From 04571e906b98007d870e039a2b902e85d91f4f5b Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 29 Aug 2005 00:00:00 -0500 Subject: [PATCH] postfix-2.3-20050829 --- postfix/HISTORY | 58 +++++++- postfix/README_FILES/DSN_README | 2 +- postfix/README_FILES/IPV6_README | 3 +- postfix/RELEASE_NOTES | 24 ++++ postfix/conf/canonical | 121 +++++++++-------- postfix/conf/virtual | 144 ++++++++++---------- postfix/html/DSN_README.html | 2 +- postfix/html/IPV6_README.html | 3 +- postfix/html/canonical.5.html | 119 ++++++++--------- postfix/html/cleanup.8.html | 10 ++ postfix/html/ldap_table.5.html | 170 ++++++++++++------------ postfix/html/postconf.5.html | 50 ++++++- postfix/html/virtual.5.html | 142 ++++++++++---------- postfix/man/man5/canonical.5 | 3 +- postfix/man/man5/ldap_table.5 | 2 + postfix/man/man5/postconf.5 | 56 ++++++-- postfix/man/man5/virtual.5 | 2 +- postfix/man/man8/cleanup.8 | 8 ++ postfix/mantools/postconf2man | 1 + postfix/mantools/postlink | 2 + postfix/postfix-install | 3 + postfix/proto/DSN_README.html | 2 +- postfix/proto/IPV6_README.html | 3 +- postfix/proto/canonical | 3 +- postfix/proto/ldap_table | 2 + postfix/proto/postconf.proto | 42 +++++- postfix/proto/virtual | 2 +- postfix/src/bounce/bounce_notify_verp.c | 2 +- postfix/src/bounce/bounce_one_service.c | 2 +- postfix/src/cleanup/Makefile.in | 2 +- postfix/src/cleanup/cleanup.c | 8 ++ postfix/src/cleanup/cleanup.h | 10 +- postfix/src/cleanup/cleanup_api.c | 69 +++++----- postfix/src/cleanup/cleanup_bounce.c | 80 +++++++---- postfix/src/cleanup/cleanup_envelope.c | 16 +++ postfix/src/cleanup/cleanup_extracted.c | 38 +++--- postfix/src/cleanup/cleanup_init.c | 35 +++-- postfix/src/cleanup/cleanup_message.c | 46 ++++++- postfix/src/cleanup/cleanup_state.c | 7 + postfix/src/global/bounce.c | 52 ++++++++ postfix/src/global/bounce.h | 2 + postfix/src/global/mail_params.h | 11 ++ postfix/src/global/mail_version.h | 2 +- postfix/src/oqmgr/qmgr_active.c | 2 + postfix/src/qmgr/qmgr_active.c | 2 + postfix/src/smtpd/smtpd_proxy.c | 18 ++- postfix/src/tls/tls_misc.c | 11 +- postfix/src/util/sane_accept.c | 7 + postfix/src/util/vstream.c | 56 ++++++++ postfix/src/util/vstream.h | 1 + 50 files changed, 983 insertions(+), 475 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 6e43b4d9f..afeb33460 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -11062,12 +11062,60 @@ Apologies for any names omitted. Cleanup: HOLD action executes only once, to reduce noise in the logfile. Files: cleanup/cleanup_message.c, smtpd/smtpd.c. -Open problems: +20050806 - Med: when the cleanup server bounces local mail that should - be content inspected, the resulting DSN should be content - inspected, otherwise a local user can bypass content - inspection. + Workaround: accept(2) fails with EPROTO when the client + already disconnected (SunOS 5.5.1). File: sane_accept.c. + +20050815 + + Workaround: old Solaris compilers can't link an archive + without globally visible symbols. File: tls/tls_misc.c. + +20050825 + + Feature: message_reject_characters and message_strip_characters + specify what characters in message content Postfix will + reject or remove. Based on patch by John Fawcett. Files: + cleanup/cleanup_message.c, cleanup/cleanup_init.c. + + Safety: when the cleanup server rejects the content of mail + that is submitted with the Postfix sendmail command, or + re-queued with "postsuper -r", strip the message body from + the bounce message to reduce the risks from harmful content. + Files: cleanup/cleanup_envelope.c, cleanup/cleanup_bounce.c. + + Feature: the smtpd_proxy_filter parameter value can now be + prefixed with "unix:" (for UNIX-domain socket) and "inet:" + (for TCP socket). TCP sockets are the default. Patch by + Edwin Kremer. File: smtpd/smtpd_proxy.c. + +20050828 + + Bugfix: after adding DSN support, error notification was + broken for too large mail that was submitted with the Postfix + sendmail command, forwarded by the local(8) delivery agent, + or re-queued with "postsuper -r". The message would be saved + to the "corrupt" queue. + + The mistake was to leave the truncated message in the + incoming queue and to ask the queue manager to notify the + sender; this was not possible because the queue manager + cannot (and should not) handle truncated queue files. + + The fix is to have the cleanup server send the bounce + message, just like it did before DSN support was added. As + a side effect, Postfix will no longer send DSN_SUCCESS + notices after virtual aliasing, when the cleanup server + bounces all the recipients of the message anyway. This + could be called a feature. File: cleanup/cleanup_bounce.c. + + Also needed for this fix: a new vstream_fpurge() routine + that discards unread/written data from a VSTREAM. It's + needed before cleanup_bounce() can seek to the start of the + queue file after a file size error. File: util/vstream.c. + +Open problems: Look for systems with XPG basename() declared in , and prepare for phasing out the Postfix-supplied one. diff --git a/postfix/README_FILES/DSN_README b/postfix/README_FILES/DSN_README index e7414a088..25f4d917d 100644 --- a/postfix/README_FILES/DSN_README +++ b/postfix/README_FILES/DSN_README @@ -84,7 +84,7 @@ Postfix has two Sendmail-compatible command-line options for DSN support. PPoossttffiixx VVEERRPP ssuuppppoorrtt ccoommppaattiibbiilliittyy -With Postfix versions before 2.3, the sendmail(1) commands uses the -V command- +With Postfix versions before 2.3, the sendmail(1) command uses the -V command- line option to request VERP-style delivery. In order to request VERP style delivery with Postfix 2.3 and later, you must specify -XV instead of -V. diff --git a/postfix/README_FILES/IPV6_README b/postfix/README_FILES/IPV6_README index 122e04eea..742941c97 100644 --- a/postfix/README_FILES/IPV6_README +++ b/postfix/README_FILES/IPV6_README @@ -12,7 +12,8 @@ differences between these implementations. The main feature of interest is that IPv6 uses 128-bit IP addresses instead of the 32-bit addresses used by IPv4. It can therefore accommodate a much larger number of hosts and networks without ugly kluges such as NAT. A side benefit of -the much larger address space is that it makes network scanning unpractical. +the much larger address space is that it makes random network scanning +unpractical. Postfix uses the same SMTP protocol over IPv6 as it already uses over the older IPv4 network, and does AAAA record lookups in the DNS in addition to the older diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES index 0106ff4cb..e64f5dfe3 100644 --- a/postfix/RELEASE_NOTES +++ b/postfix/RELEASE_NOTES @@ -17,6 +17,30 @@ Incompatibility with Postfix 2.1 and earlier If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2 before proceeding. +Incompatibility with snapshot 20050828 +====================================== + +When a header/body_checks or message_reject_characters rule rejects +mail that was submitted with the Postfix sendmail command (or +re-queued with "postsuper -r"), the returned message is now limited +to just the message headers, to avoid the risk of exposure to harmful +content in the message body or attachments. + +When the cleanup server rejects the content or size of mail that +was submitted with the Postfix sendmail command, forwarded with the +local(8) delivery agent, or that was re-queued with "postsuper -r", +Postfix no longer sends DSN SUCCESS notification of virtual alias +expansions. Since all the recipients are reported as failed, the +SUCCESS notification seems redundant. + +Major changes with snapshot 20050828 +==================================== + +Configurable filters to reject or remove unwanted characters in +email content. The message_reject_characters and message_strip_characters +parameters understand the usual C-like escape sequences: \a \b \f +\n \r \t \v \ddd (up to three octal digits) and \\. + Incompatibility with snapshot 20050726 ====================================== diff --git a/postfix/conf/canonical b/postfix/conf/canonical index 6f75508c3..ab9f2bea1 100644 --- a/postfix/conf/canonical +++ b/postfix/conf/canonical @@ -37,67 +37,66 @@ # By default the canonical(5) mapping affects both message # header addresses (i.e. addresses that appear inside mes- # sages) and message envelope addresses (for example, the -# addresses that are used in SMTP protocol commands). Think -# Sendmail rule set S3, if you like. This is controlled -# with the canonical_classes parameter. +# addresses that are used in SMTP protocol commands). This +# is controlled with the canonical_classes parameter. # # NOTE: Postfix versions 2.2 and later rewrite message head- -# ers from remote SMTP clients only if the client matches +# ers from remote SMTP clients only if the client matches # the local_header_rewrite_clients parameter, or if the # remote_header_rewrite_domain configuration parameter spec- -# ifies a non-empty value. To get the behavior before Post- -# fix 2.2, specify "local_header_rewrite_clients = +# ifies a non-empty value. To get the behavior before Post- +# fix 2.2, specify "local_header_rewrite_clients = # static:all". # # Typically, one would use the canonical(5) table to replace -# login names by Firstname.Lastname, or to clean up +# login names by Firstname.Lastname, or to clean up # addresses produced by legacy mail systems. # -# The canonical(5) mapping is not to be confused with vir- -# tual domain support. Use the virtual(5) map for that pur- +# The canonical(5) mapping is not to be confused with vir- +# tual domain support. Use the virtual(5) map for that pur- # pose. # -# The canonical(5) mapping is not to be confused with local +# The canonical(5) mapping is not to be confused with local # aliasing. Use the aliases(5) map for that purpose. # # TABLE FORMAT # The input format for the postmap(1) command is as follows: # # pattern result -# When pattern matches a mail address, replace it by +# When pattern matches a mail address, replace it by # the corresponding result. # # blank lines and comments -# Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # # multi-line text -# A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # # TABLE SEARCH ORDER # With lookups from indexed files such as DB or DBM, or from -# networked tables such as NIS, LDAP or SQL, patterns are +# networked tables such as NIS, LDAP or SQL, patterns are # tried in the order as listed below: # # user@domain address -# Replace user@domain by address. This form has the +# Replace user@domain by address. This form has the # highest precedence. # -# This is useful to clean up addresses produced by -# legacy mail systems. It can also be used to pro- -# duce Firstname.Lastname style addresses, but see +# This is useful to clean up addresses produced by +# legacy mail systems. It can also be used to pro- +# duce Firstname.Lastname style addresses, but see # below for a simpler solution. # # user address -# Replace user@site by address when site is equal to -# $myorigin, when site is listed in $mydestination, -# or when it is listed in $inet_interfaces or +# Replace user@site by address when site is equal to +# $myorigin, when site is listed in $mydestination, +# or when it is listed in $inet_interfaces or # $proxy_interfaces. # -# This form is useful for replacing login names by +# This form is useful for replacing login names by # Firstname.Lastname. # # @domain address @@ -107,10 +106,10 @@ # RESULT ADDRESS REWRITING # The lookup result is subject to address rewriting: # -# o When the result has the form @otherdomain, the +# o When the result has the form @otherdomain, the # result becomes the same user in otherdomain. # -# o When "append_at_myorigin=yes", append "@$myorigin" +# o When "append_at_myorigin=yes", append "@$myorigin" # to addresses without "@domain". # # o When "append_dot_mydomain=yes", append ".$mydomain" @@ -118,58 +117,58 @@ # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.2. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant. -# The text below provides only a parameter summary. See +# The following main.cf parameters are especially relevant. +# The text below provides only a parameter summary. See # postconf(5) for more details including examples. # # canonical_classes -# What addresses are subject to canonical address +# What addresses are subject to canonical address # mapping. # # canonical_maps @@ -184,26 +183,26 @@ # header sender addresses. # # propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, +# A list of address rewriting or forwarding mecha- +# nisms that propagate an address extension from the +# original address to the result. Specify zero or +# more of canonical, virtual, alias, forward, # include, or generic. # # Other parameters of interest: # # inet_interfaces -# The network interface addresses that this system +# The network interface addresses that this system # receives mail on. You need to stop and start Post- # fix when this parameter changes. # # local_header_rewrite_clients # Rewrite message header addresses in mail from these -# clients and update incomplete addresses with the +# clients and update incomplete addresses with the # domain name in $myorigin or $mydomain; either don't -# rewrite message headers from other clients at all, -# or rewrite message headers and update incomplete -# addresses with the domain specified in the +# rewrite message headers from other clients at all, +# or rewrite message headers and update incomplete +# addresses with the domain specified in the # remote_header_rewrite_domain parameter. # # proxy_interfaces @@ -212,20 +211,20 @@ # tor. # # masquerade_classes -# List of address classes subject to masquerading: -# zero or more of envelope_sender, envelope_recipi- +# List of address classes subject to masquerading: +# zero or more of envelope_sender, envelope_recipi- # ent, header_sender, header_recipient. # # masquerade_domains -# List of domains that hide their subdomain struc- +# List of domains that hide their subdomain struc- # ture. # # masquerade_exceptions -# List of user names that are not subject to address +# List of user names that are not subject to address # masquerading. # # mydestination -# List of domains that this mail system considers +# List of domains that this mail system considers # local. # # myorigin @@ -236,9 +235,9 @@ # addresses. # # remote_header_rewrite_domain -# Don't rewrite message headers from remote clients +# Don't rewrite message headers from remote clients # at all when this parameter is empty; otherwise, re- -# write message headers and append the specified +# write message headers and append the specified # domain name to incomplete addresses. # # SEE ALSO @@ -248,13 +247,13 @@ # virtual(5), virtual aliasing # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # ADDRESS_REWRITING_README, address rewriting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/conf/virtual b/postfix/conf/virtual index d6d1dc0e6..c26162787 100644 --- a/postfix/conf/virtual +++ b/postfix/conf/virtual @@ -34,62 +34,62 @@ # address can have its own mailbox. # # Virtual aliasing is applied only to recipient envelope -# addresses, and does not affect message headers. Think -# Sendmail rule set S0, if you like. Use canonical(5) map- -# ping to rewrite header and envelope addresses in general. +# addresses, and does not affect message headers. Use +# canonical(5) mapping to rewrite header and envelope +# addresses in general. # -# Normally, the virtual(5) alias table is specified as a -# text file that serves as input to the postmap(1) command. -# The result, an indexed file in dbm or db format, is used +# Normally, the virtual(5) alias table is specified as a +# text file that serves as input to the postmap(1) command. +# The result, an indexed file in dbm or db format, is used # for fast searching by the mail system. Execute the command -# "postmap /etc/postfix/virtual" in order to rebuild the +# "postmap /etc/postfix/virtual" in order to rebuild the # indexed file after changing the text file. # -# When the table is provided via other means such as NIS, -# LDAP or SQL, the same lookups are done as for ordinary +# When the table is provided via other means such as NIS, +# LDAP or SQL, the same lookups are done as for ordinary # indexed files. # -# Alternatively, the table can be provided as a regular- +# Alternatively, the table can be provided as a regular- # expression map where patterns are given as regular expres- -# sions, or lookups can be directed to TCP-based server. In -# that case, the lookups are done in a slightly different -# way as described below under "REGULAR EXPRESSION TABLES" +# sions, or lookups can be directed to TCP-based server. In +# that case, the lookups are done in a slightly different +# way as described below under "REGULAR EXPRESSION TABLES" # and "TCP-BASED TABLES". # # TABLE FORMAT # The input format for the postmap(1) command is as follows: # # pattern result -# When pattern matches a mail address, replace it by +# When pattern matches a mail address, replace it by # the corresponding result. # # blank lines and comments -# Empty lines and whitespace-only lines are ignored, -# as are lines whose first non-whitespace character +# Empty lines and whitespace-only lines are ignored, +# as are lines whose first non-whitespace character # is a `#'. # # multi-line text -# A logical line starts with non-whitespace text. A -# line that starts with whitespace continues a logi- +# A logical line starts with non-whitespace text. A +# line that starts with whitespace continues a logi- # cal line. # # TABLE SEARCH ORDER # With lookups from indexed files such as DB or DBM, or from -# networked tables such as NIS, LDAP or SQL, patterns are +# networked tables such as NIS, LDAP or SQL, patterns are # tried in the order as listed below: # # user@domain address, address, ... -# Redirect mail for user@domain to address. This +# Redirect mail for user@domain to address. This # form has the highest precedence. # # user address, address, ... # Redirect mail for user@site to address when site is -# equal to $myorigin, when site is listed in $mydes- -# tination, or when it is listed in $inet_interfaces +# equal to $myorigin, when site is listed in $mydes- +# tination, or when it is listed in $inet_interfaces # or $proxy_interfaces. # -# This functionality overlaps with functionality of -# the local aliases(5) database. The difference is +# This functionality overlaps with functionality of +# the local aliases(5) database. The difference is # that virtual(5) mapping can be applied to non-local # addresses. # @@ -100,12 +100,12 @@ # RESULT ADDRESS REWRITING # The lookup result is subject to address rewriting: # -# o When the result has the form @otherdomain, the -# result becomes the same user in otherdomain. This +# o When the result has the form @otherdomain, the +# result becomes the same user in otherdomain. This # works only for the first address in a multi-address # lookup result. # -# o When "append_at_myorigin=yes", append "@$myorigin" +# o When "append_at_myorigin=yes", append "@$myorigin" # to addresses without "@domain". # # o When "append_dot_mydomain=yes", append ".$mydomain" @@ -113,29 +113,29 @@ # # ADDRESS EXTENSION # When a mail address localpart contains the optional recip- -# ient delimiter (e.g., user+foo@domain), the lookup order +# ient delimiter (e.g., user+foo@domain), the lookup order # becomes: user+foo@domain, user@domain, user+foo, user, and # @domain. # -# The propagate_unmatched_extensions parameter controls -# whether an unmatched address extension (+foo) is propa- +# The propagate_unmatched_extensions parameter controls +# whether an unmatched address extension (+foo) is propa- # gated to the result of table lookup. # # VIRTUAL ALIAS DOMAINS -# Besides virtual aliases, the virtual alias table can also +# Besides virtual aliases, the virtual alias table can also # be used to implement virtual alias domains. With a virtual -# alias domain, all recipient addresses are aliased to +# alias domain, all recipient addresses are aliased to # addresses in other domains. # # Virtual alias domains are not to be confused with the vir- # tual mailbox domains that are implemented with the Postfix # virtual(8) mail delivery agent. With virtual mailbox -# domains, each recipient address can have its own mailbox. +# domains, each recipient address can have its own mailbox. # -# With a virtual alias domain, the virtual domain has its -# own user name space. Local (i.e. non-virtual) usernames -# are not visible in a virtual alias domain. In particular, -# local aliases(5) and local mailing lists are not visible +# With a virtual alias domain, the virtual domain has its +# own user name space. Local (i.e. non-virtual) usernames +# are not visible in a virtual alias domain. In particular, +# local aliases(5) and local mailing lists are not visible # as localname@virtual-alias.domain. # # Support for a virtual alias domain looks like: @@ -143,8 +143,8 @@ # /etc/postfix/main.cf: # virtual_alias_maps = hash:/etc/postfix/virtual # -# Note: some systems use dbm databases instead of hash. -# See the output from "postconf -m" for available data- +# Note: some systems use dbm databases instead of hash. +# See the output from "postconf -m" for available data- # base types. # # /etc/postfix/virtual: @@ -153,95 +153,95 @@ # user1@virtual-alias.domain address1 # user2@virtual-alias.domain address2, address3 # -# The virtual-alias.domain anything entry is required for a +# The virtual-alias.domain anything entry is required for a # virtual alias domain. Without this entry, mail is rejected -# with "relay access denied", or bounces with "mail loops +# with "relay access denied", or bounces with "mail loops # back to myself". # -# Do not specify virtual alias domain names in the main.cf +# Do not specify virtual alias domain names in the main.cf # mydestination or relay_domains configuration parameters. # -# With a virtual alias domain, the Postfix SMTP server -# accepts mail for known-user@virtual-alias.domain, and -# rejects mail for unknown-user@virtual-alias.domain as +# With a virtual alias domain, the Postfix SMTP server +# accepts mail for known-user@virtual-alias.domain, and +# rejects mail for unknown-user@virtual-alias.domain as # undeliverable. # -# Instead of specifying the virtual alias domain name via -# the virtual_alias_maps table, you may also specify it via +# Instead of specifying the virtual alias domain name via +# the virtual_alias_maps table, you may also specify it via # the main.cf virtual_alias_domains configuration parameter. -# This latter parameter uses the same syntax as the main.cf +# This latter parameter uses the same syntax as the main.cf # mydestination configuration parameter. # # REGULAR EXPRESSION TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # the table is given in the form of regular expressions. For -# a description of regular expression lookup table syntax, +# a description of regular expression lookup table syntax, # see regexp_table(5) or pcre_table(5). # -# Each pattern is a regular expression that is applied to +# Each pattern is a regular expression that is applied to # the entire address being looked up. Thus, user@domain mail -# addresses are not broken up into their user and @domain +# addresses are not broken up into their user and @domain # constituent parts, nor is user+foo broken up into user and # foo. # -# Patterns are applied in the order as specified in the ta- -# ble, until a pattern is found that matches the search +# Patterns are applied in the order as specified in the ta- +# ble, until a pattern is found that matches the search # string. # -# Results are the same as with indexed file lookups, with -# the additional feature that parenthesized substrings from +# Results are the same as with indexed file lookups, with +# the additional feature that parenthesized substrings from # the pattern can be interpolated as $1, $2 and so on. # # TCP-BASED TABLES -# This section describes how the table lookups change when +# This section describes how the table lookups change when # lookups are directed to a TCP-based server. For a descrip- # tion of the TCP client/server lookup protocol, see tcp_ta- # ble(5). This feature is not available up to and including # Postfix version 2.2. # # Each lookup operation uses the entire address once. Thus, -# user@domain mail addresses are not broken up into their +# user@domain mail addresses are not broken up into their # user and @domain constituent parts, nor is user+foo broken # up into user and foo. # # Results are the same as with indexed file lookups. # # BUGS -# The table format does not understand quoting conventions. +# The table format does not understand quoting conventions. # # CONFIGURATION PARAMETERS -# The following main.cf parameters are especially relevant -# to this topic. See the Postfix main.cf file for syntax -# details and for default values. Use the "postfix reload" +# The following main.cf parameters are especially relevant +# to this topic. See the Postfix main.cf file for syntax +# details and for default values. Use the "postfix reload" # command after a configuration change. # # virtual_alias_maps # List of virtual aliasing tables. # # virtual_alias_domains -# List of virtual alias domains. This uses the same +# List of virtual alias domains. This uses the same # syntax as the mydestination parameter. # # propagate_unmatched_extensions -# A list of address rewriting or forwarding mecha- -# nisms that propagate an address extension from the -# original address to the result. Specify zero or -# more of canonical, virtual, alias, forward, +# A list of address rewriting or forwarding mecha- +# nisms that propagate an address extension from the +# original address to the result. Specify zero or +# more of canonical, virtual, alias, forward, # include, or generic. # # Other parameters of interest: # # inet_interfaces -# The network interface addresses that this system +# The network interface addresses that this system # receives mail on. You need to stop and start Post- # fix when this parameter changes. # # mydestination -# List of domains that this mail system considers +# List of domains that this mail system considers # local. # # myorigin -# The domain that is appended to any address that +# The domain that is appended to any address that # does not have a domain. # # owner_request_special @@ -260,14 +260,14 @@ # canonical(5), canonical address mapping # # README FILES -# Use "postconf readme_directory" or "postconf html_direc- +# Use "postconf readme_directory" or "postconf html_direc- # tory" to locate this information. # DATABASE_README, Postfix lookup table overview # ADDRESS_REWRITING_README, address rewriting guide # VIRTUAL_README, domain hosting guide # # LICENSE -# The Secure Mailer license must be distributed with this +# The Secure Mailer license must be distributed with this # software. # # AUTHOR(S) diff --git a/postfix/html/DSN_README.html b/postfix/html/DSN_README.html index 12a904202..41c529113 100644 --- a/postfix/html/DSN_README.html +++ b/postfix/html/DSN_README.html @@ -139,7 +139,7 @@ as discussed in the next section.

Postfix VERP support compatibility

-

With Postfix versions before 2.3, the sendmail(1) commands uses +

With Postfix versions before 2.3, the sendmail(1) command uses the -V command-line option to request VERP-style delivery. In order to request VERP style delivery with Postfix 2.3 and later, you must specify -XV instead of -V.

diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html index 536fd638c..4b7463630 100644 --- a/postfix/html/IPV6_README.html +++ b/postfix/html/IPV6_README.html @@ -30,7 +30,8 @@ between these implementations.

addresses instead of the 32-bit addresses used by IPv4. It can therefore accommodate a much larger number of hosts and networks without ugly kluges such as NAT. A side benefit of the much larger -address space is that it makes network scanning unpractical.

+address space is that it makes random network scanning unpractical. +

Postfix uses the same SMTP protocol over IPv6 as it already uses over the older IPv4 network, and does AAAA record lookups in diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html index d5c9d4dd8..e7cf78a7a 100644 --- a/postfix/html/canonical.5.html +++ b/postfix/html/canonical.5.html @@ -43,67 +43,66 @@ CANONICAL(5) CANONICAL(5) By default the canonical(5) mapping affects both message header addresses (i.e. addresses that appear inside mes- sages) and message envelope addresses (for example, the - addresses that are used in SMTP protocol commands). Think - Sendmail rule set S3, if you like. This is controlled - with the canonical_classes parameter. + addresses that are used in SMTP protocol commands). This + is controlled with the canonical_classes parameter. NOTE: Postfix versions 2.2 and later rewrite message head- - ers from remote SMTP clients only if the client matches + ers from remote SMTP clients only if the client matches the local_header_rewrite_clients parameter, or if the remote_header_rewrite_domain configuration parameter spec- - ifies a non-empty value. To get the behavior before Post- - fix 2.2, specify "local_header_rewrite_clients = + ifies a non-empty value. To get the behavior before Post- + fix 2.2, specify "local_header_rewrite_clients = static:all". Typically, one would use the canonical(5) table to replace - login names by Firstname.Lastname, or to clean up + login names by Firstname.Lastname, or to clean up addresses produced by legacy mail systems. - The canonical(5) mapping is not to be confused with vir- - tual domain support. Use the virtual(5) map for that pur- + The canonical(5) mapping is not to be confused with vir- + tual domain support. Use the virtual(5) map for that pur- pose. - The canonical(5) mapping is not to be confused with local + The canonical(5) mapping is not to be confused with local aliasing. Use the aliases(5) map for that purpose. TABLE FORMAT The input format for the postmap(1) command is as follows: pattern result - When pattern matches a mail address, replace it by + When pattern matches a mail address, replace it by the corresponding result. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character + Empty lines and whitespace-only lines are ignored, + as are lines whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- + A logical line starts with non-whitespace text. A + line that starts with whitespace continues a logi- cal line. TABLE SEARCH ORDER With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are + networked tables such as NIS, LDAP or SQL, patterns are tried in the order as listed below: user@domain address - Replace user@domain by address. This form has the + Replace user@domain by address. This form has the highest precedence. - This is useful to clean up addresses produced by - legacy mail systems. It can also be used to pro- - duce Firstname.Lastname style addresses, but see + This is useful to clean up addresses produced by + legacy mail systems. It can also be used to pro- + duce Firstname.Lastname style addresses, but see below for a simpler solution. user address - Replace user@site by address when site is equal to - $myorigin, when site is listed in $mydestination, - or when it is listed in $inet_interfaces or + Replace user@site by address when site is equal to + $myorigin, when site is listed in $mydestination, + or when it is listed in $inet_interfaces or $proxy_interfaces. - This form is useful for replacing login names by + This form is useful for replacing login names by Firstname.Lastname. @domain address @@ -113,10 +112,10 @@ CANONICAL(5) CANONICAL(5) RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the + o When the result has the form @otherdomain, the result becomes the same user in otherdomain. - o When "append_at_myorigin=yes", append "@$myorigin" + o When "append_at_myorigin=yes", append "@$myorigin" to addresses without "@domain". o When "append_dot_mydomain=yes", append ".$mydomain" @@ -124,58 +123,58 @@ CANONICAL(5) CANONICAL(5) ADDRESS EXTENSION When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order + ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- + The propagate_unmatched_extensions parameter controls + whether an unmatched address extension (+foo) is propa- gated to the result of table lookup. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain + addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search + Patterns are applied in the order as specified in the ta- + ble, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when lookups are directed to a TCP-based server. For a descrip- tion of the TCP client/server lookup protocol, see tcp_ta- ble(5). This feature is not available up to and including Postfix version 2.2. Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant. - The text below provides only a parameter summary. See + The following main.cf parameters are especially relevant. + The text below provides only a parameter summary. See postconf(5) for more details including examples. canonical_classes - What addresses are subject to canonical address + What addresses are subject to canonical address mapping. canonical_maps @@ -190,26 +189,26 @@ CANONICAL(5) CANONICAL(5) header sender addresses. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, + A list of address rewriting or forwarding mecha- + nisms that propagate an address extension from the + original address to the result. Specify zero or + more of canonical, virtual, alias, forward, include, or generic. Other parameters of interest: inet_interfaces - The network interface addresses that this system + The network interface addresses that this system receives mail on. You need to stop and start Post- fix when this parameter changes. local_header_rewrite_clients Rewrite message header addresses in mail from these - clients and update incomplete addresses with the + clients and update incomplete addresses with the domain name in $myorigin or $mydomain; either don't - rewrite message headers from other clients at all, - or rewrite message headers and update incomplete - addresses with the domain specified in the + rewrite message headers from other clients at all, + or rewrite message headers and update incomplete + addresses with the domain specified in the remote_header_rewrite_domain parameter. proxy_interfaces @@ -218,20 +217,20 @@ CANONICAL(5) CANONICAL(5) tor. masquerade_classes - List of address classes subject to masquerading: - zero or more of envelope_sender, envelope_recipi- + List of address classes subject to masquerading: + zero or more of envelope_sender, envelope_recipi- ent, header_sender, header_recipient. masquerade_domains - List of domains that hide their subdomain struc- + List of domains that hide their subdomain struc- ture. masquerade_exceptions - List of user names that are not subject to address + List of user names that are not subject to address masquerading. mydestination - List of domains that this mail system considers + List of domains that this mail system considers local. myorigin @@ -242,9 +241,9 @@ CANONICAL(5) CANONICAL(5) addresses. remote_header_rewrite_domain - Don't rewrite message headers from remote clients + Don't rewrite message headers from remote clients at all when this parameter is empty; otherwise, re- - write message headers and append the specified + write message headers and append the specified domain name to incomplete addresses. SEE ALSO @@ -258,7 +257,7 @@ CANONICAL(5) CANONICAL(5) ADDRESS_REWRITING_README, address rewriting guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/html/cleanup.8.html b/postfix/html/cleanup.8.html index 5597966f6..a0b5b8964 100644 --- a/postfix/html/cleanup.8.html +++ b/postfix/html/cleanup.8.html @@ -125,6 +125,16 @@ CLEANUP(8) CLEANUP(8) non-MIME message headers in attached messages, as described in the header_checks(5) manual page. + Available in Postfix version 2.3 and later: + + message_reject_characters (empty) + The set of characters that Postfix will reject in + message content. + + message_strip_characters (empty) + The set of characters that Postfix will remove from + message content. + MIME PROCESSING CONTROLS Available in Postfix version 2.0 and later: diff --git a/postfix/html/ldap_table.5.html b/postfix/html/ldap_table.5.html index 768dabb4a..e03a2ef57 100644 --- a/postfix/html/ldap_table.5.html +++ b/postfix/html/ldap_table.5.html @@ -324,58 +324,60 @@ LDAP_TABLE(5) LDAP_TABLE(5) NOTE: DO NOT define this parameter for local(8) aliases. + This feature is available in Postfix 2.1 and later. + result_attribute (default: maildrop) - The attribute(s) Postfix will read from any direc- + The attribute(s) Postfix will read from any direc- tory entries returned by the lookup, to be resolved to an email address. result_attribute = mailbox, maildrop special_result_attribute (No default) The attribute(s) of directory entries that can con- - tain DNs or URLs. If found, a recursive subsequent + tain DNs or URLs. If found, a recursive subsequent search is done using their values. special_result_attribute = member - DN recursion retrieves the same result_attributes + DN recursion retrieves the same result_attributes as the main query, including the special attributes - for further recursion. URI processing retrieves - only those attributes that are included in the URI - definition and are *also* listed in - "result_attribute". If the URI lists any of the - map's special result attributes, these are also + for further recursion. URI processing retrieves + only those attributes that are included in the URI + definition and are *also* listed in + "result_attribute". If the URI lists any of the + map's special result attributes, these are also retrieved and used recursively. scope (default: sub) - The LDAP search scope: sub, base, or one. These + The LDAP search scope: sub, base, or one. These translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, and LDAP_SCOPE_ONELEVEL. bind (default: yes) - Whether or not to bind to the LDAP server. Newer + Whether or not to bind to the LDAP server. Newer LDAP implementations don't require clients to bind, which saves time. Example: bind = no - If you do need to bind, you might consider config- - uring Postfix to connect to the local machine on a - port that's an SSL tunnel to your LDAP server. If - your LDAP server doesn't natively support SSL, put + If you do need to bind, you might consider config- + uring Postfix to connect to the local machine on a + port that's an SSL tunnel to your LDAP server. If + your LDAP server doesn't natively support SSL, put a tunnel (wrapper, proxy, whatever you want to call - it) on that system too. This should prevent the - password from traversing the network in the clear. + it) on that system too. This should prevent the + password from traversing the network in the clear. bind_dn (default: empty) - If you do have to bind, do it with this distin- + If you do have to bind, do it with this distin- guished name. Example: bind_dn = uid=postfix, dc=your, dc=com bind_pw (default: empty) - The password for the distinguished name above. If + The password for the distinguished name above. If you have to use this, you probably want to make the map configuration file readable only by the Postfix - user. When using the obsolete ldap:ldapsource syn- + user. When using the obsolete ldap:ldapsource syn- tax, with map parameters in main.cf, it is not pos- - sible to securely store the bind password. This is + sible to securely store the bind password. This is because main.cf needs to be world readable to allow local accounts to submit mail via the sendmail com- mand. Example: @@ -386,43 +388,43 @@ LDAP_TABLE(5) LDAP_TABLE(5) cache_expiry (IGNORED with a warning) cache_size (IGNORED with a warning) - The above parameters are NO LONGER SUPPORTED by + The above parameters are NO LONGER SUPPORTED by Postfix. Cache support has been dropped from OpenLDAP as of release 2.1.13. recursion_limit (default: 1000) - A limit on the nesting depth of DN and URL special - result attribute evaluation. The limit must be a + A limit on the nesting depth of DN and URL special + result attribute evaluation. The limit must be a non-zero positive number. expansion_limit (default: 0) - A limit on the total number of result elements - returned (as a comma separated list) by a lookup - against the map. A setting of zero disables the - limit. Lookups fail with a temporary error if the - limit is exceeded. Setting the limit to 1 ensures + A limit on the total number of result elements + returned (as a comma separated list) by a lookup + against the map. A setting of zero disables the + limit. Lookups fail with a temporary error if the + limit is exceeded. Setting the limit to 1 ensures that lookups do not return multiple values. size_limit (default: $expansion_limit) - A limit on the number of LDAP entries returned by - any single LDAP search performed as part of the - lookup. A setting of 0 disables the limit. Expan- - sion of DN and URL references involves nested LDAP - queries, each of which is separately subjected to + A limit on the number of LDAP entries returned by + any single LDAP search performed as part of the + lookup. A setting of 0 disables the limit. Expan- + sion of DN and URL references involves nested LDAP + queries, each of which is separately subjected to this limit. - Note: even a single LDAP entry can generate multi- - ple lookup results, via multiple result attributes - and/or multi-valued result attributes. This limit - caps the per search resource utilization on the - LDAP server, not the final multiplicity of the - lookup result. It is analogous to the "-z" option + Note: even a single LDAP entry can generate multi- + ple lookup results, via multiple result attributes + and/or multi-valued result attributes. This limit + caps the per search resource utilization on the + LDAP server, not the final multiplicity of the + lookup result. It is analogous to the "-z" option of "ldapsearch". dereference (default: 0) - When to dereference LDAP aliases. (Note that this + When to dereference LDAP aliases. (Note that this has nothing do with Postfix aliases.) The permitted - values are those legal for the OpenLDAP/UM LDAP + values are those legal for the OpenLDAP/UM LDAP implementations: 0 never @@ -434,99 +436,99 @@ LDAP_TABLE(5) LDAP_TABLE(5) 3 always See ldap.h or the ldap_open(3) or ldapsearch(1) man - pages for more information. And if you're using an + pages for more information. And if you're using an LDAP package that has other possible values, please - bring it to the attention of the postfix- + bring it to the attention of the postfix- users@postfix.org mailing list. chase_referrals (default: 0) - Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP + Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP version 3 support). version (default: 2) Specifies the LDAP protocol version to use. debuglevel (default: 0) - What level to set for debugging in the OpenLDAP + What level to set for debugging in the OpenLDAP libraries. LDAP SSL AND STARTTLS PARAMETERS - If you're using the OpenLDAP libraries compiled with SSL - support, Postfix can connect to LDAP SSL servers and can + If you're using the OpenLDAP libraries compiled with SSL + support, Postfix can connect to LDAP SSL servers and can issue the STARTTLS command. - LDAP SSL service can be requested by using a LDAP SSL URL + LDAP SSL service can be requested by using a LDAP SSL URL in the server_host parameter: server_host = ldaps://ldap.example.com:636 STARTTLS can be turned on with the start_tls parameter: start_tls = yes - Both forms require LDAP protocol version 3, which has to + Both forms require LDAP protocol version 3, which has to be set explicitly with: version = 3 If any of the Postfix programs querying the map is config- - ured in master.cf to run chrooted, all the certificates + ured in master.cf to run chrooted, all the certificates and keys involved have to be copied to the chroot jail. Of - course, the private keys should only be readable by the + course, the private keys should only be readable by the user "postfix". - The following parameters are relevant to LDAP SSL and + The following parameters are relevant to LDAP SSL and STARTTLS: start_tls (default: no) Whether or not to issue STARTTLS upon connection to - the server. Don't set this with LDAP SSL (the SSL + the server. Don't set this with LDAP SSL (the SSL session is setup automatically when the TCP connec- tion is opened). - tls_ca_cert_dir (No default; set either this or + tls_ca_cert_dir (No default; set either this or tls_ca_cert_file) Directory containing X509 Certificate Authority - certificates in PEM format which are to be recog- - nized by the client in SSL/TLS connections. The - files each contain one CA certificate. The files - are looked up by the CA subject name hash value, - which must hence be available. If more than one CA - certificate with the same name hash value exist, - the extension must be different (e.g. 9d66eef0.0, - 9d66eef0.1 etc). The search is performed in the - ordering of the extension number, regardless of + certificates in PEM format which are to be recog- + nized by the client in SSL/TLS connections. The + files each contain one CA certificate. The files + are looked up by the CA subject name hash value, + which must hence be available. If more than one CA + certificate with the same name hash value exist, + the extension must be different (e.g. 9d66eef0.0, + 9d66eef0.1 etc). The search is performed in the + ordering of the extension number, regardless of other properties of the certificates. Use the c_rehash utility (from the OpenSSL distribution) to create the necessary links. - tls_ca_cert_file (No default; set either this or + tls_ca_cert_file (No default; set either this or tls_ca_cert_dir) File containing the X509 Certificate Authority cer- - tificates in PEM format which are to be recognized - by the client in SSL/TLS connections. This setting + tificates in PEM format which are to be recognized + by the client in SSL/TLS connections. This setting takes precedence over tls_ca_cert_dir. tls_cert (No default; you must set this) - File containing client's X509 certificate to be + File containing client's X509 certificate to be used by the client in SSL/ TLS connections. tls_key (No default; you must set this) - File containing the private key corresponding to + File containing the private key corresponding to the above tls_cert. tls_require_cert (default: no) Whether or not to request server's X509 certificate - and check its validity when establishing SSL/TLS + and check its validity when establishing SSL/TLS connections. tls_random_file (No default) - Path of a file to obtain random bits from when - /dev/[u]random is not available, to be used by the + Path of a file to obtain random bits from when + /dev/[u]random is not available, to be used by the client in SSL/TLS connections. tls_cipher_suite (No default) Cipher suite to use in SSL/TLS negotiations. EXAMPLE - Here's a basic example for using LDAP to look up local(8) + Here's a basic example for using LDAP to look up local(8) aliases. Assume that in main.cf, you have: alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf @@ -535,14 +537,14 @@ LDAP_TABLE(5) LDAP_TABLE(5) server_host = ldap.my.com search_base = dc=my, dc=com - Upon receiving mail for a local address "ldapuser" that - isn't found in the /etc/aliases database, Postfix will - search the LDAP server listening at port 389 on - ldap.my.com. It will bind anonymously, search for any - directory entries whose mailacceptinggeneralid attribute - is "ldapuser", read the "maildrop" attributes of those - found, and build a list of their maildrops, which will be - treated as RFC822 addresses to which the message will be + Upon receiving mail for a local address "ldapuser" that + isn't found in the /etc/aliases database, Postfix will + search the LDAP server listening at port 389 on + ldap.my.com. It will bind anonymously, search for any + directory entries whose mailacceptinggeneralid attribute + is "ldapuser", read the "maildrop" attributes of those + found, and build a list of their maildrops, which will be + treated as RFC822 addresses to which the message will be delivered. SEE ALSO @@ -556,13 +558,13 @@ LDAP_TABLE(5) LDAP_TABLE(5) LDAP_README, Postfix LDAP client guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) - Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith - Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike - Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu, + Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith + Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike + Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu, Victor Duchovni, and many others. LDAP_TABLE(5) diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 3da5f89e0..f3ed03826 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4110,6 +4110,25 @@ Specify 0 when mail delivery should be tried only once.

+ + +
message_reject_characters +(default: empty)
+ +

The set of characters that Postfix will reject in message +content. The usual C-like escape sequences are recognized: \a +\b \f \n \r \t \v \ddd (up to three octal digits) and +\\.

+ +

Example:

+ +
+message_reject_characters = \0
+
+ +

This feature is available in Postfix 2.3 and later.

+ +
message_size_limit @@ -4120,6 +4139,25 @@ The maximal size in bytes of a message, including envelope information.

+ + +
message_strip_characters +(default: empty)
+ +

The set of characters that Postfix will remove from message +content. The usual C-like escape sequences are recognized: \a +\b \f \n \r \t \v \ddd (up to three octal digits) and +\\.

+ +

Example:

+ +
+message_strip_characters = \0
+
+ +

This feature is available in Postfix 2.3 and later.

+ +
mime_boundary_length_limit @@ -7938,12 +7976,18 @@ The proxy receives all mail from the Postfix SMTP server, and is supposed to give the result to another Postfix SMTP server process.

-

Specify host:port. The host can be specified as an IP address -or as a symbolic name; no MX lookups are done. When no host or -host: are specified, the local machine is assumed.

+

Specify "host:port" or "inet:host:port" for a TCP endpoint, or +"unix:pathname" for a UNIX-domain endpoint. The host can be specified +as an IP address or as a symbolic name; no MX lookups are done. +When no "host" or "host:" are specified, the local machine is +assumed. Pathname interpretation is relative to the Postfix queue +directory.

This feature is available in Postfix 2.1 and later.

+

The "inet:" and "unix:" prefixes are available in Postfix 2.3 +and later.

+ diff --git a/postfix/html/virtual.5.html b/postfix/html/virtual.5.html index 1c20d4fb5..528d96a96 100644 --- a/postfix/html/virtual.5.html +++ b/postfix/html/virtual.5.html @@ -40,62 +40,62 @@ VIRTUAL(5) VIRTUAL(5) address can have its own mailbox. Virtual aliasing is applied only to recipient envelope - addresses, and does not affect message headers. Think - Sendmail rule set S0, if you like. Use canonical(5) map- - ping to rewrite header and envelope addresses in general. + addresses, and does not affect message headers. Use + canonical(5) mapping to rewrite header and envelope + addresses in general. - Normally, the virtual(5) alias table is specified as a - text file that serves as input to the postmap(1) command. - The result, an indexed file in dbm or db format, is used + Normally, the virtual(5) alias table is specified as a + text file that serves as input to the postmap(1) command. + The result, an indexed file in dbm or db format, is used for fast searching by the mail system. Execute the command - "postmap /etc/postfix/virtual" in order to rebuild the + "postmap /etc/postfix/virtual" in order to rebuild the indexed file after changing the text file. - When the table is provided via other means such as NIS, - LDAP or SQL, the same lookups are done as for ordinary + When the table is provided via other means such as NIS, + LDAP or SQL, the same lookups are done as for ordinary indexed files. - Alternatively, the table can be provided as a regular- + Alternatively, the table can be provided as a regular- expression map where patterns are given as regular expres- - sions, or lookups can be directed to TCP-based server. In - that case, the lookups are done in a slightly different - way as described below under "REGULAR EXPRESSION TABLES" + sions, or lookups can be directed to TCP-based server. In + that case, the lookups are done in a slightly different + way as described below under "REGULAR EXPRESSION TABLES" and "TCP-BASED TABLES". TABLE FORMAT The input format for the postmap(1) command is as follows: pattern result - When pattern matches a mail address, replace it by + When pattern matches a mail address, replace it by the corresponding result. blank lines and comments - Empty lines and whitespace-only lines are ignored, - as are lines whose first non-whitespace character + Empty lines and whitespace-only lines are ignored, + as are lines whose first non-whitespace character is a `#'. multi-line text - A logical line starts with non-whitespace text. A - line that starts with whitespace continues a logi- + A logical line starts with non-whitespace text. A + line that starts with whitespace continues a logi- cal line. TABLE SEARCH ORDER With lookups from indexed files such as DB or DBM, or from - networked tables such as NIS, LDAP or SQL, patterns are + networked tables such as NIS, LDAP or SQL, patterns are tried in the order as listed below: user@domain address, address, ... - Redirect mail for user@domain to address. This + Redirect mail for user@domain to address. This form has the highest precedence. user address, address, ... Redirect mail for user@site to address when site is - equal to $myorigin, when site is listed in $mydes- - tination, or when it is listed in $inet_interfaces + equal to $myorigin, when site is listed in $mydes- + tination, or when it is listed in $inet_interfaces or $proxy_interfaces. - This functionality overlaps with functionality of - the local aliases(5) database. The difference is + This functionality overlaps with functionality of + the local aliases(5) database. The difference is that virtual(5) mapping can be applied to non-local addresses. @@ -106,12 +106,12 @@ VIRTUAL(5) VIRTUAL(5) RESULT ADDRESS REWRITING The lookup result is subject to address rewriting: - o When the result has the form @otherdomain, the - result becomes the same user in otherdomain. This + o When the result has the form @otherdomain, the + result becomes the same user in otherdomain. This works only for the first address in a multi-address lookup result. - o When "append_at_myorigin=yes", append "@$myorigin" + o When "append_at_myorigin=yes", append "@$myorigin" to addresses without "@domain". o When "append_dot_mydomain=yes", append ".$mydomain" @@ -119,29 +119,29 @@ VIRTUAL(5) VIRTUAL(5) ADDRESS EXTENSION When a mail address localpart contains the optional recip- - ient delimiter (e.g., user+foo@domain), the lookup order + ient delimiter (e.g., user+foo@domain), the lookup order becomes: user+foo@domain, user@domain, user+foo, user, and @domain. - The propagate_unmatched_extensions parameter controls - whether an unmatched address extension (+foo) is propa- + The propagate_unmatched_extensions parameter controls + whether an unmatched address extension (+foo) is propa- gated to the result of table lookup. VIRTUAL ALIAS DOMAINS - Besides virtual aliases, the virtual alias table can also + Besides virtual aliases, the virtual alias table can also be used to implement virtual alias domains. With a virtual - alias domain, all recipient addresses are aliased to + alias domain, all recipient addresses are aliased to addresses in other domains. Virtual alias domains are not to be confused with the vir- tual mailbox domains that are implemented with the Postfix virtual(8) mail delivery agent. With virtual mailbox - domains, each recipient address can have its own mailbox. + domains, each recipient address can have its own mailbox. - With a virtual alias domain, the virtual domain has its - own user name space. Local (i.e. non-virtual) usernames - are not visible in a virtual alias domain. In particular, - local aliases(5) and local mailing lists are not visible + With a virtual alias domain, the virtual domain has its + own user name space. Local (i.e. non-virtual) usernames + are not visible in a virtual alias domain. In particular, + local aliases(5) and local mailing lists are not visible as localname@virtual-alias.domain. Support for a virtual alias domain looks like: @@ -149,8 +149,8 @@ VIRTUAL(5) VIRTUAL(5) /etc/postfix/main.cf: virtual_alias_maps = hash:/etc/postfix/virtual - Note: some systems use dbm databases instead of hash. - See the output from "postconf -m" for available data- + Note: some systems use dbm databases instead of hash. + See the output from "postconf -m" for available data- base types. /etc/postfix/virtual: @@ -159,95 +159,95 @@ VIRTUAL(5) VIRTUAL(5) user1@virtual-alias.domain address1 user2@virtual-alias.domain address2, address3 - The virtual-alias.domain anything entry is required for a + The virtual-alias.domain anything entry is required for a virtual alias domain. Without this entry, mail is rejected - with "relay access denied", or bounces with "mail loops + with "relay access denied", or bounces with "mail loops back to myself". - Do not specify virtual alias domain names in the main.cf + Do not specify virtual alias domain names in the main.cf mydestination or relay_domains configuration parameters. - With a virtual alias domain, the Postfix SMTP server - accepts mail for known-user@virtual-alias.domain, and - rejects mail for unknown-user@virtual-alias.domain as + With a virtual alias domain, the Postfix SMTP server + accepts mail for known-user@virtual-alias.domain, and + rejects mail for unknown-user@virtual-alias.domain as undeliverable. - Instead of specifying the virtual alias domain name via - the virtual_alias_maps table, you may also specify it via + Instead of specifying the virtual alias domain name via + the virtual_alias_maps table, you may also specify it via the main.cf virtual_alias_domains configuration parameter. - This latter parameter uses the same syntax as the main.cf + This latter parameter uses the same syntax as the main.cf mydestination configuration parameter. REGULAR EXPRESSION TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when the table is given in the form of regular expressions. For - a description of regular expression lookup table syntax, + a description of regular expression lookup table syntax, see regexp_table(5) or pcre_table(5). - Each pattern is a regular expression that is applied to + Each pattern is a regular expression that is applied to the entire address being looked up. Thus, user@domain mail - addresses are not broken up into their user and @domain + addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. - Patterns are applied in the order as specified in the ta- - ble, until a pattern is found that matches the search + Patterns are applied in the order as specified in the ta- + ble, until a pattern is found that matches the search string. - Results are the same as with indexed file lookups, with - the additional feature that parenthesized substrings from + Results are the same as with indexed file lookups, with + the additional feature that parenthesized substrings from the pattern can be interpolated as $1, $2 and so on. TCP-BASED TABLES - This section describes how the table lookups change when + This section describes how the table lookups change when lookups are directed to a TCP-based server. For a descrip- tion of the TCP client/server lookup protocol, see tcp_ta- ble(5). This feature is not available up to and including Postfix version 2.2. Each lookup operation uses the entire address once. Thus, - user@domain mail addresses are not broken up into their + user@domain mail addresses are not broken up into their user and @domain constituent parts, nor is user+foo broken up into user and foo. Results are the same as with indexed file lookups. BUGS - The table format does not understand quoting conventions. + The table format does not understand quoting conventions. CONFIGURATION PARAMETERS - The following main.cf parameters are especially relevant - to this topic. See the Postfix main.cf file for syntax - details and for default values. Use the "postfix reload" + The following main.cf parameters are especially relevant + to this topic. See the Postfix main.cf file for syntax + details and for default values. Use the "postfix reload" command after a configuration change. virtual_alias_maps List of virtual aliasing tables. virtual_alias_domains - List of virtual alias domains. This uses the same + List of virtual alias domains. This uses the same syntax as the mydestination parameter. propagate_unmatched_extensions - A list of address rewriting or forwarding mecha- - nisms that propagate an address extension from the - original address to the result. Specify zero or - more of canonical, virtual, alias, forward, + A list of address rewriting or forwarding mecha- + nisms that propagate an address extension from the + original address to the result. Specify zero or + more of canonical, virtual, alias, forward, include, or generic. Other parameters of interest: inet_interfaces - The network interface addresses that this system + The network interface addresses that this system receives mail on. You need to stop and start Post- fix when this parameter changes. mydestination - List of domains that this mail system considers + List of domains that this mail system considers local. myorigin - The domain that is appended to any address that + The domain that is appended to any address that does not have a domain. owner_request_special @@ -271,7 +271,7 @@ VIRTUAL(5) VIRTUAL(5) VIRTUAL_README, domain hosting guide LICENSE - The Secure Mailer license must be distributed with this + The Secure Mailer license must be distributed with this software. AUTHOR(S) diff --git a/postfix/man/man5/canonical.5 b/postfix/man/man5/canonical.5 index 4cf4253c5..13709663d 100644 --- a/postfix/man/man5/canonical.5 +++ b/postfix/man/man5/canonical.5 @@ -40,8 +40,7 @@ done in a slightly different way as described below under By default the \fBcanonical\fR(5) mapping affects both message header addresses (i.e. addresses that appear inside messages) and message envelope addresses (for example, the addresses -that are used in SMTP protocol commands). Think Sendmail -rule set \fBS3\fR, if you like. This is controlled with +that are used in SMTP protocol commands). This is controlled with the \fBcanonical_classes\fR parameter. NOTE: Postfix versions 2.2 and later rewrite message headers diff --git a/postfix/man/man5/ldap_table.5 b/postfix/man/man5/ldap_table.5 index 3aa9e1e63..43654be47 100644 --- a/postfix/man/man5/ldap_table.5 +++ b/postfix/man/man5/ldap_table.5 @@ -304,6 +304,8 @@ It is best not to use LDAP to store the domains eligible for LDAP lookups. NOTE: DO NOT define this parameter for local(8) aliases. + +This feature is available in Postfix 2.1 and later. .IP "\fBresult_attribute (default: maildrop)\fR" The attribute(s) Postfix will read from any directory entries returned by the lookup, to be resolved to an email diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index 0ab835d27..7d08a8289 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -506,7 +506,7 @@ and changed the default to none. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -\&.domain names (the initial dot causes the domain to match any name +\e&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -2231,8 +2231,42 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks). The default time unit is d (days). .PP Specify 0 when mail delivery should be tried only once. +.SH message_reject_characters (default: empty) +The set of characters that Postfix will reject in message +content. The usual C-like escape sequences are recognized: \ea +\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and +\e\e. +.PP +Example: +.PP +.nf +.na +.ft C +message_reject_characters = \e0 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. .SH message_size_limit (default: 10240000) The maximal size in bytes of a message, including envelope information. +.SH message_strip_characters (default: empty) +The set of characters that Postfix will remove from message +content. The usual C-like escape sequences are recognized: \ea +\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and +\e\e. +.PP +Example: +.PP +.nf +.na +.ft C +message_strip_characters = \e0 +.fi +.ad +.ft R +.PP +This feature is available in Postfix 2.3 and later. .SH mime_boundary_length_limit (default: 2048) The maximal length of MIME multipart boundary strings. The MIME processor is unable to distinguish between boundary strings that @@ -3867,7 +3901,7 @@ is backwards compatible with Postfix 2.0. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -\&.domain names (the initial dot causes the domain to match any name +\e&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -3893,7 +3927,7 @@ By default, no clients are allowed to specify XCLIENT. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -\&.domain names (the initial dot causes the domain to match any name +\e&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -3918,7 +3952,7 @@ By default, no clients are allowed to specify XFORWARD. Specify a list of network/netmask patterns, separated by commas and/or whitespace. The mask specifies the number of bits in the network part of a host address. You can also specify hostnames or -\&.domain names (the initial dot causes the domain to match any name +\e&.domain names (the initial dot causes the domain to match any name below it), "/file/name" or "type:table" patterns. A "/file/name" pattern is replaced by its contents; a "type:table" lookup table is matched when a table entry matches a lookup string (the lookup @@ -4517,11 +4551,17 @@ The hostname and TCP port of the mail filtering proxy server. The proxy receives all mail from the Postfix SMTP server, and is supposed to give the result to another Postfix SMTP server process. .PP -Specify host:port. The host can be specified as an IP address -or as a symbolic name; no MX lookups are done. When no host or -host: are specified, the local machine is assumed. +Specify "host:port" or "inet:host:port" for a TCP endpoint, or +"unix:pathname" for a UNIX-domain endpoint. The host can be specified +as an IP address or as a symbolic name; no MX lookups are done. +When no "host" or "host:" are specified, the local machine is +assumed. Pathname interpretation is relative to the Postfix queue +directory. .PP This feature is available in Postfix 2.1 and later. +.PP +The "inet:" and "unix:" prefixes are available in Postfix 2.3 +and later. .SH smtpd_proxy_timeout (default: 100s) The time limit for connecting to a proxy filter and for sending or receiving information. When a connection fails the client gets a @@ -5112,7 +5152,7 @@ or smtpd_tls_cert_file. .PP A certificate supplied here must be usable as SSL server certificate and hence pass the "openssl verify -purpose sslserver -\&..." test. +\e&..." test. .PP Example: .PP diff --git a/postfix/man/man5/virtual.5 b/postfix/man/man5/virtual.5 index 42088e867..1ffeb7e1f 100644 --- a/postfix/man/man5/virtual.5 +++ b/postfix/man/man5/virtual.5 @@ -38,7 +38,7 @@ can have its own mailbox. .PP Virtual aliasing is applied only to recipient envelope addresses, and does not affect message headers. -Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5) +Use \fBcanonical\fR(5) mapping to rewrite header and envelope addresses in general. Normally, the \fBvirtual\fR(5) alias table is specified as a text file diff --git a/postfix/man/man8/cleanup.8 b/postfix/man/man8/cleanup.8 index 3f189dbac..d86c2cd85 100644 --- a/postfix/man/man8/cleanup.8 +++ b/postfix/man/man8/cleanup.8 @@ -118,6 +118,14 @@ message headers, as described in the \fBheader_checks\fR(5) manual page. Optional lookup tables for content inspection of non-MIME message headers in attached messages, as described in the \fBheader_checks\fR(5) manual page. +.PP +Available in Postfix version 2.3 and later: +.IP "\fBmessage_reject_characters (empty)\fR" +The set of characters that Postfix will reject in message +content. +.IP "\fBmessage_strip_characters (empty)\fR" +The set of characters that Postfix will remove from message +content. .SH "MIME PROCESSING CONTROLS" .na .nf diff --git a/postfix/mantools/postconf2man b/postfix/mantools/postconf2man index 4b83cb519..360373d1f 100755 --- a/postfix/mantools/postconf2man +++ b/postfix/mantools/postconf2man @@ -43,6 +43,7 @@ while(<>) { $block =~ s/<\/DD>/\n/g; $block =~ s/
/\n/g; $block =~ s/<\/DL>/\n/g; + $block =~ s/\\/\\e/g; $block =~ s//\\fB/g; $block =~ s//\\fI/g; $block =~ s/<\/b>/\\fR/g; diff --git a/postfix/mantools/postlink b/postfix/mantools/postlink index aef029374..fbb88c4bf 100755 --- a/postfix/mantools/postlink +++ b/postfix/mantools/postlink @@ -234,7 +234,9 @@ while (<>) { s;\bmax_use\b;$&;g; s;\bmaxi[-]*\n*[ ]*mal_backoff_time\b;$&;g; s;\bmaxi[-]*\n*[ ]*mal_queue_lifetime\b;$&;g; + s;\bmessage_reject_characters\b;$&;g; s;\bmessage_size_limit\b;$&;g; + s;\bmessage_strip_characters\b;$&;g; s;\bmime_boundary_length_limit\b;$&;g; s;\bmime_header_checks\b;$&;g; s;\bmime_nesting_limit\b;$&;g; diff --git a/postfix/postfix-install b/postfix/postfix-install index a955be13c..1a630440a 100644 --- a/postfix/postfix-install +++ b/postfix/postfix-install @@ -44,6 +44,9 @@ # Do not ask the user for parameter settings. Installation parameters # are specified via one of the non-interactive methods described # below. +# .IP -package +# Build a ready-to-install package. This requires that a +# non-default install_root parameter is specified. # INSTALLATION PARAMETER INPUT METHODS # .ad # .fi diff --git a/postfix/proto/DSN_README.html b/postfix/proto/DSN_README.html index 7644b6322..adcd4a642 100644 --- a/postfix/proto/DSN_README.html +++ b/postfix/proto/DSN_README.html @@ -139,7 +139,7 @@ as discussed in the next section.

Postfix VERP support compatibility

-

With Postfix versions before 2.3, the sendmail(1) commands uses +

With Postfix versions before 2.3, the sendmail(1) command uses the -V command-line option to request VERP-style delivery. In order to request VERP style delivery with Postfix 2.3 and later, you must specify -XV instead of -V.

diff --git a/postfix/proto/IPV6_README.html b/postfix/proto/IPV6_README.html index d1fad18cb..10e5424b1 100644 --- a/postfix/proto/IPV6_README.html +++ b/postfix/proto/IPV6_README.html @@ -30,7 +30,8 @@ between these implementations.

addresses instead of the 32-bit addresses used by IPv4. It can therefore accommodate a much larger number of hosts and networks without ugly kluges such as NAT. A side benefit of the much larger -address space is that it makes network scanning unpractical.

+address space is that it makes random network scanning unpractical. +

Postfix uses the same SMTP protocol over IPv6 as it already uses over the older IPv4 network, and does AAAA record lookups in diff --git a/postfix/proto/canonical b/postfix/proto/canonical index fa04fbf74..805b82e19 100644 --- a/postfix/proto/canonical +++ b/postfix/proto/canonical @@ -34,8 +34,7 @@ # By default the \fBcanonical\fR(5) mapping affects both message # header addresses (i.e. addresses that appear inside messages) # and message envelope addresses (for example, the addresses -# that are used in SMTP protocol commands). Think Sendmail -# rule set \fBS3\fR, if you like. This is controlled with +# that are used in SMTP protocol commands). This is controlled with # the \fBcanonical_classes\fR parameter. # # NOTE: Postfix versions 2.2 and later rewrite message headers diff --git a/postfix/proto/ldap_table b/postfix/proto/ldap_table index 13dc54972..8faec6583 100644 --- a/postfix/proto/ldap_table +++ b/postfix/proto/ldap_table @@ -292,6 +292,8 @@ # for LDAP lookups. # # NOTE: DO NOT define this parameter for local(8) aliases. +# +# This feature is available in Postfix 2.1 and later. # .IP "\fBresult_attribute (default: maildrop)\fR" # The attribute(s) Postfix will read from any directory # entries returned by the lookup, to be resolved to an email diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 7875e54e9..2a5d693f8 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -4979,12 +4979,18 @@ The proxy receives all mail from the Postfix SMTP server, and is supposed to give the result to another Postfix SMTP server process.

-

Specify host:port. The host can be specified as an IP address -or as a symbolic name; no MX lookups are done. When no host or -host: are specified, the local machine is assumed.

+

Specify "host:port" or "inet:host:port" for a TCP endpoint, or +"unix:pathname" for a UNIX-domain endpoint. The host can be specified +as an IP address or as a symbolic name; no MX lookups are done. +When no "host" or "host:" are specified, the local machine is +assumed. Pathname interpretation is relative to the Postfix queue +directory.

This feature is available in Postfix 2.1 and later.

+

The "inet:" and "unix:" prefixes are available in Postfix 2.3 +and later.

+ %PARAM smtpd_proxy_timeout 100s

@@ -8505,3 +8511,33 @@ examples are shown in the ADDRESS_REWRITING_README and STANDARD_CONFIGURATION_README documents.

This feature is available in Postfix 2.2 and later.

+ +%PARAM message_reject_characters empty + +

The set of characters that Postfix will reject in message +content. The usual C-like escape sequences are recognized: \a +\b \f \n \r \t \v \ddd (up to three octal digits) and +\\.

+ +

Example:

+ +
+message_reject_characters = \0
+
+ +

This feature is available in Postfix 2.3 and later.

+ +%PARAM message_strip_characters empty + +

The set of characters that Postfix will remove from message +content. The usual C-like escape sequences are recognized: \a +\b \f \n \r \t \v \ddd (up to three octal digits) and +\\.

+ +

Example:

+ +
+message_strip_characters = \0
+
+ +

This feature is available in Postfix 2.3 and later.

diff --git a/postfix/proto/virtual b/postfix/proto/virtual index 4cf5ef1b5..c4a004c5b 100644 --- a/postfix/proto/virtual +++ b/postfix/proto/virtual @@ -32,7 +32,7 @@ # .PP # Virtual aliasing is applied only to recipient # envelope addresses, and does not affect message headers. -# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5) +# Use \fBcanonical\fR(5) # mapping to rewrite header and envelope addresses in general. # # Normally, the \fBvirtual\fR(5) alias table is specified as a text file diff --git a/postfix/src/bounce/bounce_notify_verp.c b/postfix/src/bounce/bounce_notify_verp.c index bb92cc113..97873bc5f 100644 --- a/postfix/src/bounce/bounce_notify_verp.c +++ b/postfix/src/bounce/bounce_notify_verp.c @@ -124,7 +124,7 @@ int bounce_notify_verp(int flags, char *service, char *queue_name, * Notify the originator, subject to DSN NOTIFY restrictions. */ if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */ - && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) { + && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) { bounce_status = 0; } else { verp_sender(verp_buf, verp_delims, recipient, diff --git a/postfix/src/bounce/bounce_one_service.c b/postfix/src/bounce/bounce_one_service.c index 08178de01..45e42c00e 100644 --- a/postfix/src/bounce/bounce_one_service.c +++ b/postfix/src/bounce/bounce_one_service.c @@ -168,7 +168,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id, */ else { if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */ - && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) { + && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) { bounce_status = 0; } else { if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender, diff --git a/postfix/src/cleanup/Makefile.in b/postfix/src/cleanup/Makefile.in index 9e7b1923f..f827e1f82 100644 --- a/postfix/src/cleanup/Makefile.in +++ b/postfix/src/cleanup/Makefile.in @@ -190,7 +190,6 @@ cleanup_bounce.o: ../../include/attr.h cleanup_bounce.o: ../../include/been_here.h cleanup_bounce.o: ../../include/bounce.h cleanup_bounce.o: ../../include/cleanup_user.h -cleanup_bounce.o: ../../include/deliver_completed.h cleanup_bounce.o: ../../include/deliver_request.h cleanup_bounce.o: ../../include/dict.h cleanup_bounce.o: ../../include/dsn.h @@ -317,6 +316,7 @@ cleanup_init.o: ../../include/name_mask.h cleanup_init.o: ../../include/nvtable.h cleanup_init.o: ../../include/resolve_clnt.h cleanup_init.o: ../../include/string_list.h +cleanup_init.o: ../../include/stringops.h cleanup_init.o: ../../include/sys_defs.h cleanup_init.o: ../../include/tok822.h cleanup_init.o: ../../include/vbuf.h diff --git a/postfix/src/cleanup/cleanup.c b/postfix/src/cleanup/cleanup.c index e9ddf322f..48a1a5c3a 100644 --- a/postfix/src/cleanup/cleanup.c +++ b/postfix/src/cleanup/cleanup.c @@ -100,6 +100,14 @@ /* Optional lookup tables for content inspection of non-MIME message /* headers in attached messages, as described in the \fBheader_checks\fR(5) /* manual page. +/* .PP +/* Available in Postfix version 2.3 and later: +/* .IP "\fBmessage_reject_characters (empty)\fR" +/* The set of characters that Postfix will reject in message +/* content. +/* .IP "\fBmessage_strip_characters (empty)\fR" +/* The set of characters that Postfix will remove from message +/* content. /* MIME PROCESSING CONTROLS /* .ad /* .fi diff --git a/postfix/src/cleanup/cleanup.h b/postfix/src/cleanup/cleanup.h index dbd2110a6..fb3283e31 100644 --- a/postfix/src/cleanup/cleanup.h +++ b/postfix/src/cleanup/cleanup.h @@ -35,6 +35,7 @@ typedef struct CLEANUP_STATE { VSTRING *attr_buf; /* storage for named attribute */ VSTRING *temp1; /* scratch buffer, local use only */ VSTRING *temp2; /* scratch buffer, local use only */ + VSTRING *stripped_buf; /* character stripped input */ VSTREAM *dst; /* current output stream */ MAIL_STREAM *handle; /* mail stream handle */ char *queue_name; /* queue name */ @@ -69,6 +70,7 @@ typedef struct CLEANUP_STATE { int dsn_ret; /* DSN full/hdrs */ int dsn_notify; /* DSN never/delay/fail/success */ char *dsn_orcpt; /* DSN original recipient */ + char *verp_delims; /* VERP delimiters (optional) */ } CLEANUP_STATE; /* @@ -98,6 +100,12 @@ extern int cleanup_masq_flags; extern MAPS *cleanup_send_bcc_maps; extern MAPS *cleanup_rcpt_bcc_maps; + /* + * Character filters. + */ +extern VSTRING *cleanup_reject_chars; +extern VSTRING *cleanup_strip_chars; + /* * Address canonicalization fine control. */ @@ -120,7 +128,7 @@ extern MAPS *cleanup_rcpt_bcc_maps; extern int cleanup_ext_prop_mask; /* - * Saved queue file name, so the file can be removed in case of a fatal + * Saved queue file names, so the files can be removed in case of a fatal * run-time error. */ extern char *cleanup_path; diff --git a/postfix/src/cleanup/cleanup_api.c b/postfix/src/cleanup/cleanup_api.c index 70f238fa9..2e6b0756a 100644 --- a/postfix/src/cleanup/cleanup_api.c +++ b/postfix/src/cleanup/cleanup_api.c @@ -191,7 +191,6 @@ int cleanup_flush(CLEANUP_STATE *state) { int status; char *junk; - VSTRING *bounce_junk; VSTRING *trace_junk; /* @@ -205,41 +204,49 @@ int cleanup_flush(CLEANUP_STATE *state) } /* - * If there was an error that requires us to generate a bounce message, - * create bounce logfile records and reset the error flag in case of - * success. Leave it up to the queue manager to deliver the bad news. We - * can't do that ourselves, because there may also be a trace file lying - * around (with DSN SUCCESS notifications) that also needs to be reported - * to the sender, and we must be able to undo the entire cleanup request - * including bounce and trace logfiles if some error happens. + * Status sanitization. Always report success when the discard flag was + * raised by some user-specified access rule. + */ + if (state->flags & CLEANUP_FLAG_DISCARD) + state->errs = 0; + + /* + * If there was an error that requires us to generate a bounce message + * (mail submitted with the Postfix sendmail command, mail forwarded by + * the local(8) delivery agent, or mail re-queued with "postsuper -r"), + * send a bounce notification, reset the error flags in case of success, + * and request deletion of the the incoming queue file and of the + * optional DSN SUCCESS records from virtual alias expansion. * - * An incomplete message should never be bounced: it was canceled by the - * client, and may not even have an address to bounce to. + * XXX It would make no sense to knowingly report success after we already + * have bounced all recipients, especially because the information in the + * DSN SUCCESS notice is completely redundant compared to the information + * in the bounce notice (however, both may be incomplete when the queue + * file size would exceed the safety limit). * - * If we are responsible for generating a bounce message, we must report - * success to the client unless the bounce message file could not be - * written (which is just as bad as not being able to write the message - * queue file in the first place). + * An alternative is to keep the DSN SUCCESS records and to delegate bounce + * notification to the queue manager, just like we already delegate + * success notification. This requires that we leave the undeliverable + * message in the incoming queue; versions up to 20050726 did exactly + * that. Unfortunately, this broke with over-size queue files, because + * the queue manager cannot handle incomplete queue files (and it should + * not try to do so). */ #define CAN_BOUNCE() \ ((state->errs & CLEANUP_STAT_MASK_CANT_BOUNCE) == 0 \ && state->sender != 0 \ && (state->flags & CLEANUP_FLAG_BOUNCE) != 0) - if (state->errs != 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0 - && CAN_BOUNCE()) + if (state->errs != 0 && CAN_BOUNCE()) cleanup_bounce(state); /* - * If there are no errors, be very picky about queue file write errors - * because we are about to tell the sender that it can throw away its - * copy of the message. - * * Optionally, place the message on hold, but only if the message was - * received successfully. This involves renaming the queue file before - * "finishing" it (or else the queue manager would open it for delivery) - * and updating our own idea of the queue file name for error recovery - * and for error reporting purposes. + * received successfully and only if it's not being discarded for other + * reasons. This involves renaming the queue file before "finishing" it + * (or else the queue manager would grab it too early) and updating our + * own idea of the queue file name for error recovery and for error + * reporting purposes. */ if (state->errs == 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0) { if ((state->flags & CLEANUP_FLAG_HOLD) != 0) { @@ -265,22 +272,18 @@ int cleanup_flush(CLEANUP_STATE *state) state->errs = mail_stream_finish(state->handle, (VSTRING *) 0); } else { mail_stream_cleanup(state->handle); - if ((state->flags & CLEANUP_FLAG_DISCARD) != 0) - state->errs = 0; } state->handle = 0; state->dst = 0; /* - * If there was an error, remove the queue file, the optional bounce - * logfile with undeliverable recipients, and the optional trace file - * with DSN SUCCESS notifications. + * If there was an error, or if the message must be discarded for other + * reasons, remove the queue file and the optional trace file with DSN + * SUCCESS records from virtual alias expansion. */ if (state->errs != 0 || (state->flags & CLEANUP_FLAG_DISCARD) != 0) { if (cleanup_trace_path) (void) REMOVE(vstring_str(cleanup_trace_path)); - if (cleanup_bounce_path) - (void) REMOVE(vstring_str(cleanup_bounce_path)); if (REMOVE(cleanup_path)) msg_warn("remove %s: %m", cleanup_path); } @@ -292,15 +295,11 @@ int cleanup_flush(CLEANUP_STATE *state) */ trace_junk = cleanup_trace_path; cleanup_trace_path = 0; /* don't delete upon error */ - bounce_junk = cleanup_bounce_path; - cleanup_bounce_path = 0; /* don't delete upon error */ junk = cleanup_path; cleanup_path = 0; /* don't delete upon error */ if (trace_junk) vstring_free(trace_junk); - if (bounce_junk) - vstring_free(bounce_junk); myfree(junk); /* diff --git a/postfix/src/cleanup/cleanup_bounce.c b/postfix/src/cleanup/cleanup_bounce.c index 51e7c2224..aa78950aa 100644 --- a/postfix/src/cleanup/cleanup_bounce.c +++ b/postfix/src/cleanup/cleanup_bounce.c @@ -12,7 +12,8 @@ /* cleanup_bounce() updates the bounce log on request by client /* programs that cannot handle such problems themselves. /* -/* Upon successful completion, all error flags are reset. +/* Upon successful completion, all error flags are reset, +/* and the message is scheduled for deletion. /* Otherwise, the CLEANUP_STAT_WRITE error flag is raised. /* /* Arguments: @@ -52,7 +53,6 @@ #include #include #include -#include /* Application-specific. */ @@ -65,24 +65,10 @@ static void cleanup_bounce_append(CLEANUP_STATE *state, RECIPIENT *rcpt, DSN *dsn) { - const char *myname = "cleanup_bounce_append"; - long last_offset; - - if (cleanup_bounce_path == 0) { - cleanup_bounce_path = vstring_alloc(10); - (void) mail_queue_path(cleanup_bounce_path, MAIL_QUEUE_BOUNCE, - state->queue_id); - } if (bounce_append(BOUNCE_FLAG_CLEAN, state->queue_id, state->time, rcpt, "none", dsn) != 0) { msg_warn("%s: bounce logfile update error", state->queue_id); state->errs |= CLEANUP_STAT_WRITE; - } else if (rcpt->offset > 0) { - if ((last_offset = vstream_ftell(state->dst)) < 0) - msg_fatal("%s: vstream_ftell %s: %m", myname, cleanup_path); - deliver_completed(state->dst, rcpt->offset); - if (vstream_fseek(state->dst, last_offset, SEEK_SET) < 0) - msg_fatal("%s: seek %s: %m", myname, cleanup_path); } } @@ -108,6 +94,10 @@ int cleanup_bounce(CLEANUP_STATE *state) int rec_type; int junk; long curr_offset; + const char *encoding; + const char *dsn_envid; + int dsn_ret; + int bounce_err; /* * Parse the failure reason if one was given, otherwise use a generic @@ -127,18 +117,19 @@ int cleanup_bounce(CLEANUP_STATE *state) * Create a bounce logfile with one entry for each final recipient. * Degrade gracefully in case of no recipients or no queue file. * - * We're NOT going to flush the bounce file from the cleanup server; if we - * need to write trace logfile records, and the trace service fails, we - * must be able to cancel the entire cleanup request including any trace - * or bounce logfiles. The queue manager will flush the bounce (and - * trace) logfile, possibly after it has generated its own success or - * failure notification records. - * * Victor Duchovni observes that the number of recipients in the queue file * can potentially be very large due to virtual alias expansion. This can * expand the recipient count by virtual_alias_expansion_limit (default: * 1000) times. + * + * After a queue file size error, purge any unwritten data (so that + * vstream_fseek() won't fail while trying to flush it) and reset the + * stream error flags to avoid false alarms. */ + if (state->errs & CLEANUP_STAT_SIZE) { + (void) vstream_fpurge(state->dst); + vstream_clearerr(state->dst); + } if (vstream_fseek(state->dst, 0L, SEEK_SET) < 0) msg_fatal("%s: seek %s: %m", myname, cleanup_path); @@ -206,12 +197,51 @@ int cleanup_bounce(CLEANUP_STATE *state) /* * No recipients. Yes, this can happen. */ - if (rcpt == 0) { + if ((state->errs & CLEANUP_STAT_WRITE) == 0 && rcpt == 0) { RECIPIENT_ASSIGN(&recipient, 0, "", 0, "", "unknown"); (void) DSN_SIMPLE(&dsn, dsn_status, dsn_text); cleanup_bounce_append(state, &recipient, &dsn); } vstring_free(buf); - return (state->errs &= CLEANUP_STAT_WRITE); + /* + * Flush the bounce logfile to the sender. See also qmgr_active.c. + */ + if ((state->errs & CLEANUP_STAT_WRITE) == 0) { + if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) == 0) + encoding = MAIL_ATTR_ENC_NONE; + dsn_envid = state->dsn_envid ? + state->dsn_envid : ""; + dsn_ret = (state->errs & (CLEANUP_STAT_CONT | CLEANUP_STAT_SIZE)) ? + DSN_RET_HDRS : state->dsn_ret; + + if (state->verp_delims == 0 || var_verp_bounce_off) { + bounce_err = + bounce_flush(BOUNCE_FLAG_CLEAN, + state->queue_name, state->queue_id, + encoding, state->sender, dsn_envid, + dsn_ret); + } else { + bounce_err = + bounce_flush_verp(BOUNCE_FLAG_CLEAN, + state->queue_name, state->queue_id, + encoding, state->sender, dsn_envid, + dsn_ret, state->verp_delims); + } + if (bounce_err != 0) { + msg_warn("%s: bounce message failure", state->queue_id); + state->errs |= CLEANUP_STAT_WRITE; + } + } + + /* + * Schedule this message (and trace logfile) for deletion when all is + * well. When all is not well these files would be deleted too, but the + * client would get a different completion status so we have to carefully + * maintain the bits anyway. + */ + if ((state->errs &= CLEANUP_STAT_WRITE) == 0) + state->flags |= CLEANUP_FLAG_DISCARD; + + return (state->errs); } diff --git a/postfix/src/cleanup/cleanup_envelope.c b/postfix/src/cleanup/cleanup_envelope.c index e2d999705..7320bb331 100644 --- a/postfix/src/cleanup/cleanup_envelope.c +++ b/postfix/src/cleanup/cleanup_envelope.c @@ -368,6 +368,22 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, } return; } + /* XXX Needed for cleanup_bounce(); sanity check usage. */ + if (type == REC_TYPE_VERP) { + if (state->verp_delims == 0) { + if (state->sender == 0 || state->sender[0] == 0) { + msg_warn("%s: ignoring VERP request for null sender", + state->queue_id); + } else if (verp_delims_verify(buf) != 0) { + msg_warn("%s: ignoring bad VERP request: \"%.100s\"", + state->queue_id, buf); + } else { + state->verp_delims = mystrdup(buf); + cleanup_out(state, type, buf, len); + } + } + return; + } if (type == REC_TYPE_ATTR) { if (state->attr->used >= var_qattr_count_limit) { msg_warn("%s: message rejected: attribute count exceeds limit %d", diff --git a/postfix/src/cleanup/cleanup_extracted.c b/postfix/src/cleanup/cleanup_extracted.c index 1e2f43b06..5e0dbf9f3 100644 --- a/postfix/src/cleanup/cleanup_extracted.c +++ b/postfix/src/cleanup/cleanup_extracted.c @@ -126,24 +126,24 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type, * an upgrade without losing mail. */ if (type == REC_TYPE_ATTR) { - vstring_strcpy(state->attr_buf, buf); - error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value); - if (error_text != 0) { - msg_warn("%s: message rejected: malformed attribute: %s: %.100s", - state->queue_id, error_text, buf); - state->errs |= CLEANUP_STAT_BAD; - return; - } - /* Zero-length values are place holders for unavailable values. */ - if (*attr_value == 0) { - msg_warn("%s: spurious null attribute value for \"%s\" -- ignored", - state->queue_id, attr_name); - return; - } - if ((junk = dsn_attr_map(attr_name)) != 0) { - buf = attr_value; - type = junk; - } + vstring_strcpy(state->attr_buf, buf); + error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value); + if (error_text != 0) { + msg_warn("%s: message rejected: malformed attribute: %s: %.100s", + state->queue_id, error_text, buf); + state->errs |= CLEANUP_STAT_BAD; + return; + } + /* Zero-length values are place holders for unavailable values. */ + if (*attr_value == 0) { + msg_warn("%s: spurious null attribute value for \"%s\" -- ignored", + state->queue_id, attr_name); + return; + } + if ((junk = dsn_attr_map(attr_name)) != 0) { + buf = attr_value; + type = junk; + } } /* @@ -251,7 +251,7 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type, } } -/* cleanup_extracted_finish - process one extracted envelope record */ +/* cleanup_extracted_finish - complete the third message segment */ void cleanup_extracted_finish(CLEANUP_STATE *state) { diff --git a/postfix/src/cleanup/cleanup_init.c b/postfix/src/cleanup/cleanup_init.c index 9a95ff0d6..22f6e5094 100644 --- a/postfix/src/cleanup/cleanup_init.c +++ b/postfix/src/cleanup/cleanup_init.c @@ -24,7 +24,6 @@ /* /* char *cleanup_path; /* VSTRING *cleanup_trace_path; -/* VSTRING *cleanup_bounce_path; /* /* void cleanup_all() /* @@ -54,8 +53,6 @@ /* trace logfile with DSN SUCCESS notifications. This information is /* used to remove a trace file when the mail transaction is canceled. /* -/* cleanup_bounce_path is the same for removing a bounce logfile. -/* /* cleanup_all() must be called in case of fatal error, in order /* to remove an incomplete queue file. /* @@ -80,12 +77,14 @@ #include #include +#include /* Utility library. */ #include #include #include +#include /* Global library. */ @@ -109,7 +108,6 @@ char *cleanup_path; /* queue file name */ * logfiles that need to be cleaned up when the cleanup request is aborted. */ VSTRING *cleanup_trace_path; -VSTRING *cleanup_bounce_path; /* * Tunable parameters. @@ -143,6 +141,9 @@ int var_body_check_len; /* when to stop body scan */ char *var_send_bcc_maps; /* sender auto-bcc maps */ char *var_rcpt_bcc_maps; /* recipient auto-bcc maps */ char *var_remote_rwr_domain; /* header-only surrogate */ +char *var_msg_reject_chars; /* reject these characters */ +char *var_msg_strip_chars; /* strip these characters */ +int var_verp_bounce_off; /* don't verp the bounces */ CONFIG_INT_TABLE cleanup_int_table[] = { VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0, @@ -156,6 +157,7 @@ CONFIG_INT_TABLE cleanup_int_table[] = { CONFIG_BOOL_TABLE cleanup_bool_table[] = { VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt, + VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off, 0, }; @@ -186,6 +188,8 @@ CONFIG_STR_TABLE cleanup_str_table[] = { VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0, VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0, VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0, + VAR_MSG_REJECT_CHARS, DEF_MSG_REJECT_CHARS, &var_msg_reject_chars, 0, 0, + VAR_MSG_STRIP_CHARS, DEF_MSG_STRIP_CHARS, &var_msg_strip_chars, 0, 0, 0, }; @@ -209,6 +213,12 @@ int cleanup_masq_flags; MAPS *cleanup_send_bcc_maps; MAPS *cleanup_rcpt_bcc_maps; + /* + * Character filters. + */ +VSTRING *cleanup_reject_chars; +VSTRING *cleanup_strip_chars; + /* * Address extension propagation restrictions. */ @@ -238,10 +248,6 @@ void cleanup_sig(int sig) (void) REMOVE(vstring_str(cleanup_trace_path)); cleanup_trace_path = 0; } - if (cleanup_bounce_path) { - (void) REMOVE(vstring_str(cleanup_bounce_path)); - cleanup_bounce_path = 0; - } if (cleanup_path) { (void) REMOVE(cleanup_path); cleanup_path = 0; @@ -360,4 +366,17 @@ void cleanup_post_jail(char *unused_name, char **unused_argv) */ cleanup_ext_prop_mask = ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); + + /* + * Setup the filters for characters that should be rejected, and for + * characters that should be removed. + */ + if (*var_msg_reject_chars) { + cleanup_reject_chars = vstring_alloc(strlen(var_msg_reject_chars)); + unescape(cleanup_reject_chars, var_msg_reject_chars); + } + if (*var_msg_strip_chars) { + cleanup_strip_chars = vstring_alloc(strlen(var_msg_strip_chars)); + unescape(cleanup_strip_chars, var_msg_strip_chars); + } } diff --git a/postfix/src/cleanup/cleanup_message.c b/postfix/src/cleanup/cleanup_message.c index 95d54fc7e..a9a010685 100644 --- a/postfix/src/cleanup/cleanup_message.c +++ b/postfix/src/cleanup/cleanup_message.c @@ -293,6 +293,7 @@ static void cleanup_act_log(CLEANUP_STATE *state, #define CLEANUP_ACT_CTXT_HEADER "header" #define CLEANUP_ACT_CTXT_BODY "body" +#define CLEANUP_ACT_CTXT_ANY "content" /* cleanup_act - act upon a header/body match */ @@ -703,8 +704,51 @@ static void cleanup_body_callback(void *context, int type, static void cleanup_message_headerbody(CLEANUP_STATE *state, int type, const char *buf, ssize_t len) { - char *myname = "cleanup_message_headerbody"; + const char *myname = "cleanup_message_headerbody"; MIME_STATE_DETAIL *detail; + const char *cp; + char *dst; + + /* + * Reject unwanted characters. + * + * XXX Possible optimization: simplify the loop when the "reject" set + * contains only one character. + */ + if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_reject_chars) { + for (cp = buf; cp < buf + len; cp++) { + if (memchr(vstring_str(cleanup_reject_chars), + *(const unsigned char *) cp, + VSTRING_LEN(cleanup_reject_chars))) { + cleanup_act(state, CLEANUP_ACT_CTXT_ANY, + buf, "REJECT disallowed character", + "character reject"); + return; + } + } + } + + /* + * Strip unwanted characters. Don't overwrite the input. + * + * XXX Possible optimization: simplify the loop when the "strip" set + * contains only one character. + * + * XXX Possible optimization: copy the input only if we really have to. + */ + if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_strip_chars) { + VSTRING_RESET(state->stripped_buf); + VSTRING_SPACE(state->stripped_buf, len + 1); + dst = vstring_str(state->stripped_buf); + for (cp = buf; cp < buf + len; cp++) + if (!memchr(vstring_str(cleanup_strip_chars), + *(const unsigned char *) cp, + VSTRING_LEN(cleanup_strip_chars))) + *dst++ = *cp; + *dst = 0; + buf = vstring_str(state->stripped_buf); + len = dst - buf; + } /* * Copy text record to the output. diff --git a/postfix/src/cleanup/cleanup_state.c b/postfix/src/cleanup/cleanup_state.c index 0132e26f1..6d5c73036 100644 --- a/postfix/src/cleanup/cleanup_state.c +++ b/postfix/src/cleanup/cleanup_state.c @@ -59,6 +59,8 @@ CLEANUP_STATE *cleanup_state_alloc(void) state->attr_buf = vstring_alloc(10); state->temp1 = vstring_alloc(10); state->temp2 = vstring_alloc(10); + if (cleanup_strip_chars) + state->stripped_buf = vstring_alloc(10); state->dst = 0; state->handle = 0; state->queue_name = 0; @@ -94,6 +96,7 @@ CLEANUP_STATE *cleanup_state_alloc(void) state->dsn_ret = 0; state->dsn_notify = 0; state->dsn_orcpt = 0; + state->verp_delims = 0; return (state); } @@ -104,6 +107,8 @@ void cleanup_state_free(CLEANUP_STATE *state) vstring_free(state->attr_buf); vstring_free(state->temp1); vstring_free(state->temp2); + if (cleanup_strip_chars) + vstring_free(state->stripped_buf); if (state->fullname) myfree(state->fullname); if (state->sender) @@ -134,5 +139,7 @@ void cleanup_state_free(CLEANUP_STATE *state) myfree(state->dsn_envid); if (state->dsn_orcpt) myfree(state->dsn_orcpt); + if (state->verp_delims) + myfree(state->verp_delims); myfree((char *) state); } diff --git a/postfix/src/global/bounce.c b/postfix/src/global/bounce.c index 0db8ed741..7ae333735 100644 --- a/postfix/src/global/bounce.c +++ b/postfix/src/global/bounce.c @@ -24,6 +24,17 @@ /* const char *dsn_envid; /* int dsn_ret; /* +/* int bounce_flush_verp(flags, queue, id, encoding, sender, +/* dsn_envid, dsn_ret, verp_delims) +/* int flags; +/* const char *queue; +/* const char *id; +/* const char *encoding; +/* const char *sender; +/* const char *dsn_envid; +/* int dsn_ret; +/* const char *verp_delims; +/* /* int bounce_one(flags, queue, id, encoding, sender, envid, ret, /* entry, recipient, relay, dsn) /* int flags; @@ -53,6 +64,10 @@ /* built with bounce_append(). The bounce logfile is removed /* upon successful completion. /* +/* bounce_flush_verp() is like bounce_flush(), but sends one +/* notification per recipient, with the failed recipient encoded +/* into the sender address. +/* /* bounce_one() bounces one recipient and immediately sends a /* notification to the sender. This procedure does not append /* the recipient and dsn_text to the per-message bounce log, and @@ -101,6 +116,9 @@ /* Optional DSN return full/headers option. /* .IP dsn /* Delivery status. See dsn(3). The specified action is ignored. +/* .IP verp_delims +/* VERP delimiter characters, used when encoding the failed +/* sender into the envelope sender address. /* DIAGNOSTICS /* In case of success, these functions log the action, and return a /* zero value. Otherwise, the functions return a non-zero result, @@ -276,6 +294,40 @@ int bounce_flush(int flags, const char *queue, const char *id, } } +/* bounce_flush_verp - verpified notification */ + +int bounce_flush_verp(int flags, const char *queue, const char *id, + const char *encoding, const char *sender, + const char *dsn_envid, int dsn_ret, + const char *verp_delims) +{ + + /* + * When we're pretending that we can't bounce, don't send a bounce + * message. + */ + if (var_soft_bounce) + return (-1); + if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service, + ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_VERP, + ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags, + ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue, + ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id, + ATTR_TYPE_STR, MAIL_ATTR_ENCODING, encoding, + ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender, + ATTR_TYPE_STR, MAIL_ATTR_DSN_ENVID, dsn_envid, + ATTR_TYPE_NUM, MAIL_ATTR_DSN_RET, dsn_ret, + ATTR_TYPE_STR, MAIL_ATTR_VERPDL, verp_delims, + ATTR_TYPE_END) == 0) { + return (0); + } else if ((flags & BOUNCE_FLAG_CLEAN) == 0) { + msg_info("%s: status=deferred (bounce failed)", id); + return (-1); + } else { + return (-1); + } +} + /* bounce_one - send notice for one recipient */ int bounce_one(int flags, const char *queue, const char *id, diff --git a/postfix/src/global/bounce.h b/postfix/src/global/bounce.h index 1489539ac..c8678b1e6 100644 --- a/postfix/src/global/bounce.h +++ b/postfix/src/global/bounce.h @@ -28,6 +28,8 @@ extern int bounce_append(int, const char *, time_t, RECIPIENT *, const char *, DSN *); extern int bounce_flush(int, const char *, const char *, const char *, const char *, const char *, int); +extern int bounce_flush_verp(int, const char *, const char *, const char *, + const char *, const char *, int, const char *); extern int bounce_one(int, const char *, const char *, const char *, const char *, const char *, int, time_t, RECIPIENT *, diff --git a/postfix/src/global/mail_params.h b/postfix/src/global/mail_params.h index 077816e27..1b9f03325 100644 --- a/postfix/src/global/mail_params.h +++ b/postfix/src/global/mail_params.h @@ -2362,6 +2362,17 @@ extern char *var_smtp_ehlo_dis_maps; */ extern const char null_format_string[1]; + /* + * Characters to reject or strip. + */ +#define VAR_MSG_REJECT_CHARS "message_reject_characters" +#define DEF_MSG_REJECT_CHARS "" +extern char *var_msg_reject_chars; + +#define VAR_MSG_STRIP_CHARS "message_strip_characters" +#define DEF_MSG_STRIP_CHARS "" +extern char *var_msg_strip_chars; + /* LICENSE /* .ad /* .fi diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index fc0ae8993..6c87a3a04 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20050726" +#define MAIL_RELEASE_DATE "20050829" #define MAIL_VERSION_NUMBER "2.3" #ifdef SNAPSHOT diff --git a/postfix/src/oqmgr/qmgr_active.c b/postfix/src/oqmgr/qmgr_active.c index 5c2251b49..152665343 100644 --- a/postfix/src/oqmgr/qmgr_active.c +++ b/postfix/src/oqmgr/qmgr_active.c @@ -272,6 +272,8 @@ void qmgr_active_done(QMGR_MESSAGE *message) * * Bounces are sent asynchronously to avoid stalling while the cleanup * daemon waits for the qmgr to accept the "new mail" trigger. + * + * See also code in cleanup_bounce.c. */ if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) { if (st.st_size == 0) { diff --git a/postfix/src/qmgr/qmgr_active.c b/postfix/src/qmgr/qmgr_active.c index 5c2251b49..152665343 100644 --- a/postfix/src/qmgr/qmgr_active.c +++ b/postfix/src/qmgr/qmgr_active.c @@ -272,6 +272,8 @@ void qmgr_active_done(QMGR_MESSAGE *message) * * Bounces are sent asynchronously to avoid stalling while the cleanup * daemon waits for the qmgr to accept the "new mail" trigger. + * + * See also code in cleanup_bounce.c. */ if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) { if (st.st_size == 0) { diff --git a/postfix/src/smtpd/smtpd_proxy.c b/postfix/src/smtpd/smtpd_proxy.c index 35ebcf61f..0bae676d9 100644 --- a/postfix/src/smtpd/smtpd_proxy.c +++ b/postfix/src/smtpd/smtpd_proxy.c @@ -250,6 +250,8 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service, 0, 0, }; CLEANUP_STAT_DETAIL *detail; + int (*connect_fn) (const char *, int, int); + const char *endpoint; /* * This buffer persists beyond the end of a proxy session so we can @@ -258,10 +260,24 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service, if (state->proxy_buffer == 0) state->proxy_buffer = vstring_alloc(10); + /* + * Find connection method (default inet) + */ + if (strncasecmp("unix:", service, 5) == 0) { + endpoint = service + 5; + connect_fn = unix_connect; + } else { + if (strncasecmp("inet:", service, 5) == 0) + endpoint = service + 5; + else + endpoint = service; + connect_fn = inet_connect; + } + /* * Connect to proxy. */ - if ((fd = inet_connect(service, BLOCKING, timeout)) < 0) { + if ((fd = connect_fn(endpoint, BLOCKING, timeout)) < 0) { state->error_mask |= MAIL_ERROR_SOFTWARE; state->err |= CLEANUP_STAT_PROXY; msg_warn("connect to proxy service %s: %m", service); diff --git a/postfix/src/tls/tls_misc.c b/postfix/src/tls/tls_misc.c index 8f59b43fb..7db5b4db9 100644 --- a/postfix/src/tls/tls_misc.c +++ b/postfix/src/tls/tls_misc.c @@ -105,8 +105,8 @@ TLScontext_t *tls_alloc_context(int log_level, const char *peername) TLScontext_t *TLScontext; /* - * PORTABILITY: Do not assume that null pointers are all-zero bits. - * Use explicit assignments to initialize pointers. + * PORTABILITY: Do not assume that null pointers are all-zero bits. Use + * explicit assignments to initialize pointers. * * See the C language FAQ item 5.17, or if you have time to burn, * http://www.google.com/search?q=zero+bit+null+pointer @@ -288,4 +288,11 @@ long tls_bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi, return (ret); } +#else + + /* + * Broken linker workaround. + */ +int tls_dummy_for_broken_linkers; + #endif diff --git a/postfix/src/util/sane_accept.c b/postfix/src/util/sane_accept.c index 30a3d8533..a4560c2c5 100644 --- a/postfix/src/util/sane_accept.c +++ b/postfix/src/util/sane_accept.c @@ -59,6 +59,9 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len) EWOULDBLOCK, ENOBUFS, /* HPUX11 */ ECONNABORTED, +#ifdef EPROTO + EPROTO, /* SunOS 5.5.1 */ +#endif 0, }; int count; @@ -71,6 +74,10 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len) * hosed beyond recovery. There is no point treating this as a beneficial * error result because the program would go into a tight loop. * + * XXX Solaris 2.5.1 accept() returns EPROTO when a TCP client has + * disconnected in the mean time. Since there is no connection, it is + * safe to map the error code onto EAGAIN. + * * XXX LINUX < 2.1 accept() wakes up before the three-way handshake is * complete, so it can fail with ECONNRESET and other "false alarm" * indications. diff --git a/postfix/src/util/vstream.c b/postfix/src/util/vstream.c index 826fc4c8f..416ec8f09 100644 --- a/postfix/src/util/vstream.c +++ b/postfix/src/util/vstream.c @@ -58,6 +58,9 @@ /* int vstream_fflush(stream) /* VSTREAM *stream; /* +/* int vstream_fpurge(stream) +/* VSTREAM *stream; +/* /* ssize_t vstream_fread(stream, buf, len) /* VSTREAM *stream; /* char *buf; @@ -210,6 +213,12 @@ /* vstream_fflush() returns 0 in case of success, VSTREAM_EOF in /* case of problems. It is an error to flush a read-only stream. /* +/* vstream_fpurge() discards the contents of the stream buffer. +/* In the case of a double-buffered stream, it discards the +/* content of both the read and write buffers. +/* vstream_fpurge() returns 0 in case of success, VSTREAM_EOF in +/* case of problems. +/* /* vstream_fread() and vstream_fwrite() perform unformatted I/O /* on the named stream. The result value is the number of bytes /* transferred. A short count is returned in case of end-of-file @@ -800,6 +809,53 @@ static int vstream_buf_space(VBUF *bp, ssize_t want) return (vstream_ferror(stream) ? VSTREAM_EOF : 0); /* mmap() may fail */ } +/* vstream_fpurge - discard unread or unwritten content */ + +int vstream_fpurge(VSTREAM *stream) +{ + const char *myname = "vstream_fpurge"; + VBUF *bp = &stream->buf; + + /* + * To discard all unread contents, position the read buffer at its end, + * so that we skip over any unread data, and so that the next read + * operation will refill the buffer. + * + * To discard all unwritten content, position the write buffer at its + * beginning, so that the next write operation clobbers any unwritten + * data. + */ + switch (bp->flags & (VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE)) { + case VSTREAM_FLAG_READ_DOUBLE: + VSTREAM_BUF_AT_START(&stream->write_buf); + /* FALLTHROUGH */ + case VSTREAM_FLAG_READ: + VSTREAM_BUF_AT_END(bp); + break; + case VSTREAM_FLAG_DOUBLE: + VSTREAM_BUF_AT_START(&stream->write_buf); + VSTREAM_BUF_AT_END(&stream->read_buf); + break; + case VSTREAM_FLAG_WRITE_DOUBLE: + VSTREAM_BUF_AT_END(&stream->read_buf); + /* FALLTHROUGH */ + case VSTREAM_FLAG_WRITE: + VSTREAM_BUF_AT_START(bp); + break; + case VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE: + case VSTREAM_FLAG_READ | VSTREAM_FLAG_WRITE: + msg_panic("%s: read/write stream", myname); + } + + /* + * Invalidate the cached file seek position. + */ + bp->flags &= ~VSTREAM_FLAG_SEEK; + stream->offset = 0; + + return (0); +} + /* vstream_fseek - change I/O position */ off_t vstream_fseek(VSTREAM *stream, off_t offset, int whence) diff --git a/postfix/src/util/vstream.h b/postfix/src/util/vstream.h index 013dc8e7f..17d05bf7f 100644 --- a/postfix/src/util/vstream.h +++ b/postfix/src/util/vstream.h @@ -75,6 +75,7 @@ extern VSTREAM *vstream_fopen(const char *, int, mode_t); extern int vstream_fclose(VSTREAM *); extern off_t vstream_fseek(VSTREAM *, off_t, int); extern off_t vstream_ftell(VSTREAM *); +extern int vstream_fpurge(VSTREAM *); extern int vstream_fflush(VSTREAM *); extern int vstream_fputs(const char *, VSTREAM *); extern VSTREAM *vstream_fdopen(int, int);