;
*) CCARGS="$CCARGS -DHAS_POSIX_REGEXP";;
5.[0-4]) CCARGS="$CCARGS -DMISSING_USLEEP -DNO_POSIX_REGEXP";;
esac
# Solaris 8 added IPv6
case $RELEASE in
5.[0-7]) CCARGS="$CCARGS -DNO_IPV6";;
esac
CCARGS="$CCARGS -DCANT_WRITE_BEFORE_SENDING_FD"
# Solaris 9 added closefrom()
case $RELEASE in
5.9*|5.[1-9][0-9]*) CCARGS="$CCARGS -DHAS_CLOSEFROM";;
5.[0-8]) CCARGS="$CCARGS -DNO_CLOSEFROM";;
esac
# Work around broken str*casecmp(). Do it all here instead
# of having half the solution in the sys_defs.h file.
@ -236,6 +242,9 @@ case "$SYSTEM.$RELEASE" in
}
done
done
case "$RELEASE" in
2.[0-3].*) CCARGS="$CCARGS -DNO_IPV6";;
esac
;;
IRIX*.5.*) SYSTYPE=IRIX5
# Use the native compiler by default
@ -280,8 +289,10 @@ Rhapsody.5*|Darwin.*)
: ${CC=cc}
case $RELEASE in
1.[0-3]) AWK=gawk
CCARGS="$CCARGS -DNO_IPV6"
;;
[2-6].*) AWK=awk
CCARGS="$CCARGS -DNO_IPV6"
SYSLIBS=-flat_namespace
;;
*) AWK=awk

4
postfix/man/man1/postqueue.1
View File

@ -57,7 +57,9 @@ attempt will be made until the mail is taken off hold.
.RE
.IP "\fB-s \fIsite\fR"
Schedule immediate delivery of all mail that is queued for the named
\fIsite\fR. The site must be eligible for the "fast flush" service.
\fIsite\fR. A numerical site must be specified as a valid RFC 2821
address literal enclosed in [], just like in email addresses.
The site must be eligible for the "fast flush" service.
See \fBflush\fR(8) for more information about the "fast flush"
service.

15
postfix/man/man1/qmqp-sink.1
View File

@ -9,10 +9,10 @@ multi-threaded QMQP test server
.na
.nf
.fi
\fBqmqp-sink\fR [\fB-cv\fR] [\fB-x \fItime\fR]
\fBqmqp-sink\fR [\fB-46cv\fR] [\fB-x \fItime\fR]
[\fBinet:\fR][\fIhost\fR]:\fIport\fR \fIbacklog\fR
\fBqmqp-sink\fR [\fB-cv\fR] [\fB-x \fItime\fR]
\fBqmqp-sink\fR [\fB-46cv\fR] [\fB-x \fItime\fR]
\fBunix:\fR\fIpathname\fR \fIbacklog\fR
.SH DESCRIPTION
.ad
@ -21,9 +21,16 @@ multi-threaded QMQP test server
It receives messages from the network and throws them away.
The purpose is to measure QMQP client performance, not protocol
compliance.
Connections can be accepted on IPV4 endpoints or UNIX-domain sockets.
IPV4 is the default.
Connections can be accepted on IPv4 or IPv6 endpoints, or on
UNIX-domain sockets.
IPv4 and IPv6 are the default.
This program is the complement of the \fBqmqp-source\fR(1) program.
.IP \fB-4\fR
Support IPv4 only. This option has no effect when
Postfix is built without IPv6 support.
.IP \fB-6\fR
Support IPv6 only. This option is not available when
Postfix is built without IPv6 support.
.IP \fB-c\fR
Display a running counter that is updated whenever a delivery
is completed.

10
postfix/man/man1/qmqp-source.1
View File

@ -18,10 +18,16 @@ multi-threaded QMQP test generator
\fBqmqp-source\fR connects to the named host and TCP port (default 628)
and sends one or more messages to it, either sequentially
or in parallel. The program speaks the QMQP protocol.
Connections can be made to UNIX-domain and IPV4 servers.
IPV4 is the default.
Connections can be made to UNIX-domain and IPv4 or IPv6 servers.
IPv4 and IPv6 are the default.
Options:
.IP \fB-4\fR
Connect to the server with IPv4. This option has no effect when
Postfix is built without IPv6 support.
.IP \fB-6\fR
Connect to the server with IPv6. This option is not available when
Postfix is built without IPv6 support.
.IP \fB-c\fR
Display a running counter that is incremented each time
a delivery completes.

2
postfix/man/man1/sendmail.1
View File

@ -125,6 +125,8 @@ Backwards compatibility.
Non-default alias database. Specify \fIpathname\fR or
\fItype\fR:\fIpathname\fR. See \fBpostalias\fR(1) for
details.
.IP "\fB-O \fIoption=value\fR (ignored)"
Backwards compatibility.
.IP "\fB-o7\fR (ignored)"
.IP "\fB-o8\fR (ignored)"
To send 8-bit or binary content, use an appropriate MIME encapsulation

11
postfix/man/man1/smtp-sink.1
View File

@ -21,11 +21,18 @@ It takes SMTP messages from the network and throws them away.
The purpose is to measure client performance, not protocol
compliance.
Connections can be accepted on IPV4 endpoints or UNIX-domain sockets.
IPV4 is the default.
Connections can be accepted on IPv4 or IPv6 endpoints, or on
UNIX-domain sockets.
IPv4 and IPv6 are the default.
This program is the complement of the \fBsmtp-source\fR(1) program.
Arguments:
.IP \fB-4\fR
Support IPv4 only. This option has no effect when
Postfix is built without IPv6 support.
.IP \fB-6\fR
Support IPv6 only. This option is not available when
Postfix is built without IPv6 support.
.IP \fB-a\fR
Do not announce SASL authentication support.
.IP \fB-c\fR

11
postfix/man/man1/smtp-source.1
View File

@ -19,10 +19,17 @@ multi-threaded SMTP/LMTP test generator
(default: port 25)
and sends one or more messages to it, either sequentially
or in parallel. The program speaks either SMTP (default) or
LMTP. Connections can be made to UNIX-domain and IPV4 servers.
IPV4 is the default.
LMTP.
Connections can be made to UNIX-domain and IPv4 or IPv6 servers.
IPv4 and IPv6 are the default.
Arguments:
.IP \fB-4\fR
Connect to the server with IPv4. This option has no effect when
Postfix is built without IPv6 support.
.IP \fB-6\fR
Connect to the server with IPv6. This option is not available when
Postfix is built without IPv6 support.
.IP \fB-c\fR
Display a running counter that is incremented each time
an SMTP DATA command completes.

43
postfix/man/man5/access.5
View File

@ -19,7 +19,7 @@ format of Postfix access table
The optional \fBaccess\fR table directs the Postfix SMTP server
to selectively reject or accept mail. Access can be allowed or
denied for specific host names, domain names, networks, host
network addresses or mail addresses.
addresses or mail addresses.
For an example, see the EXAMPLE section at the end of this
manual page.
@ -110,11 +110,46 @@ order to match subdomains.
.IP \fInet.work.addr\fR
.IP \fInet.work\fR
.IP \fInet\fR
Matches any host address in the specified network. A network
address is a sequence of one or more octets separated by ".".
Matches the specified IPv4 host address or subnetwork. An
IPv4 host address is a sequence of four decimal octets
separated by ".".
NOTE: use the \fBcidr\fR lookup table type to specify
Subnetworks are matched by repeatedly truncating the last
".octet" from the remote IPv4 host address string until a
match is found in the access table, or until further
truncation is not possible.
NOTE 1: The information in the access map should be in
canonical form, with unnecessary null characters eliminated.
Address information must not be enclosed with "[]" characters.
NOTE 2: use the \fBcidr\fR lookup table type to specify
network/netmask patterns. See cidr_table(5) for details.
.IP \fInet:work:addr:ess\fR
.IP \fInet:work:addr\fR
.IP \fInet:work\fR
.IP \fInet\fR
Matches the specified IPv6 host address or subnetwork. An
IPv6 host address is a sequence of three to eight hexadecimal
octet pairs separated by ":".
Subnetworks are matched by repeatedly truncating the last
":octetpair" from the remote IPv6 host address string until
a match is found in the access table, or until further
truncation is not possible.
NOTE 1: the truncation and comparison are done with the
string representation of the IPv6 host address. Thus, not
all the ":" subnetworks will be tried.
NOTE 2: The information in the access map should be in
canonical form, with unnecessary null characters eliminated.
Address information must not be enclosed with "[]" characters.
NOTE 3: use the \fBcidr\fR lookup table type to specify
network/netmask patterns. See cidr_table(5) for details.
IPv6 support is available in Postfix 2.2 and later.
.SH "ACCEPT ACTIONS"
.na
.nf

8
postfix/man/man5/cidr_table.5
View File

@ -33,7 +33,13 @@ The general form of a Postfix CIDR table is:
.IP "\fInetwork_address\fB/\fInetwork_mask result\fR"
When a search string matches the specified network block,
use the corresponding \fIresult\fR value. Specify
0.0.0.0/0 to match every address.
0.0.0.0/0 to match every IPv4 address, and ::/0 to match
every IPv6 address.
Note: address information may be enclosed inside "[]" but
this form is not recommended.
IPv6 support is available in Postfix 2.2 and later.
.IP "\fInetwork_address result\fR"
When a search string matches the specified network address,
use the corresponding \fIresult\fR value.

181
postfix/man/man5/postconf.5
View File

@ -461,6 +461,12 @@ pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace.
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the authorized_verp_clients value, and in files
specified with "/file/name". IP version 6 addresses contain the
":" character, and would otherwise be confused with a "type:table"
pattern.
.SH backwards_bounce_logfile_compatibility (default: yes)
Produce additional bounce(8) logfile records that can be read by
older Postfix versions. The current and more extensible "name =
@ -1191,10 +1197,16 @@ the hash_queue_names parameter.
.PP
After changing the hash_queue_names or hash_queue_depth parameter,
execute the command "\fBpostfix reload\fR".
.SH hash_queue_names (default: see "postconf -d" output)
.SH hash_queue_names (default: deferred, defer)
The names of queue directories that are split across multiple
subdirectory levels.
.PP
Before Postfix version 2.2, the default list of hashed queues
was significantly larger. Claims about improvements in file system
technology suggest that hashing of the incoming and active queues
is no longer needed. Fewer hashed directories speed up the time
needed to restart Postfix.
.PP
After changing the hash_queue_names or hash_queue_depth parameter,
execute the command "\fBpostfix reload\fR".
.SH header_address_token_limit (default: 10240)
@ -1276,32 +1288,93 @@ number of messages delivered per second.
.PP
Specify 0 to disable the feature. Valid delays are 0..10.
.SH inet_interfaces (default: all)
The network interface addresses that this mail system receives mail
on. By default, the software claims all active interfaces on the
machine. The parameter also controls delivery of mail to
user@[ip.address].
The network interface addresses that this mail system receives
mail on. By default, the software claims all active interfaces on
the machine; with Postfix 2.2 and later, specify "\fBloopback-only\fR"
to select only local interfaces. The parameter also controls
delivery of mail to user@[ip.address].
.PP
When inet_interfaces consists of just one IP address that is not a
loopback (net 127) address, the Postfix SMTP client will use this address
as the IP source address for outbound mail.
Note: you need to stop and start Postfix when this parameter changes.
.PP
When inet_interfaces specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
this address as the IP source address for outbound mail.
.PP
On a multi-homed firewall with separate Postfix instances listening on the
"inside" and "outside" interfaces, this can prevent each instance from
being able to reach servers on the "other side" of the firewall. Setting
smtp_bind_address to 0.0.0.0 avoids the potential problem.
smtp_bind_address to 0.0.0.0 avoids the potential problem for
IPv4, and setting smtp_bind_address6 to :: solves the problem
for IPv6.
.PP
A better solution is to leave inet_interfaces at the default value
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value
and instead use explicit IP addresses in master.cf. This preserves SMTP
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IP address is primarily useful with virtual hosting of domains on
single IPv4 and/or IPV6 address is primarily useful with virtual
hosting of domains on
secondary IP addresses, when each IP address serves a different domain
(and has a different $myhostname setting).
.PP
See also the proxy_interfaces parameter, for network addresses that
are forwarded to us by way of a proxy or address translator.
are forwarded to Postfix by way of a proxy or address translator.
.PP
Note: you need to stop and start Postfix when this parameter changes.
Examples:
.PP
.nf
.na
.ft C
inet_interfaces = all (DEFAULT)
inet_interfaces = loopback-only
inet_interfaces = 127.0.0.1
inet_interfaces = 192.168.1.2, 127.0.0.1
.fi
.ad
.ft R
.SH inet_protocols (default: ipv4)
The Internet protocols Postfix will attempt to use when making
or accepting connections. Specify one or more of "ipv4" or "ipv6",
separated by whitespace or commas. The form "all" is equivalent to
"ipv4, ipv6".
.PP
Note: you MUST stop and start Postfix after changing this
parameter.
.PP
On systems that pre-date IPV6_V6ONLY support (RFC 3493), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the inet_protocols parameter. On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
IPv6 and IPv4, and each will accept only connections for the
corresponding protocol.
.PP
When IPv4 support is enabled via the inet_protocols parameter,
Postfix will to DNS type A record lookups, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (RFC 3493).
.PP
When IPv6 support is enabled via the inet_protocols parameter,
Postfix will do DNS type AAAA record lookups.
.PP
When both IPv4 and IPv6 support are enabled, the Postfix SMTP
client will attempt to connect via IPv6 before attempting to use
IPv4.
.PP
This feature is available in Postfix version 2.2 and later.
.PP
Examples:
.PP
.nf
.na
.ft C
inet_protocols = ipv4 (DEFAULT)
inet_protocols = all
inet_protocols = ipv6
inet_protocols = ipv4, ipv6
.fi
.ad
.ft R
.SH initial_destination_concurrency (default: 5)
The initial per-destination concurrency level for parallel delivery
to the same destination. This limit applies to delivery via smtp(8),
@ -2150,13 +2223,19 @@ The list is matched left to right, and the search stops on the
first match. Specify "!pattern" to exclude an address or network
block from the list.
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the mynetworks value, and in files specified with
"/file/name". IP version 6 addresses contain the ":" character,
and would otherwise be confused with a "type:table" pattern.
.PP
Examples:
.PP
.nf
.na
.ft C
mynetworks = 168.100.189.0/28, 127.0.0.0/8
mynetworks = 127.0.0.0/8 168.100.189.0/28
mynetworks = !192.168.0.1, 192.168.0.0/28
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64
mynetworks = $config_directory/mynetworks
mynetworks = hash:/etc/postfix/network_table
.fi
@ -2924,7 +3003,7 @@ the word "ESMTP" appears in the server greeting banner (example:
220 spike.porcupine.org ESMTP Postfix).
.SH smtp_bind_address (default: empty)
An optional numerical network address that the SMTP client should
bind to when making a connection.
bind to when making an IPv4 connection.
.PP
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
@ -2939,11 +3018,41 @@ for example:
.ad
.ft R
.PP
Note: when inet_interfaces specifies exactly one address that
is a non-loopback address, it is automatically used as the
smtp_bind_address. This supports virtual IP hosting, but can be
a problem on multi-homed firewalls. See the inet_interfaces
documentation for more detail.
Note 1: when inet_interfaces specifies no more than one IPv4
address, and that address is a non-loopback address, it is
automatically used as the smtp_bind_address. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
inet_interfaces documentation for more detail.
.PP
Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended.
.SH smtp_bind_address6 (default: empty)
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
.PP
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
for example:
.PP
.nf
.na
.ft C
/etc/postfix/master.cf:
smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8
.fi
.ad
.ft R
.PP
Note 1: when inet_interfaces specifies no more than one IPv6
address, and that address is a non-loopback address, it is
automatically used as the smtp_bind_address6. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
inet_interfaces documentation for more detail.
.PP
Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended.
.PP
This feature is available in Postfix version 2.2 and later.
.SH smtp_connect_timeout (default: 30s)
The SMTP client time limit for completing a TCP connection, or
zero (use the operating system built-in time limit).
@ -3321,6 +3430,12 @@ pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace.
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.
.SH smtpd_authorized_xclient_hosts (default: empty)
What SMTP clients are allowed to use the XCLIENT feature. This
command overrides SMTP client information that is used for access
@ -3341,6 +3456,12 @@ pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace.
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.
.SH smtpd_authorized_xforward_hosts (default: empty)
What SMTP clients are allowed to use the XFORWARD feature. This
command forwards information that is used to improve logging after
@ -3360,6 +3481,12 @@ pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace.
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.
.SH smtpd_banner (default: $myhostname ESMTP $mail_name)
The text that follows the 220 status code in the SMTP greeting
banner. Some people like to see the mail version advertised. By
@ -3420,6 +3547,12 @@ By default, clients in trusted networks are excluded. Specify a
list of network blocks, hostnames or .domain names (the initial
dot causes the domain to match any name below it).
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and
in files specified with "/file/name". IP version 6 addresses
contain the ":" character, and would otherwise be confused with a
"type:table" pattern.
.PP
This feature is available in Postfix 2.2 and later.
.SH smtpd_client_message_rate_limit (default: 0)
The maximal number of message delivery requests that any client is
@ -4140,6 +4273,12 @@ contents; a "type:table" lookup table is matched when a table entry
matches a lookup string (the lookup result is ignored). Continue
long lines by starting the next line with whitespace.
.PP
Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern.
.PP
Example:
.PP
.nf
@ -4766,7 +4905,7 @@ virtual(8) delivery agent will terminate with a fatal error.
Optional lookup tables with a) names of domains for which all
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix 2.1
remote domains. Available before Postfix version 2.0. With Postfix 2.0
and later, this is replaced by separate controls: virtual_alias_domains
and virtual_alias_maps.
.SH virtual_minimum_uid (default: 100)

6
postfix/man/man8/master.8
View File

@ -92,9 +92,6 @@ Use the \fBpostfix reload\fR command after a configuration change.
.nf
.ad
.fi
.IP "\fBdaemon_timeout (18000s)\fR"
How much time a Postfix daemon process may take to handle a
request before it is terminated by a built-in watchdog timer.
.IP "\fBdefault_process_limit (100)\fR"
The default maximal number of Postfix child processes that provide
a given service.
@ -123,6 +120,9 @@ invoked with the -D option.
.IP "\fBinet_interfaces (all)\fR"
The network interface addresses that this mail system receives mail
on.
.IP "\fBinet_protocols (ipv4)\fR"
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBimport_environment (see 'postconf -d' output)\fR"
The list of environment parameters that a Postfix process will
import from a non-Postfix parent process.

2
postfix/man/man8/qmqpd.8
View File

@ -65,7 +65,7 @@ The name of a mail delivery transport that filters mail after
it is queued.
.IP "\fBreceive_override_options (empty)\fR"
Enable or disable recipient validation, built-in content
filtering, or address rewriting.
filtering, or address mapping.
.SH "RESOURCE AND RATE CONTROLS"
.na
.nf

12
postfix/man/man8/smtp.8
View File

@ -279,8 +279,11 @@ Disable DNS lookups in the Postfix SMTP and LMTP clients.
Optional list of relay hosts for SMTP destinations that can't be
found or that are unreachable.
.IP "\fBinet_interfaces (all)\fR"
The network interface addresses that this mail system receives mail
on.
The network interface addresses that this mail system receives
mail on.
.IP "\fBinet_protocols (ipv4)\fR"
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBipc_timeout (3600s)\fR"
The time limit for sending or receiving information over an internal
communication channel.
@ -299,7 +302,10 @@ The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.IP "\fBsmtp_bind_address (empty)\fR"
An optional numerical network address that the SMTP client should
bind to when making a connection.
bind to when making an IPv4 connection.
.IP "\fBsmtp_bind_address6 (empty)\fR"
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
.IP "\fBsmtp_helo_name ($myhostname)\fR"
The hostname to send in the SMTP EHLO or HELO command.
.IP "\fBsmtp_host_lookup (dns)\fR"

7
postfix/man/man8/smtpd.8
View File

@ -290,11 +290,14 @@ Parameters concerning known/unknown local recipients:
The list of domains that are delivered via the $local_transport
mail delivery transport.
.IP "\fBinet_interfaces (all)\fR"
The network interface addresses that this mail system receives mail
on.
The network interface addresses that this mail system receives
mail on.
.IP "\fBproxy_interfaces (empty)\fR"
The network interface addresses that this mail system receives mail
on by way of a proxy or network address translation unit.
.IP "\fBinet_protocols (ipv4)\fR"
The Internet protocols Postfix will attempt to use when making
or accepting connections.
.IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR"
Lookup tables with all names or addresses of local recipients:
a recipient address is local when its domain matches $mydestination,

2
postfix/mantools/ccformat
View File

@ -17,7 +17,7 @@ TMPF=/tmp/ccformat.$$
ERROR=
TROFF=
BCK=
FLAGS="-st -di8 -npsl -bap -bad -bbb -bc -i4 -d0 -nip -nfc1 -cd41 -c49"
FLAGS="-st -di8 -npsl -bap -bad -bbb -nbc -i4 -d0 -nip -nfc1 -cd41 -c49"
trap 'rm -f .ind.$$ $TMPF; exit 1' 1 2 3 15

2
postfix/mantools/makereadme
View File

@ -4,7 +4,7 @@ sed '
s/<\/*table[^>]*>//g
s/<\/th[^>]*>//g
s/<\/td[^>]*>//g
s/"\([A-Z_]*\)\.html">/&\1:/
s/"\([A-Z0-9_]*\)\.html">/&\1:/
s/All main.cf parameters/postconf(5): &/
/All Postfix manual pages/d
' "$@"

2
postfix/mantools/postlink
View File

@ -181,6 +181,7 @@ while (<>) {
s;\bimport_environment\b;<a href="postconf.5.html#import_environment">$&</a>;g;
s;\bin_flow_delay\b;<a href="postconf.5.html#in_flow_delay">$&</a>;g;
s;\binet_interfaces\b;<a href="postconf.5.html#inet_interfaces">$&</a>;g;
s;\binet_protocols\b;<a href="postconf.5.html#inet_protocols">$&</a>;g;
s;\binitial_destination_concurrency\b;<a href="postconf.5.html#initial_destination_concurrency">$&</a>;g;
s;\binvalid_hostname_reject_code\b;<a href="postconf.5.html#invalid_hostname_reject_code">$&</a>;g;
s;\bipc_idle\b;<a href="postconf.5.html#ipc_idle">$&</a>;g;
@ -310,6 +311,7 @@ while (<>) {
s;\bshowq_service_name\b;<a href="postconf.5.html#showq_service_name">$&</a>;g;
s;\bsmtp_always_send_ehlo\b;<a href="postconf.5.html#smtp_always_send_ehlo">$&</a>;g;
s;\bsmtp_bind_address\b;<a href="postconf.5.html#smtp_bind_address">$&</a>;g;
s;\bsmtp_bind_address6\b;<a href="postconf.5.html#smtp_bind_address6">$&</a>;g;
s;\bsmtp_connect_timeout\b;<a href="postconf.5.html#smtp_connect_timeout">$&</a>;g;
s;\bsmtp_connection_cache_on_demand\b;<a href="postconf.5.html#smtp_connection_cache_on_demand">$&</a>;g;

1
postfix/mantools/xpostdef
View File

@ -40,7 +40,6 @@ execution_directory_expansion_filter
export_environment
forward_expansion_filter
forward_path
hash_queue_names
html_directory
import_environment
mail_release_date

10
postfix/proto/FILTER_README.html
View File

@ -802,7 +802,7 @@ content filtering turned on. </p>
# (yes) (yes) (yes) (never) (100)
# =================================================================
1.2.3.5:smtp inet n - n - - smtpd
-o content_filter=foo:bar
-o content_filter=filter-service:filter-destination
-o receive_override_options=no_address_mappings
</pre>
@ -828,14 +828,14 @@ address provides a different content filter service. </p>
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100)
# =================================================================
# SMTP service for domains that are content filtered with foo:bar
# SMTP service for domains that are filtered with service1:dest1
1.2.3.4:smtp inet n - n - - smtpd
-o content_filter=foo:bar
-o content_filter=service1:dest1
-o receive_override_options=no_address_mappings
# SMTP service for domains that are content filtered with xxx:yyy
# SMTP service for domains that are filtered with service2:dest2
1.2.3.5:smtp inet n - n - - smtpd
-o content_filter=xxx:yyy
-o content_filter=service2:dest2
-o receive_override_options=no_address_mappings
</pre>
</blockquote>

370
postfix/proto/IPV6_README.html Normal file
View File

@ -0,0 +1,370 @@
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Postfix IPv6 Support</title>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body>
<h1><img src="postfix-logo.jpg" width="203" height="98" ALT="">Postfix
IPv6 Support</h1>
<hr>
<h2>Introduction</h2>
<p> Postfix 2.2 introduces support for the IPv6 (IP version 6)
protocol, whose main feature of interest is that it uses 128-bit
IP addresses instead of the 32-bit addresses used by IPv4. </p>
<p> With this, Postfix can use the same SMTP protocol over IPv6 as
it already uses over the older IPv4 network, and Postfix can do
AAAA record lookups in the DNS in addition to the older A records.
Information about IPv6 can be found at http://www.ipv6.org/. </p>
<p> This document provides information on the following topics:
</p>
<ul>
<li><a href="#platforms">Supported platforms</a>
<li><a href="#configuration">Configuration</a>
<li><a href="#limitations">Known limitations</a>
<li><a href="#compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
<li><a href="#porting">IPv6 Support for unsupported platforms</a>
<li><a href="#credits">Credits</a>
</ul>
<h2><a name="platforms">Supported Platforms</a></h2>
<p> Postfix version 2.2 supports IPv4 and IPv6 on the following
platforms: </p>
<ul>
<li> AIX 5.1+
<li> Darwin 7.3+
<li> FreeBSD 4+
<li> Linux 2.4+
<li> NetBSD 1.5+
<li> OpenBSD 2+
<li> Solaris 8+
<li> Tru64Unix V5.1+
</ul>
<p> On other platforms Postfix will simply use IPv4 as it has always
done. </p>
<p> See <a href="#porting">below</a> for tips how to port Postfix
IPv6 support to other environments. </p>
<h2><a name="configuration">Configuration</a></h2>
<p> Postfix IPv6 support introduces two new main.cf configuration
parameters, and introduces an important change in address syntax
notation in match lists such as <tt>mynetworks</tt> or
<tt>debug_peer_list</tt>. </p>
<p> Postfix IPv6 address syntax is a little tricky, because there
are a few places where you must enclose IPv6 address inside
<tt>[]</tt> characters, and a few places where you must not. It is
a good idea to use <tt>[]</tt> only in the few places where you
have to. Check out the postconf(5) manual whenever you do IPv6
related configuration work with Postfix. </p>
<ul>
<li> <p> The new <tt>inet_protocols</tt> parameter specifies what
IP protocols Postfix will use. This parameter also controls what
DNS lookups Postfix will do. </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
# You must stop/start Postfix after changing this parameter.
inet_protocols = ipv4 (DEFAULT: enable IPv4 only)
inet_protocols = all (enable both IPv4 and IPv6)
inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
inet_protocols = ipv6 (enable IPv6 only)
</pre>
</blockquote>
<p> By default, Postfix uses IPv4 only, because most systems aren't
attached to an IPv6 network. </p>
<ul>
<li> <p> On systems with combined IPv4/IPv6 stacks, attempts to
deliver mail via IPv6 would always fail with "network unreachable",
and those attempts would only slow down Postfix. </p>
<li> <p> Linux kernels don't even load IPv6 protocol support by
default. Any attempt to use it would fail immediately. </p>
</ul>
<p> Note 1: you must stop and start Postfix after changing the
<tt>inet_protocols</tt> configuration parameter. </p>
<p> Note 2: if you see error messages like the following, then
you're running Linux and need to turn on IPv6 in the kernel: see
http://www.ipv6.org/ for hints and tips. Unlike other systems,
Linux does not have a combined stack for IPv4 and IPv6, and IPv6
protocol support is not loaded by default. </p>
<blockquote>
<pre>
postconf: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol
postconf: warning: inet_protocols: configuring for IPv4 support only
</pre>
</blockquote>
<p> Note 3: on older Linux and Solaris systems, the setting
"<tt>inet_protocols = ipv6</tt>" will not prevent Postfix from
accepting IPv4 connections. Postfix will present the client IP
addresses in IPv6 format, though. In all other cases, Postfix always
presents IPv4 client IP addresses in the traditional dotted quad
IPv4 format. </p>
<li> <p> The other new parameter is <tt>smtp_bind_address6</tt>.
This sets the local interface address for outgoing IPv6 SMTP
connections, just like the <tt>smtp_bind_address</tt> parameter
does for IPv4: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
smtp_bind_address6 = 2001:240:5c7:0:250:56ff:fe89:1
</pre>
</blockquote>
<li> <p> If you left the value of the <tt>mynetworks</tt> parameter at its
default (i.e. no <tt>mynetworks</tt> setting in main.cf) Postfix will figure
out by itself what its network addresses are. This is what a typical
setting looks like: </p>
<blockquote>
<pre>
% postconf mynetworks
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [fe80::]/10 [2001:240:5c7::]/64
</pre>
</blockquote>
<p> If you did specify the <tt>mynetworks</tt> parameter value in
main.cf, you need update the <tt>mynetworks</tt> value to include
the IPv6 networks the system is in. Be sure to specify IPv6 address
information inside <tt>[]</tt>, like this: </p>
<blockquote>
<pre>
/etc/postfix/main.cf:
mynetworks = ...<i>IPv4 networks</i>... [::1]/128 [2001:240:5c7::]/64 ...
</pre>
</blockquote>
</ul>
<p> <b> NOTE: when configuring Postfix match lists such as
<tt>mynetworks</tt> or <tt>debug_peer_list</tt>, you must specify
IPv6 address information inside <tt>[]</tt> in the main.cf parameter
value and in files specified with a "<i>/file/name</i>" pattern.
IPv6 addresses contain the ":" character, and would otherwise be
confused with a "<i>type:table</i>" pattern. </b> </p>
<h2><a name="limitations">Known Limitations</a></h2>
<ul>
<li> <p> The order of IPv6/IPv4 outgoing connection attempts is
not yet configurable. Currently, IPv6 is tried before IPv4. </p>
<li> <p> Postfix currently does not support DNSBL (real-time
blackhole list) lookups for IPv6 client IP addresses; currently
there are no blacklists that cover the IPv6 address space. </p>
<li> <p> IPv6 does not have class A, B, C, etc. networks. With IPv6
networks, the setting "<tt>mynetworks_style = class</tt>" has the
same effect as the setting "<tt>mynetworks_style = subnet</tt>".
</p>
<li> <p> On Tru64Unix, Postfix can't figure out the local subnet mask
and always assumes a /128 network. This is a problem only with
"<tt>mynetworks_style = subnet</tt>" and no explicit <tt>mynetworks</tt>
setting in main.cf. </p>
</ul>
<h2> <a name="compat">Compatibility with Postfix &lt;2.2 IPv6 support</a>
</h2>
<p> Postfix version 2.2 IPv6 support is based on the Postfix/IPv6 patch
by Dean Strik and others, but differs in a few minor ways. </p>
<ul>
<li> <p> main.cf: The <tt>inet_interfaces</tt> parameter does not support
the notation "<tt>ipv6:all</tt>" or "<tt>ipv4:all</tt>". Use the
<tt>inet_protocols</tt> parameter instead. </p>
<li> <p> main.cf: Specify "<tt>inet_protocols = all</tt>" or
"<tt>inet_protocols = ipv4, ipv6</tt>" in order to enable both IPv4
and IPv6 support. </p>
<li> <p> main.cf: The <tt>inet_protocols</tt> parameter also controls
what DNS lookups Postfix will attempt to make when delivering or
receiving mail. </p>
<li> <p> main.cf: Specify "<tt>inet_interfaces = loopback-only</tt>"
to listen on loopback network interfaces only. </p>
<li> <p> The <tt>lmtp_bind_address</tt> and <tt>lmtp_bind_address6</tt>
features were omitted. The Postfix LMTP client will be absorbed
into the SMTP client, so there is no reason to keep adding features
to the LMTP client. </p>
<li> <p> The SMTP server now requires that IPv6 addresses in SMTP
commands are specified as <tt>[ipv6:<i>ipv6address</i>]</tt>, as
described in RFC 2821. </p>
<li> <p> The IPv6 network address matching code was rewritten from
the ground up, and is expected to be closer to the specification.
The result may be incompatible with the Postfix/IPv6 patch.
</p>
</ul>
<h2><a name="porting">IPv6 Support for unsupported platforms</a></h2>
<p> Getting Postfix IPv6 working on other platforms involves the
following steps: </p>
<ul>
<li> <p> Specify how Postfix should find the local network interfaces.
Postfix needs this information to avoid mailer loops and to find out
if mail for <i>user@[ipaddress]</i> is a local or remote destination. </p>
<p> If your system has the <tt>getifaddrs()</tt> routine then add
the following to your platform-specific section in
<tt>src/util/sys_defs.h</tt>: </p>
<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
# define HAVE_GETIFADDRS
#endif
</pre>
</blockquote>
<p> Otherwise, if your system has the SIOCGLIF <tt>ioctl()</tt>
command in <tt>/usr/include/*/*.h</tt>, add the following to your
platform-specific section in <tt>src/util/sys_defs.h</tt>: </p>
<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
# define HAS_SIOCGLIF
#endif
</pre>
</blockquote>
<p> Otherwise, Postfix will have to use the old SIOCGIF commands
and get along with reduced IPv6 functionality (it won't be able to
figure out your IPv6 netmasks, which are needed for "<tt>mynetworks_style
= subnet</tt>". Add this to your platform-specific section in
<tt>src/util/sys_defs.h</tt>: </p>
<blockquote>
<pre>
#ifndef NO_IPV6
# define HAS_IPV6
#endif
</pre>
</blockquote>
<li> <p> Test if Postfix can figure out its interface information. </p>
<p> After compiling Postfix in the usual manner, step into the
<tt>src/util</tt> directory and type "<tt>make inet_addr_local</tt>".
Running this file by hand should produce all the interface addresses
and network masks, for example: </p>
<blockquote>
<pre>
% make
% cd src/util
% make inet_addr_local
[... some messages ...]
% ./inet_addr_local
[... some messages ...]
./inet_addr_local: inet_addr_local: configured 2 IPv4 addresses
./inet_addr_local: inet_addr_local: configured 4 IPv6 addresses
168.100.189.2/255.255.255.224
127.0.0.1/255.0.0.0
fe80:1::2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
2001:240:5c7:0:2d0:b7ff:fe88:2ca7/ffff:ffff:ffff:ffff::
fe80:5::1/ffff:ffff:ffff:ffff::
::1/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
</pre>
</blockquote>
<p> The above is for an old FreeBSD machine. Other systems produce
slightly different results, but you get the idea. </p>
</ul>
<p> If none of all this produces a usable result, send email to the
postfix-users@postfix.org mailing list and we'll try to help you
through this. </p>
<h2><a name="credits">Credits</a></h2>
<p> The following information is in part based on information that
was compiled by Dean Strik. </p>
<ul>
<li> <p> Mark Huizer wrote the original Postfix IPv6 patch. </p>
<li> <p> Jun-ichiro 'itojun' Hagino of the KAME project made
substantial improvements. Since then, we speak of the KAME patch.
</p>
<li> <p> The PLD Linux Distribution ported the code to other stacks
(notably USAGI). We speak of the PLD patch. A very important
feature of the PLD patch was that it can work with Lutz Jaenicke's
TLS patch for Postfix. </p>
<li> <p> Dean Strik extended IPv6 support to platforms other than
KAME and USAGI, updated the patch to keep up with Postfix development,
and provided a combined IPv6 + TLS patch. Information about his
effort can be found on Dean Strik's Postfix website at
http://www.ipnet6.org/postfix/. </p>
<li> <p> Wietse Venema took Dean Strik's IPv6 patch, merged it into
Postfix 2.2, and took the opportunity to eliminate all IPv4-specific
code from Postfix that could be removed. For systems without IPv6
support in the kernel and system libraries, Postfix has a simple
compatibility layer, so that it will use IPv4 as before. </p>
</ul>
</body>
</html>

12
postfix/proto/Makefile.in
View File

@ -17,7 +17,8 @@ HTML = ../html/ADDRESS_CLASS_README.html \
../html/DATABASE_README.html ../html/DB_README.html \
../html/DEBUG_README.html \
../html/ETRN_README.html ../html/FILTER_README.html \
../html/INSTALL.html ../html/LDAP_README.html \
../html/INSTALL.html ../html/IPV6_README.html \
../html/LDAP_README.html \
../html/LINUX_README.html ../html/LMTP_README.html \
../html/LOCAL_RECIPIENT_README.html ../html/MAILDROP_README.html \
../html/MYSQL_README.html ../html/NFS_README.html \
@ -48,7 +49,8 @@ README = ../README_FILES/ADDRESS_CLASS_README \
../README_FILES/DATABASE_README ../README_FILES/DB_README \
../README_FILES/DEBUG_README \
../README_FILES/ETRN_README ../README_FILES/FILTER_README \
../README_FILES/INSTALL ../README_FILES/LDAP_README \
../README_FILES/INSTALL ../README_FILES/IPV6_README \
../README_FILES/LDAP_README \
../README_FILES/LINUX_README ../README_FILES/LMTP_README \
../README_FILES/LOCAL_RECIPIENT_README ../README_FILES/MAILDROP_README \
../README_FILES/MYSQL_README ../README_FILES/NFS_README \
@ -157,6 +159,9 @@ clobber:
../html/INSTALL.html: INSTALL.html
$(POSTLINK) $? >$@
../html/IPV6_README.html: IPV6_README.html
$(POSTLINK) $? >$@
../html/LDAP_README.html: LDAP_README.html
$(POSTLINK) $? >$@
@ -283,6 +288,9 @@ clobber:
../README_FILES/INSTALL: INSTALL.html
$(HT2READ) $? >$@
../README_FILES/IPV6_README: IPV6_README.html
$(HT2READ) $? >$@
../README_FILES/LDAP_README: LDAP_README.html
$(HT2READ) $? >$@

4
postfix/proto/SMTPD_POLICY_README.html
View File

@ -108,6 +108,10 @@ size=12345
either does not send the attribute, or sends the attribute with
an empty value ("name="). </p>
<li> <p> The client address is an IPv4 dotted quad in the form
1.2.3.4 or it is an IPv6 address in the form 1:2:3::4:5:6.
</p>
<li> <p> An attribute name must not contain "=", null or newline,
and an attribute value must not contain null or newline. </p>

2
postfix/proto/SMTPD_PROXY_README.html
View File

@ -315,7 +315,7 @@ can't control when the remote SMTP client times out. </p>
<li> <p> smtpd_proxy_filter (syntax: host:port): The host and TCP
port of the before-queue content filter. When no host or host:
is specified in client context, localhost is assumed. </p>
is specified here, localhost is assumed. </p>
<li> <p> smtpd_proxy_timeout (default: 100s): Timeout for connecting
to the before-queue content filter and for sending and receiving

43
postfix/proto/access
View File

@ -13,7 +13,7 @@
# The optional \fBaccess\fR table directs the Postfix SMTP server
# to selectively reject or accept mail. Access can be allowed or
# denied for specific host names, domain names, networks, host
# network addresses or mail addresses.
# addresses or mail addresses.
#
# For an example, see the EXAMPLE section at the end of this
# manual page.
@ -96,11 +96,46 @@
# .IP \fInet.work.addr\fR
# .IP \fInet.work\fR
# .IP \fInet\fR
# Matches any host address in the specified network. A network
# address is a sequence of one or more octets separated by ".".
# Matches the specified IPv4 host address or subnetwork. An
# IPv4 host address is a sequence of four decimal octets
# separated by ".".
#
# NOTE: use the \fBcidr\fR lookup table type to specify
# Subnetworks are matched by repeatedly truncating the last
# ".octet" from the remote IPv4 host address string until a
# match is found in the access table, or until further
# truncation is not possible.
#
# NOTE 1: The information in the access map should be in
# canonical form, with unnecessary null characters eliminated.
# Address information must not be enclosed with "[]" characters.
#
# NOTE 2: use the \fBcidr\fR lookup table type to specify
# network/netmask patterns. See cidr_table(5) for details.
# .IP \fInet:work:addr:ess\fR
# .IP \fInet:work:addr\fR
# .IP \fInet:work\fR
# .IP \fInet\fR
# Matches the specified IPv6 host address or subnetwork. An
# IPv6 host address is a sequence of three to eight hexadecimal
# octet pairs separated by ":".
#
# Subnetworks are matched by repeatedly truncating the last
# ":octetpair" from the remote IPv6 host address string until
# a match is found in the access table, or until further
# truncation is not possible.
#
# NOTE 1: the truncation and comparison are done with the
# string representation of the IPv6 host address. Thus, not
# all the ":" subnetworks will be tried.
#
# NOTE 2: The information in the access map should be in
# canonical form, with unnecessary null characters eliminated.
# Address information must not be enclosed with "[]" characters.
#
# NOTE 3: use the \fBcidr\fR lookup table type to specify
# network/netmask patterns. See cidr_table(5) for details.
#
# IPv6 support is available in Postfix 2.2 and later.
# ACCEPT ACTIONS
# .ad
# .fi

8
postfix/proto/cidr_table
View File

@ -25,7 +25,13 @@
# .IP "\fInetwork_address\fB/\fInetwork_mask result\fR"
# When a search string matches the specified network block,
# use the corresponding \fIresult\fR value. Specify
# 0.0.0.0/0 to match every address.
# 0.0.0.0/0 to match every IPv4 address, and ::/0 to match
# every IPv6 address.
#
# Note: address information may be enclosed inside "[]" but
# this form is not recommended.
#
# IPv6 support is available in Postfix 2.2 and later.
# .IP "\fInetwork_address result\fR"
# When a search string matches the specified network address,
# use the corresponding \fIresult\fR value.

182
postfix/proto/postconf.proto
View File

@ -1406,13 +1406,19 @@ After changing the hash_queue_names or hash_queue_depth parameter,
execute the command "<b>postfix reload</b>".
</p>
%PARAM hash_queue_names see "postconf -d" output
%PARAM hash_queue_names deferred, defer
<p>
The names of queue directories that are split across multiple
subdirectory levels.
</p>
<p> Before Postfix version 2.2, the default list of hashed queues
was significantly larger. Claims about improvements in file system
technology suggest that hashing of the incoming and active queues
is no longer needed. Fewer hashed directories speed up the time
needed to restart Postfix. </p>
<p>
After changing the hash_queue_names or hash_queue_depth parameter,
execute the command "<b>postfix reload</b>".
@ -1540,42 +1546,98 @@ Specify 0 to disable the feature. Valid delays are 0..10.
%PARAM inet_interfaces all
<p>
The network interface addresses that this mail system receives mail
on. By default, the software claims all active interfaces on the
machine. The parameter also controls delivery of mail to
user@[ip.address].
</p>
<p> The network interface addresses that this mail system receives
mail on. By default, the software claims all active interfaces on
the machine; with Postfix 2.2 and later, specify "<b>loopback-only</b>"
to select only local interfaces. The parameter also controls
delivery of mail to user@[ip.address]. </p>
<p>
When inet_interfaces consists of just one IP address that is not a
loopback (net 127) address, the Postfix SMTP client will use this address
as the IP source address for outbound mail. </p>
Note: you need to stop and start Postfix when this parameter changes.
</p>
<p> When inet_interfaces specifies just one IPv4 and/or IPv6 address
that is not a loopback address, the Postfix SMTP client will use
this address as the IP source address for outbound mail. </p>
<p>
On a multi-homed firewall with separate Postfix instances listening on the
"inside" and "outside" interfaces, this can prevent each instance from
being able to reach servers on the "other side" of the firewall. Setting
smtp_bind_address to 0.0.0.0 avoids the potential problem. </p>
smtp_bind_address to 0.0.0.0 avoids the potential problem for
IPv4, and setting smtp_bind_address6 to :: solves the problem
for IPv6. </p>
<p>
A better solution is to leave inet_interfaces at the default value
A better solution for multi-homed firewalls is to leave inet_interfaces
at the default value
and instead use explicit IP addresses in master.cf. This preserves SMTP
loop detection, by ensuring that each side of the firewall knows that the
other IP address is still the same host. Setting $inet_interfaces to a
single IP address is primarily useful with virtual hosting of domains on
single IPv4 and/or IPV6 address is primarily useful with virtual
hosting of domains on
secondary IP addresses, when each IP address serves a different domain
(and has a different $myhostname setting). </p>
<p>
See also the proxy_interfaces parameter, for network addresses that
are forwarded to us by way of a proxy or address translator.
are forwarded to Postfix by way of a proxy or address translator.
</p>
<p>
Note: you need to stop and start Postfix when this parameter changes.
Examples:
</p>
<pre>
inet_interfaces = all (DEFAULT)
inet_interfaces = loopback-only
inet_interfaces = 127.0.0.1
inet_interfaces = 192.168.1.2, 127.0.0.1
</pre>
%PARAM inet_protocols ipv4
<p> The Internet protocols Postfix will attempt to use when making
or accepting connections. Specify one or more of "ipv4" or "ipv6",
separated by whitespace or commas. The form "all" is equivalent to
"ipv4, ipv6". </p>
<p> Note: you MUST stop and start Postfix after changing this
parameter. </p>
<p> On systems that pre-date IPV6_V6ONLY support (RFC 3493), an
IPv6 server will also accept IPv4 connections, even when IPv4 is
turned off with the inet_protocols parameter. On systems with
IPV6_V6ONLY support, Postfix will use separate server sockets for
IPv6 and IPv4, and each will accept only connections for the
corresponding protocol. </p>
<p> When IPv4 support is enabled via the inet_protocols parameter,
Postfix will to DNS type A record lookups, and will convert
IPv4-in-IPv6 client IP addresses (::ffff:1.2.3.4) to their original
IPv4 form (1.2.3.4). The latter is needed on hosts that pre-date
IPV6_V6ONLY support (RFC 3493). </p>
<p> When IPv6 support is enabled via the inet_protocols parameter,
Postfix will do DNS type AAAA record lookups. </p>
<p> When both IPv4 and IPv6 support are enabled, the Postfix SMTP
client will attempt to connect via IPv6 before attempting to use
IPv4. </p>
<p> This feature is available in Postfix version 2.2 and later. </p>
<p>
Examples:
</p>
<pre>
inet_protocols = ipv4 (DEFAULT)
inet_protocols = all
inet_protocols = ipv6
inet_protocols = ipv4, ipv6
</pre>
%PARAM initial_destination_concurrency 5
<p>
@ -2530,11 +2592,17 @@ lookup string (the lookup result is ignored). </p>
first match. Specify "!pattern" to exclude an address or network
block from the list. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the mynetworks value, and in files specified with
"/file/name". IP version 6 addresses contain the ":" character,
and would otherwise be confused with a "type:table" pattern. </p>
<p> Examples: </p>
<pre>
mynetworks = 168.100.189.0/28, 127.0.0.0/8
mynetworks = 127.0.0.0/8 168.100.189.0/28
mynetworks = !192.168.0.1, 192.168.0.0/28
mynetworks = 127.0.0.0/8 168.100.189.0/28 [::1]/128 [2001:240:5c7::]/64
mynetworks = $config_directory/mynetworks
mynetworks = hash:/etc/postfix/network_table
</pre>
@ -3256,7 +3324,7 @@ the word "ESMTP" appears in the server greeting banner (example:
<p>
An optional numerical network address that the SMTP client should
bind to when making a connection.
bind to when making an IPv4 connection.
</p>
<p>
@ -3270,11 +3338,43 @@ for example:
smtp ... smtp -o smtp_bind_address=11.22.33.44
</pre>
<p> Note: when inet_interfaces specifies exactly one address that
is a non-loopback address, it is automatically used as the
smtp_bind_address. This supports virtual IP hosting, but can be
a problem on multi-homed firewalls. See the inet_interfaces
documentation for more detail. </p>
<p> Note 1: when inet_interfaces specifies no more than one IPv4
address, and that address is a non-loopback address, it is
automatically used as the smtp_bind_address. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
inet_interfaces documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended. </p>
%PARAM smtp_bind_address6
<p>
An optional numerical network address that the SMTP client should
bind to when making an IPv6 connection.
</p>
<p>
This can be specified in the main.cf file for all SMTP clients, or
it can be specified in the master.cf file for a specific client,
for example:
</p>
<pre>
/etc/postfix/master.cf:
smtp ... smtp -o smtp_bind_address6=1:2:3:4:5:6:7:8
</pre>
<p> Note 1: when inet_interfaces specifies no more than one IPv6
address, and that address is a non-loopback address, it is
automatically used as the smtp_bind_address6. This supports virtual
IP hosting, but can be a problem on multi-homed firewalls. See the
inet_interfaces documentation for more detail. </p>
<p> Note 2: address information may be enclosed inside <tt>[]</tt>,
but this form is not recommended. </p>
<p> This feature is available in Postfix version 2.2 and later. </p>
%PARAM smtp_connection_cache_time_limit 2s
@ -3881,6 +3981,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the authorized_verp_clients value, and in files
specified with "/file/name". IP version 6 addresses contain the
":" character, and would otherwise be confused with a "type:table"
pattern. </p>
%PARAM smtpd_authorized_verp_clients $authorized_verp_clients
<p> What SMTP clients are allowed to specify the XVERP command.
@ -3902,6 +4008,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_verp_clients value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern. </p>
%PARAM smtpd_authorized_xclient_hosts
<p>
@ -3931,6 +4043,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_xclient_hosts value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern. </p>
%PARAM smtpd_authorized_xforward_hosts
<p>
@ -3959,6 +4077,12 @@ is matched when a table entry matches a lookup string (the lookup
result is ignored). Continue long lines by starting the next line
with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_authorized_xforward_hosts value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern. </p>
%PARAM smtpd_banner $myhostname ESMTP $mail_name
<p>
@ -4014,6 +4138,12 @@ list of network blocks, hostnames or .domain names (the initial
dot causes the domain to match any name below it).
</p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_client_event_limit_exceptions value, and
in files specified with "/file/name". IP version 6 addresses
contain the ":" character, and would otherwise be confused with a
"type:table" pattern. </p>
<p>
This feature is available in Postfix 2.2 and later.
</p>
@ -4916,6 +5046,12 @@ contents; a "type:table" lookup table is matched when a table entry
matches a lookup string (the lookup result is ignored). Continue
long lines by starting the next line with whitespace. </p>
<p> Note: IP version 6 address information must be specified inside
<tt>[]</tt> in the smtpd_sasl_exceptions_networks value, and in
files specified with "/file/name". IP version 6 addresses contain
the ":" character, and would otherwise be confused with a "type:table"
pattern. </p>
<p>
Example:
</p>
@ -7255,7 +7391,7 @@ parameter in the default main.cf file. </p>
<p> Optional lookup tables with a) names of domains for which all
addresses are aliased to addresses in other local or remote domains,
and b) addresses that are aliased to addresses in other local or
remote domains. Available before Postfix version 2.0. With Postfix 2.1
remote domains. Available before Postfix version 2.0. With Postfix 2.0
and later, this is replaced by separate controls: virtual_alias_domains
and virtual_alias_maps. </p>

24
postfix/proto/stop
View File

@ -835,3 +835,27 @@ Verisign
Verisign's
dd
itd
AAAA
DNSBL
GETIFADDRS
Hagino
Huizer
Jaenicke's
Lutz
PLD
SIOCGIF
SIOCGLIF
Strik
Strik's
Tru
USAGI
compat
ff
ffff
getifaddrs
ichiro
ifndef
ipnet
ipv
itojun
netmasks

2
postfix/src/anvil/Makefile.in
View File

@ -16,7 +16,7 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)

2
postfix/src/bounce/Makefile.in
View File

@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)

3
postfix/src/cleanup/Makefile.in
View File

@ -24,7 +24,7 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)
@ -189,7 +189,6 @@ cleanup_envelope.o: ../../include/mymalloc.h
cleanup_envelope.o: ../../include/stringops.h
cleanup_envelope.o: ../../include/nvtable.h
cleanup_envelope.o: ../../include/htable.h
cleanup_envelope.o: ../../include/name_code.h
cleanup_envelope.o: ../../include/record.h
cleanup_envelope.o: ../../include/rec_type.h
cleanup_envelope.o: ../../include/cleanup_user.h

2
postfix/src/discard/Makefile.in
View File

@ -16,7 +16,7 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)

95
postfix/src/dns/Makefile.in
View File

@ -1,13 +1,15 @@
SHELL = /bin/sh
SRCS = dns_lookup.c dns_rr.c dns_strerror.c dns_strtype.c
OBJS = dns_lookup.o dns_rr.o dns_strerror.o dns_strtype.o
SRCS = dns_lookup.c dns_rr.c dns_strerror.c dns_strtype.c dns_rr_to_pa.c \
dns_sa_to_rr.c dns_rr_eq_sa.c dns_rr_to_sa.c
OBJS = dns_lookup.o dns_rr.o dns_strerror.o dns_strtype.o dns_rr_to_pa.o \
dns_sa_to_rr.o dns_rr_eq_sa.o dns_rr_to_sa.o
HDRS = dns.h
TESTSRC = test_dns_lookup.c test_alias_token.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
INCL =
LIB = libdns.a
TESTPROG= test_dns_lookup
TESTPROG= test_dns_lookup dns_rr_to_pa dns_rr_to_sa dns_sa_to_rr dns_rr_eq_sa
LIBS = ../../lib/libutil.a
LIB_DIR = ../../lib
INC_DIR = ../../include
@ -17,11 +19,12 @@ INC_DIR = ../../include
all: $(LIB)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)
tests: test
tests: test dns_rr_to_pa_test dns_rr_to_sa_test dns_sa_to_rr_test \
dns_rr_eq_sa_test
$(LIB): $(OBJS)
$(AR) $(ARFL) $(LIB) $?
@ -41,6 +44,46 @@ update: $(LIB_DIR)/$(LIB) $(HDRS)
test_dns_lookup: test_dns_lookup.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
dns_rr_to_pa: $(LIB) $(LIBS)
mv $@.o junk
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mv junk $@.o
dns_rr_to_sa: $(LIB) $(LIBS)
mv $@.o junk
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mv junk $@.o
dns_sa_to_rr: $(LIB) $(LIBS)
mv $@.o junk
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mv junk $@.o
dns_rr_eq_sa: $(LIB) $(LIBS)
mv $@.o junk
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
mv junk $@.o
dns_rr_to_pa_test: dns_rr_to_pa dns_rr_to_pa.in dns_rr_to_pa.ref
./dns_rr_to_pa `cat dns_rr_to_pa.in` >dns_rr_to_pa.tmp
diff dns_rr_to_pa.ref dns_rr_to_pa.tmp
rm -f dns_rr_to_pa.tmp
dns_rr_to_sa_test: dns_rr_to_sa dns_rr_to_sa.in dns_rr_to_sa.ref
./dns_rr_to_sa `cat dns_rr_to_sa.in` >dns_rr_to_sa.tmp
diff dns_rr_to_sa.ref dns_rr_to_sa.tmp
rm -f dns_rr_to_sa.tmp
dns_sa_to_rr_test: dns_sa_to_rr dns_sa_to_rr.in dns_sa_to_rr.ref
./dns_sa_to_rr `cat dns_sa_to_rr.in` >dns_sa_to_rr.tmp
diff dns_sa_to_rr.ref dns_sa_to_rr.tmp
rm -f dns_sa_to_rr.tmp
dns_rr_eq_sa_test: dns_rr_eq_sa dns_rr_eq_sa.in dns_rr_eq_sa.ref
./dns_rr_eq_sa `cat dns_rr_eq_sa.in` >dns_rr_eq_sa.tmp
diff dns_rr_eq_sa.ref dns_rr_eq_sa.tmp
rm -f dns_rr_eq_sa.tmp
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck
@ -76,6 +119,8 @@ dns_lookup.o: ../../include/msg.h
dns_lookup.o: ../../include/valid_hostname.h
dns_lookup.o: ../../include/stringops.h
dns_lookup.o: dns.h
dns_lookup.o: ../../include/sock_addr.h
dns_lookup.o: ../../include/myaddrinfo.h
dns_rr.o: dns_rr.c
dns_rr.o: ../../include/sys_defs.h
dns_rr.o: ../../include/msg.h
@ -84,16 +129,54 @@ dns_rr.o: ../../include/myrand.h
dns_rr.o: dns.h
dns_rr.o: ../../include/vstring.h
dns_rr.o: ../../include/vbuf.h
dns_rr.o: ../../include/sock_addr.h
dns_rr.o: ../../include/myaddrinfo.h
dns_rr_eq_sa.o: dns_rr_eq_sa.c
dns_rr_eq_sa.o: ../../include/sys_defs.h
dns_rr_eq_sa.o: ../../include/msg.h
dns_rr_eq_sa.o: ../../include/sock_addr.h
dns_rr_eq_sa.o: dns.h
dns_rr_eq_sa.o: ../../include/vstring.h
dns_rr_eq_sa.o: ../../include/vbuf.h
dns_rr_eq_sa.o: ../../include/myaddrinfo.h
dns_rr_to_pa.o: dns_rr_to_pa.c
dns_rr_to_pa.o: ../../include/sys_defs.h
dns_rr_to_pa.o: ../../include/msg.h
dns_rr_to_pa.o: dns.h
dns_rr_to_pa.o: ../../include/vstring.h
dns_rr_to_pa.o: ../../include/vbuf.h
dns_rr_to_pa.o: ../../include/sock_addr.h
dns_rr_to_pa.o: ../../include/myaddrinfo.h
dns_rr_to_sa.o: dns_rr_to_sa.c
dns_rr_to_sa.o: ../../include/sys_defs.h
dns_rr_to_sa.o: ../../include/msg.h
dns_rr_to_sa.o: dns.h
dns_rr_to_sa.o: ../../include/vstring.h
dns_rr_to_sa.o: ../../include/vbuf.h
dns_rr_to_sa.o: ../../include/sock_addr.h
dns_rr_to_sa.o: ../../include/myaddrinfo.h
dns_sa_to_rr.o: dns_sa_to_rr.c
dns_sa_to_rr.o: ../../include/sys_defs.h
dns_sa_to_rr.o: ../../include/msg.h
dns_sa_to_rr.o: dns.h
dns_sa_to_rr.o: ../../include/vstring.h
dns_sa_to_rr.o: ../../include/vbuf.h
dns_sa_to_rr.o: ../../include/sock_addr.h
dns_sa_to_rr.o: ../../include/myaddrinfo.h
dns_strerror.o: dns_strerror.c
dns_strerror.o: ../../include/sys_defs.h
dns_strerror.o: ../../include/vstring.h
dns_strerror.o: ../../include/vbuf.h
dns_strerror.o: dns.h
dns_strerror.o: ../../include/sock_addr.h
dns_strerror.o: ../../include/myaddrinfo.h
dns_strtype.o: dns_strtype.c
dns_strtype.o: ../../include/sys_defs.h
dns_strtype.o: ../../include/vstring.h
dns_strtype.o: ../../include/vbuf.h
dns_strtype.o: dns.h
dns_strtype.o: ../../include/sock_addr.h
dns_strtype.o: ../../include/myaddrinfo.h
test_dns_lookup.o: test_dns_lookup.c
test_dns_lookup.o: ../../include/sys_defs.h
test_dns_lookup.o: ../../include/vstring.h
@ -102,3 +185,5 @@ test_dns_lookup.o: ../../include/msg.h
test_dns_lookup.o: ../../include/msg_vstream.h
test_dns_lookup.o: ../../include/vstream.h
test_dns_lookup.o: dns.h
test_dns_lookup.o: ../../include/sock_addr.h
test_dns_lookup.o: ../../include/myaddrinfo.h

50
postfix/src/dns/dns.h
View File

@ -59,6 +59,8 @@
* Utility library.
*/
#include <vstring.h>
#include <sock_addr.h>
#include <myaddrinfo.h>
/*
* Structure for fixed resource record data.
@ -99,7 +101,8 @@ extern unsigned dns_type(const char *);
/*
* dns_rr.c
*/
extern DNS_RR *dns_rr_create(const char *, DNS_FIXED *, unsigned,
extern DNS_RR *dns_rr_create(const char *, ushort, ushort,
unsigned, unsigned,
const char *, unsigned);
extern void dns_rr_free(DNS_RR *);
extern DNS_RR *dns_rr_copy(DNS_RR *);
@ -108,13 +111,54 @@ extern DNS_RR *dns_rr_sort(DNS_RR *, int (*) (DNS_RR *, DNS_RR *));
extern DNS_RR *dns_rr_shuffle(DNS_RR *);
extern DNS_RR *dns_rr_remove(DNS_RR *, DNS_RR *);
/*
* dns_rr_to_pa.c
*/
extern const char *dns_rr_to_pa(DNS_RR *, MAI_HOSTADDR_STR *);
/*
* dns_sa_to_rr.c
*/
extern DNS_RR *dns_sa_to_rr(const char *, unsigned, struct sockaddr *);
/*
* dns_rr_to_sa.c
*/
extern int dns_rr_to_sa(DNS_RR *, unsigned, struct sockaddr *, SOCKADDR_SIZE *);
/*
* dns_rr_eq_sa.c
*/
extern int dns_rr_eq_sa(DNS_RR *, struct sockaddr *);
#ifdef HAS_IPV6
#define DNS_RR_EQ_SA(rr, sa) \
((SOCK_ADDR_IN_FAMILY(sa) == AF_INET && (rr)->type == T_A \
&& SOCK_ADDR_IN_ADDR(sa).s_addr == IN_ADDR((rr)->data).s_addr) \
|| (SOCK_ADDR_IN_FAMILY(sa) == AF_INET6 && (rr)->type == T_AAAA \
&& memcmp((char *) &(SOCK_ADDR_IN6_ADDR(sa)), \
(rr)->data, (rr)->data_len) == 0))
#else
#define DNS_RR_EQ_SA(rr, sa) \
(SOCK_ADDR_IN_FAMILY(sa) == AF_INET && (rr)->type == T_A \
&& SOCK_ADDR_IN_ADDR(sa).s_addr == IN_ADDR((rr)->data).s_addr)
#endif
/*
* dns_lookup.c
*/
extern int dns_lookup(const char *, unsigned, unsigned, DNS_RR **,
VSTRING *, VSTRING *);
extern int dns_lookup_types(const char *, unsigned, DNS_RR **,
VSTRING *, VSTRING *,...);
extern int dns_lookup_l(const char *, unsigned, DNS_RR **, VSTRING *,
VSTRING *, int,...);
extern int dns_lookup_v(const char *, unsigned, DNS_RR **, VSTRING *,
VSTRING *, int, unsigned *);
/*
* Request flags.
*/
#define DNS_REQ_FLAG_ANY (1<<0)
#define DNS_REQ_FLAG_ALL (1<<1)
/*
* Status codes. Failures must have negative codes so they will not collide

125
postfix/src/dns/dns_lookup.c
View File

@ -6,21 +6,31 @@
/* SYNOPSIS
/* #include <dns.h>
/*
/* int dns_lookup(name, type, flags, list, fqdn, why)
/* int dns_lookup(name, type, rflags, list, fqdn, why)
/* const char *name;
/* unsigned type;
/* unsigned flags;
/* unsigned rflags;
/* DNS_RR **list;
/* VSTRING *fqdn;
/* VSTRING *why;
/*
/* int dns_lookup_types(name, flags, list, fqdn, why, type, ...)
/* int dns_lookup_l(name, rflags, list, fqdn, why, lflags, ltype, ...)
/* const char *name;
/* unsigned flags;
/* unsigned rflags;
/* DNS_RR **list;
/* VSTRING *fqdn;
/* VSTRING *why;
/* unsigned type;
/* int lflags;
/* unsigned ltype;
/*
/* int dns_lookup_v(name, rflags, list, fqdn, why, lflags, ltype)
/* const char *name;
/* unsigned rflags;
/* DNS_RR **list;
/* VSTRING *fqdn;
/* VSTRING *why;
/* int lflags;
/* unsigned *ltype;
/* DESCRIPTION
/* dns_lookup() looks up DNS resource records. When requested to
/* look up data other than type CNAME, it will follow a limited
@ -29,10 +39,8 @@
/* All name results are validated by \fIvalid_hostname\fR();
/* an invalid name is reported as a transient error.
/*
/* dns_lookup_types() allows the user to specify a null-terminated
/* list of resource types. This function calls dns_lookup() for each
/* listed type in the specified order, until the list is exhausted or
/* until the search result becomes not equal to DNS_NOTFOUND.
/* dns_lookup_l() and dns_lookup_v() allow the user to specify
/* a list of resource types.
/* INPUTS
/* .ad
/* .fi
@ -40,8 +48,8 @@
/* The name to be looked up in the domain name system.
/* .IP type
/* The resource record type to be looked up (T_A, T_MX etc.).
/* .IP flags
/* A bitwise OR of:
/* .IP rflags
/* Resolver flags. These are a bitwise OR of:
/* .RS
/* .IP RES_DEBUG
/* Print debugging information.
@ -50,6 +58,23 @@
/* .IP RES_DEFNAMES
/* Append local domain to unqualified names.
/* .RE
/* .IP lflags
/* Multi-type request control for dns_lookup_l() and
/* dns_lookup_v(). This is one of the following:
/* .RS
/* .IP DNS_REQ_FLAG_ANY
/* Call dns_lookup() for each specified resource record type
/* in the specified order, until the list is exhausted or
/* until some result is DNS_OK.
/* .IP DNS_REQ_FLAG_ALL
/* Call dns_lookup() for all specified resource record types
/* in the specified order, and merge their results.
/* .RE
/* .IP ltype
/* The resource record types to be looked up. In the case of
/* dns_lookup_l(), this is a null-terminated argument list.
/* In the case of dns_lookup_v(), this is a null-terminated
/* integer array.
/* OUTPUTS
/* .ad
/* .fi
@ -97,8 +122,6 @@
#include <sys_defs.h>
#include <netdb.h>
#include <stdlib.h> /* BSDI stdarg.h uses abort() */
#include <stdarg.h>
#include <string.h>
#include <ctype.h>
@ -109,7 +132,6 @@
#include <msg.h>
#include <valid_hostname.h>
#include <stringops.h>
#include <valid_hostname.h>
/* DNS library. */
@ -375,7 +397,8 @@ static DNS_RR *dns_get_rr(DNS_REPLY *reply, unsigned char *pos,
*dst = 0;
break;
}
return (dns_rr_create(rr_name, fixed, pref, temp, data_len));
return (dns_rr_create(rr_name, fixed->type, fixed->class, fixed->ttl,
pref, temp, data_len));
}
/* dns_get_alias - extract CNAME from name server reply */
@ -507,9 +530,9 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
int status;
/*
* The Linux resolver misbehaves when given an invalid domain name.
* DJBDNS produces a bogus A record when given a numerical hostname.
*/
if (!valid_hostname(name, DONT_GRIPE)) {
if (valid_hostaddr(name, DONT_GRIPE)) {
if (why)
vstring_sprintf(why,
"Name service error for %s: invalid host or domain name",
@ -519,9 +542,9 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
}
/*
* DJBDNS produces a bogus A record when given a numerical hostname.
* The Linux resolver misbehaves when given an invalid domain name.
*/
if (valid_hostaddr(name, DONT_GRIPE)) {
if (!valid_hostname(name, DONT_GRIPE)) {
if (why)
vstring_sprintf(why,
"Name service error for %s: invalid host or domain name",
@ -568,26 +591,70 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
return (DNS_NOTFOUND);
}
/* dns_lookup_types - DNS lookup interface with multiple types */
/* dns_lookup_l - DNS lookup interface with types list */
int dns_lookup_types(const char *name, unsigned flags, DNS_RR **rrlist,
VSTRING *fqdn, VSTRING *why,...)
int dns_lookup_l(const char *name, unsigned flags, DNS_RR **rrlist,
VSTRING *fqdn, VSTRING *why, int lflags,...)
{
va_list ap;
unsigned type;
int status = DNS_NOTFOUND;
DNS_RR *rr;
int non_err = 0;
int soft_err = 0;
va_start(ap, why);
if (rrlist)
*rrlist = 0;
va_start(ap, lflags);
while ((type = va_arg(ap, unsigned)) != 0) {
if (msg_verbose)
msg_info("lookup %s type %d flags %d", name, type, flags);
status = dns_lookup(name, type, flags, rrlist, fqdn, why);
if (status == DNS_OK)
break;
if (status == DNS_RETRY)
msg_info("lookup %s type %s flags %d",
name, dns_strtype(type), flags);
status = dns_lookup(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
fqdn, why);
if (status == DNS_OK) {
non_err = 1;
if (rrlist)
*rrlist = dns_rr_append(*rrlist, rr);
if (lflags == DNS_REQ_FLAG_ANY)
break;
} else if (status == DNS_RETRY) {
soft_err = 1;
}
}
va_end(ap);
return ((status == DNS_OK || soft_err == 0) ? status : DNS_RETRY);
return (non_err ? DNS_OK : soft_err ? DNS_RETRY : status);
}
/* dns_lookup_v - DNS lookup interface with types vector */
int dns_lookup_v(const char *name, unsigned flags, DNS_RR **rrlist,
VSTRING *fqdn, VSTRING *why, int lflags,
unsigned *types)
{
unsigned type;
int status = DNS_NOTFOUND;
DNS_RR *rr;
int non_err = 0;
int soft_err = 0;
if (rrlist)
*rrlist = 0;
while ((type = *types++) != 0) {
if (msg_verbose)
msg_info("lookup %s type %s flags %d",
name, dns_strtype(type), flags);
status = dns_lookup(name, type, flags, rrlist ? &rr : (DNS_RR **) 0,
fqdn, why);
if (status == DNS_OK) {
non_err = 1;
if (rrlist)
*rrlist = dns_rr_append(*rrlist, rr);
if (lflags == DNS_REQ_FLAG_ANY)
break;
} else if (status == DNS_RETRY) {
soft_err = 1;
}
}
return (non_err ? DNS_OK : soft_err ? DNS_RETRY : status);
}

20
postfix/src/dns/dns_rr.c
View File

@ -6,9 +6,12 @@
/* SYNOPSIS
/* #include <dns.h>
/*
/* DNS_RR *dns_rr_create(name, fixed, preference, data, data_len)
/* DNS_RR *dns_rr_create(name, type, class, ttl, preference,
/* data, data_len)
/* const char *name;
/* DNS_FIXED *fixed;
/* unsigned short type;
/* unsigned short class;
/* unsigned int ttl;
/* unsigned preference;
/* const char *data;
/* unsigned len;
@ -39,8 +42,6 @@
/*
/* dns_rr_create() creates and initializes one resource record.
/* The \fIname\fR record specifies the record name.
/* The \fIfixed\fR argument specifies generic resource record
/* information such as resource type and time to live;
/* \fIpreference\fR is used for MX records; \fIdata\fR is a null
/* pointer or specifies optional resource-specific data;
/* \fIdata_len\fR is the amount of resource-specific data.
@ -90,16 +91,17 @@
/* dns_rr_create - fill in resource record structure */
DNS_RR *dns_rr_create(const char *name, DNS_FIXED *fixed, unsigned pref,
DNS_RR *dns_rr_create(const char *name, ushort type, ushort class,
unsigned int ttl, unsigned pref,
const char *data, unsigned data_len)
{
DNS_RR *rr;
rr = (DNS_RR *) mymalloc(sizeof(*rr) + data_len - 1);
rr->name = mystrdup(name);
rr->type = fixed->type;
rr->class = fixed->class;
rr->ttl = fixed->ttl;
rr->type = type;
rr->class = class;
rr->ttl = ttl;
rr->pref = pref;
if (data && data_len > 0)
memcpy(rr->data, data, data_len);
@ -255,7 +257,7 @@ DNS_RR *dns_rr_shuffle(DNS_RR *list)
DNS_RR *dns_rr_remove(DNS_RR *list, DNS_RR *record)
{
if (list == 0)
if (list == 0)
msg_panic("dns_rr_remove: record not found");
if (list == record) {

137
postfix/src/dns/dns_rr_eq_sa.c Normal file
View File

@ -0,0 +1,137 @@
/*++
/* NAME
/* dns_rr_eq_sa 3
/* SUMMARY
/* compare resource record with socket address
/* SYNOPSIS
/* #include <dns.h>
/*
/* int dns_rr_eq_sa(DNS_RR *rr, struct sockaddr *sa)
/* DNS_RR *rr;
/* struct sockaddr *sa;
/*
/* int DNS_RR_EQ_SA(DNS_RR *rr, struct sockaddr *sa)
/* DNS_RR *rr;
/* struct sockaddr *sa;
/* DESCRIPTION
/* dns_rr_eq_sa() compares a DNS resource record with a socket
/* address. The result is non-zero when the resource type
/* matches the socket address family, and when the network
/* address information is identical.
/*
/* DNS_RR_EQ_SA() is an unsafe macro version for those who live fast.
/*
/* Arguments:
/* .IP rr
/* DNS resource record pointer.
/* .IP sa
/* Binary address pointer.
/* DIAGNOSTICS
/* Panic: unknown socket address family.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System libraries. */
#include <sys_defs.h>
/* Utility library. */
#include <msg.h>
#include <sock_addr.h>
/* DNS library. */
#include <dns.h>
/* dns_rr_eq_sa - compare resource record with socket address */
int dns_rr_eq_sa(DNS_RR *rr, struct sockaddr * sa)
{
const char *myname = "dns_rr_eq_sa";
if (sa->sa_family == AF_INET) {
return (rr->type == T_A
&& SOCK_ADDR_IN_ADDR(sa).s_addr == IN_ADDR(rr->data).s_addr);
#ifdef HAS_IPV6
} else if (sa->sa_family == AF_INET6) {
return (rr->type == T_AAAA
&& memcmp((char *) &SOCK_ADDR_IN6_ADDR(sa),
rr->data, rr->data_len) == 0);
#endif
} else {
msg_panic("%s: unsupported socket address family type: %d",
myname, sa->sa_family);
}
}
/*
* Stand-alone test program.
*/
#ifdef TEST
#include <vstream.h>
#include <myaddrinfo.h>
#include <inet_proto.h>
static const char *myname;
static NORETURN usage(void)
{
msg_fatal("usage: %s hostname address", myname);
}
int main(int argc, char **argv)
{
MAI_HOSTADDR_STR hostaddr;
DNS_RR *rr;
struct addrinfo *res0;
struct addrinfo *res1;
struct addrinfo *res;
int aierr;
myname = argv[0];
if (argc < 3)
usage();
inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
while (*++argv) {
if (argv[1] == 0)
usage();
if ((aierr = hostaddr_to_sockaddr(argv[1], (char *) 0, 0, &res1)) != 0)
msg_fatal("host address %s: %s", argv[1], MAI_STRERROR(aierr));
if ((rr = dns_sa_to_rr(argv[1], 0, res1->ai_addr)) == 0)
msg_fatal("dns_sa_to_rr: %m");
freeaddrinfo(res1);
if ((aierr = hostname_to_sockaddr(argv[0], (char *) 0, 0, &res0)) != 0)
msg_fatal("host name %s: %s", argv[0], MAI_STRERROR(aierr));
for (res = res0; res != 0; res = res->ai_next) {
SOCKADDR_TO_HOSTADDR(res->ai_addr, res->ai_addrlen,
&hostaddr, (MAI_SERVPORT_STR *) 0, 0);
vstream_printf("%s =?= %s\n", hostaddr.buf, argv[1]);
vstream_printf("tested by function: %s\n",
dns_rr_eq_sa(rr, res->ai_addr) ?
"yes" : "no");
vstream_printf("tested by macro: %s\n",
DNS_RR_EQ_SA(rr, res->ai_addr) ?
"yes" : "no");
}
dns_rr_free(rr);
freeaddrinfo(res0);
vstream_fflush(VSTREAM_OUT);
argv += 1;
}
}
#endif

4
postfix/src/dns/dns_rr_eq_sa.in Normal file
View File

@ -0,0 +1,4 @@
spike.porcupine.org 168.100.189.2
spike.porcupine.org 168.100.189.3
spike.porcupine.org 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
spike.porcupine.org 2001:240:5c7:0:2d0:b7ff:febe:ca9f

24
postfix/src/dns/dns_rr_eq_sa.ref Normal file
View File

@ -0,0 +1,24 @@
2001:240:5c7:0:2d0:b7ff:fe88:2ca7 =?= 168.100.189.2
tested by function: no
tested by macro: no
168.100.189.2 =?= 168.100.189.2
tested by function: yes
tested by macro: yes
2001:240:5c7:0:2d0:b7ff:fe88:2ca7 =?= 168.100.189.3
tested by function: no
tested by macro: no
168.100.189.2 =?= 168.100.189.3
tested by function: no
tested by macro: no
2001:240:5c7:0:2d0:b7ff:fe88:2ca7 =?= 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
tested by function: yes
tested by macro: yes
168.100.189.2 =?= 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
tested by function: no
tested by macro: no
2001:240:5c7:0:2d0:b7ff:fe88:2ca7 =?= 2001:240:5c7:0:2d0:b7ff:febe:ca9f
tested by function: no
tested by macro: no
168.100.189.2 =?= 2001:240:5c7:0:2d0:b7ff:febe:ca9f
tested by function: no
tested by macro: no

113
postfix/src/dns/dns_rr_to_pa.c Normal file
View File

@ -0,0 +1,113 @@
/*++
/* NAME
/* dns_rr_to_pa 3
/* SUMMARY
/* resource record to printable address
/* SYNOPSIS
/* #include <dns.h>
/*
/* const char *dns_rr_to_pa(rr, hostaddr)
/* DNS_RR *rr;
/* MAI_HOSTADDR_STR *hostaddr;
/* DESCRIPTION
/* dns_rr_to_pa() converts the address in a DNS resource record
/* into printable form and returns a pointer to the result.
/*
/* Arguments:
/* .IP rr
/* The DNS resource record.
/* .IP hostaddr
/* Storage for the printable address.
/* DIAGNOSTICS
/* The result is null in case of problems, with errno set
/* to indicate the nature of the problem.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System libraries. */
#include <sys_defs.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
/* Utility library. */
#include <msg.h>
/* DNS library. */
#include <dns.h>
/* dns_rr_to_pa - resource record to printable address */
const char *dns_rr_to_pa(DNS_RR *rr, MAI_HOSTADDR_STR *hostaddr)
{
if (rr->type == T_A) {
return (inet_ntop(AF_INET, rr->data, hostaddr->buf,
sizeof(hostaddr->buf)));
#ifdef HAS_IPV6
} else if (rr->type == T_AAAA) {
return (inet_ntop(AF_INET6, rr->data, hostaddr->buf,
sizeof(hostaddr->buf)));
#endif
} else {
errno = EAFNOSUPPORT;
return (0);
}
}
/*
* Stand-alone test program.
*/
#ifdef TEST
#include <vstream.h>
#include <myaddrinfo.h>
static const char *myname;
static NORETURN usage(void)
{
msg_fatal("usage: %s dnsaddrtype hostname", myname);
}
int main(int argc, char **argv)
{
DNS_RR *rr;
MAI_HOSTADDR_STR hostaddr;
VSTRING *why;
int type;
myname = argv[0];
if (argc < 3)
usage();
why = vstring_alloc(1);
while (*++argv) {
if (argv[1] == 0)
usage();
if ((type = dns_type(argv[0])) == 0)
usage();
if (dns_lookup(argv[1], type, 0, &rr, (VSTRING *) 0, why) != DNS_OK)
msg_fatal("%s: %s", argv[1], vstring_str(why));
if (dns_rr_to_pa(rr, &hostaddr) == 0)
msg_fatal("dns_rr_to_sa: %m");
vstream_printf("%s -> %s\n", argv[1], hostaddr.buf);
vstream_fflush(VSTREAM_OUT);
argv += 1;
dns_rr_free(rr);
}
vstring_free(why);
return (0);
}
#endif

2
postfix/src/dns/dns_rr_to_pa.in Normal file
View File

@ -0,0 +1,2 @@
a spike.porcupine.org
aaaa spike.porcupine.org

2
postfix/src/dns/dns_rr_to_pa.ref Normal file
View File

@ -0,0 +1,2 @@
spike.porcupine.org -> 168.100.189.2
spike.porcupine.org -> 2001:240:5c7:0:2d0:b7ff:fe88:2ca7

163
postfix/src/dns/dns_rr_to_sa.c Normal file
View File

@ -0,0 +1,163 @@
/*++
/* NAME
/* dns_rr_to_sa 3
/* SUMMARY
/* resource record to socket address
/* SYNOPSIS
/* #include <dns.h>
/*
/* int dns_rr_to_sa(rr, port, sa, sa_len)
/* DNS_RR *rr;
/* unsigned port;
/* struct sockaddr *sa;
/* SOCKADDR_SIZE *sa_len;
/* DESCRIPTION
/* dns_rr_to_sa() converts the address in a DNS resource record into
/* a socket address of the corresponding type.
/*
/* Arguments:
/* .IP rr
/* DNS resource record pointer.
/* .IP port
/* TCP or UDP port, network byte order.
/* .IP sa
/* Socket address pointer.
/* .IP sa_len
/* On input, the available socket address storage space.
/* On output, the amount of space actually used.
/* DIAGNOSTICS
/* The result is non-zero in case of problems, with the
/* error type returned via the errno variable.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System libraries. */
#include <sys_defs.h>
#include <errno.h>
/* Utility library. */
#include <msg.h>
/* DNS library. */
#include <dns.h>
/* dns_rr_to_sa - resource record to socket address */
int dns_rr_to_sa(DNS_RR *rr, unsigned port, struct sockaddr * sa,
SOCKADDR_SIZE *sa_len)
{
SOCKADDR_SIZE sock_addr_len;
if (rr->type == T_A) {
if (rr->data_len != sizeof(SOCK_ADDR_IN_ADDR(sa))) {
errno = EINVAL;
return (-1);
} else if ((sock_addr_len = sizeof(*SOCK_ADDR_IN_PTR(sa))) > *sa_len) {
errno = ENOSPC;
return (-1);
} else {
memset((char *) SOCK_ADDR_IN_PTR(sa), 0, sock_addr_len);
SOCK_ADDR_IN_FAMILY(sa) = AF_INET;
SOCK_ADDR_IN_PORT(sa) = port;
SOCK_ADDR_IN_ADDR(sa) = IN_ADDR(rr->data);
#ifdef HAS_SA_LEN
sa->sa_len = sock_addr_len;
#endif
*sa_len = sock_addr_len;
return (0);
}
#ifdef HAS_IPV6
} else if (rr->type == T_AAAA) {
if (rr->data_len != sizeof(SOCK_ADDR_IN6_ADDR(sa))) {
errno = EINVAL;
return (-1);
} else if ((sock_addr_len = sizeof(*SOCK_ADDR_IN6_PTR(sa))) > *sa_len) {
errno = ENOSPC;
return (-1);
} else {
memset((char *) SOCK_ADDR_IN6_PTR(sa), 0, sock_addr_len);
SOCK_ADDR_IN6_FAMILY(sa) = AF_INET6;
SOCK_ADDR_IN6_PORT(sa) = port;
SOCK_ADDR_IN6_ADDR(sa) = IN6_ADDR(rr->data);
#ifdef HAS_SA_LEN
sa->sa_len = sock_addr_len;
#endif
*sa_len = sock_addr_len;
return (0);
}
#endif
} else {
errno = EAFNOSUPPORT;
return (-1);
}
}
/*
* Stand-alone test program.
*/
#ifdef TEST
#include <stdlib.h>
#include <stringops.h>
#include <vstream.h>
#include <myaddrinfo.h>
static const char *myname;
static NORETURN usage(void)
{
msg_fatal("usage: %s dnsaddrtype hostname portnumber", myname);
}
int main(int argc, char **argv)
{
DNS_RR *rr;
MAI_HOSTADDR_STR hostaddr;
MAI_SERVPORT_STR portnum;
struct sockaddr_storage ss;
struct sockaddr *sa = (struct sockaddr *) & ss;
SOCKADDR_SIZE sa_len = sizeof(ss);
VSTRING *why;
int type;
int port;
myname = argv[0];
if (argc < 4)
usage();
why = vstring_alloc(1);
while (*++argv) {
if (argv[1] == 0 || argv[2] == 0)
usage();
if ((type = dns_type(argv[0])) == 0)
usage();
if (!alldig(argv[2]) || (port = atoi(argv[2])) > 65535)
usage();
if (dns_lookup(argv[1], type, 0, &rr, (VSTRING *) 0, why) != DNS_OK)
msg_fatal("%s: %s", argv[1], vstring_str(why));
sa_len = sizeof(ss);
if (dns_rr_to_sa(rr, htons(port), sa, &sa_len) != 0)
msg_fatal("dns_rr_to_sa: %m");
SOCKADDR_TO_HOSTADDR(sa, sa_len, &hostaddr, &portnum, 0);
vstream_printf("%s %s -> %s %s\n",
argv[1], argv[2], hostaddr.buf, portnum.buf);
vstream_fflush(VSTREAM_OUT);
argv += 2;
dns_rr_free(rr);
}
vstring_free(why);
return (0);
}
#endif

2
postfix/src/dns/dns_rr_to_sa.in Normal file
View File

@ -0,0 +1,2 @@
a spike.porcupine.org 25
aaaa spike.porcupine.org 25

2
postfix/src/dns/dns_rr_to_sa.ref Normal file
View File

@ -0,0 +1,2 @@
spike.porcupine.org 25 -> 168.100.189.2 25
spike.porcupine.org 25 -> 2001:240:5c7:0:2d0:b7ff:fe88:2ca7 25

118
postfix/src/dns/dns_sa_to_rr.c Normal file
View File

@ -0,0 +1,118 @@
/*++
/* NAME
/* dns_sa_to_rr 3
/* SUMMARY
/* socket address to resource record
/* SYNOPSIS
/* #include <dns.h>
/*
/* DNS_RR *dns_sa_to_rr(hostname, pref, sa)
/* const char *hostname;
/* unsigned pref;
/* struct sockaddr *sa;
/* DESCRIPTION
/* dns_sa_to_rr() converts a socket address into a DNS resource record.
/*
/* Arguments:
/* .IP hostname
/* The resource record host name.
/* .IP pref
/* The resource record MX host preference, if applicable.
/* .IP sa
/* Binary address.
/* DIAGNOSTICS
/* The result is a null pointer in case of problems, with the
/* errno variable set to indicate the problem type.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System libraries. */
#include <sys_defs.h>
#include <errno.h>
/* Utility library. */
#include <msg.h>
/* DNS library. */
#include <dns.h>
/* dns_sa_to_rr - socket address to resource record */
DNS_RR *dns_sa_to_rr(const char *hostname, unsigned pref, struct sockaddr * sa)
{
#define DUMMY_TTL 0
if (sa->sa_family == AF_INET) {
return (dns_rr_create(hostname, T_A, C_IN, DUMMY_TTL, pref,
(char *) &SOCK_ADDR_IN_ADDR(sa),
sizeof(SOCK_ADDR_IN_ADDR(sa))));
#ifdef HAS_IPV6
} else if (sa->sa_family == AF_INET6) {
return (dns_rr_create(hostname, T_AAAA, C_IN, DUMMY_TTL, pref,
(char *) &SOCK_ADDR_IN6_ADDR(sa),
sizeof(SOCK_ADDR_IN6_ADDR(sa))));
#endif
} else {
errno = EAFNOSUPPORT;
return (0);
}
}
/*
* Stand-alone test program.
*/
#ifdef TEST
#include <vstream.h>
#include <myaddrinfo.h>
#include <inet_proto.h>
static const char *myname;
static NORETURN usage(void)
{
msg_fatal("usage: %s hostname", myname);
}
int main(int argc, char **argv)
{
MAI_HOSTADDR_STR hostaddr;
struct addrinfo *res0;
struct addrinfo *res;
DNS_RR *rr;
int aierr;
myname = argv[0];
if (argc < 2)
usage();
inet_proto_init(argv[0], INET_PROTO_NAME_ALL);
while (*++argv) {
if ((aierr = hostname_to_sockaddr(argv[0], (char *) 0, 0, &res0)) != 0)
msg_fatal("%s: %s", argv[0], MAI_STRERROR(aierr));
for (res = res0; res != 0; res = res->ai_next) {
if ((rr = dns_sa_to_rr(argv[0], 0, res->ai_addr)) == 0)
msg_fatal("dns_sa_to_rr: %m");
if (dns_rr_to_pa(rr, &hostaddr) == 0)
msg_fatal("dns_rr_to_pa: %m");
vstream_printf("%s -> %s\n", argv[0], hostaddr.buf);
vstream_fflush(VSTREAM_OUT);
dns_rr_free(rr);
}
freeaddrinfo(res0);
}
return (0);
}
#endif

1
postfix/src/dns/dns_sa_to_rr.in Normal file
View File

@ -0,0 +1 @@
spike.porcupine.org

2
postfix/src/dns/dns_sa_to_rr.ref Normal file
View File

@ -0,0 +1,2 @@
spike.porcupine.org -> 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
spike.porcupine.org -> 168.100.189.2

14
postfix/src/dns/test_dns_lookup.c
View File

@ -40,14 +40,19 @@
static void print_rr(DNS_RR *rr)
{
struct in_addr addr;
MAI_HOSTADDR_STR host;
while (rr) {
printf("%s: ttl: %9d ", rr->name, rr->ttl);
switch (rr->type) {
case T_A:
memcpy((char *) &addr.s_addr, rr->data, sizeof(addr.s_addr));
printf("%s: %s\n", dns_strtype(rr->type), inet_ntoa(addr));
#ifdef T_AAAA
case T_AAAA:
#endif
if (dns_rr_to_pa(rr, &host) == 0)
msg_fatal("conversion error for resource record type %s: %m",
dns_strtype(rr->type));
printf("%s: %s\n", dns_strtype(rr->type), host.buf);
break;
case T_CNAME:
case T_MB:
@ -85,7 +90,8 @@ int main(int argc, char **argv)
msg_fatal("invalid query type: %s", argv[1]);
name = argv[2];
msg_verbose = 1;
switch (dns_lookup_types(name, RES_DEFNAMES | RES_DEBUG, &rr, fqdn, why, type, 0)) {
switch (dns_lookup_l(name, RES_DEFNAMES | RES_DEBUG, &rr, fqdn, why,
DNS_REQ_FLAG_ALL, type, 0)) {
default:
msg_fatal("%s", vstring_str(why));
case DNS_OK:

2
postfix/src/error/Makefile.in
View File

@ -16,7 +16,7 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)

2
postfix/src/flush/Makefile.in
View File

@ -16,7 +16,7 @@ $(PROG): $(OBJS) $(LIBS)
$(CC) $(CFLAGS) -o $@ $(OBJS) $(LIBS) $(SYSLIBS)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)

2
postfix/src/fsstone/Makefile.in
View File

@ -15,7 +15,7 @@ LIBS = ../../lib/libglobal.a ../../lib/libutil.a
all: $(PROG)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
fsstone: fsstone.o $(LIBS)
$(CC) $(CFLAGS) -o $@ fsstone.o $(LIBS) $(SYSLIBS)

55
postfix/src/global/Makefile.in
View File

@ -24,7 +24,8 @@ SRCS = abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c verify.c \
verify_clnt.c verp_sender.c virtual8_maps.c xtext.c scache_single.c \
scache_clnt.c scache_multi.c user_acl.c mkmap_cdb.c mkmap_sdbm.c \
ehlo_mask.c
ehlo_mask.c \
wildcard_inet_addr.c valid_mailhost_addr.c
OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
clnt_stream.o debug_peer.o debug_process.o defer.o \
@ -50,7 +51,8 @@ OBJS = abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o verify.o \
verify_clnt.o verp_sender.o virtual8_maps.o xtext.o scache_single.o \
scache_clnt.o scache_multi.o user_acl.o mkmap_cdb.o mkmap_sdbm.o \
ehlo_mask.o
ehlo_mask.o \
wildcard_inet_addr.o valid_mailhost_addr.o
HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
debug_peer.h debug_process.h defer.h deliver_completed.h \
@ -71,7 +73,8 @@ HDRS = abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
resolve_local.h rewrite_clnt.h sent.h smtp_stream.h split_addr.h \
string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
trace.h verify.h verify_clnt.h verp_sender.h virtual8_maps.h \
xtext.h scache.h user_acl.h ehlo_mask.h
xtext.h scache.h user_acl.h ehlo_mask.h \
wildcard_inet_addr.h valid_mailhost_addr.h
TESTSRC = rec2stream.c stream2rec.c recdump.c
DEFS = -I. -I$(INC_DIR) -D$(SYSTYPE)
CFLAGS = $(DEBUG) $(OPT) $(DEFS)
@ -82,7 +85,8 @@ TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \
off_cvt quote_822_local rec2stream recdump resolve_clnt \
resolve_local rewrite_clnt stream2rec string_list tok822_parse \
quote_821_local mail_conf_time mime_state strip_addr \
virtual8_maps verify_clnt xtext anvil_clnt scache ehlo_mask
virtual8_maps verify_clnt xtext anvil_clnt scache ehlo_mask \
valid_mailhost_addr
LIBS = ../../lib/libutil.a
LIB_DIR = ../../lib
@ -94,7 +98,7 @@ MAKES =
all: $(LIB)
Makefile: Makefile.in
(set -e; echo "# DO NOT EDIT"; $(OPTS) $(SHELL) ../../makedefs && cat $?) >$@
(echo "# DO NOT EDIT"; tail +2 ../../conf/makedefs.out; cat $?) >$@
test: $(TESTPROG)
@ -256,9 +260,13 @@ scache: scache.c $(LIB) $(LIBS)
ehlo_mask: ehlo_mask.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
valid_mailhost_addr: valid_mailhost_addr.c $(LIB) $(LIBS)
$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
tests: tok822_test mime_test mime_nest mime_8bit mime_dom mime_trunc \
mime_cvt mime_cvt2 mime_cvt3 strip_addr_test tok822_limit_test \
virtual8_test xtext_test scache_multi_test ehlo_mask_test
virtual8_test xtext_test scache_multi_test ehlo_mask_test \
namadr_list_test
tok822_test: tok822_parse tok822_parse.in tok822_parse.ref
./tok822_parse <tok822_parse.in >tok822_parse.tmp 2>&1
@ -362,6 +370,11 @@ ehlo_mask_test: ehlo_mask ehlo_mask.in ehlo_mask.ref
diff ehlo_mask.ref ehlo_mask.tmp
rm -f ehlo_mask.tmp
namadr_list_test: namadr_list namadr_list.in namadr_list.ref
-sh namadr_list.in >namadr_list.tmp 2>&1
diff namadr_list.ref namadr_list.tmp
rm -f namadr_list.tmp
printfck: $(OBJS) $(PROG)
rm -rf printfck
mkdir printfck
@ -896,6 +909,7 @@ mail_params.o: ../../include/dict_db.h
mail_params.o: ../../include/dict.h
mail_params.o: ../../include/vstream.h
mail_params.o: ../../include/argv.h
mail_params.o: ../../include/inet_proto.h
mail_params.o: mynetworks.h
mail_params.o: mail_conf.h
mail_params.o: mail_version.h
@ -903,6 +917,9 @@ mail_params.o: mail_proto.h
mail_params.o: ../../include/iostuff.h
mail_params.o: ../../include/attr.h
mail_params.o: verp_sender.h
mail_params.o: own_inet_addr.h
mail_params.o: ../../include/inet_addr_list.h
mail_params.o: ../../include/myaddrinfo.h
mail_params.o: mail_params.h
mail_pathname.o: mail_pathname.c
mail_pathname.o: ../../include/sys_defs.h
@ -1107,10 +1124,15 @@ mynetworks.o: ../../include/msg.h
mynetworks.o: ../../include/vstring.h
mynetworks.o: ../../include/vbuf.h
mynetworks.o: ../../include/inet_addr_list.h
mynetworks.o: ../../include/myaddrinfo.h
mynetworks.o: ../../include/name_mask.h
mynetworks.o: ../../include/mask_addr.h
mynetworks.o: ../../include/argv.h
mynetworks.o: own_inet_addr.h
mynetworks.o: mail_params.h
mynetworks.o: mynetworks.h
mynetworks.o: ../../include/sock_addr.h
mynetworks.o: been_here.h
mypwd.o: mypwd.c
mypwd.o: ../../include/sys_defs.h
mypwd.o: ../../include/mymalloc.h
@ -1140,11 +1162,14 @@ own_inet_addr.o: ../../include/sys_defs.h
own_inet_addr.o: ../../include/msg.h
own_inet_addr.o: ../../include/mymalloc.h
own_inet_addr.o: ../../include/inet_addr_list.h
own_inet_addr.o: ../../include/myaddrinfo.h
own_inet_addr.o: ../../include/inet_addr_local.h
own_inet_addr.o: ../../include/inet_addr_host.h
own_inet_addr.o: ../../include/stringops.h
own_inet_addr.o: ../../include/vstring.h
own_inet_addr.o: ../../include/vbuf.h
own_inet_addr.o: ../../include/sock_addr.h
own_inet_addr.o: ../../include/inet_proto.h
own_inet_addr.o: mail_params.h
own_inet_addr.o: own_inet_addr.h
pipe_command.o: pipe_command.c
@ -1259,10 +1284,13 @@ resolve_local.o: ../../include/mymalloc.h
resolve_local.o: string_list.h
resolve_local.o: ../../include/match_list.h
resolve_local.o: ../../include/match_ops.h
resolve_local.o: ../../include/myaddrinfo.h
resolve_local.o: valid_mailhost_addr.h
resolve_local.o: ../../include/valid_hostname.h
resolve_local.o: mail_params.h
resolve_local.o: own_inet_addr.h
resolve_local.o: ../../include/inet_addr_list.h
resolve_local.o: resolve_local.h
resolve_local.o: match_parent_style.h
rewrite_clnt.o: rewrite_clnt.c
rewrite_clnt.o: ../../include/sys_defs.h
rewrite_clnt.o: ../../include/msg.h
@ -1455,6 +1483,12 @@ user_acl.o: ../../include/match_ops.h
user_acl.o: mypwd.h
user_acl.o: mail_params.h
user_acl.o: user_acl.h
valid_mailhost_addr.o: valid_mailhost_addr.c
valid_mailhost_addr.o: ../../include/sys_defs.h
valid_mailhost_addr.o: ../../include/msg.h
valid_mailhost_addr.o: ../../include/myaddrinfo.h
valid_mailhost_addr.o: valid_mailhost_addr.h
valid_mailhost_addr.o: ../../include/valid_hostname.h
verify.o: verify.c
verify.o: ../../include/sys_defs.h
verify.o: ../../include/msg.h
@ -1502,6 +1536,13 @@ virtual8_maps.o: ../../include/argv.h
virtual8_maps.o: mail_params.h
virtual8_maps.o: strip_addr.h
virtual8_maps.o: virtual8_maps.h
wildcard_inet_addr.o: wildcard_inet_addr.c
wildcard_inet_addr.o: ../../include/sys_defs.h
wildcard_inet_addr.o: ../../include/msg.h
wildcard_inet_addr.o: ../../include/inet_addr_list.h
wildcard_inet_addr.o: ../../include/myaddrinfo.h
wildcard_inet_addr.o: ../../include/inet_addr_host.h
wildcard_inet_addr.o: wildcard_inet_addr.h
xtext.o: xtext.c
xtext.o: ../../include/sys_defs.h
xtext.o: ../../include/msg.h

31
postfix/src/global/mail_params.c
View File

@ -39,6 +39,7 @@
/* int var_dont_remove;
/* char *var_inet_interfaces;
/* char *var_proxy_interfaces;
/* char *var_inet_protocols;
/* char *var_mynetworks;
/* char *var_double_bounce_sender;
/* int var_line_limit;
@ -152,15 +153,17 @@
#ifdef HAS_DB
#include <dict_db.h>
#endif
#include <inet_proto.h>
/* Global library. */
#include "mynetworks.h"
#include "mail_conf.h"
#include "mail_version.h"
#include "mail_proto.h"
#include "verp_sender.h"
#include "mail_params.h"
#include <mynetworks.h>
#include <mail_conf.h>
#include <mail_version.h>
#include <mail_proto.h>
#include <verp_sender.h>
#include <own_inet_addr.h>
#include <mail_params.h>
/*
* Special configuration variables.
@ -198,6 +201,7 @@ char *var_pid_dir;
int var_dont_remove;
char *var_inet_interfaces;
char *var_proxy_interfaces;
char *var_inet_protocols;
char *var_mynetworks;
char *var_double_bounce_sender;
int var_line_limit;
@ -428,6 +432,7 @@ void mail_params_init()
{
static CONFIG_STR_TABLE first_str_defaults[] = {
VAR_SYSLOG_FACILITY, DEF_SYSLOG_FACILITY, &var_syslog_facility, 1, 0,
VAR_INET_PROTOCOLS, DEF_INET_PROTOCOLS, &var_inet_protocols, 1, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults[] = {
@ -532,6 +537,7 @@ void mail_params_init()
0,
};
const char *cp;
INET_PROTO_INFO *proto_info;
/*
* Extract syslog_facility early, so that from here on all errors are
@ -544,6 +550,12 @@ void mail_params_init()
var_config_dir, MAIN_CONF_FILE,
VAR_SYSLOG_FACILITY, var_syslog_facility);
/*
* What protocols should we attempt to support? The result is stored in
* the global inet_proto_table variable.
*/
proto_info = inet_proto_init(VAR_INET_PROTOCOLS, var_inet_protocols);
/*
* Variables whose defaults are determined at runtime. Some sites use
* short hostnames in the host table; some sites name their system after
@ -582,6 +594,13 @@ void mail_params_init()
*/
get_mail_conf_str_fn_table(function_str_defaults_2);
/*
* FIX 200412 The IPv6 patch did not call own_inet_addr_list() before
* entering the chroot jail on Linux IPv6 systems. Linux has the IPv6
* interface list in /proc, which is not available after chrooting.
*/
(void) own_inet_addr_list();
/*
* The PID variable cannot be set from the configuration file!!
*/

19
postfix/src/global/mail_params.h
View File

@ -146,7 +146,9 @@ extern char *var_error_rcpt;
* Virtual host support. Default is to listen on all machine interfaces.
*/
#define VAR_INET_INTERFACES "inet_interfaces" /* listen addresses */
#define DEF_INET_INTERFACES "all"
#define INET_INTERFACES_ALL "all"
#define INET_INTERFACES_LOCAL "loopback-only"
#define DEF_INET_INTERFACES INET_INTERFACES_ALL
extern char *var_inet_interfaces;
#define VAR_PROXY_INTERFACES "proxy_interfaces" /* proxies, NATs */
@ -784,13 +786,22 @@ extern int var_debug_peer_level;
* subdirectories, and how deep the forest is.
*/
#define VAR_HASH_QUEUE_NAMES "hash_queue_names"
#define DEF_HASH_QUEUE_NAMES "incoming, active, deferred, bounce, defer, flush, hold, trace"
#define DEF_HASH_QUEUE_NAMES "deferred, defer"
extern char *var_hash_queue_names;
#define VAR_HASH_QUEUE_DEPTH "hash_queue_depth"
#define DEF_HASH_QUEUE_DEPTH 1
extern int var_hash_queue_depth;
/*
* Multi-protocol support.
*/
#define INET_PROTO_NAME_IPV4 "ipv4"
#define INET_PROTO_NAME_IPV6 "ipv6"
#define INET_PROTO_NAME_ALL "all"
#define VAR_INET_PROTOCOLS "inet_protocols"
extern char *var_inet_protocols;
/*
* SMTP client. Timeouts inspired by RFC 1123. The SMTP recipient limit
* determines how many recipient addresses the SMTP client sends along with
@ -894,6 +905,10 @@ extern bool var_smtp_never_ehlo;
#define DEF_SMTP_BIND_ADDR ""
extern char *var_smtp_bind_addr;
#define VAR_SMTP_BIND_ADDR6 "smtp_bind_address6"
#define DEF_SMTP_BIND_ADDR6 ""
extern char *var_smtp_bind_addr6;
#define VAR_SMTP_HELO_NAME "smtp_helo_name"
#define DEF_SMTP_HELO_NAME "$myhostname"
extern char *var_smtp_helo_name;

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only.
*/
#define MAIL_RELEASE_DATE "20041230"
#define MAIL_RELEASE_DATE "20050117"
#define MAIL_VERSION_NUMBER "2.2"
#define VAR_MAIL_VERSION "mail_version"

2
postfix/src/global/mime_state.c
View File

@ -1086,7 +1086,7 @@ static void body_end(void *context)
vstream_fprintf(stream, "BODY END\n");
}
static void err_print(void *context, int err_flag, const char *text)
static void err_print(void *unused_context, int err_flag, const char *text)
{
msg_warn("%s: %.100s", mime_state_error(err_flag), text);
}

230
postfix/src/global/mynetworks.c
View File

@ -28,6 +28,13 @@
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Dean C. Strik
/* Department ICT Services
/* Eindhoven University of Technology
/* P.O. Box 513
/* 5600 MB Eindhoven, Netherlands
/* E-mail: <dean@ipnet6.org>
/*--*/
/* System library. */
@ -42,20 +49,23 @@
#define IN_CLASSD_NSHIFT 28
#endif
#define BITS_PER_ADDR 32
/* Utility library. */
#include <msg.h>
#include <vstring.h>
#include <inet_addr_list.h>
#include <name_mask.h>
#include <myaddrinfo.h>
#include <mask_addr.h>
#include <argv.h>
/* Global library. */
#include <own_inet_addr.h>
#include <mail_params.h>
#include <mynetworks.h>
#include <sock_addr.h>
#include <been_here.h>
/* Application-specific. */
@ -80,13 +90,16 @@ const char *mynetworks(void)
char *myname = "mynetworks";
INET_ADDR_LIST *my_addr_list;
INET_ADDR_LIST *my_mask_list;
unsigned long addr;
unsigned long mask;
struct in_addr net;
int shift;
int junk;
int i;
int mask_style;
struct sockaddr_storage *sa;
struct sockaddr_storage *ma;
int net_mask_count = 0;
ARGV *argv;
BH_TABLE *dup_filter;
char **cpp;
mask_style = name_mask("mynetworks mask style", mask_styles,
var_mynetworks_style);
@ -106,59 +119,155 @@ const char *mynetworks(void)
my_addr_list = own_inet_addr_list();
my_mask_list = own_inet_mask_list();
for (i = 0; i < my_addr_list->used; i++) {
addr = ntohl(my_addr_list->addrs[i].s_addr);
mask = ntohl(my_mask_list->addrs[i].s_addr);
for (sa = my_addr_list->addrs, ma = my_mask_list->addrs;
sa < my_addr_list->addrs + my_addr_list->used;
sa++, ma++) {
unsigned long addr;
unsigned long mask;
struct in_addr net;
switch (mask_style) {
if (SOCK_ADDR_FAMILY(sa) == AF_INET) {
addr = ntohl(SOCK_ADDR_IN_ADDR(sa).s_addr);
mask = ntohl(SOCK_ADDR_IN_ADDR(ma).s_addr);
/*
* Natural mask. This is dangerous if you're customer of an
* ISP who gave you a small portion of their network.
*/
case MASK_STYLE_CLASS:
if (IN_CLASSA(addr)) {
mask = IN_CLASSA_NET;
shift = IN_CLASSA_NSHIFT;
} else if (IN_CLASSB(addr)) {
mask = IN_CLASSB_NET;
shift = IN_CLASSB_NSHIFT;
} else if (IN_CLASSC(addr)) {
mask = IN_CLASSC_NET;
shift = IN_CLASSC_NSHIFT;
} else if (IN_CLASSD(addr)) {
mask = IN_CLASSD_NET;
shift = IN_CLASSD_NSHIFT;
} else {
msg_fatal("%s: bad address class: %s",
myname, inet_ntoa(my_addr_list->addrs[i]));
switch (mask_style) {
/*
* Natural mask. This is dangerous if you're customer of
* an ISP who gave you a small portion of their network.
*/
case MASK_STYLE_CLASS:
if (IN_CLASSA(addr)) {
mask = IN_CLASSA_NET;
shift = IN_CLASSA_NSHIFT;
} else if (IN_CLASSB(addr)) {
mask = IN_CLASSB_NET;
shift = IN_CLASSB_NSHIFT;
} else if (IN_CLASSC(addr)) {
mask = IN_CLASSC_NET;
shift = IN_CLASSC_NSHIFT;
} else if (IN_CLASSD(addr)) {
mask = IN_CLASSD_NET;
shift = IN_CLASSD_NSHIFT;
} else {
msg_fatal("%s: unknown address class: %s",
myname, inet_ntoa(SOCK_ADDR_IN_ADDR(sa)));
}
break;
/*
* Subnet mask. This is less unsafe, but still bad if
* you're connected to a large subnet.
*/
case MASK_STYLE_SUBNET:
for (junk = mask, shift = MAI_V4ADDR_BITS; junk != 0;
shift--, junk <<= 1)
/* void */ ;
break;
/*
* Host only. Do not relay authorize other hosts.
*/
case MASK_STYLE_HOST:
mask = ~0;
shift = 0;
break;
default:
msg_panic("unknown mynetworks mask style: %s",
var_mynetworks_style);
}
break;
/*
* Subnet mask. This is safe, but breaks backwards
* compatibility when used as default setting.
*/
case MASK_STYLE_SUBNET:
for (junk = mask, shift = BITS_PER_ADDR; junk != 0; shift--, (junk <<= 1))
/* void */ ;
break;
/*
* Host only. Do not relay authorize other hosts.
*/
case MASK_STYLE_HOST:
mask = ~0;
shift = 0;
break;
default:
msg_panic("unknown mynetworks mask style: %s",
var_mynetworks_style);
net.s_addr = htonl(addr & mask);
vstring_sprintf_append(result, "%s/%d ",
inet_ntoa(net), MAI_V4ADDR_BITS - shift);
net_mask_count++;
continue;
}
net.s_addr = htonl(addr & mask);
vstring_sprintf_append(result, "%s/%d ",
inet_ntoa(net), BITS_PER_ADDR - shift);
#ifdef HAS_IPV6
else if (SOCK_ADDR_FAMILY(sa) == AF_INET6) {
MAI_HOSTADDR_STR hostaddr;
unsigned char *ac;
unsigned char *end;
unsigned char ch;
struct sockaddr_in6 net6;
switch (mask_style) {
/*
* There are no classes for IPv6. We default to subnets
* instead.
*/
case MASK_STYLE_CLASS:
/* FALLTHROUGH */
/*
* Subnet mask.
*/
case MASK_STYLE_SUBNET:
ac = (unsigned char *) &SOCK_ADDR_IN6_ADDR(ma);
end = ac + sizeof(SOCK_ADDR_IN6_ADDR(ma));
shift = MAI_V6ADDR_BITS;
while (ac < end) {
if ((ch = *ac++) == (unsigned char) -1) {
shift -= CHAR_BIT;
continue;
} else {
while (ch != 0)
shift--, ch <<= 1;
break;
}
}
break;
/*
* Host only. Do not relay authorize other hosts.
*/
case MASK_STYLE_HOST:
shift = 0;
break;
default:
msg_panic("unknown mynetworks mask style: %s",
var_mynetworks_style);
}
/* FIX 200501: IPv6 patch did not clear host bits. */
net6 = *SOCK_ADDR_IN6_PTR(sa);
mask_addr((unsigned char *) &net6.sin6_addr,
sizeof(net6.sin6_addr),
MAI_V6ADDR_BITS - shift);
SOCKADDR_TO_HOSTADDR(SOCK_ADDR_PTR(&net6), SOCK_ADDR_LEN(&net6),
&hostaddr, (MAI_SERVPORT_STR *) 0, 0);
vstring_sprintf_append(result, "[%s]/%d ",
hostaddr.buf, MAI_V6ADDR_BITS - shift);
net_mask_count++;
continue;
}
#endif
else {
msg_warn("%s: skipping unknown address family %d",
myname, SOCK_ADDR_FAMILY(sa));
continue;
}
}
/*
* FIX 200501 IPv6 patch produced repeated results. Some systems
* report the same interface multiple times, notably multi-homed
* systems with IPv6 link-local or site-local addresses. A
* straight-forward sort+uniq produces ugly results, though. Instead
* we preserve the original order and use a duplicate filter to
* suppress repeated information.
*/
if (net_mask_count > 1) {
argv = argv_split(vstring_str(result), " ");
VSTRING_RESET(result);
dup_filter = been_here_init(net_mask_count, BH_FLAG_NONE);
for (cpp = argv->argv; cpp < argv->argv + argv->argc; cpp++)
if (!been_here_fixed(dup_filter, *cpp))
vstring_sprintf_append(result, "%s ", *cpp);
argv_free(argv);
been_here_free(dup_filter);
}
if (msg_verbose)
msg_info("%s: %s", myname, vstring_str(result));
@ -167,17 +276,22 @@ const char *mynetworks(void)
}
#ifdef TEST
#include <inet_proto.h>
char *var_inet_interfaces;
char *var_mynetworks_style;
int main(int argc, char **argv)
{
if (argc != 3)
msg_fatal("usage: %s mask_style interface_list", argv[0]);
INET_PROTO_INFO *proto_info;
if (argc != 4)
msg_fatal("usage: %s protocols mask_style interface_list (e.g. \"all subnet all\")",
argv[0]);
msg_verbose = 10;
var_inet_interfaces = argv[2];
var_mynetworks_style = argv[1];
proto_info = inet_proto_init(argv[0], argv[1]);
var_mynetworks_style = argv[2];
var_inet_interfaces = argv[3];
mynetworks();
}

17
postfix/src/global/namadr_list.in Normal file
View File

@ -0,0 +1,17 @@
./namadr_list 168.100.189.0/28 dummy 168.100.189.2
./namadr_list 168.100.189.0/28 dummy 168.100.189.16
./namadr_list 168.100.189.0/98 dummy 168.100.189.16
./namadr_list 168.100.589.0/28 dummy 168.100.189.16
./namadr_list 168.100.189.0/28 dummy 168.100.989.16
./namadr_list 2001:240:5c7:0:2d0:b7ff:fe88:2ca7 dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]/64' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:240:5c7::]/64' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:240:5c7::]/64' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca7
./namadr_list 168.100.189.2 dummy 168.100.189.2
./namadr_list 168.100.189.2 dummy 168.100.189.3
./namadr_list '[168.100.189.2]' dummy 168.100.189.2
./namadr_list '[168.100.189.2]' dummy 168.100.189.3

17
postfix/src/global/namadr_list.ref Normal file
View File

@ -0,0 +1,17 @@
dummy/168.100.189.2: YES
dummy/168.100.189.16: NO
./namadr_list: fatal: bad net/mask pattern: "168.100.189.0/98"
./namadr_list: fatal: bad net/mask pattern: "168.100.589.0/28"
dummy/168.100.989.16: NO
./namadr_list: fatal: unsupported dictionary type: 2001
dummy/2001:240:5c7:0:2d0:b7ff:fe88:2ca7: YES
dummy/2001:240:5c7:0:2d0:b7ff:fe88:2ca8: NO
./namadr_list: fatal: non-null host address bits in "2001:240:5c7:0:2d0:b7ff:fe88:2ca7/64", perhaps you should use "2001:240:5c7::/64" instead
dummy/2001:240:5c7:0:2d0:b7ff:fe88:2ca8: YES
dummy/2001:24:5c7:0:2d0:b7ff:fe88:2ca8: NO
dummy/2001:24:5c7:0:2d0:b7ff:fe88:2ca8: YES
dummy/2001:24:5c7:0:2d0:b7ff:fe88:2ca7: NO
dummy/168.100.189.2: YES
dummy/168.100.189.3: NO
dummy/168.100.189.2: YES
dummy/168.100.189.3: NO

75
postfix/src/global/own_inet_addr.c
View File

@ -47,14 +47,8 @@
/* System library. */
#include <sys_defs.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#endif
/* Utility library. */
#include <msg.h>
@ -63,6 +57,9 @@
#include <inet_addr_local.h>
#include <inet_addr_host.h>
#include <stringops.h>
#include <myaddrinfo.h>
#include <sock_addr.h>
#include <inet_proto.h>
/* Global library. */
@ -88,6 +85,9 @@ static void own_inet_addr_init(INET_ADDR_LIST *addr_list,
char *bufp;
int nvirtual;
int nlocal;
MAI_HOSTADDR_STR hostaddr;
struct sockaddr_storage *sa;
struct sockaddr_storage *ma;
inet_addr_list_init(addr_list);
inet_addr_list_init(mask_list);
@ -96,14 +96,31 @@ static void own_inet_addr_init(INET_ADDR_LIST *addr_list,
* If we are listening on all interfaces (default), ask the system what
* the interfaces are.
*/
if (strcasecmp(var_inet_interfaces, DEF_INET_INTERFACES) == 0) {
if (inet_addr_local(addr_list, mask_list) == 0)
if (strcmp(var_inet_interfaces, INET_INTERFACES_ALL) == 0) {
if (inet_addr_local(addr_list, mask_list,
inet_proto_info()->ai_family_list) == 0)
msg_fatal("could not find any active network interfaces");
#if 0
if (addr_list->used == 1)
msg_warn("found only one active network interface: %s",
inet_ntoa(addr_list->addrs[0]));
#endif
}
/*
* Select all loopback interfaces from the system's available interface
* list.
*/
else if (strcmp(var_inet_interfaces, INET_INTERFACES_LOCAL) == 0) {
inet_addr_list_init(&local_addrs);
inet_addr_list_init(&local_masks);
if (inet_addr_local(&local_addrs, &local_masks,
inet_proto_info()->ai_family_list) == 0)
msg_fatal("could not find any active network interfaces");
for (sa = local_addrs.addrs, ma = local_masks.addrs;
sa < local_addrs.addrs + local_addrs.used; sa++, ma++) {
if (sock_addr_in_loopback(SOCK_ADDR_PTR(sa))) {
inet_addr_list_append(addr_list, SOCK_ADDR_PTR(sa));
inet_addr_list_append(mask_list, SOCK_ADDR_PTR(ma));
}
}
inet_addr_list_free(&local_addrs);
inet_addr_list_free(&local_masks);
}
/*
@ -127,19 +144,29 @@ static void own_inet_addr_init(INET_ADDR_LIST *addr_list,
*/
inet_addr_list_uniq(addr_list);
/*
* Find out the netmask for each virtual interface, by looking it up
* among all the local interfaces.
*/
inet_addr_list_init(&local_addrs);
inet_addr_list_init(&local_masks);
if (inet_addr_local(&local_addrs, &local_masks) == 0)
if (inet_addr_local(&local_addrs, &local_masks,
inet_proto_info()->ai_family_list) == 0)
msg_fatal("could not find any active network interfaces");
for (nvirtual = 0; nvirtual < addr_list->used; nvirtual++) {
for (nlocal = 0; /* see below */ ; nlocal++) {
if (nlocal >= local_addrs.used)
if (nlocal >= local_addrs.used) {
SOCKADDR_TO_HOSTADDR(
SOCK_ADDR_PTR(addr_list->addrs + nvirtual),
SOCK_ADDR_LEN(addr_list->addrs + nvirtual),
&hostaddr, (MAI_SERVPORT_STR *) 0, 0);
msg_fatal("parameter %s: no local interface found for %s",
VAR_INET_INTERFACES,
inet_ntoa(addr_list->addrs[nvirtual]));
if (addr_list->addrs[nvirtual].s_addr
== local_addrs.addrs[nlocal].s_addr) {
inet_addr_list_append(mask_list, &local_masks.addrs[nlocal]);
VAR_INET_INTERFACES, hostaddr.buf);
}
if (SOCK_ADDR_EQ_ADDR(addr_list->addrs + nvirtual,
local_addrs.addrs + nlocal)) {
inet_addr_list_append(mask_list,
SOCK_ADDR_PTR(local_masks.addrs + nlocal));
break;
}
}
@ -151,7 +178,7 @@ static void own_inet_addr_init(INET_ADDR_LIST *addr_list,
/* own_inet_addr - is this my own internet address */
int own_inet_addr(struct in_addr * addr)
int own_inet_addr(struct sockaddr * addr)
{
int i;
@ -159,7 +186,7 @@ int own_inet_addr(struct in_addr * addr)
own_inet_addr_init(&addr_list, &mask_list);
for (i = 0; i < addr_list.used; i++)
if (addr->s_addr == addr_list.addrs[i].s_addr)
if (SOCK_ADDR_EQ_ADDR(addr, addr_list.addrs + i))
return (1);
return (0);
}
@ -213,7 +240,7 @@ static void proxy_inet_addr_init(INET_ADDR_LIST *addr_list)
/* proxy_inet_addr - is this my proxy internet address */
int proxy_inet_addr(struct in_addr * addr)
int proxy_inet_addr(struct sockaddr * addr)
{
int i;
@ -224,7 +251,7 @@ int proxy_inet_addr(struct in_addr * addr)
proxy_inet_addr_init(&proxy_list);
for (i = 0; i < proxy_list.used; i++)
if (addr->s_addr == proxy_list.addrs[i].s_addr)
if (SOCK_ADDR_EQ_ADDR(addr, proxy_list.addrs + i))
return (1);
return (0);
}

8
postfix/src/global/own_inet_addr.h
View File

@ -12,17 +12,17 @@
/* .nf
/*
* System library.
* Utility library.
*/
#include <netinet/in.h>
#include <inet_addr_list.h>
/*
* External interface.
*/
extern int own_inet_addr(struct in_addr *);
extern int own_inet_addr(struct sockaddr *);
extern struct INET_ADDR_LIST *own_inet_addr_list(void);
extern struct INET_ADDR_LIST *own_inet_mask_list(void);
extern int proxy_inet_addr(struct in_addr *);
extern int proxy_inet_addr(struct sockaddr *);
extern struct INET_ADDR_LIST *proxy_inet_addr_list(void);
/* LICENSE

63
postfix/src/global/resolve_local.c
View File

@ -14,8 +14,8 @@
/* resolve_local() determines if the named domain resolves to the
/* local mail system, either by case-insensitive exact match
/* against the domains, files or tables listed in $mydestination,
/* or by any of the network addresses listed in $inet_interfaces
/* or in $proxy_interfaces.
/* or by a match of an [address-literal] against of the network
/* addresses listed in $inet_interfaces or in $proxy_interfaces.
/*
/* resolve_local_init() performs initialization. If this routine is
/* not called explicitly ahead of time, it will be called on the fly.
@ -40,26 +40,20 @@
/* System library. */
#include <sys_defs.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
#ifndef INADDR_NONE
#define INADDR_NONE 0xffffffff
#endif
/* Utility library. */
#include <msg.h>
#include <mymalloc.h>
#include <string_list.h>
#include <myaddrinfo.h>
#include <valid_mailhost_addr.h>
/* Global library. */
#include <mail_params.h>
#include <own_inet_addr.h>
#include <resolve_local.h>
#include <match_parent_style.h>
/* Application-specific */
@ -80,19 +74,26 @@ int resolve_local(const char *addr)
{
char *saved_addr = mystrdup(addr);
char *dest;
struct in_addr ipaddr;
const char *bare_dest;
struct addrinfo *res0 = 0;
int len;
#define RETURN(x) { myfree(saved_addr); return(x); }
#define RETURN(x) \
do { \
myfree(saved_addr); \
if (res0) \
freeaddrinfo(res0); \
return(x); \
} while (0)
if (resolve_local_list == 0)
resolve_local_init();
/*
* Strip one trailing dot but not dot-dot.
*
*
* XXX This should not be distributed all over the code. Problem is,
* addresses can enter the system via multiple paths: networks, local
* addresses can enter the system via multiple paths: networks, local
* forward/alias/include files, even as the result of address rewriting.
*/
len = strlen(saved_addr);
@ -113,14 +114,42 @@ int resolve_local(const char *addr)
/*
* Compare the destination against the list of interface addresses that
* we are supposed to listen on.
*
* The destination may be an IPv6 address literal that was buried somewhere
* inside a deeply recursively nested address. This information comes
* from an untrusted source, and Wietse is not confident that everyone's
* getaddrinfo() etc. implementation is sufficiently robust. The syntax
* is complex enough with null field compression and with IPv4-in-IPv6
* addresses that errors are likely.
*
* The solution below is ad-hoc. We neutralize the string as soon as we
* realize that its contents could be harmful. We neutralize the string
* here, instead of neutralizing it in every resolve_local() caller.
* That's because resolve_local knows how the address is going to be
* parsed and converted into binary form.
*
* There are several more structural solutions to this.
*
* - One solution is to disallow address literals. This is not as bad as it
* seems: I have never seen actual legitimate use of address literals.
*
* - Another solution is to label each string with a trustworthiness label
* and to expect that all Postfix infrastructure will exercise additional
* caution when given a string with untrusted content. This is not likely
* to happen.
*
* FIX 200501 IPv6 patch did not require "IPv6:" prefix in numerical
* addresses.
*/
dest = saved_addr;
if (*dest == '[' && dest[len - 1] == ']') {
dest++;
dest[len -= 2] = 0;
if ((ipaddr.s_addr = inet_addr(dest)) != INADDR_NONE
&& (own_inet_addr(&ipaddr) || proxy_inet_addr(&ipaddr)))
RETURN(1);
if ((bare_dest = valid_mailhost_addr(dest, DO_GRIPE)) != 0
&& hostaddr_to_sockaddr(bare_dest, (char *) 0, 0, &res0) == 0) {
if (own_inet_addr(res0->ai_addr) || proxy_inet_addr(res0->ai_addr))
RETURN(1);
}
}
/*

1
postfix/src/global/smtp_stream.c
View File

@ -225,7 +225,6 @@ void smtp_printf(VSTREAM *stream, const char *fmt,...)
int smtp_fgetc(VSTREAM *stream)
{
int err;
int ch;
/*

152
postfix/src/global/valid_mailhost_addr.c Normal file
View File

@ -0,0 +1,152 @@
/*++
/* NAME
/* valid_mailhost_addr 3
/* SUMMARY
/* mailhost address syntax validation
/* SYNOPSIS
/* #include <valid_mailhost_addr.h>
/*
/* const char *valid_mailhost_addr(name, gripe)
/* const char *name;
/* int gripe;
/*
/* int valid_mailhost_literal(addr, gripe)
/* const char *addr;
/* int gripe;
/* DESCRIPTION
/* valid_mailhost_addr() requires that the input is a valid
/* RFC 2821 string representation of an IPv4 or IPv6 network
/* address. A valid IPv4 address is in dotted quad decimal
/* form. A valid IPv6 address includes the "IPV6:" prefix as
/* required by RFC 2821, and is in valid hexadecimal form or
/* in valid IPv4-in-IPv6 form. The result value is the bare
/* address in the input argument (i.e. text after "IPV6:"
/* prefix, if any) in case of success, a null pointer in case
/* of failure.
/*
/* valid_mailhost_literal() requires an address enclosed in
/* []. The result is non-zero in case of success, zero in
/* case of failure.
/*
/* These routines operate silently unless the gripe parameter
/* specifies a non-zero value. The macros DO_GRIPE and DONT_GRIPE
/* provide suitable constants.
/*
/* The IPV6_COL macro defines the "IPv6:" prefix.
/* DIAGNOSTICS
/* Warnings are logged with msg_warn().
/* SEE ALSO
/* valid_hostname(3)
/* RFC 952, RFC 1123, RFC 1035, RFC 2821
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include <sys_defs.h>
#include <string.h>
#ifdef STRCASECMP_IN_STRINGS_H
#include <strings.h>
#endif
/* Utility library. */
#include <msg.h>
#include <myaddrinfo.h>
/* Global library. */
#include <valid_mailhost_addr.h>
/* Application-specific. */
#define IPV6_COL_LEN (sizeof(IPV6_COL) - 1)
#define HAS_IPV6_COL(str) (strncasecmp((str), IPV6_COL, IPV6_COL_LEN) == 0)
#define SKIP_IPV6_COL(str) (HAS_IPV6_COL(str) ? (str) + IPV6_COL_LEN : (str))
/* valid_mailhost_addr - validate RFC 2821 numerical address form */
const char *valid_mailhost_addr(const char *addr, int gripe)
{
const char *bare_addr;
bare_addr = SKIP_IPV6_COL(addr);
return ((bare_addr != addr ? valid_ipv6_hostaddr : valid_ipv4_hostaddr)
(bare_addr, gripe) ? bare_addr : 0);
}
/* valid_mailhost_literal - validate [RFC 2821 numerical address] form */
int valid_mailhost_literal(const char *addr, int gripe)
{
const char *myname = "valid_mailhost_literal";
MAI_HOSTADDR_STR hostaddr;
const char *last;
size_t address_bytes;
if (*addr != '[') {
if (gripe)
msg_warn("%s: '[' expected at start: %.100s", myname, addr);
return (0);
}
if ((last = strchr(addr, ']')) == 0) {
if (gripe)
msg_warn("%s: ']' expected at end: %.100s", myname, addr);
return (0);
}
if (last[1]) {
if (gripe)
msg_warn("%s: unexpected text after ']': %.100s", myname, addr);
return (0);
}
if ((address_bytes = last - addr - 1) >= sizeof(hostaddr.buf)) {
if (gripe)
msg_warn("%s: too much text: %.100s", myname, addr);
return (0);
}
strncpy(hostaddr.buf, addr + 1, address_bytes);
hostaddr.buf[address_bytes] = 0;
return (valid_mailhost_addr(hostaddr.buf, gripe) != 0);
}
#ifdef TEST
/*
* Test program - reads hostnames from stdin, reports invalid hostnames to
* stderr.
*/
#include <stdlib.h>
#include <vstring.h>
#include <vstream.h>
#include <vstring_vstream.h>
#include <msg_vstream.h>
int main(int unused_argc, char **argv)
{
VSTRING *buffer = vstring_alloc(1);
msg_vstream_init(argv[0], VSTREAM_ERR);
msg_verbose = 1;
while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
msg_info("testing: \"%s\"", vstring_str(buffer));
if (vstring_str(buffer)[0] == '[')
valid_mailhost_literal(vstring_str(buffer), DO_GRIPE);
else
valid_mailhost_addr(vstring_str(buffer), DO_GRIPE);
}
exit(0);
}
#endif

38
postfix/src/global/valid_mailhost_addr.h Normal file
View File

@ -0,0 +1,38 @@
#ifndef _VALID_MAILHOST_ADDR_H_INCLUDED_
#define _VALID_MAILHOST_ADDR_H_INCLUDED_
/*++
/* NAME
/* valid_mailhost_addr 3h
/* SUMMARY
/* mailhost address syntax validation
/* SYNOPSIS
/* #include <valid_mailhost_addr.h>
/* DESCRIPTION
/* .nf
/*
* Utility library.
*/
#include <valid_hostname.h>
/*
* External interface
*/
#define IPV6_COL "IPv6:" /* RFC 2821 */
extern const char *valid_mailhost_addr(const char *, int);
extern int valid_mailhost_literal(const char *, int);
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
#endif

68
postfix/src/global/wildcard_inet_addr.c Normal file
View File

@ -0,0 +1,68 @@
/*++
/* NAME
/* wildcard_inet_addr 3
/* SUMMARY
/* expand wild-card address
/* SYNOPSIS
/* #include <wildcard_inet_addr.h>
/*
/* INET_ADDR_LIST *wildcard_inet_addr(void)
/* DESCRIPTION
/* wildcard_inet_addr() determines all wild-card addresses
/* for all supported address families.
/* DIAGNOSTICS
/* Fatal errors: out of memory.
/* SEE ALSO
/* inet_addr_list(3) address list management
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*
/* Dean C. Strik
/* Department ICT
/* Eindhoven University of Technology
/* P.O. Box 513
/* 5600 MB Eindhoven, Netherlands
/* E-mail: <dean@ipnet6.org>
/*--*/
/* System library. */
#include <sys_defs.h>
/* Utility library. */
#include <msg.h>
#include <inet_addr_list.h>
#include <inet_addr_host.h>
/* Global library. */
#include <wildcard_inet_addr.h>
/* Application-specific. */
static INET_ADDR_LIST wild_addr_list;
static void wildcard_inet_addr_init(INET_ADDR_LIST *addr_list)
{
inet_addr_list_init(addr_list);
if (inet_addr_host(addr_list, "") == 0)
msg_fatal("could not get list of wildcard addresses");
}
/* wildcard_inet_addr_list - return list of addresses */
INET_ADDR_LIST *wildcard_inet_addr_list(void)
{
if (wild_addr_list.used == 0)
wildcard_inet_addr_init(&wild_addr_list);
return (&wild_addr_list);
}

33
postfix/src/global/wildcard_inet_addr.h Normal file
View File

@ -0,0 +1,33 @@
#ifndef _WILDCARD_INET_ADDR_H_INCLUDED_
#define _WILDCARD_INET_ADDR_H_INCLUDED_
/*++
/* NAME
/* wildcard_inet_addr 3h
/* SUMMARY
/* grab the list of wildcard IP addresses.
/* SYNOPSIS
/* #include <wildcard_inet_addr.h>
/* DESCRIPTION
/* .nf
/*--*/
/*
* Utility library.
*/
#include <inet_addr_list.h>
/*
* External interface.
*/
extern struct INET_ADDR_LIST *wildcard_inet_addr_list(void);
/* LICENSE
/* .ad
/* .fi
/* foo
/* AUTHOR(S)
/* Jun-ichiro itojun Hagino
/*--*/
#endif

2
postfix/src/global/xtext.c
View File

@ -143,7 +143,7 @@ static int read_buf(VSTREAM *fp, VSTRING *buf)
return (len);
}
main(int unused_argc, char **unused_argv)
int main(int unused_argc, char **unused_argv)
{
VSTRING *unquoted = vstring_alloc(BUFLEN);
VSTRING *quoted = vstring_alloc(100);

Some files were not shown because too many files have changed in this diff Show More