mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 06:35:27 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-20050829

Browse Source
This commit is contained in:
Wietse Venema
2005-08-29 00:00:00 -05:00
committed by Viktor Dukhovni
parent 3fb1ad8ad5
commit 04571e906b
50 changed files with 983 additions and 475 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
postfix/HISTORY
View File

@@ -11062,12 +11062,60 @@ Apologies for any names omitted.
Cleanup: HOLD action executes only once, to reduce noise Cleanup: HOLD action executes only once, to reduce noise
in the logfile. Files: cleanup/cleanup_message.c, smtpd/smtpd.c. in the logfile. Files: cleanup/cleanup_message.c, smtpd/smtpd.c.
Open problems: 20050806
Med: when the cleanup server bounces local mail that should Workaround: accept(2) fails with EPROTO when the client
be content inspected, the resulting DSN should be content already disconnected (SunOS 5.5.1). File: sane_accept.c.
inspected, otherwise a local user can bypass content
inspection. 20050815
Workaround: old Solaris compilers can't link an archive
without globally visible symbols. File: tls/tls_misc.c.
20050825
Feature: message_reject_characters and message_strip_characters
specify what characters in message content Postfix will
reject or remove. Based on patch by John Fawcett. Files:
cleanup/cleanup_message.c, cleanup/cleanup_init.c.
Safety: when the cleanup server rejects the content of mail
that is submitted with the Postfix sendmail command, or
re-queued with "postsuper -r", strip the message body from
the bounce message to reduce the risks from harmful content.
Files: cleanup/cleanup_envelope.c, cleanup/cleanup_bounce.c.
Feature: the smtpd_proxy_filter parameter value can now be
prefixed with "unix:" (for UNIX-domain socket) and "inet:"
(for TCP socket). TCP sockets are the default. Patch by
Edwin Kremer. File: smtpd/smtpd_proxy.c.
20050828
Bugfix: after adding DSN support, error notification was
broken for too large mail that was submitted with the Postfix
sendmail command, forwarded by the local(8) delivery agent,
or re-queued with "postsuper -r". The message would be saved
to the "corrupt" queue.
The mistake was to leave the truncated message in the
incoming queue and to ask the queue manager to notify the
sender; this was not possible because the queue manager
cannot (and should not) handle truncated queue files.
The fix is to have the cleanup server send the bounce
message, just like it did before DSN support was added. As
a side effect, Postfix will no longer send DSN_SUCCESS
notices after virtual aliasing, when the cleanup server
bounces all the recipients of the message anyway. This
could be called a feature. File: cleanup/cleanup_bounce.c.
Also needed for this fix: a new vstream_fpurge() routine
that discards unread/written data from a VSTREAM. It's
needed before cleanup_bounce() can seek to the start of the
queue file after a file size error. File: util/vstream.c.
Open problems:
Look for systems with XPG basename() declared in <libgen.h>, Look for systems with XPG basename() declared in <libgen.h>,
and prepare for phasing out the Postfix-supplied one. and prepare for phasing out the Postfix-supplied one.

2
postfix/README_FILES/DSN_README
View File

@@ -84,7 +84,7 @@ Postfix has two Sendmail-compatible command-line options for DSN support.
PPoossttffiixx VVEERRPP ssuuppppoorrtt ccoommppaattiibbiilliittyy PPoossttffiixx VVEERRPP ssuuppppoorrtt ccoommppaattiibbiilliittyy
With Postfix versions before 2.3, the sendmail(1) commands uses the -V command- With Postfix versions before 2.3, the sendmail(1) command uses the -V command-
line option to request VERP-style delivery. In order to request VERP style line option to request VERP-style delivery. In order to request VERP style
delivery with Postfix 2.3 and later, you must specify -XV instead of -V. delivery with Postfix 2.3 and later, you must specify -XV instead of -V.

3
postfix/README_FILES/IPV6_README
View File

@@ -12,7 +12,8 @@ differences between these implementations.
The main feature of interest is that IPv6 uses 128-bit IP addresses instead of The main feature of interest is that IPv6 uses 128-bit IP addresses instead of
the 32-bit addresses used by IPv4. It can therefore accommodate a much larger the 32-bit addresses used by IPv4. It can therefore accommodate a much larger
number of hosts and networks without ugly kluges such as NAT. A side benefit of number of hosts and networks without ugly kluges such as NAT. A side benefit of
the much larger address space is that it makes network scanning unpractical. the much larger address space is that it makes random network scanning
unpractical.
Postfix uses the same SMTP protocol over IPv6 as it already uses over the older Postfix uses the same SMTP protocol over IPv6 as it already uses over the older
IPv4 network, and does AAAA record lookups in the DNS in addition to the older IPv4 network, and does AAAA record lookups in the DNS in addition to the older

24
postfix/RELEASE_NOTES
View File

@@ -17,6 +17,30 @@ Incompatibility with Postfix 2.1 and earlier
If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2 If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding. before proceeding.
Incompatibility with snapshot 20050828
======================================
When a header/body_checks or message_reject_characters rule rejects
mail that was submitted with the Postfix sendmail command (or
re-queued with "postsuper -r"), the returned message is now limited
to just the message headers, to avoid the risk of exposure to harmful
content in the message body or attachments.
When the cleanup server rejects the content or size of mail that
was submitted with the Postfix sendmail command, forwarded with the
local(8) delivery agent, or that was re-queued with "postsuper -r",
Postfix no longer sends DSN SUCCESS notification of virtual alias
expansions. Since all the recipients are reported as failed, the
SUCCESS notification seems redundant.
Major changes with snapshot 20050828
====================================
Configurable filters to reject or remove unwanted characters in
email content. The message_reject_characters and message_strip_characters
parameters understand the usual C-like escape sequences: \a \b \f
\n \r \t \v \ddd (up to three octal digits) and \\.
Incompatibility with snapshot 20050726 Incompatibility with snapshot 20050726
====================================== ======================================

121
postfix/conf/canonical
View File

@@ -37,67 +37,66 @@
# By default the canonical(5) mapping affects both message # By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes- # header addresses (i.e. addresses that appear inside mes-
# sages) and message envelope addresses (for example, the # sages) and message envelope addresses (for example, the
# addresses that are used in SMTP protocol commands). Think # addresses that are used in SMTP protocol commands). This
# Sendmail rule set S3, if you like. This is controlled # is controlled with the canonical_classes parameter.
# with the canonical_classes parameter.
# #
# NOTE: Postfix versions 2.2 and later rewrite message head- # NOTE: Postfix versions 2.2 and later rewrite message head-
# ers from remote SMTP clients only if the client matches # ers from remote SMTP clients only if the client matches
# the local_header_rewrite_clients parameter, or if the # the local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter spec- # remote_header_rewrite_domain configuration parameter spec-
# ifies a non-empty value. To get the behavior before Post- # ifies a non-empty value. To get the behavior before Post-
# fix 2.2, specify "local_header_rewrite_clients = # fix 2.2, specify "local_header_rewrite_clients =
# static:all". # static:all".
# #
# Typically, one would use the canonical(5) table to replace # Typically, one would use the canonical(5) table to replace
# login names by Firstname.Lastname, or to clean up # login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems. # addresses produced by legacy mail systems.
# #
# The canonical(5) mapping is not to be confused with vir- # The canonical(5) mapping is not to be confused with vir-
# tual domain support. Use the virtual(5) map for that pur- # tual domain support. Use the virtual(5) map for that pur-
# pose. # pose.
# #
# The canonical(5) mapping is not to be confused with local # The canonical(5) mapping is not to be confused with local
# aliasing. Use the aliases(5) map for that purpose. # aliasing. Use the aliases(5) map for that purpose.
# #
# TABLE FORMAT # TABLE FORMAT
# The input format for the postmap(1) command is as follows: # The input format for the postmap(1) command is as follows:
# #
# pattern result # pattern result
# When pattern matches a mail address, replace it by # When pattern matches a mail address, replace it by
# the corresponding result. # the corresponding result.
# #
# blank lines and comments # blank lines and comments
# Empty lines and whitespace-only lines are ignored, # Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character # as are lines whose first non-whitespace character
# is a `#'. # is a `#'.
# #
# multi-line text # multi-line text
# A logical line starts with non-whitespace text. A # A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi- # line that starts with whitespace continues a logi-
# cal line. # cal line.
# #
# TABLE SEARCH ORDER # TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from # With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are # networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below: # tried in the order as listed below:
# #
# user@domain address # user@domain address
# Replace user@domain by address. This form has the # Replace user@domain by address. This form has the
# highest precedence. # highest precedence.
# #
# This is useful to clean up addresses produced by # This is useful to clean up addresses produced by
# legacy mail systems. It can also be used to pro- # legacy mail systems. It can also be used to pro-
# duce Firstname.Lastname style addresses, but see # duce Firstname.Lastname style addresses, but see
# below for a simpler solution. # below for a simpler solution.
# #
# user address # user address
# Replace user@site by address when site is equal to # Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination, # $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or # or when it is listed in $inet_interfaces or
# $proxy_interfaces. # $proxy_interfaces.
# #
# This form is useful for replacing login names by # This form is useful for replacing login names by
# Firstname.Lastname. # Firstname.Lastname.
# #
# @domain address # @domain address
@@ -107,10 +106,10 @@
# RESULT ADDRESS REWRITING # RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting: # The lookup result is subject to address rewriting:
# #
# o When the result has the form @otherdomain, the # o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. # result becomes the same user in otherdomain.
# #
# o When "append_at_myorigin=yes", append "@$myorigin" # o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain". # to addresses without "@domain".
# #
# o When "append_dot_mydomain=yes", append ".$mydomain" # o When "append_dot_mydomain=yes", append ".$mydomain"
@@ -118,58 +117,58 @@
# #
# ADDRESS EXTENSION # ADDRESS EXTENSION
# When a mail address localpart contains the optional recip- # When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order # ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and # becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain. # @domain.
# #
# The propagate_unmatched_extensions parameter controls # The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa- # whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup. # gated to the result of table lookup.
# #
# REGULAR EXPRESSION TABLES # REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# the table is given in the form of regular expressions. For # the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax, # a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5). # see regexp_table(5) or pcre_table(5).
# #
# Each pattern is a regular expression that is applied to # Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail # the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain # addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and # constituent parts, nor is user+foo broken up into user and
# foo. # foo.
# #
# Patterns are applied in the order as specified in the ta- # Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search # ble, until a pattern is found that matches the search
# string. # string.
# #
# Results are the same as with indexed file lookups, with # Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from # the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on. # the pattern can be interpolated as $1, $2 and so on.
# #
# TCP-BASED TABLES # TCP-BASED TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip- # lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta- # tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including # ble(5). This feature is not available up to and including
# Postfix version 2.2. # Postfix version 2.2.
# #
# Each lookup operation uses the entire address once. Thus, # Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their # user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken # user and @domain constituent parts, nor is user+foo broken
# up into user and foo. # up into user and foo.
# #
# Results are the same as with indexed file lookups. # Results are the same as with indexed file lookups.
# #
# BUGS # BUGS
# The table format does not understand quoting conventions. # The table format does not understand quoting conventions.
# #
# CONFIGURATION PARAMETERS # CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant. # The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See # The text below provides only a parameter summary. See
# postconf(5) for more details including examples. # postconf(5) for more details including examples.
# #
# canonical_classes # canonical_classes
# What addresses are subject to canonical address # What addresses are subject to canonical address
# mapping. # mapping.
# #
# canonical_maps # canonical_maps
@@ -184,26 +183,26 @@
# header sender addresses. # header sender addresses.
# #
# propagate_unmatched_extensions # propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha- # A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the # nisms that propagate an address extension from the
# original address to the result. Specify zero or # original address to the result. Specify zero or
# more of canonical, virtual, alias, forward, # more of canonical, virtual, alias, forward,
# include, or generic. # include, or generic.
# #
# Other parameters of interest: # Other parameters of interest:
# #
# inet_interfaces # inet_interfaces
# The network interface addresses that this system # The network interface addresses that this system
# receives mail on. You need to stop and start Post- # receives mail on. You need to stop and start Post-
# fix when this parameter changes. # fix when this parameter changes.
# #
# local_header_rewrite_clients # local_header_rewrite_clients
# Rewrite message header addresses in mail from these # Rewrite message header addresses in mail from these
# clients and update incomplete addresses with the # clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't # domain name in $myorigin or $mydomain; either don't
# rewrite message headers from other clients at all, # rewrite message headers from other clients at all,
# or rewrite message headers and update incomplete # or rewrite message headers and update incomplete
# addresses with the domain specified in the # addresses with the domain specified in the
# remote_header_rewrite_domain parameter. # remote_header_rewrite_domain parameter.
# #
# proxy_interfaces # proxy_interfaces
@@ -212,20 +211,20 @@
# tor. # tor.
# #
# masquerade_classes # masquerade_classes
# List of address classes subject to masquerading: # List of address classes subject to masquerading:
# zero or more of envelope_sender, envelope_recipi- # zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient. # ent, header_sender, header_recipient.
# #
# masquerade_domains # masquerade_domains
# List of domains that hide their subdomain struc- # List of domains that hide their subdomain struc-
# ture. # ture.
# #
# masquerade_exceptions # masquerade_exceptions
# List of user names that are not subject to address # List of user names that are not subject to address
# masquerading. # masquerading.
# #
# mydestination # mydestination
# List of domains that this mail system considers # List of domains that this mail system considers
# local. # local.
# #
# myorigin # myorigin
@@ -236,9 +235,9 @@
# addresses. # addresses.
# #
# remote_header_rewrite_domain # remote_header_rewrite_domain
# Don't rewrite message headers from remote clients # Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re- # at all when this parameter is empty; otherwise, re-
# write message headers and append the specified # write message headers and append the specified
# domain name to incomplete addresses. # domain name to incomplete addresses.
# #
# SEE ALSO # SEE ALSO
@@ -248,13 +247,13 @@
# virtual(5), virtual aliasing # virtual(5), virtual aliasing
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide # ADDRESS_REWRITING_README, address rewriting guide
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

144
postfix/conf/virtual
View File

@@ -34,62 +34,62 @@
# address can have its own mailbox. # address can have its own mailbox.
# #
# Virtual aliasing is applied only to recipient envelope # Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Think # addresses, and does not affect message headers. Use
# Sendmail rule set S0, if you like. Use canonical(5) map- # canonical(5) mapping to rewrite header and envelope
# ping to rewrite header and envelope addresses in general. # addresses in general.
# #
# Normally, the virtual(5) alias table is specified as a # Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command. # text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used # The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command # for fast searching by the mail system. Execute the command
# "postmap /etc/postfix/virtual" in order to rebuild the # "postmap /etc/postfix/virtual" in order to rebuild the
# indexed file after changing the text file. # indexed file after changing the text file.
# #
# When the table is provided via other means such as NIS, # When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary # LDAP or SQL, the same lookups are done as for ordinary
# indexed files. # indexed files.
# #
# Alternatively, the table can be provided as a regular- # Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres- # expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In # sions, or lookups can be directed to TCP-based server. In
# that case, the lookups are done in a slightly different # that case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES" # way as described below under "REGULAR EXPRESSION TABLES"
# and "TCP-BASED TABLES". # and "TCP-BASED TABLES".
# #
# TABLE FORMAT # TABLE FORMAT
# The input format for the postmap(1) command is as follows: # The input format for the postmap(1) command is as follows:
# #
# pattern result # pattern result
# When pattern matches a mail address, replace it by # When pattern matches a mail address, replace it by
# the corresponding result. # the corresponding result.
# #
# blank lines and comments # blank lines and comments
# Empty lines and whitespace-only lines are ignored, # Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character # as are lines whose first non-whitespace character
# is a `#'. # is a `#'.
# #
# multi-line text # multi-line text
# A logical line starts with non-whitespace text. A # A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi- # line that starts with whitespace continues a logi-
# cal line. # cal line.
# #
# TABLE SEARCH ORDER # TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from # With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are # networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below: # tried in the order as listed below:
# #
# user@domain address, address, ... # user@domain address, address, ...
# Redirect mail for user@domain to address. This # Redirect mail for user@domain to address. This
# form has the highest precedence. # form has the highest precedence.
# #
# user address, address, ... # user address, address, ...
# Redirect mail for user@site to address when site is # Redirect mail for user@site to address when site is
# equal to $myorigin, when site is listed in $mydes- # equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces # tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces. # or $proxy_interfaces.
# #
# This functionality overlaps with functionality of # This functionality overlaps with functionality of
# the local aliases(5) database. The difference is # the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local # that virtual(5) mapping can be applied to non-local
# addresses. # addresses.
# #
@@ -100,12 +100,12 @@
# RESULT ADDRESS REWRITING # RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting: # The lookup result is subject to address rewriting:
# #
# o When the result has the form @otherdomain, the # o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This # result becomes the same user in otherdomain. This
# works only for the first address in a multi-address # works only for the first address in a multi-address
# lookup result. # lookup result.
# #
# o When "append_at_myorigin=yes", append "@$myorigin" # o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain". # to addresses without "@domain".
# #
# o When "append_dot_mydomain=yes", append ".$mydomain" # o When "append_dot_mydomain=yes", append ".$mydomain"
@@ -113,29 +113,29 @@
# #
# ADDRESS EXTENSION # ADDRESS EXTENSION
# When a mail address localpart contains the optional recip- # When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order # ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and # becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain. # @domain.
# #
# The propagate_unmatched_extensions parameter controls # The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa- # whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup. # gated to the result of table lookup.
# #
# VIRTUAL ALIAS DOMAINS # VIRTUAL ALIAS DOMAINS
# Besides virtual aliases, the virtual alias table can also # Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual # be used to implement virtual alias domains. With a virtual
# alias domain, all recipient addresses are aliased to # alias domain, all recipient addresses are aliased to
# addresses in other domains. # addresses in other domains.
# #
# Virtual alias domains are not to be confused with the vir- # Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix # tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox # virtual(8) mail delivery agent. With virtual mailbox
# domains, each recipient address can have its own mailbox. # domains, each recipient address can have its own mailbox.
# #
# With a virtual alias domain, the virtual domain has its # With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames # own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular, # are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible # local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain. # as localname@virtual-alias.domain.
# #
# Support for a virtual alias domain looks like: # Support for a virtual alias domain looks like:
@@ -143,8 +143,8 @@
# /etc/postfix/main.cf: # /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual # virtual_alias_maps = hash:/etc/postfix/virtual
# #
# Note: some systems use dbm databases instead of hash. # Note: some systems use dbm databases instead of hash.
# See the output from "postconf -m" for available data- # See the output from "postconf -m" for available data-
# base types. # base types.
# #
# /etc/postfix/virtual: # /etc/postfix/virtual:
@@ -153,95 +153,95 @@
# user1@virtual-alias.domain address1 # user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3 # user2@virtual-alias.domain address2, address3
# #
# The virtual-alias.domain anything entry is required for a # The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected # virtual alias domain. Without this entry, mail is rejected
# with "relay access denied", or bounces with "mail loops # with "relay access denied", or bounces with "mail loops
# back to myself". # back to myself".
# #
# Do not specify virtual alias domain names in the main.cf # Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters. # mydestination or relay_domains configuration parameters.
# #
# With a virtual alias domain, the Postfix SMTP server # With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and # accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as # rejects mail for unknown-user@virtual-alias.domain as
# undeliverable. # undeliverable.
# #
# Instead of specifying the virtual alias domain name via # Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via # the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter. # the main.cf virtual_alias_domains configuration parameter.
# This latter parameter uses the same syntax as the main.cf # This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter. # mydestination configuration parameter.
# #
# REGULAR EXPRESSION TABLES # REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# the table is given in the form of regular expressions. For # the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax, # a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5). # see regexp_table(5) or pcre_table(5).
# #
# Each pattern is a regular expression that is applied to # Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail # the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain # addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and # constituent parts, nor is user+foo broken up into user and
# foo. # foo.
# #
# Patterns are applied in the order as specified in the ta- # Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search # ble, until a pattern is found that matches the search
# string. # string.
# #
# Results are the same as with indexed file lookups, with # Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from # the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on. # the pattern can be interpolated as $1, $2 and so on.
# #
# TCP-BASED TABLES # TCP-BASED TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip- # lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta- # tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including # ble(5). This feature is not available up to and including
# Postfix version 2.2. # Postfix version 2.2.
# #
# Each lookup operation uses the entire address once. Thus, # Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their # user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken # user and @domain constituent parts, nor is user+foo broken
# up into user and foo. # up into user and foo.
# #
# Results are the same as with indexed file lookups. # Results are the same as with indexed file lookups.
# #
# BUGS # BUGS
# The table format does not understand quoting conventions. # The table format does not understand quoting conventions.
# #
# CONFIGURATION PARAMETERS # CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant # The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax # to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload" # details and for default values. Use the "postfix reload"
# command after a configuration change. # command after a configuration change.
# #
# virtual_alias_maps # virtual_alias_maps
# List of virtual aliasing tables. # List of virtual aliasing tables.
# #
# virtual_alias_domains # virtual_alias_domains
# List of virtual alias domains. This uses the same # List of virtual alias domains. This uses the same
# syntax as the mydestination parameter. # syntax as the mydestination parameter.
# #
# propagate_unmatched_extensions # propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha- # A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the # nisms that propagate an address extension from the
# original address to the result. Specify zero or # original address to the result. Specify zero or
# more of canonical, virtual, alias, forward, # more of canonical, virtual, alias, forward,
# include, or generic. # include, or generic.
# #
# Other parameters of interest: # Other parameters of interest:
# #
# inet_interfaces # inet_interfaces
# The network interface addresses that this system # The network interface addresses that this system
# receives mail on. You need to stop and start Post- # receives mail on. You need to stop and start Post-
# fix when this parameter changes. # fix when this parameter changes.
# #
# mydestination # mydestination
# List of domains that this mail system considers # List of domains that this mail system considers
# local. # local.
# #
# myorigin # myorigin
# The domain that is appended to any address that # The domain that is appended to any address that
# does not have a domain. # does not have a domain.
# #
# owner_request_special # owner_request_special
@@ -260,14 +260,14 @@
# canonical(5), canonical address mapping # canonical(5), canonical address mapping
# #
# README FILES # README FILES
# Use "postconf readme_directory" or "postconf html_direc- # Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information. # tory" to locate this information.
# DATABASE_README, Postfix lookup table overview # DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide # ADDRESS_REWRITING_README, address rewriting guide
# VIRTUAL_README, domain hosting guide # VIRTUAL_README, domain hosting guide
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
# software. # software.
# #
# AUTHOR(S) # AUTHOR(S)

2
postfix/html/DSN_README.html
View File

@@ -139,7 +139,7 @@ as discussed in the next section. </p>
<h2> <a name="compat">Postfix VERP support compatibility</a> </h2> <h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
<p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> commands uses <p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> command uses
the -V command-line option to request VERP-style delivery. In order the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V. </p> specify -XV instead of -V. </p>

3
postfix/html/IPV6_README.html
View File

@@ -30,7 +30,8 @@ between these implementations. </p>
addresses instead of the 32-bit addresses used by IPv4. It can addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger without ugly kluges such as NAT. A side benefit of the much larger
address space is that it makes network scanning unpractical. </p> address space is that it makes random network scanning unpractical.
</p>
<p> Postfix uses the same SMTP protocol over IPv6 as it already <p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in uses over the older IPv4 network, and does AAAA record lookups in

119
postfix/html/canonical.5.html
View File

@@ -43,67 +43,66 @@ CANONICAL(5) CANONICAL(5)
By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message
header addresses (i.e. addresses that appear inside mes- header addresses (i.e. addresses that appear inside mes-
sages) and message envelope addresses (for example, the sages) and message envelope addresses (for example, the
addresses that are used in SMTP protocol commands). Think addresses that are used in SMTP protocol commands). This
Sendmail rule set <b>S3</b>, if you like. This is controlled is controlled with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
NOTE: Postfix versions 2.2 and later rewrite message head- NOTE: Postfix versions 2.2 and later rewrite message head-
ers from remote SMTP clients only if the client matches ers from remote SMTP clients only if the client matches
the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter spec- <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter spec-
ifies a non-empty value. To get the behavior before Post- ifies a non-empty value. To get the behavior before Post-
fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> = fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all". static:all".
Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace
login names by <i>Firstname.Lastname</i>, or to clean up login names by <i>Firstname.Lastname</i>, or to clean up
addresses produced by legacy mail systems. addresses produced by legacy mail systems.
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i> The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
<i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur- <i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
pose. pose.
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose. aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
<b>TABLE FORMAT</b> <b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows: The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i> <i>pattern result</i>
When <i>pattern</i> matches a mail address, replace it by When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>. the corresponding <i>result</i>.
blank lines and comments blank lines and comments
Empty lines and whitespace-only lines are ignored, Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character as are lines whose first non-whitespace character
is a `#'. is a `#'.
multi-line text multi-line text
A logical line starts with non-whitespace text. A A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi- line that starts with whitespace continues a logi-
cal line. cal line.
<b>TABLE SEARCH ORDER</b> <b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below: tried in the order as listed below:
<i>user</i>@<i>domain address</i> <i>user</i>@<i>domain address</i>
Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
highest precedence. highest precedence.
This is useful to clean up addresses produced by This is useful to clean up addresses produced by
legacy mail systems. It can also be used to pro- legacy mail systems. It can also be used to pro-
duce <i>Firstname.Lastname</i> style addresses, but see duce <i>Firstname.Lastname</i> style addresses, but see
below for a simpler solution. below for a simpler solution.
<i>user address</i> <i>user address</i>
Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
$<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>, $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
$<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
This form is useful for replacing login names by This form is useful for replacing login names by
<i>Firstname.Lastname</i>. <i>Firstname.Lastname</i>.
@<i>domain address</i> @<i>domain address</i>
@@ -113,10 +112,10 @@ CANONICAL(5) CANONICAL(5)
<b>RESULT ADDRESS REWRITING</b> <b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting: The lookup result is subject to address rewriting:
<b>o</b> When the result has the form @<i>otherdomain</i>, the <b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>. result becomes the same <i>user</i> in <i>otherdomain</i>.
<b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain". to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
@@ -124,58 +123,58 @@ CANONICAL(5) CANONICAL(5)
<b>ADDRESS EXTENSION</b> <b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip- When a mail address localpart contains the optional recip-
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>. @<i>domain</i>.
The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
whether an unmatched address extension (<i>+foo</i>) is propa- whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup. gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b> <b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when
the table is given in the form of regular expressions. For the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax, a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail the entire address being looked up. Thus, <i>user@domain</i> mail
addresses are not broken up into their <i>user</i> and <i>@domain</i> addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>. <i>foo</i>.
Patterns are applied in the order as specified in the ta- Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search ble, until a pattern is found that matches the search
string. string.
Results are the same as with indexed file lookups, with Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on. the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b> <b>TCP-BASED TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip- lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a> tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2. Postfix version 2.2.
Each lookup operation uses the entire address once. Thus, Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>. up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups. Results are the same as with indexed file lookups.
<b>BUGS</b> <b>BUGS</b>
The table format does not understand quoting conventions. The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant. The following <b>main.cf</b> parameters are especially relevant.
The text below provides only a parameter summary. See The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples. <a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
What addresses are subject to canonical address What addresses are subject to canonical address
mapping. mapping.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b> <b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
@@ -190,26 +189,26 @@ CANONICAL(5) CANONICAL(5)
header sender addresses. header sender addresses.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
A list of address rewriting or forwarding mecha- A list of address rewriting or forwarding mecha-
nisms that propagate an address extension from the nisms that propagate an address extension from the
original address to the result. Specify zero or original address to the result. Specify zero or
more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>, more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>. <b>include</b>, or <b>generic</b>.
Other parameters of interest: Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
The network interface addresses that this system The network interface addresses that this system
receives mail on. You need to stop and start Post- receives mail on. You need to stop and start Post-
fix when this parameter changes. fix when this parameter changes.
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b> <b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b>
Rewrite message header addresses in mail from these Rewrite message header addresses in mail from these
clients and update incomplete addresses with the clients and update incomplete addresses with the
domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
rewrite message headers from other clients at all, rewrite message headers from other clients at all,
or rewrite message headers and update incomplete or rewrite message headers and update incomplete
addresses with the domain specified in the addresses with the domain specified in the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter. <a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b> <b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
@@ -218,20 +217,20 @@ CANONICAL(5) CANONICAL(5)
tor. tor.
<b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b> <b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
List of address classes subject to masquerading: List of address classes subject to masquerading:
zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b> zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
<b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>. <b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b> <b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
List of domains that hide their subdomain struc- List of domains that hide their subdomain struc-
ture. ture.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b> <b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
List of user names that are not subject to address List of user names that are not subject to address
masquerading. masquerading.
<b><a href="postconf.5.html#mydestination">mydestination</a></b> <b><a href="postconf.5.html#mydestination">mydestination</a></b>
List of domains that this mail system considers List of domains that this mail system considers
local. local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b> <b><a href="postconf.5.html#myorigin">myorigin</a></b>
@@ -242,9 +241,9 @@ CANONICAL(5) CANONICAL(5)
addresses. addresses.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b> <b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>
Don't rewrite message headers from remote clients Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re- at all when this parameter is empty; otherwise, re-
write message headers and append the specified write message headers and append the specified
domain name to incomplete addresses. domain name to incomplete addresses.
<b>SEE ALSO</b> <b>SEE ALSO</b>
@@ -258,7 +257,7 @@ CANONICAL(5) CANONICAL(5)
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide <a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

10
postfix/html/cleanup.8.html
View File

@@ -125,6 +125,16 @@ CLEANUP(8) CLEANUP(8)
non-MIME message headers in attached messages, as non-MIME message headers in attached messages, as
described in the <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page. described in the <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#message_reject_characters">message_reject_characters</a> (empty)</b>
The set of characters that Postfix will reject in
message content.
<b><a href="postconf.5.html#message_strip_characters">message_strip_characters</a> (empty)</b>
The set of characters that Postfix will remove from
message content.
<b>MIME PROCESSING CONTROLS</b> <b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later: Available in Postfix version 2.0 and later:

170
postfix/html/ldap_table.5.html
View File

@@ -324,58 +324,60 @@ LDAP_TABLE(5) LDAP_TABLE(5)
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a> NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases. aliases.
This feature is available in Postfix 2.1 and later.
<b>result_attribute (default: maildrop)</b> <b>result_attribute (default: maildrop)</b>
The attribute(s) Postfix will read from any direc- The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved tory entries returned by the lookup, to be resolved
to an email address. to an email address.
result_attribute = mailbox, maildrop result_attribute = mailbox, maildrop
<b>special_result_attribute (No default)</b> <b>special_result_attribute (No default)</b>
The attribute(s) of directory entries that can con- The attribute(s) of directory entries that can con-
tain DNs or URLs. If found, a recursive subsequent tain DNs or URLs. If found, a recursive subsequent
search is done using their values. search is done using their values.
special_result_attribute = member special_result_attribute = member
DN recursion retrieves the same result_attributes DN recursion retrieves the same result_attributes
as the main query, including the special attributes as the main query, including the special attributes
for further recursion. URI processing retrieves for further recursion. URI processing retrieves
only those attributes that are included in the URI only those attributes that are included in the URI
definition and are *also* listed in definition and are *also* listed in
"result_attribute". If the URI lists any of the "result_attribute". If the URI lists any of the
map's special result attributes, these are also map's special result attributes, these are also
retrieved and used recursively. retrieved and used recursively.
<b>scope (default: sub)</b> <b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE, translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL. and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b> <b>bind (default: yes)</b>
Whether or not to bind to the LDAP server. Newer Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind, LDAP implementations don't require clients to bind,
which saves time. Example: which saves time. Example:
bind = no bind = no
If you do need to bind, you might consider config- If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a uring Postfix to connect to the local machine on a
port that's an SSL tunnel to your LDAP server. If port that's an SSL tunnel to your LDAP server. If
your LDAP server doesn't natively support SSL, put your LDAP server doesn't natively support SSL, put
a tunnel (wrapper, proxy, whatever you want to call a tunnel (wrapper, proxy, whatever you want to call
it) on that system too. This should prevent the it) on that system too. This should prevent the
password from traversing the network in the clear. password from traversing the network in the clear.
<b>bind_dn (default: empty)</b> <b>bind_dn (default: empty)</b>
If you do have to bind, do it with this distin- If you do have to bind, do it with this distin-
guished name. Example: guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b> <b>bind_pw (default: empty)</b>
The password for the distinguished name above. If The password for the distinguished name above. If
you have to use this, you probably want to make the you have to use this, you probably want to make the
map configuration file readable only by the Postfix map configuration file readable only by the Postfix
user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn- user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
tax, with map parameters in main.cf, it is not pos- tax, with map parameters in main.cf, it is not pos-
sible to securely store the bind password. This is sible to securely store the bind password. This is
because main.cf needs to be world readable to allow because main.cf needs to be world readable to allow
local accounts to submit mail via the sendmail com- local accounts to submit mail via the sendmail com-
mand. Example: mand. Example:
@@ -386,43 +388,43 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>cache_expiry (IGNORED with a warning)</b> <b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b> <b>cache_size (IGNORED with a warning)</b>
The above parameters are NO LONGER SUPPORTED by The above parameters are NO LONGER SUPPORTED by
Postfix. Cache support has been dropped from Postfix. Cache support has been dropped from
OpenLDAP as of release 2.1.13. OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b> <b>recursion_limit (default: 1000)</b>
A limit on the nesting depth of DN and URL special A limit on the nesting depth of DN and URL special
result attribute evaluation. The limit must be a result attribute evaluation. The limit must be a
non-zero positive number. non-zero positive number.
<b>expansion_limit (default: 0)</b> <b>expansion_limit (default: 0)</b>
A limit on the total number of result elements A limit on the total number of result elements
returned (as a comma separated list) by a lookup returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values. that lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b> <b>size_limit (default: $expansion_limit)</b>
A limit on the number of LDAP entries returned by A limit on the number of LDAP entries returned by
any single LDAP search performed as part of the any single LDAP search performed as part of the
lookup. A setting of 0 disables the limit. Expan- lookup. A setting of 0 disables the limit. Expan-
sion of DN and URL references involves nested LDAP sion of DN and URL references involves nested LDAP
queries, each of which is separately subjected to queries, each of which is separately subjected to
this limit. this limit.
Note: even a single LDAP entry can generate multi- Note: even a single LDAP entry can generate multi-
ple lookup results, via multiple result attributes ple lookup results, via multiple result attributes
and/or multi-valued result attributes. This limit and/or multi-valued result attributes. This limit
caps the per search resource utilization on the caps the per search resource utilization on the
LDAP server, not the final multiplicity of the LDAP server, not the final multiplicity of the
lookup result. It is analogous to the "-z" option lookup result. It is analogous to the "-z" option
of "ldapsearch". of "ldapsearch".
<b>dereference (default: 0)</b> <b>dereference (default: 0)</b>
When to dereference LDAP aliases. (Note that this When to dereference LDAP aliases. (Note that this
has nothing do with Postfix aliases.) The permitted has nothing do with Postfix aliases.) The permitted
values are those legal for the OpenLDAP/UM LDAP values are those legal for the OpenLDAP/UM LDAP
implementations: implementations:
0 never 0 never
@@ -434,99 +436,99 @@ LDAP_TABLE(5) LDAP_TABLE(5)
3 always 3 always
See ldap.h or the ldap_open(3) or ldapsearch(1) man See ldap.h or the ldap_open(3) or ldapsearch(1) man
pages for more information. And if you're using an pages for more information. And if you're using an
LDAP package that has other possible values, please LDAP package that has other possible values, please
bring it to the attention of the postfix- bring it to the attention of the postfix-
users@postfix.org mailing list. users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b> <b>chase_referrals (default: 0)</b>
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
version 3 support). version 3 support).
<b>version (default: 2)</b> <b>version (default: 2)</b>
Specifies the LDAP protocol version to use. Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b> <b>debuglevel (default: 0)</b>
What level to set for debugging in the OpenLDAP What level to set for debugging in the OpenLDAP
libraries. libraries.
<b>LDAP SSL AND STARTTLS PARAMETERS</b> <b>LDAP SSL AND STARTTLS PARAMETERS</b>
If you're using the OpenLDAP libraries compiled with SSL If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can support, Postfix can connect to LDAP SSL servers and can
issue the STARTTLS command. issue the STARTTLS command.
LDAP SSL service can be requested by using a LDAP SSL URL LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter: in the server_host parameter:
server_host = ldaps://ldap.example.com:636 server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter: STARTTLS can be turned on with the start_tls parameter:
start_tls = yes start_tls = yes
Both forms require LDAP protocol version 3, which has to Both forms require LDAP protocol version 3, which has to
be set explicitly with: be set explicitly with:
version = 3 version = 3
If any of the Postfix programs querying the map is config- If any of the Postfix programs querying the map is config-
ured in master.cf to run chrooted, all the certificates ured in master.cf to run chrooted, all the certificates
and keys involved have to be copied to the chroot jail. Of and keys involved have to be copied to the chroot jail. Of
course, the private keys should only be readable by the course, the private keys should only be readable by the
user "postfix". user "postfix".
The following parameters are relevant to LDAP SSL and The following parameters are relevant to LDAP SSL and
STARTTLS: STARTTLS:
<b>start_tls (default: no)</b> <b>start_tls (default: no)</b>
Whether or not to issue STARTTLS upon connection to Whether or not to issue STARTTLS upon connection to
the server. Don't set this with LDAP SSL (the SSL the server. Don't set this with LDAP SSL (the SSL
session is setup automatically when the TCP connec- session is setup automatically when the TCP connec-
tion is opened). tion is opened).
<b>tls_ca_cert_dir (No default; set either this or</b> <b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_file)</b> <b>tls_ca_cert_file)</b>
Directory containing X509 Certificate Authority Directory containing X509 Certificate Authority
certificates in PEM format which are to be recog- certificates in PEM format which are to be recog-
nized by the client in SSL/TLS connections. The nized by the client in SSL/TLS connections. The
files each contain one CA certificate. The files files each contain one CA certificate. The files
are looked up by the CA subject name hash value, are looked up by the CA subject name hash value,
which must hence be available. If more than one CA which must hence be available. If more than one CA
certificate with the same name hash value exist, certificate with the same name hash value exist,
the extension must be different (e.g. 9d66eef0.0, the extension must be different (e.g. 9d66eef0.0,
9d66eef0.1 etc). The search is performed in the 9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of ordering of the extension number, regardless of
other properties of the certificates. Use the other properties of the certificates. Use the
c_rehash utility (from the OpenSSL distribution) to c_rehash utility (from the OpenSSL distribution) to
create the necessary links. create the necessary links.
<b>tls_ca_cert_file (No default; set either this or</b> <b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_dir)</b> <b>tls_ca_cert_dir)</b>
File containing the X509 Certificate Authority cer- File containing the X509 Certificate Authority cer-
tificates in PEM format which are to be recognized tificates in PEM format which are to be recognized
by the client in SSL/TLS connections. This setting by the client in SSL/TLS connections. This setting
takes precedence over tls_ca_cert_dir. takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b> <b>tls_cert (No default; you must set this)</b>
File containing client's X509 certificate to be File containing client's X509 certificate to be
used by the client in SSL/ TLS connections. used by the client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b> <b>tls_key (No default; you must set this)</b>
File containing the private key corresponding to File containing the private key corresponding to
the above tls_cert. the above tls_cert.
<b>tls_require_cert (default: no)</b> <b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate Whether or not to request server's X509 certificate
and check its validity when establishing SSL/TLS and check its validity when establishing SSL/TLS
connections. connections.
<b>tls_random_file (No default)</b> <b>tls_random_file (No default)</b>
Path of a file to obtain random bits from when Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the /dev/[u]random is not available, to be used by the
client in SSL/TLS connections. client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b> <b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations. Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b> <b>EXAMPLE</b>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a> Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in main.cf, you have: aliases. Assume that in main.cf, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases, <a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
<a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf <a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
@@ -535,14 +537,14 @@ LDAP_TABLE(5) LDAP_TABLE(5)
server_host = ldap.my.com server_host = ldap.my.com
search_base = dc=my, dc=com search_base = dc=my, dc=com
Upon receiving mail for a local address "ldapuser" that Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on search the LDAP server listening at port 389 on
ldap.my.com. It will bind anonymously, search for any ldap.my.com. It will bind anonymously, search for any
directory entries whose mailacceptinggeneralid attribute directory entries whose mailacceptinggeneralid attribute
is "ldapuser", read the "maildrop" attributes of those is "ldapuser", read the "maildrop" attributes of those
found, and build a list of their maildrops, which will be found, and build a list of their maildrops, which will be
treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be
delivered. delivered.
<b>SEE ALSO</b> <b>SEE ALSO</b>
@@ -556,13 +558,13 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide <a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu, Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others. Victor Duchovni, and many others.
LDAP_TABLE(5) LDAP_TABLE(5)

50
postfix/html/postconf.5.html
View File

@@ -4110,6 +4110,25 @@ Specify 0 when mail delivery should be tried only once.
</p> </p>
</DD>
<DT><b><a name="message_reject_characters">message_reject_characters</a>
(default: empty)</b></DT><DD>
<p> The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD> </DD>
<DT><b><a name="message_size_limit">message_size_limit</a> <DT><b><a name="message_size_limit">message_size_limit</a>
@@ -4120,6 +4139,25 @@ The maximal size in bytes of a message, including envelope information.
</p> </p>
</DD>
<DT><b><a name="message_strip_characters">message_strip_characters</a>
(default: empty)</b></DT><DD>
<p> The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD> </DD>
<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a> <DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a>
@@ -7938,12 +7976,18 @@ The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process. supposed to give the result to another Postfix SMTP server process.
</p> </p>
<p> Specify host:port. The host can be specified as an IP address <p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
or as a symbolic name; no MX lookups are done. When no host or "unix:pathname" for a UNIX-domain endpoint. The host can be specified
host: are specified, the local machine is assumed. </p> as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p> <p> This feature is available in Postfix 2.1 and later. </p>
<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later. </p>
</DD> </DD>

142
postfix/html/virtual.5.html
View File

@@ -40,62 +40,62 @@ VIRTUAL(5) VIRTUAL(5)
address can have its own mailbox. address can have its own mailbox.
Virtual aliasing is applied only to recipient envelope Virtual aliasing is applied only to recipient envelope
addresses, and does not affect message headers. Think addresses, and does not affect message headers. Use
Sendmail rule set <b>S0</b>, if you like. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> map- <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping to rewrite header and envelope
ping to rewrite header and envelope addresses in general. addresses in general.
Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a
text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command. text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
for fast searching by the mail system. Execute the command for fast searching by the mail system. Execute the command
"<b>postmap /etc/postfix/virtual</b>" in order to rebuild the "<b>postmap /etc/postfix/virtual</b>" in order to rebuild the
indexed file after changing the text file. indexed file after changing the text file.
When the table is provided via other means such as NIS, When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary LDAP or SQL, the same lookups are done as for ordinary
indexed files. indexed files.
Alternatively, the table can be provided as a regular- Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres- expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In sions, or lookups can be directed to TCP-based server. In
that case, the lookups are done in a slightly different that case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES" way as described below under "REGULAR EXPRESSION TABLES"
and "TCP-BASED TABLES". and "TCP-BASED TABLES".
<b>TABLE FORMAT</b> <b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows: The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i> <i>pattern result</i>
When <i>pattern</i> matches a mail address, replace it by When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>. the corresponding <i>result</i>.
blank lines and comments blank lines and comments
Empty lines and whitespace-only lines are ignored, Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character as are lines whose first non-whitespace character
is a `#'. is a `#'.
multi-line text multi-line text
A logical line starts with non-whitespace text. A A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi- line that starts with whitespace continues a logi-
cal line. cal line.
<b>TABLE SEARCH ORDER</b> <b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below: tried in the order as listed below:
<i>user</i>@<i>domain address, address, ...</i> <i>user</i>@<i>domain address, address, ...</i>
Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This
form has the highest precedence. form has the highest precedence.
<i>user address, address, ...</i> <i>user address, address, ...</i>
Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is
equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b> equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b>
<b><a href="postconf.5.html#mydestination">tination</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> <b><a href="postconf.5.html#mydestination">tination</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>. or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
This functionality overlaps with functionality of This functionality overlaps with functionality of
the local <i>aliases</i>(5) database. The difference is the local <i>aliases</i>(5) database. The difference is
that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping can be applied to non-local that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping can be applied to non-local
addresses. addresses.
@@ -106,12 +106,12 @@ VIRTUAL(5) VIRTUAL(5)
<b>RESULT ADDRESS REWRITING</b> <b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting: The lookup result is subject to address rewriting:
<b>o</b> When the result has the form @<i>otherdomain</i>, the <b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>. This result becomes the same <i>user</i> in <i>otherdomain</i>. This
works only for the first address in a multi-address works only for the first address in a multi-address
lookup result. lookup result.
<b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>" <b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain". to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>" <b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
@@ -119,29 +119,29 @@ VIRTUAL(5) VIRTUAL(5)
<b>ADDRESS EXTENSION</b> <b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip- When a mail address localpart contains the optional recip-
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>. @<i>domain</i>.
The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
whether an unmatched address extension (<i>+foo</i>) is propa- whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup. gated to the result of table lookup.
<b>VIRTUAL ALIAS DOMAINS</b> <b>VIRTUAL ALIAS DOMAINS</b>
Besides virtual aliases, the virtual alias table can also Besides virtual aliases, the virtual alias table can also
be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
alias domain, all recipient addresses are aliased to alias domain, all recipient addresses are aliased to
addresses in other domains. addresses in other domains.
Virtual alias domains are not to be confused with the vir- Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix tual mailbox domains that are implemented with the Postfix
<a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox <a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
domains, each recipient address can have its own mailbox. domains, each recipient address can have its own mailbox.
With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its With a virtual alias domain, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames own user name space. Local (i.e. non-virtual) usernames
are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular, are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
as <i>localname@virtual-alias.domain</i>. as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like: Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
@@ -149,8 +149,8 @@ VIRTUAL(5) VIRTUAL(5)
/etc/postfix/main.cf: /etc/postfix/main.cf:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual <a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
Note: some systems use <b>dbm</b> databases instead of <b>hash</b>. Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
See the output from "<b>postconf -m</b>" for available data- See the output from "<b>postconf -m</b>" for available data-
base types. base types.
/etc/postfix/virtual: /etc/postfix/virtual:
@@ -159,95 +159,95 @@ VIRTUAL(5) VIRTUAL(5)
<i>user1@virtual-alias.domain address1</i> <i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i> <i>user2@virtual-alias.domain address2, address3</i>
The <i>virtual-alias.domain anything</i> entry is required for a The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b> <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
<b>with "relay access denied", or bounces with "mail loops</b> <b>with "relay access denied", or bounces with "mail loops</b>
<b>back to myself".</b> <b>back to myself".</b>
Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b> Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters. <b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
With a virtual alias domain, the Postfix SMTP server With a virtual alias domain, the Postfix SMTP server
accepts mail for <i>known-user@virtual-alias.domain</i>, and accepts mail for <i>known-user@virtual-alias.domain</i>, and
rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
undeliverable. undeliverable.
Instead of specifying the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name via Instead of specifying the virtual alias domain name via
the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
the <b>main.cf <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter. the <b>main.cf <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
This latter parameter uses the same syntax as the <b>main.cf</b> This latter parameter uses the same syntax as the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter. <b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b> <b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when
the table is given in the form of regular expressions. For the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax, a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>. see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail the entire address being looked up. Thus, <i>user@domain</i> mail
addresses are not broken up into their <i>user</i> and <i>@domain</i> addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>. <i>foo</i>.
Patterns are applied in the order as specified in the ta- Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search ble, until a pattern is found that matches the search
string. string.
Results are the same as with indexed file lookups, with Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on. the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b> <b>TCP-BASED TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip- lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a> tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including <a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2. Postfix version 2.2.
Each lookup operation uses the entire address once. Thus, Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their <i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken <i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>. up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups. Results are the same as with indexed file lookups.
<b>BUGS</b> <b>BUGS</b>
The table format does not understand quoting conventions. The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b> <b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the "<b>postfix reload</b>" details and for default values. Use the "<b>postfix reload</b>"
command after a configuration change. command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables. List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> <b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter. syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
A list of address rewriting or forwarding mecha- A list of address rewriting or forwarding mecha-
nisms that propagate an address extension from the nisms that propagate an address extension from the
original address to the result. Specify zero or original address to the result. Specify zero or
more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>, more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>. <b>include</b>, or <b>generic</b>.
Other parameters of interest: Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> <b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
The network interface addresses that this system The network interface addresses that this system
receives mail on. You need to stop and start Post- receives mail on. You need to stop and start Post-
fix when this parameter changes. fix when this parameter changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b> <b><a href="postconf.5.html#mydestination">mydestination</a></b>
List of domains that this mail system considers List of domains that this mail system considers
local. local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b> <b><a href="postconf.5.html#myorigin">myorigin</a></b>
The domain that is appended to any address that The domain that is appended to any address that
does not have a domain. does not have a domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b> <b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
@@ -271,7 +271,7 @@ VIRTUAL(5) VIRTUAL(5)
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide <a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

3
postfix/man/man5/canonical.5
View File

@@ -40,8 +40,7 @@ done in a slightly different way as described below under
By default the \fBcanonical\fR(5) mapping affects both message By default the \fBcanonical\fR(5) mapping affects both message
header addresses (i.e. addresses that appear inside messages) header addresses (i.e. addresses that appear inside messages)
and message envelope addresses (for example, the addresses and message envelope addresses (for example, the addresses
that are used in SMTP protocol commands). Think Sendmail that are used in SMTP protocol commands). This is controlled with
rule set \fBS3\fR, if you like. This is controlled with
the \fBcanonical_classes\fR parameter. the \fBcanonical_classes\fR parameter.
NOTE: Postfix versions 2.2 and later rewrite message headers NOTE: Postfix versions 2.2 and later rewrite message headers

2
postfix/man/man5/ldap_table.5
View File

@@ -304,6 +304,8 @@ It is best not to use LDAP to store the domains eligible
for LDAP lookups. for LDAP lookups.
NOTE: DO NOT define this parameter for local(8) aliases. NOTE: DO NOT define this parameter for local(8) aliases.
This feature is available in Postfix 2.1 and later.
.IP "\fBresult_attribute (default: maildrop)\fR" .IP "\fBresult_attribute (default: maildrop)\fR"
The attribute(s) Postfix will read from any directory The attribute(s) Postfix will read from any directory
entries returned by the lookup, to be resolved to an email entries returned by the lookup, to be resolved to an email

56
postfix/man/man5/postconf.5
View File

@@ -506,7 +506,7 @@ and changed the default to none.
Specify a list of network/netmask patterns, separated by commas Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name \e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name" below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup is matched when a table entry matches a lookup string (the lookup
@@ -2231,8 +2231,42 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days). The default time unit is d (days).
.PP .PP
Specify 0 when mail delivery should be tried only once. Specify 0 when mail delivery should be tried only once.
.SH message_reject_characters (default: empty)
The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: \ea
\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
\e\e.
.PP
Example:
.PP
.nf
.na
.ft C
message_reject_characters = \e0
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.3 and later.
.SH message_size_limit (default: 10240000) .SH message_size_limit (default: 10240000)
The maximal size in bytes of a message, including envelope information. The maximal size in bytes of a message, including envelope information.
.SH message_strip_characters (default: empty)
The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: \ea
\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
\e\e.
.PP
Example:
.PP
.nf
.na
.ft C
message_strip_characters = \e0
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.3 and later.
.SH mime_boundary_length_limit (default: 2048) .SH mime_boundary_length_limit (default: 2048)
The maximal length of MIME multipart boundary strings. The MIME The maximal length of MIME multipart boundary strings. The MIME
processor is unable to distinguish between boundary strings that processor is unable to distinguish between boundary strings that
@@ -3867,7 +3901,7 @@ is backwards compatible with Postfix 2.0.
Specify a list of network/netmask patterns, separated by commas Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name \e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name" below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup is matched when a table entry matches a lookup string (the lookup
@@ -3893,7 +3927,7 @@ By default, no clients are allowed to specify XCLIENT.
Specify a list of network/netmask patterns, separated by commas Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name \e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name" below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup is matched when a table entry matches a lookup string (the lookup
@@ -3918,7 +3952,7 @@ By default, no clients are allowed to specify XFORWARD.
Specify a list of network/netmask patterns, separated by commas Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name \e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name" below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup is matched when a table entry matches a lookup string (the lookup
@@ -4517,11 +4551,17 @@ The hostname and TCP port of the mail filtering proxy server.
The proxy receives all mail from the Postfix SMTP server, and is The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process. supposed to give the result to another Postfix SMTP server process.
.PP .PP
Specify host:port. The host can be specified as an IP address Specify "host:port" or "inet:host:port" for a TCP endpoint, or
or as a symbolic name; no MX lookups are done. When no host or "unix:pathname" for a UNIX-domain endpoint. The host can be specified
host: are specified, the local machine is assumed. as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory.
.PP .PP
This feature is available in Postfix 2.1 and later. This feature is available in Postfix 2.1 and later.
.PP
The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later.
.SH smtpd_proxy_timeout (default: 100s) .SH smtpd_proxy_timeout (default: 100s)
The time limit for connecting to a proxy filter and for sending or The time limit for connecting to a proxy filter and for sending or
receiving information. When a connection fails the client gets a receiving information. When a connection fails the client gets a
@@ -5112,7 +5152,7 @@ or smtpd_tls_cert_file.
.PP .PP
A certificate supplied here must be usable as SSL server A certificate supplied here must be usable as SSL server
certificate and hence pass the "openssl verify -purpose sslserver certificate and hence pass the "openssl verify -purpose sslserver
\&..." test. \e&..." test.
.PP .PP
Example: Example:
.PP .PP

2
postfix/man/man5/virtual.5
View File

@@ -38,7 +38,7 @@ can have its own mailbox.
.PP .PP
Virtual aliasing is applied only to recipient Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers. envelope addresses, and does not affect message headers.
Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5) Use \fBcanonical\fR(5)
mapping to rewrite header and envelope addresses in general. mapping to rewrite header and envelope addresses in general.
Normally, the \fBvirtual\fR(5) alias table is specified as a text file Normally, the \fBvirtual\fR(5) alias table is specified as a text file

8
postfix/man/man8/cleanup.8
View File

@@ -118,6 +118,14 @@ message headers, as described in the \fBheader_checks\fR(5) manual page.
Optional lookup tables for content inspection of non-MIME message Optional lookup tables for content inspection of non-MIME message
headers in attached messages, as described in the \fBheader_checks\fR(5) headers in attached messages, as described in the \fBheader_checks\fR(5)
manual page. manual page.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBmessage_reject_characters (empty)\fR"
The set of characters that Postfix will reject in message
content.
.IP "\fBmessage_strip_characters (empty)\fR"
The set of characters that Postfix will remove from message
content.
.SH "MIME PROCESSING CONTROLS" .SH "MIME PROCESSING CONTROLS"
.na .na
.nf .nf

1
postfix/mantools/postconf2man
View File

@@ -43,6 +43,7 @@ while(<>) {
$block =~ s/<\/DD>/\n/g; $block =~ s/<\/DD>/\n/g;
$block =~ s/<DL>/\n/g; $block =~ s/<DL>/\n/g;
$block =~ s/<\/DL>/\n/g; $block =~ s/<\/DL>/\n/g;
$block =~ s/\\/\\e/g;
$block =~ s/<b>/\\fB/g; $block =~ s/<b>/\\fB/g;
$block =~ s/<i>/\\fI/g; $block =~ s/<i>/\\fI/g;
$block =~ s/<\/b>/\\fR/g; $block =~ s/<\/b>/\\fR/g;

2
postfix/mantools/postlink
View File

@@ -234,7 +234,9 @@ while (<>) {
s;\bmax_use\b;<a href="postconf.5.html#max_use">$&</a>;g; s;\bmax_use\b;<a href="postconf.5.html#max_use">$&</a>;g;
s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_backoff_time\b;<a href="postconf.5.html#maximal_backoff_time">$&</a>;g; s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_backoff_time\b;<a href="postconf.5.html#maximal_backoff_time">$&</a>;g;
s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_queue_lifetime\b;<a href="postconf.5.html#maximal_queue_lifetime">$&</a>;g; s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_queue_lifetime\b;<a href="postconf.5.html#maximal_queue_lifetime">$&</a>;g;
s;\bmessage_reject_characters\b;<a href="postconf.5.html#message_reject_characters">$&</a>;g;
s;\bmessage_size_limit\b;<a href="postconf.5.html#message_size_limit">$&</a>;g; s;\bmessage_size_limit\b;<a href="postconf.5.html#message_size_limit">$&</a>;g;
s;\bmessage_strip_characters\b;<a href="postconf.5.html#message_strip_characters">$&</a>;g;
s;\bmime_boundary_length_limit\b;<a href="postconf.5.html#mime_boundary_length_limit">$&</a>;g; s;\bmime_boundary_length_limit\b;<a href="postconf.5.html#mime_boundary_length_limit">$&</a>;g;
s;\bmime_header_checks\b;<a href="postconf.5.html#mime_header_checks">$&</a>;g; s;\bmime_header_checks\b;<a href="postconf.5.html#mime_header_checks">$&</a>;g;
s;\bmime_nesting_limit\b;<a href="postconf.5.html#mime_nesting_limit">$&</a>;g; s;\bmime_nesting_limit\b;<a href="postconf.5.html#mime_nesting_limit">$&</a>;g;

3
postfix/postfix-install
View File

@@ -44,6 +44,9 @@
# Do not ask the user for parameter settings. Installation parameters # Do not ask the user for parameter settings. Installation parameters
# are specified via one of the non-interactive methods described # are specified via one of the non-interactive methods described
# below. # below.
# .IP -package
# Build a ready-to-install package. This requires that a
# non-default install_root parameter is specified.
# INSTALLATION PARAMETER INPUT METHODS # INSTALLATION PARAMETER INPUT METHODS
# .ad # .ad
# .fi # .fi

2
postfix/proto/DSN_README.html
View File

@@ -139,7 +139,7 @@ as discussed in the next section. </p>
<h2> <a name="compat">Postfix VERP support compatibility</a> </h2> <h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
<p> With Postfix versions before 2.3, the sendmail(1) commands uses <p> With Postfix versions before 2.3, the sendmail(1) command uses
the -V command-line option to request VERP-style delivery. In order the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V. </p> specify -XV instead of -V. </p>

3
postfix/proto/IPV6_README.html
View File

@@ -30,7 +30,8 @@ between these implementations. </p>
addresses instead of the 32-bit addresses used by IPv4. It can addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger without ugly kluges such as NAT. A side benefit of the much larger
address space is that it makes network scanning unpractical. </p> address space is that it makes random network scanning unpractical.
</p>
<p> Postfix uses the same SMTP protocol over IPv6 as it already <p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in uses over the older IPv4 network, and does AAAA record lookups in

3
postfix/proto/canonical
View File

@@ -34,8 +34,7 @@
# By default the \fBcanonical\fR(5) mapping affects both message # By default the \fBcanonical\fR(5) mapping affects both message
# header addresses (i.e. addresses that appear inside messages) # header addresses (i.e. addresses that appear inside messages)
# and message envelope addresses (for example, the addresses # and message envelope addresses (for example, the addresses
# that are used in SMTP protocol commands). Think Sendmail # that are used in SMTP protocol commands). This is controlled with
# rule set \fBS3\fR, if you like. This is controlled with
# the \fBcanonical_classes\fR parameter. # the \fBcanonical_classes\fR parameter.
# #
# NOTE: Postfix versions 2.2 and later rewrite message headers # NOTE: Postfix versions 2.2 and later rewrite message headers

2
postfix/proto/ldap_table
View File

@@ -292,6 +292,8 @@
# for LDAP lookups. # for LDAP lookups.
# #
# NOTE: DO NOT define this parameter for local(8) aliases. # NOTE: DO NOT define this parameter for local(8) aliases.
#
# This feature is available in Postfix 2.1 and later.
# .IP "\fBresult_attribute (default: maildrop)\fR" # .IP "\fBresult_attribute (default: maildrop)\fR"
# The attribute(s) Postfix will read from any directory # The attribute(s) Postfix will read from any directory
# entries returned by the lookup, to be resolved to an email # entries returned by the lookup, to be resolved to an email

42
postfix/proto/postconf.proto
View File

@@ -4979,12 +4979,18 @@ The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process. supposed to give the result to another Postfix SMTP server process.
</p> </p>
<p> Specify host:port. The host can be specified as an IP address <p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
or as a symbolic name; no MX lookups are done. When no host or "unix:pathname" for a UNIX-domain endpoint. The host can be specified
host: are specified, the local machine is assumed. </p> as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p> <p> This feature is available in Postfix 2.1 and later. </p>
<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later. </p>
%PARAM smtpd_proxy_timeout 100s %PARAM smtpd_proxy_timeout 100s
<p> <p>
@@ -8505,3 +8511,33 @@ examples are shown in the ADDRESS_REWRITING_README and
STANDARD_CONFIGURATION_README documents. </p> STANDARD_CONFIGURATION_README documents. </p>
<p> This feature is available in Postfix 2.2 and later. </p> <p> This feature is available in Postfix 2.2 and later. </p>
%PARAM message_reject_characters empty
<p> The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
message_reject_characters = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM message_strip_characters empty
<p> The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
message_strip_characters = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>

2
postfix/proto/virtual
View File

@@ -32,7 +32,7 @@
# .PP # .PP
# Virtual aliasing is applied only to recipient # Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers. # envelope addresses, and does not affect message headers.
# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5) # Use \fBcanonical\fR(5)
# mapping to rewrite header and envelope addresses in general. # mapping to rewrite header and envelope addresses in general.
# #
# Normally, the \fBvirtual\fR(5) alias table is specified as a text file # Normally, the \fBvirtual\fR(5) alias table is specified as a text file

2
postfix/src/bounce/bounce_notify_verp.c
View File

@@ -124,7 +124,7 @@ int bounce_notify_verp(int flags, char *service, char *queue_name,
* Notify the originator, subject to DSN NOTIFY restrictions. * Notify the originator, subject to DSN NOTIFY restrictions.
*/ */
if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */ if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */
&& (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) { && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
bounce_status = 0; bounce_status = 0;
} else { } else {
verp_sender(verp_buf, verp_delims, recipient, verp_sender(verp_buf, verp_delims, recipient,

2
postfix/src/bounce/bounce_one_service.c
View File

@@ -168,7 +168,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
*/ */
else { else {
if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */ if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */
&& (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) { && (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
bounce_status = 0; bounce_status = 0;
} else { } else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender, if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender,

2
postfix/src/cleanup/Makefile.in
View File

@@ -190,7 +190,6 @@ cleanup_bounce.o: ../../include/attr.h
cleanup_bounce.o: ../../include/been_here.h cleanup_bounce.o: ../../include/been_here.h
cleanup_bounce.o: ../../include/bounce.h cleanup_bounce.o: ../../include/bounce.h
cleanup_bounce.o: ../../include/cleanup_user.h cleanup_bounce.o: ../../include/cleanup_user.h
cleanup_bounce.o: ../../include/deliver_completed.h
cleanup_bounce.o: ../../include/deliver_request.h cleanup_bounce.o: ../../include/deliver_request.h
cleanup_bounce.o: ../../include/dict.h cleanup_bounce.o: ../../include/dict.h
cleanup_bounce.o: ../../include/dsn.h cleanup_bounce.o: ../../include/dsn.h
@@ -317,6 +316,7 @@ cleanup_init.o: ../../include/name_mask.h
cleanup_init.o: ../../include/nvtable.h cleanup_init.o: ../../include/nvtable.h
cleanup_init.o: ../../include/resolve_clnt.h cleanup_init.o: ../../include/resolve_clnt.h
cleanup_init.o: ../../include/string_list.h cleanup_init.o: ../../include/string_list.h
cleanup_init.o: ../../include/stringops.h
cleanup_init.o: ../../include/sys_defs.h cleanup_init.o: ../../include/sys_defs.h
cleanup_init.o: ../../include/tok822.h cleanup_init.o: ../../include/tok822.h
cleanup_init.o: ../../include/vbuf.h cleanup_init.o: ../../include/vbuf.h

8
postfix/src/cleanup/cleanup.c
View File

@@ -100,6 +100,14 @@
/* Optional lookup tables for content inspection of non-MIME message /* Optional lookup tables for content inspection of non-MIME message
/* headers in attached messages, as described in the \fBheader_checks\fR(5) /* headers in attached messages, as described in the \fBheader_checks\fR(5)
/* manual page. /* manual page.
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBmessage_reject_characters (empty)\fR"
/* The set of characters that Postfix will reject in message
/* content.
/* .IP "\fBmessage_strip_characters (empty)\fR"
/* The set of characters that Postfix will remove from message
/* content.
/* MIME PROCESSING CONTROLS /* MIME PROCESSING CONTROLS
/* .ad /* .ad
/* .fi /* .fi

10
postfix/src/cleanup/cleanup.h
View File

@@ -35,6 +35,7 @@ typedef struct CLEANUP_STATE {
VSTRING *attr_buf; /* storage for named attribute */ VSTRING *attr_buf; /* storage for named attribute */
VSTRING *temp1; /* scratch buffer, local use only */ VSTRING *temp1; /* scratch buffer, local use only */
VSTRING *temp2; /* scratch buffer, local use only */ VSTRING *temp2; /* scratch buffer, local use only */
VSTRING *stripped_buf; /* character stripped input */
VSTREAM *dst; /* current output stream */ VSTREAM *dst; /* current output stream */
MAIL_STREAM *handle; /* mail stream handle */ MAIL_STREAM *handle; /* mail stream handle */
char *queue_name; /* queue name */ char *queue_name; /* queue name */
@@ -69,6 +70,7 @@ typedef struct CLEANUP_STATE {
int dsn_ret; /* DSN full/hdrs */ int dsn_ret; /* DSN full/hdrs */
int dsn_notify; /* DSN never/delay/fail/success */ int dsn_notify; /* DSN never/delay/fail/success */
char *dsn_orcpt; /* DSN original recipient */ char *dsn_orcpt; /* DSN original recipient */
char *verp_delims; /* VERP delimiters (optional) */
} CLEANUP_STATE; } CLEANUP_STATE;
/* /*
@@ -98,6 +100,12 @@ extern int cleanup_masq_flags;
extern MAPS *cleanup_send_bcc_maps; extern MAPS *cleanup_send_bcc_maps;
extern MAPS *cleanup_rcpt_bcc_maps; extern MAPS *cleanup_rcpt_bcc_maps;
/*
* Character filters.
*/
extern VSTRING *cleanup_reject_chars;
extern VSTRING *cleanup_strip_chars;
/* /*
* Address canonicalization fine control. * Address canonicalization fine control.
*/ */
@@ -120,7 +128,7 @@ extern MAPS *cleanup_rcpt_bcc_maps;
extern int cleanup_ext_prop_mask; extern int cleanup_ext_prop_mask;
/* /*
* Saved queue file name, so the file can be removed in case of a fatal * Saved queue file names, so the files can be removed in case of a fatal
* run-time error. * run-time error.
*/ */
extern char *cleanup_path; extern char *cleanup_path;

69
postfix/src/cleanup/cleanup_api.c
View File

@@ -191,7 +191,6 @@ int cleanup_flush(CLEANUP_STATE *state)
{ {
int status; int status;
char *junk; char *junk;
VSTRING *bounce_junk;
VSTRING *trace_junk; VSTRING *trace_junk;
/* /*
@@ -205,41 +204,49 @@ int cleanup_flush(CLEANUP_STATE *state)
} }
/* /*
* If there was an error that requires us to generate a bounce message, * Status sanitization. Always report success when the discard flag was
* create bounce logfile records and reset the error flag in case of * raised by some user-specified access rule.
* success. Leave it up to the queue manager to deliver the bad news. We */
* can't do that ourselves, because there may also be a trace file lying if (state->flags & CLEANUP_FLAG_DISCARD)
* around (with DSN SUCCESS notifications) that also needs to be reported state->errs = 0;
* to the sender, and we must be able to undo the entire cleanup request
* including bounce and trace logfiles if some error happens. /*
* If there was an error that requires us to generate a bounce message
* (mail submitted with the Postfix sendmail command, mail forwarded by
* the local(8) delivery agent, or mail re-queued with "postsuper -r"),
* send a bounce notification, reset the error flags in case of success,
* and request deletion of the the incoming queue file and of the
* optional DSN SUCCESS records from virtual alias expansion.
* *
* An incomplete message should never be bounced: it was canceled by the * XXX It would make no sense to knowingly report success after we already
* client, and may not even have an address to bounce to. * have bounced all recipients, especially because the information in the
* DSN SUCCESS notice is completely redundant compared to the information
* in the bounce notice (however, both may be incomplete when the queue
* file size would exceed the safety limit).
* *
* If we are responsible for generating a bounce message, we must report * An alternative is to keep the DSN SUCCESS records and to delegate bounce
* success to the client unless the bounce message file could not be * notification to the queue manager, just like we already delegate
* written (which is just as bad as not being able to write the message * success notification. This requires that we leave the undeliverable
* queue file in the first place). * message in the incoming queue; versions up to 20050726 did exactly
* that. Unfortunately, this broke with over-size queue files, because
* the queue manager cannot handle incomplete queue files (and it should
* not try to do so).
*/ */
#define CAN_BOUNCE() \ #define CAN_BOUNCE() \
((state->errs & CLEANUP_STAT_MASK_CANT_BOUNCE) == 0 \ ((state->errs & CLEANUP_STAT_MASK_CANT_BOUNCE) == 0 \
&& state->sender != 0 \ && state->sender != 0 \
&& (state->flags & CLEANUP_FLAG_BOUNCE) != 0) && (state->flags & CLEANUP_FLAG_BOUNCE) != 0)
if (state->errs != 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0 if (state->errs != 0 && CAN_BOUNCE())
&& CAN_BOUNCE())
cleanup_bounce(state); cleanup_bounce(state);
/* /*
* If there are no errors, be very picky about queue file write errors
* because we are about to tell the sender that it can throw away its
* copy of the message.
*
* Optionally, place the message on hold, but only if the message was * Optionally, place the message on hold, but only if the message was
* received successfully. This involves renaming the queue file before * received successfully and only if it's not being discarded for other
* "finishing" it (or else the queue manager would open it for delivery) * reasons. This involves renaming the queue file before "finishing" it
* and updating our own idea of the queue file name for error recovery * (or else the queue manager would grab it too early) and updating our
* and for error reporting purposes. * own idea of the queue file name for error recovery and for error
* reporting purposes.
*/ */
if (state->errs == 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0) { if (state->errs == 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0) {
if ((state->flags & CLEANUP_FLAG_HOLD) != 0) { if ((state->flags & CLEANUP_FLAG_HOLD) != 0) {
@@ -265,22 +272,18 @@ int cleanup_flush(CLEANUP_STATE *state)
state->errs = mail_stream_finish(state->handle, (VSTRING *) 0); state->errs = mail_stream_finish(state->handle, (VSTRING *) 0);
} else { } else {
mail_stream_cleanup(state->handle); mail_stream_cleanup(state->handle);
if ((state->flags & CLEANUP_FLAG_DISCARD) != 0)
state->errs = 0;
} }
state->handle = 0; state->handle = 0;
state->dst = 0; state->dst = 0;
/* /*
* If there was an error, remove the queue file, the optional bounce * If there was an error, or if the message must be discarded for other
* logfile with undeliverable recipients, and the optional trace file * reasons, remove the queue file and the optional trace file with DSN
* with DSN SUCCESS notifications. * SUCCESS records from virtual alias expansion.
*/ */
if (state->errs != 0 || (state->flags & CLEANUP_FLAG_DISCARD) != 0) { if (state->errs != 0 || (state->flags & CLEANUP_FLAG_DISCARD) != 0) {
if (cleanup_trace_path) if (cleanup_trace_path)
(void) REMOVE(vstring_str(cleanup_trace_path)); (void) REMOVE(vstring_str(cleanup_trace_path));
if (cleanup_bounce_path)
(void) REMOVE(vstring_str(cleanup_bounce_path));
if (REMOVE(cleanup_path)) if (REMOVE(cleanup_path))
msg_warn("remove %s: %m", cleanup_path); msg_warn("remove %s: %m", cleanup_path);
} }
@@ -292,15 +295,11 @@ int cleanup_flush(CLEANUP_STATE *state)
*/ */
trace_junk = cleanup_trace_path; trace_junk = cleanup_trace_path;
cleanup_trace_path = 0; /* don't delete upon error */ cleanup_trace_path = 0; /* don't delete upon error */
bounce_junk = cleanup_bounce_path;
cleanup_bounce_path = 0; /* don't delete upon error */
junk = cleanup_path; junk = cleanup_path;
cleanup_path = 0; /* don't delete upon error */ cleanup_path = 0; /* don't delete upon error */
if (trace_junk) if (trace_junk)
vstring_free(trace_junk); vstring_free(trace_junk);
if (bounce_junk)
vstring_free(bounce_junk);
myfree(junk); myfree(junk);
/* /*

80
postfix/src/cleanup/cleanup_bounce.c
View File

@@ -12,7 +12,8 @@
/* cleanup_bounce() updates the bounce log on request by client /* cleanup_bounce() updates the bounce log on request by client
/* programs that cannot handle such problems themselves. /* programs that cannot handle such problems themselves.
/* /*
/* Upon successful completion, all error flags are reset. /* Upon successful completion, all error flags are reset,
/* and the message is scheduled for deletion.
/* Otherwise, the CLEANUP_STAT_WRITE error flag is raised. /* Otherwise, the CLEANUP_STAT_WRITE error flag is raised.
/* /*
/* Arguments: /* Arguments:
@@ -52,7 +53,6 @@
#include <dsn_mask.h> #include <dsn_mask.h>
#include <mail_queue.h> #include <mail_queue.h>
#include <dsn_attr_map.h> #include <dsn_attr_map.h>
#include <deliver_completed.h>
/* Application-specific. */ /* Application-specific. */
@@ -65,24 +65,10 @@
static void cleanup_bounce_append(CLEANUP_STATE *state, RECIPIENT *rcpt, static void cleanup_bounce_append(CLEANUP_STATE *state, RECIPIENT *rcpt,
DSN *dsn) DSN *dsn)
{ {
const char *myname = "cleanup_bounce_append";
long last_offset;
if (cleanup_bounce_path == 0) {
cleanup_bounce_path = vstring_alloc(10);
(void) mail_queue_path(cleanup_bounce_path, MAIL_QUEUE_BOUNCE,
state->queue_id);
}
if (bounce_append(BOUNCE_FLAG_CLEAN, state->queue_id, state->time, if (bounce_append(BOUNCE_FLAG_CLEAN, state->queue_id, state->time,
rcpt, "none", dsn) != 0) { rcpt, "none", dsn) != 0) {
msg_warn("%s: bounce logfile update error", state->queue_id); msg_warn("%s: bounce logfile update error", state->queue_id);
state->errs |= CLEANUP_STAT_WRITE; state->errs |= CLEANUP_STAT_WRITE;
} else if (rcpt->offset > 0) {
if ((last_offset = vstream_ftell(state->dst)) < 0)
msg_fatal("%s: vstream_ftell %s: %m", myname, cleanup_path);
deliver_completed(state->dst, rcpt->offset);
if (vstream_fseek(state->dst, last_offset, SEEK_SET) < 0)
msg_fatal("%s: seek %s: %m", myname, cleanup_path);
} }
} }
@@ -108,6 +94,10 @@ int cleanup_bounce(CLEANUP_STATE *state)
int rec_type; int rec_type;
int junk; int junk;
long curr_offset; long curr_offset;
const char *encoding;
const char *dsn_envid;
int dsn_ret;
int bounce_err;
/* /*
* Parse the failure reason if one was given, otherwise use a generic * Parse the failure reason if one was given, otherwise use a generic
@@ -127,18 +117,19 @@ int cleanup_bounce(CLEANUP_STATE *state)
* Create a bounce logfile with one entry for each final recipient. * Create a bounce logfile with one entry for each final recipient.
* Degrade gracefully in case of no recipients or no queue file. * Degrade gracefully in case of no recipients or no queue file.
* *
* We're NOT going to flush the bounce file from the cleanup server; if we
* need to write trace logfile records, and the trace service fails, we
* must be able to cancel the entire cleanup request including any trace
* or bounce logfiles. The queue manager will flush the bounce (and
* trace) logfile, possibly after it has generated its own success or
* failure notification records.
*
* Victor Duchovni observes that the number of recipients in the queue file * Victor Duchovni observes that the number of recipients in the queue file
* can potentially be very large due to virtual alias expansion. This can * can potentially be very large due to virtual alias expansion. This can
* expand the recipient count by virtual_alias_expansion_limit (default: * expand the recipient count by virtual_alias_expansion_limit (default:
* 1000) times. * 1000) times.
*
* After a queue file size error, purge any unwritten data (so that
* vstream_fseek() won't fail while trying to flush it) and reset the
* stream error flags to avoid false alarms.
*/ */
if (state->errs & CLEANUP_STAT_SIZE) {
(void) vstream_fpurge(state->dst);
vstream_clearerr(state->dst);
}
if (vstream_fseek(state->dst, 0L, SEEK_SET) < 0) if (vstream_fseek(state->dst, 0L, SEEK_SET) < 0)
msg_fatal("%s: seek %s: %m", myname, cleanup_path); msg_fatal("%s: seek %s: %m", myname, cleanup_path);
@@ -206,12 +197,51 @@ int cleanup_bounce(CLEANUP_STATE *state)
/* /*
* No recipients. Yes, this can happen. * No recipients. Yes, this can happen.
*/ */
if (rcpt == 0) { if ((state->errs & CLEANUP_STAT_WRITE) == 0 && rcpt == 0) {
RECIPIENT_ASSIGN(&recipient, 0, "", 0, "", "unknown"); RECIPIENT_ASSIGN(&recipient, 0, "", 0, "", "unknown");
(void) DSN_SIMPLE(&dsn, dsn_status, dsn_text); (void) DSN_SIMPLE(&dsn, dsn_status, dsn_text);
cleanup_bounce_append(state, &recipient, &dsn); cleanup_bounce_append(state, &recipient, &dsn);
} }
vstring_free(buf); vstring_free(buf);
return (state->errs &= CLEANUP_STAT_WRITE); /*
* Flush the bounce logfile to the sender. See also qmgr_active.c.
*/
if ((state->errs & CLEANUP_STAT_WRITE) == 0) {
if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) == 0)
encoding = MAIL_ATTR_ENC_NONE;
dsn_envid = state->dsn_envid ?
state->dsn_envid : "";
dsn_ret = (state->errs & (CLEANUP_STAT_CONT | CLEANUP_STAT_SIZE)) ?
DSN_RET_HDRS : state->dsn_ret;
if (state->verp_delims == 0 || var_verp_bounce_off) {
bounce_err =
bounce_flush(BOUNCE_FLAG_CLEAN,
state->queue_name, state->queue_id,
encoding, state->sender, dsn_envid,
dsn_ret);
} else {
bounce_err =
bounce_flush_verp(BOUNCE_FLAG_CLEAN,
state->queue_name, state->queue_id,
encoding, state->sender, dsn_envid,
dsn_ret, state->verp_delims);
}
if (bounce_err != 0) {
msg_warn("%s: bounce message failure", state->queue_id);
state->errs |= CLEANUP_STAT_WRITE;
}
}
/*
* Schedule this message (and trace logfile) for deletion when all is
* well. When all is not well these files would be deleted too, but the
* client would get a different completion status so we have to carefully
* maintain the bits anyway.
*/
if ((state->errs &= CLEANUP_STAT_WRITE) == 0)
state->flags |= CLEANUP_FLAG_DISCARD;
return (state->errs);
} }

16
postfix/src/cleanup/cleanup_envelope.c
View File

@@ -368,6 +368,22 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
} }
return; return;
} }
/* XXX Needed for cleanup_bounce(); sanity check usage. */
if (type == REC_TYPE_VERP) {
if (state->verp_delims == 0) {
if (state->sender == 0 || state->sender[0] == 0) {
msg_warn("%s: ignoring VERP request for null sender",
state->queue_id);
} else if (verp_delims_verify(buf) != 0) {
msg_warn("%s: ignoring bad VERP request: \"%.100s\"",
state->queue_id, buf);
} else {
state->verp_delims = mystrdup(buf);
cleanup_out(state, type, buf, len);
}
}
return;
}
if (type == REC_TYPE_ATTR) { if (type == REC_TYPE_ATTR) {
if (state->attr->used >= var_qattr_count_limit) { if (state->attr->used >= var_qattr_count_limit) {
msg_warn("%s: message rejected: attribute count exceeds limit %d", msg_warn("%s: message rejected: attribute count exceeds limit %d",

38
postfix/src/cleanup/cleanup_extracted.c
View File

@@ -126,24 +126,24 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type,
* an upgrade without losing mail. * an upgrade without losing mail.
*/ */
if (type == REC_TYPE_ATTR) { if (type == REC_TYPE_ATTR) {
vstring_strcpy(state->attr_buf, buf); vstring_strcpy(state->attr_buf, buf);
error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value); error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value);
if (error_text != 0) { if (error_text != 0) {
msg_warn("%s: message rejected: malformed attribute: %s: %.100s", msg_warn("%s: message rejected: malformed attribute: %s: %.100s",
state->queue_id, error_text, buf); state->queue_id, error_text, buf);
state->errs |= CLEANUP_STAT_BAD; state->errs |= CLEANUP_STAT_BAD;
return; return;
} }
/* Zero-length values are place holders for unavailable values. */ /* Zero-length values are place holders for unavailable values. */
if (*attr_value == 0) { if (*attr_value == 0) {
msg_warn("%s: spurious null attribute value for \"%s\" -- ignored", msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
state->queue_id, attr_name); state->queue_id, attr_name);
return; return;
} }
if ((junk = dsn_attr_map(attr_name)) != 0) { if ((junk = dsn_attr_map(attr_name)) != 0) {
buf = attr_value; buf = attr_value;
type = junk; type = junk;
} }
} }
/* /*
@@ -251,7 +251,7 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type,
} }
} }
/* cleanup_extracted_finish - process one extracted envelope record */ /* cleanup_extracted_finish - complete the third message segment */
void cleanup_extracted_finish(CLEANUP_STATE *state) void cleanup_extracted_finish(CLEANUP_STATE *state)
{ {

35
postfix/src/cleanup/cleanup_init.c
View File

@@ -24,7 +24,6 @@
/* /*
/* char *cleanup_path; /* char *cleanup_path;
/* VSTRING *cleanup_trace_path; /* VSTRING *cleanup_trace_path;
/* VSTRING *cleanup_bounce_path;
/* /*
/* void cleanup_all() /* void cleanup_all()
/* /*
@@ -54,8 +53,6 @@
/* trace logfile with DSN SUCCESS notifications. This information is /* trace logfile with DSN SUCCESS notifications. This information is
/* used to remove a trace file when the mail transaction is canceled. /* used to remove a trace file when the mail transaction is canceled.
/* /*
/* cleanup_bounce_path is the same for removing a bounce logfile.
/*
/* cleanup_all() must be called in case of fatal error, in order /* cleanup_all() must be called in case of fatal error, in order
/* to remove an incomplete queue file. /* to remove an incomplete queue file.
/* /*
@@ -80,12 +77,14 @@
#include <sys_defs.h> #include <sys_defs.h>
#include <signal.h> #include <signal.h>
#include <string.h>
/* Utility library. */ /* Utility library. */
#include <msg.h> #include <msg.h>
#include <iostuff.h> #include <iostuff.h>
#include <name_mask.h> #include <name_mask.h>
#include <stringops.h>
/* Global library. */ /* Global library. */
@@ -109,7 +108,6 @@ char *cleanup_path; /* queue file name */
* logfiles that need to be cleaned up when the cleanup request is aborted. * logfiles that need to be cleaned up when the cleanup request is aborted.
*/ */
VSTRING *cleanup_trace_path; VSTRING *cleanup_trace_path;
VSTRING *cleanup_bounce_path;
/* /*
* Tunable parameters. * Tunable parameters.
@@ -143,6 +141,9 @@ int var_body_check_len; /* when to stop body scan */
char *var_send_bcc_maps; /* sender auto-bcc maps */ char *var_send_bcc_maps; /* sender auto-bcc maps */
char *var_rcpt_bcc_maps; /* recipient auto-bcc maps */ char *var_rcpt_bcc_maps; /* recipient auto-bcc maps */
char *var_remote_rwr_domain; /* header-only surrogate */ char *var_remote_rwr_domain; /* header-only surrogate */
char *var_msg_reject_chars; /* reject these characters */
char *var_msg_strip_chars; /* strip these characters */
int var_verp_bounce_off; /* don't verp the bounces */
CONFIG_INT_TABLE cleanup_int_table[] = { CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0, VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
@@ -156,6 +157,7 @@ CONFIG_INT_TABLE cleanup_int_table[] = {
CONFIG_BOOL_TABLE cleanup_bool_table[] = { CONFIG_BOOL_TABLE cleanup_bool_table[] = {
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt, VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
0, 0,
}; };
@@ -186,6 +188,8 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0, VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0,
VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0, VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0,
VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0, VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0,
VAR_MSG_REJECT_CHARS, DEF_MSG_REJECT_CHARS, &var_msg_reject_chars, 0, 0,
VAR_MSG_STRIP_CHARS, DEF_MSG_STRIP_CHARS, &var_msg_strip_chars, 0, 0,
0, 0,
}; };
@@ -209,6 +213,12 @@ int cleanup_masq_flags;
MAPS *cleanup_send_bcc_maps; MAPS *cleanup_send_bcc_maps;
MAPS *cleanup_rcpt_bcc_maps; MAPS *cleanup_rcpt_bcc_maps;
/*
* Character filters.
*/
VSTRING *cleanup_reject_chars;
VSTRING *cleanup_strip_chars;
/* /*
* Address extension propagation restrictions. * Address extension propagation restrictions.
*/ */
@@ -238,10 +248,6 @@ void cleanup_sig(int sig)
(void) REMOVE(vstring_str(cleanup_trace_path)); (void) REMOVE(vstring_str(cleanup_trace_path));
cleanup_trace_path = 0; cleanup_trace_path = 0;
} }
if (cleanup_bounce_path) {
(void) REMOVE(vstring_str(cleanup_bounce_path));
cleanup_bounce_path = 0;
}
if (cleanup_path) { if (cleanup_path) {
(void) REMOVE(cleanup_path); (void) REMOVE(cleanup_path);
cleanup_path = 0; cleanup_path = 0;
@@ -360,4 +366,17 @@ void cleanup_post_jail(char *unused_name, char **unused_argv)
*/ */
cleanup_ext_prop_mask = cleanup_ext_prop_mask =
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension); ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
/*
* Setup the filters for characters that should be rejected, and for
* characters that should be removed.
*/
if (*var_msg_reject_chars) {
cleanup_reject_chars = vstring_alloc(strlen(var_msg_reject_chars));
unescape(cleanup_reject_chars, var_msg_reject_chars);
}
if (*var_msg_strip_chars) {
cleanup_strip_chars = vstring_alloc(strlen(var_msg_strip_chars));
unescape(cleanup_strip_chars, var_msg_strip_chars);
}
} }

46
postfix/src/cleanup/cleanup_message.c
View File

@@ -293,6 +293,7 @@ static void cleanup_act_log(CLEANUP_STATE *state,
#define CLEANUP_ACT_CTXT_HEADER "header" #define CLEANUP_ACT_CTXT_HEADER "header"
#define CLEANUP_ACT_CTXT_BODY "body" #define CLEANUP_ACT_CTXT_BODY "body"
#define CLEANUP_ACT_CTXT_ANY "content"
/* cleanup_act - act upon a header/body match */ /* cleanup_act - act upon a header/body match */
@@ -703,8 +704,51 @@ static void cleanup_body_callback(void *context, int type,
static void cleanup_message_headerbody(CLEANUP_STATE *state, int type, static void cleanup_message_headerbody(CLEANUP_STATE *state, int type,
const char *buf, ssize_t len) const char *buf, ssize_t len)
{ {
char *myname = "cleanup_message_headerbody"; const char *myname = "cleanup_message_headerbody";
MIME_STATE_DETAIL *detail; MIME_STATE_DETAIL *detail;
const char *cp;
char *dst;
/*
* Reject unwanted characters.
*
* XXX Possible optimization: simplify the loop when the "reject" set
* contains only one character.
*/
if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_reject_chars) {
for (cp = buf; cp < buf + len; cp++) {
if (memchr(vstring_str(cleanup_reject_chars),
*(const unsigned char *) cp,
VSTRING_LEN(cleanup_reject_chars))) {
cleanup_act(state, CLEANUP_ACT_CTXT_ANY,
buf, "REJECT disallowed character",
"character reject");
return;
}
}
}
/*
* Strip unwanted characters. Don't overwrite the input.
*
* XXX Possible optimization: simplify the loop when the "strip" set
* contains only one character.
*
* XXX Possible optimization: copy the input only if we really have to.
*/
if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_strip_chars) {
VSTRING_RESET(state->stripped_buf);
VSTRING_SPACE(state->stripped_buf, len + 1);
dst = vstring_str(state->stripped_buf);
for (cp = buf; cp < buf + len; cp++)
if (!memchr(vstring_str(cleanup_strip_chars),
*(const unsigned char *) cp,
VSTRING_LEN(cleanup_strip_chars)))
*dst++ = *cp;
*dst = 0;
buf = vstring_str(state->stripped_buf);
len = dst - buf;
}
/* /*
* Copy text record to the output. * Copy text record to the output.

7
postfix/src/cleanup/cleanup_state.c
View File

@@ -59,6 +59,8 @@ CLEANUP_STATE *cleanup_state_alloc(void)
state->attr_buf = vstring_alloc(10); state->attr_buf = vstring_alloc(10);
state->temp1 = vstring_alloc(10); state->temp1 = vstring_alloc(10);
state->temp2 = vstring_alloc(10); state->temp2 = vstring_alloc(10);
if (cleanup_strip_chars)
state->stripped_buf = vstring_alloc(10);
state->dst = 0; state->dst = 0;
state->handle = 0; state->handle = 0;
state->queue_name = 0; state->queue_name = 0;
@@ -94,6 +96,7 @@ CLEANUP_STATE *cleanup_state_alloc(void)
state->dsn_ret = 0; state->dsn_ret = 0;
state->dsn_notify = 0; state->dsn_notify = 0;
state->dsn_orcpt = 0; state->dsn_orcpt = 0;
state->verp_delims = 0;
return (state); return (state);
} }
@@ -104,6 +107,8 @@ void cleanup_state_free(CLEANUP_STATE *state)
vstring_free(state->attr_buf); vstring_free(state->attr_buf);
vstring_free(state->temp1); vstring_free(state->temp1);
vstring_free(state->temp2); vstring_free(state->temp2);
if (cleanup_strip_chars)
vstring_free(state->stripped_buf);
if (state->fullname) if (state->fullname)
myfree(state->fullname); myfree(state->fullname);
if (state->sender) if (state->sender)
@@ -134,5 +139,7 @@ void cleanup_state_free(CLEANUP_STATE *state)
myfree(state->dsn_envid); myfree(state->dsn_envid);
if (state->dsn_orcpt) if (state->dsn_orcpt)
myfree(state->dsn_orcpt); myfree(state->dsn_orcpt);
if (state->verp_delims)
myfree(state->verp_delims);
myfree((char *) state); myfree((char *) state);
} }

52
postfix/src/global/bounce.c
View File

@@ -24,6 +24,17 @@
/* const char *dsn_envid; /* const char *dsn_envid;
/* int dsn_ret; /* int dsn_ret;
/* /*
/* int bounce_flush_verp(flags, queue, id, encoding, sender,
/* dsn_envid, dsn_ret, verp_delims)
/* int flags;
/* const char *queue;
/* const char *id;
/* const char *encoding;
/* const char *sender;
/* const char *dsn_envid;
/* int dsn_ret;
/* const char *verp_delims;
/*
/* int bounce_one(flags, queue, id, encoding, sender, envid, ret, /* int bounce_one(flags, queue, id, encoding, sender, envid, ret,
/* entry, recipient, relay, dsn) /* entry, recipient, relay, dsn)
/* int flags; /* int flags;
@@ -53,6 +64,10 @@
/* built with bounce_append(). The bounce logfile is removed /* built with bounce_append(). The bounce logfile is removed
/* upon successful completion. /* upon successful completion.
/* /*
/* bounce_flush_verp() is like bounce_flush(), but sends one
/* notification per recipient, with the failed recipient encoded
/* into the sender address.
/*
/* bounce_one() bounces one recipient and immediately sends a /* bounce_one() bounces one recipient and immediately sends a
/* notification to the sender. This procedure does not append /* notification to the sender. This procedure does not append
/* the recipient and dsn_text to the per-message bounce log, and /* the recipient and dsn_text to the per-message bounce log, and
@@ -101,6 +116,9 @@
/* Optional DSN return full/headers option. /* Optional DSN return full/headers option.
/* .IP dsn /* .IP dsn
/* Delivery status. See dsn(3). The specified action is ignored. /* Delivery status. See dsn(3). The specified action is ignored.
/* .IP verp_delims
/* VERP delimiter characters, used when encoding the failed
/* sender into the envelope sender address.
/* DIAGNOSTICS /* DIAGNOSTICS
/* In case of success, these functions log the action, and return a /* In case of success, these functions log the action, and return a
/* zero value. Otherwise, the functions return a non-zero result, /* zero value. Otherwise, the functions return a non-zero result,
@@ -276,6 +294,40 @@ int bounce_flush(int flags, const char *queue, const char *id,
} }
} }
/* bounce_flush_verp - verpified notification */
int bounce_flush_verp(int flags, const char *queue, const char *id,
const char *encoding, const char *sender,
const char *dsn_envid, int dsn_ret,
const char *verp_delims)
{
/*
* When we're pretending that we can't bounce, don't send a bounce
* message.
*/
if (var_soft_bounce)
return (-1);
if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_VERP,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
ATTR_TYPE_STR, MAIL_ATTR_ENCODING, encoding,
ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender,
ATTR_TYPE_STR, MAIL_ATTR_DSN_ENVID, dsn_envid,
ATTR_TYPE_NUM, MAIL_ATTR_DSN_RET, dsn_ret,
ATTR_TYPE_STR, MAIL_ATTR_VERPDL, verp_delims,
ATTR_TYPE_END) == 0) {
return (0);
} else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
msg_info("%s: status=deferred (bounce failed)", id);
return (-1);
} else {
return (-1);
}
}
/* bounce_one - send notice for one recipient */ /* bounce_one - send notice for one recipient */
int bounce_one(int flags, const char *queue, const char *id, int bounce_one(int flags, const char *queue, const char *id,

2
postfix/src/global/bounce.h
View File

@@ -28,6 +28,8 @@ extern int bounce_append(int, const char *, time_t, RECIPIENT *,
const char *, DSN *); const char *, DSN *);
extern int bounce_flush(int, const char *, const char *, const char *, extern int bounce_flush(int, const char *, const char *, const char *,
const char *, const char *, int); const char *, const char *, int);
extern int bounce_flush_verp(int, const char *, const char *, const char *,
const char *, const char *, int, const char *);
extern int bounce_one(int, const char *, const char *, const char *, extern int bounce_one(int, const char *, const char *, const char *,
const char *, const char *, const char *, const char *,
int, time_t, RECIPIENT *, int, time_t, RECIPIENT *,

11
postfix/src/global/mail_params.h
View File

@@ -2362,6 +2362,17 @@ extern char *var_smtp_ehlo_dis_maps;
*/ */
extern const char null_format_string[1]; extern const char null_format_string[1];
/*
* Characters to reject or strip.
*/
#define VAR_MSG_REJECT_CHARS "message_reject_characters"
#define DEF_MSG_REJECT_CHARS ""
extern char *var_msg_reject_chars;
#define VAR_MSG_STRIP_CHARS "message_strip_characters"
#define DEF_MSG_STRIP_CHARS ""
extern char *var_msg_strip_chars;
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20050726" #define MAIL_RELEASE_DATE "20050829"
#define MAIL_VERSION_NUMBER "2.3" #define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT #ifdef SNAPSHOT

2
postfix/src/oqmgr/qmgr_active.c
View File

@@ -272,6 +272,8 @@ void qmgr_active_done(QMGR_MESSAGE *message)
* *
* Bounces are sent asynchronously to avoid stalling while the cleanup * Bounces are sent asynchronously to avoid stalling while the cleanup
* daemon waits for the qmgr to accept the "new mail" trigger. * daemon waits for the qmgr to accept the "new mail" trigger.
*
* See also code in cleanup_bounce.c.
*/ */
if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) { if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) {
if (st.st_size == 0) { if (st.st_size == 0) {

2
postfix/src/qmgr/qmgr_active.c
View File

@@ -272,6 +272,8 @@ void qmgr_active_done(QMGR_MESSAGE *message)
* *
* Bounces are sent asynchronously to avoid stalling while the cleanup * Bounces are sent asynchronously to avoid stalling while the cleanup
* daemon waits for the qmgr to accept the "new mail" trigger. * daemon waits for the qmgr to accept the "new mail" trigger.
*
* See also code in cleanup_bounce.c.
*/ */
if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) { if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) {
if (st.st_size == 0) { if (st.st_size == 0) {

18
postfix/src/smtpd/smtpd_proxy.c
View File

@@ -250,6 +250,8 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
0, 0, 0, 0,
}; };
CLEANUP_STAT_DETAIL *detail; CLEANUP_STAT_DETAIL *detail;
int (*connect_fn) (const char *, int, int);
const char *endpoint;
/* /*
* This buffer persists beyond the end of a proxy session so we can * This buffer persists beyond the end of a proxy session so we can
@@ -258,10 +260,24 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
if (state->proxy_buffer == 0) if (state->proxy_buffer == 0)
state->proxy_buffer = vstring_alloc(10); state->proxy_buffer = vstring_alloc(10);
/*
* Find connection method (default inet)
*/
if (strncasecmp("unix:", service, 5) == 0) {
endpoint = service + 5;
connect_fn = unix_connect;
} else {
if (strncasecmp("inet:", service, 5) == 0)
endpoint = service + 5;
else
endpoint = service;
connect_fn = inet_connect;
}
/* /*
* Connect to proxy. * Connect to proxy.
*/ */
if ((fd = inet_connect(service, BLOCKING, timeout)) < 0) { if ((fd = connect_fn(endpoint, BLOCKING, timeout)) < 0) {
state->error_mask |= MAIL_ERROR_SOFTWARE; state->error_mask |= MAIL_ERROR_SOFTWARE;
state->err |= CLEANUP_STAT_PROXY; state->err |= CLEANUP_STAT_PROXY;
msg_warn("connect to proxy service %s: %m", service); msg_warn("connect to proxy service %s: %m", service);

11
postfix/src/tls/tls_misc.c
View File

@@ -105,8 +105,8 @@ TLScontext_t *tls_alloc_context(int log_level, const char *peername)
TLScontext_t *TLScontext; TLScontext_t *TLScontext;
/* /*
* PORTABILITY: Do not assume that null pointers are all-zero bits. * PORTABILITY: Do not assume that null pointers are all-zero bits. Use
* Use explicit assignments to initialize pointers. * explicit assignments to initialize pointers.
* *
* See the C language FAQ item 5.17, or if you have time to burn, * See the C language FAQ item 5.17, or if you have time to burn,
* http://www.google.com/search?q=zero+bit+null+pointer * http://www.google.com/search?q=zero+bit+null+pointer
@@ -288,4 +288,11 @@ long tls_bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
return (ret); return (ret);
} }
#else
/*
* Broken linker workaround.
*/
int tls_dummy_for_broken_linkers;
#endif #endif

7
postfix/src/util/sane_accept.c
View File

@@ -59,6 +59,9 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len)
EWOULDBLOCK, EWOULDBLOCK,
ENOBUFS, /* HPUX11 */ ENOBUFS, /* HPUX11 */
ECONNABORTED, ECONNABORTED,
#ifdef EPROTO
EPROTO, /* SunOS 5.5.1 */
#endif
0, 0,
}; };
int count; int count;
@@ -71,6 +74,10 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len)
* hosed beyond recovery. There is no point treating this as a beneficial * hosed beyond recovery. There is no point treating this as a beneficial
* error result because the program would go into a tight loop. * error result because the program would go into a tight loop.
* *
* XXX Solaris 2.5.1 accept() returns EPROTO when a TCP client has
* disconnected in the mean time. Since there is no connection, it is
* safe to map the error code onto EAGAIN.
*
* XXX LINUX < 2.1 accept() wakes up before the three-way handshake is * XXX LINUX < 2.1 accept() wakes up before the three-way handshake is
* complete, so it can fail with ECONNRESET and other "false alarm" * complete, so it can fail with ECONNRESET and other "false alarm"
* indications. * indications.

56
postfix/src/util/vstream.c
View File

@@ -58,6 +58,9 @@
/* int vstream_fflush(stream) /* int vstream_fflush(stream)
/* VSTREAM *stream; /* VSTREAM *stream;
/* /*
/* int vstream_fpurge(stream)
/* VSTREAM *stream;
/*
/* ssize_t vstream_fread(stream, buf, len) /* ssize_t vstream_fread(stream, buf, len)
/* VSTREAM *stream; /* VSTREAM *stream;
/* char *buf; /* char *buf;
@@ -210,6 +213,12 @@
/* vstream_fflush() returns 0 in case of success, VSTREAM_EOF in /* vstream_fflush() returns 0 in case of success, VSTREAM_EOF in
/* case of problems. It is an error to flush a read-only stream. /* case of problems. It is an error to flush a read-only stream.
/* /*
/* vstream_fpurge() discards the contents of the stream buffer.
/* In the case of a double-buffered stream, it discards the
/* content of both the read and write buffers.
/* vstream_fpurge() returns 0 in case of success, VSTREAM_EOF in
/* case of problems.
/*
/* vstream_fread() and vstream_fwrite() perform unformatted I/O /* vstream_fread() and vstream_fwrite() perform unformatted I/O
/* on the named stream. The result value is the number of bytes /* on the named stream. The result value is the number of bytes
/* transferred. A short count is returned in case of end-of-file /* transferred. A short count is returned in case of end-of-file
@@ -800,6 +809,53 @@ static int vstream_buf_space(VBUF *bp, ssize_t want)
return (vstream_ferror(stream) ? VSTREAM_EOF : 0); /* mmap() may fail */ return (vstream_ferror(stream) ? VSTREAM_EOF : 0); /* mmap() may fail */
} }
/* vstream_fpurge - discard unread or unwritten content */
int vstream_fpurge(VSTREAM *stream)
{
const char *myname = "vstream_fpurge";
VBUF *bp = &stream->buf;
/*
* To discard all unread contents, position the read buffer at its end,
* so that we skip over any unread data, and so that the next read
* operation will refill the buffer.
*
* To discard all unwritten content, position the write buffer at its
* beginning, so that the next write operation clobbers any unwritten
* data.
*/
switch (bp->flags & (VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE)) {
case VSTREAM_FLAG_READ_DOUBLE:
VSTREAM_BUF_AT_START(&stream->write_buf);
/* FALLTHROUGH */
case VSTREAM_FLAG_READ:
VSTREAM_BUF_AT_END(bp);
break;
case VSTREAM_FLAG_DOUBLE:
VSTREAM_BUF_AT_START(&stream->write_buf);
VSTREAM_BUF_AT_END(&stream->read_buf);
break;
case VSTREAM_FLAG_WRITE_DOUBLE:
VSTREAM_BUF_AT_END(&stream->read_buf);
/* FALLTHROUGH */
case VSTREAM_FLAG_WRITE:
VSTREAM_BUF_AT_START(bp);
break;
case VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE:
case VSTREAM_FLAG_READ | VSTREAM_FLAG_WRITE:
msg_panic("%s: read/write stream", myname);
}
/*
* Invalidate the cached file seek position.
*/
bp->flags &= ~VSTREAM_FLAG_SEEK;
stream->offset = 0;
return (0);
}
/* vstream_fseek - change I/O position */ /* vstream_fseek - change I/O position */
off_t vstream_fseek(VSTREAM *stream, off_t offset, int whence) off_t vstream_fseek(VSTREAM *stream, off_t offset, int whence)

1
postfix/src/util/vstream.h
View File

@@ -75,6 +75,7 @@ extern VSTREAM *vstream_fopen(const char *, int, mode_t);
extern int vstream_fclose(VSTREAM *); extern int vstream_fclose(VSTREAM *);
extern off_t vstream_fseek(VSTREAM *, off_t, int); extern off_t vstream_fseek(VSTREAM *, off_t, int);
extern off_t vstream_ftell(VSTREAM *); extern off_t vstream_ftell(VSTREAM *);
extern int vstream_fpurge(VSTREAM *);
extern int vstream_fflush(VSTREAM *); extern int vstream_fflush(VSTREAM *);
extern int vstream_fputs(const char *, VSTREAM *); extern int vstream_fputs(const char *, VSTREAM *);
extern VSTREAM *vstream_fdopen(int, int); extern VSTREAM *vstream_fdopen(int, int);