mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 13:48:06 +00:00
Code Issues Releases Wiki Activity

postfix-2.3-20050829

Browse Source
This commit is contained in:
Wietse Venema 2005-08-29 00:00:00 -05:00 committed by Viktor Dukhovni
parent 3fb1ad8ad5
commit 04571e906b
50 changed files with 983 additions and 475 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
postfix/HISTORY
View File

@ -11062,12 +11062,60 @@ Apologies for any names omitted.
Cleanup: HOLD action executes only once, to reduce noise
in the logfile. Files: cleanup/cleanup_message.c, smtpd/smtpd.c.
Open problems:
20050806
Med: when the cleanup server bounces local mail that should
be content inspected, the resulting DSN should be content
inspected, otherwise a local user can bypass content
inspection.
Workaround: accept(2) fails with EPROTO when the client
already disconnected (SunOS 5.5.1). File: sane_accept.c.
20050815
Workaround: old Solaris compilers can't link an archive
without globally visible symbols. File: tls/tls_misc.c.
20050825
Feature: message_reject_characters and message_strip_characters
specify what characters in message content Postfix will
reject or remove. Based on patch by John Fawcett. Files:
cleanup/cleanup_message.c, cleanup/cleanup_init.c.
Safety: when the cleanup server rejects the content of mail
that is submitted with the Postfix sendmail command, or
re-queued with "postsuper -r", strip the message body from
the bounce message to reduce the risks from harmful content.
Files: cleanup/cleanup_envelope.c, cleanup/cleanup_bounce.c.
Feature: the smtpd_proxy_filter parameter value can now be
prefixed with "unix:" (for UNIX-domain socket) and "inet:"
(for TCP socket). TCP sockets are the default. Patch by
Edwin Kremer. File: smtpd/smtpd_proxy.c.
20050828
Bugfix: after adding DSN support, error notification was
broken for too large mail that was submitted with the Postfix
sendmail command, forwarded by the local(8) delivery agent,
or re-queued with "postsuper -r". The message would be saved
to the "corrupt" queue.
The mistake was to leave the truncated message in the
incoming queue and to ask the queue manager to notify the
sender; this was not possible because the queue manager
cannot (and should not) handle truncated queue files.
The fix is to have the cleanup server send the bounce
message, just like it did before DSN support was added. As
a side effect, Postfix will no longer send DSN_SUCCESS
notices after virtual aliasing, when the cleanup server
bounces all the recipients of the message anyway. This
could be called a feature. File: cleanup/cleanup_bounce.c.
Also needed for this fix: a new vstream_fpurge() routine
that discards unread/written data from a VSTREAM. It's
needed before cleanup_bounce() can seek to the start of the
queue file after a file size error. File: util/vstream.c.
Open problems:
Look for systems with XPG basename() declared in <libgen.h>,
and prepare for phasing out the Postfix-supplied one.

2
postfix/README_FILES/DSN_README
View File

@ -84,7 +84,7 @@ Postfix has two Sendmail-compatible command-line options for DSN support.
PPoossttffiixx VVEERRPP ssuuppppoorrtt ccoommppaattiibbiilliittyy
With Postfix versions before 2.3, the sendmail(1) commands uses the -V command-
With Postfix versions before 2.3, the sendmail(1) command uses the -V command-
line option to request VERP-style delivery. In order to request VERP style
delivery with Postfix 2.3 and later, you must specify -XV instead of -V.

3
postfix/README_FILES/IPV6_README
View File

@ -12,7 +12,8 @@ differences between these implementations.
The main feature of interest is that IPv6 uses 128-bit IP addresses instead of
the 32-bit addresses used by IPv4. It can therefore accommodate a much larger
number of hosts and networks without ugly kluges such as NAT. A side benefit of
the much larger address space is that it makes network scanning unpractical.
the much larger address space is that it makes random network scanning
unpractical.
Postfix uses the same SMTP protocol over IPv6 as it already uses over the older
IPv4 network, and does AAAA record lookups in the DNS in addition to the older

24
postfix/RELEASE_NOTES
View File

@ -17,6 +17,30 @@ Incompatibility with Postfix 2.1 and earlier
If you upgrade from Postfix 2.1 or earlier, read RELEASE_NOTES-2.2
before proceeding.
Incompatibility with snapshot 20050828
======================================
When a header/body_checks or message_reject_characters rule rejects
mail that was submitted with the Postfix sendmail command (or
re-queued with "postsuper -r"), the returned message is now limited
to just the message headers, to avoid the risk of exposure to harmful
content in the message body or attachments.
When the cleanup server rejects the content or size of mail that
was submitted with the Postfix sendmail command, forwarded with the
local(8) delivery agent, or that was re-queued with "postsuper -r",
Postfix no longer sends DSN SUCCESS notification of virtual alias
expansions. Since all the recipients are reported as failed, the
SUCCESS notification seems redundant.
Major changes with snapshot 20050828
====================================
Configurable filters to reject or remove unwanted characters in
email content. The message_reject_characters and message_strip_characters
parameters understand the usual C-like escape sequences: \a \b \f
\n \r \t \v \ddd (up to three octal digits) and \\.
Incompatibility with snapshot 20050726
======================================

121
postfix/conf/canonical
View File

@ -37,67 +37,66 @@
# By default the canonical(5) mapping affects both message
# header addresses (i.e. addresses that appear inside mes-
# sages) and message envelope addresses (for example, the
# addresses that are used in SMTP protocol commands). Think
# Sendmail rule set S3, if you like. This is controlled
# with the canonical_classes parameter.
# addresses that are used in SMTP protocol commands). This
# is controlled with the canonical_classes parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message head-
# ers from remote SMTP clients only if the client matches
# ers from remote SMTP clients only if the client matches
# the local_header_rewrite_clients parameter, or if the
# remote_header_rewrite_domain configuration parameter spec-
# ifies a non-empty value. To get the behavior before Post-
# fix 2.2, specify "local_header_rewrite_clients =
# ifies a non-empty value. To get the behavior before Post-
# fix 2.2, specify "local_header_rewrite_clients =
# static:all".
#
# Typically, one would use the canonical(5) table to replace
# login names by Firstname.Lastname, or to clean up
# login names by Firstname.Lastname, or to clean up
# addresses produced by legacy mail systems.
#
# The canonical(5) mapping is not to be confused with vir-
# tual domain support. Use the virtual(5) map for that pur-
# The canonical(5) mapping is not to be confused with vir-
# tual domain support. Use the virtual(5) map for that pur-
# pose.
#
# The canonical(5) mapping is not to be confused with local
# The canonical(5) mapping is not to be confused with local
# aliasing. Use the aliases(5) map for that purpose.
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address
# Replace user@domain by address. This form has the
# Replace user@domain by address. This form has the
# highest precedence.
#
# This is useful to clean up addresses produced by
# legacy mail systems. It can also be used to pro-
# duce Firstname.Lastname style addresses, but see
# This is useful to clean up addresses produced by
# legacy mail systems. It can also be used to pro-
# duce Firstname.Lastname style addresses, but see
# below for a simpler solution.
#
# user address
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# Replace user@site by address when site is equal to
# $myorigin, when site is listed in $mydestination,
# or when it is listed in $inet_interfaces or
# $proxy_interfaces.
#
# This form is useful for replacing login names by
# This form is useful for replacing login names by
# Firstname.Lastname.
#
# @domain address
@ -107,10 +106,10 @@
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
@ -118,58 +117,58 @@
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# The following main.cf parameters are especially relevant.
# The text below provides only a parameter summary. See
# postconf(5) for more details including examples.
#
# canonical_classes
# What addresses are subject to canonical address
# What addresses are subject to canonical address
# mapping.
#
# canonical_maps
@ -184,26 +183,26 @@
# header sender addresses.
#
# propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# local_header_rewrite_clients
# Rewrite message header addresses in mail from these
# clients and update incomplete addresses with the
# clients and update incomplete addresses with the
# domain name in $myorigin or $mydomain; either don't
# rewrite message headers from other clients at all,
# or rewrite message headers and update incomplete
# addresses with the domain specified in the
# rewrite message headers from other clients at all,
# or rewrite message headers and update incomplete
# addresses with the domain specified in the
# remote_header_rewrite_domain parameter.
#
# proxy_interfaces
@ -212,20 +211,20 @@
# tor.
#
# masquerade_classes
# List of address classes subject to masquerading:
# zero or more of envelope_sender, envelope_recipi-
# List of address classes subject to masquerading:
# zero or more of envelope_sender, envelope_recipi-
# ent, header_sender, header_recipient.
#
# masquerade_domains
# List of domains that hide their subdomain struc-
# List of domains that hide their subdomain struc-
# ture.
#
# masquerade_exceptions
# List of user names that are not subject to address
# List of user names that are not subject to address
# masquerading.
#
# mydestination
# List of domains that this mail system considers
# List of domains that this mail system considers
# local.
#
# myorigin
@ -236,9 +235,9 @@
# addresses.
#
# remote_header_rewrite_domain
# Don't rewrite message headers from remote clients
# Don't rewrite message headers from remote clients
# at all when this parameter is empty; otherwise, re-
# write message headers and append the specified
# write message headers and append the specified
# domain name to incomplete addresses.
#
# SEE ALSO
@ -248,13 +247,13 @@
# virtual(5), virtual aliasing
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

144
postfix/conf/virtual
View File

@ -34,62 +34,62 @@
# address can have its own mailbox.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Think
# Sendmail rule set S0, if you like. Use canonical(5) map-
# ping to rewrite header and envelope addresses in general.
# addresses, and does not affect message headers. Use
# canonical(5) mapping to rewrite header and envelope
# addresses in general.
#
# Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# Normally, the virtual(5) alias table is specified as a
# text file that serves as input to the postmap(1) command.
# The result, an indexed file in dbm or db format, is used
# for fast searching by the mail system. Execute the command
# "postmap /etc/postfix/virtual" in order to rebuild the
# "postmap /etc/postfix/virtual" in order to rebuild the
# indexed file after changing the text file.
#
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# When the table is provided via other means such as NIS,
# LDAP or SQL, the same lookups are done as for ordinary
# indexed files.
#
# Alternatively, the table can be provided as a regular-
# Alternatively, the table can be provided as a regular-
# expression map where patterns are given as regular expres-
# sions, or lookups can be directed to TCP-based server. In
# that case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# sions, or lookups can be directed to TCP-based server. In
# that case, the lookups are done in a slightly different
# way as described below under "REGULAR EXPRESSION TABLES"
# and "TCP-BASED TABLES".
#
# TABLE FORMAT
# The input format for the postmap(1) command is as follows:
#
# pattern result
# When pattern matches a mail address, replace it by
# When pattern matches a mail address, replace it by
# the corresponding result.
#
# blank lines and comments
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# Empty lines and whitespace-only lines are ignored,
# as are lines whose first non-whitespace character
# is a `#'.
#
# multi-line text
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# A logical line starts with non-whitespace text. A
# line that starts with whitespace continues a logi-
# cal line.
#
# TABLE SEARCH ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
#
# user@domain address, address, ...
# Redirect mail for user@domain to address. This
# Redirect mail for user@domain to address. This
# form has the highest precedence.
#
# user address, address, ...
# Redirect mail for user@site to address when site is
# equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces
# equal to $myorigin, when site is listed in $mydes-
# tination, or when it is listed in $inet_interfaces
# or $proxy_interfaces.
#
# This functionality overlaps with functionality of
# the local aliases(5) database. The difference is
# This functionality overlaps with functionality of
# the local aliases(5) database. The difference is
# that virtual(5) mapping can be applied to non-local
# addresses.
#
@ -100,12 +100,12 @@
# RESULT ADDRESS REWRITING
# The lookup result is subject to address rewriting:
#
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This
# o When the result has the form @otherdomain, the
# result becomes the same user in otherdomain. This
# works only for the first address in a multi-address
# lookup result.
#
# o When "append_at_myorigin=yes", append "@$myorigin"
# o When "append_at_myorigin=yes", append "@$myorigin"
# to addresses without "@domain".
#
# o When "append_dot_mydomain=yes", append ".$mydomain"
@ -113,29 +113,29 @@
#
# ADDRESS EXTENSION
# When a mail address localpart contains the optional recip-
# ient delimiter (e.g., user+foo@domain), the lookup order
# ient delimiter (e.g., user+foo@domain), the lookup order
# becomes: user+foo@domain, user@domain, user+foo, user, and
# @domain.
#
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# The propagate_unmatched_extensions parameter controls
# whether an unmatched address extension (+foo) is propa-
# gated to the result of table lookup.
#
# VIRTUAL ALIAS DOMAINS
# Besides virtual aliases, the virtual alias table can also
# Besides virtual aliases, the virtual alias table can also
# be used to implement virtual alias domains. With a virtual
# alias domain, all recipient addresses are aliased to
# alias domain, all recipient addresses are aliased to
# addresses in other domains.
#
# Virtual alias domains are not to be confused with the vir-
# tual mailbox domains that are implemented with the Postfix
# virtual(8) mail delivery agent. With virtual mailbox
# domains, each recipient address can have its own mailbox.
# domains, each recipient address can have its own mailbox.
#
# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible
# With a virtual alias domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames
# are not visible in a virtual alias domain. In particular,
# local aliases(5) and local mailing lists are not visible
# as localname@virtual-alias.domain.
#
# Support for a virtual alias domain looks like:
@ -143,8 +143,8 @@
# /etc/postfix/main.cf:
# virtual_alias_maps = hash:/etc/postfix/virtual
#
# Note: some systems use dbm databases instead of hash.
# See the output from "postconf -m" for available data-
# Note: some systems use dbm databases instead of hash.
# See the output from "postconf -m" for available data-
# base types.
#
# /etc/postfix/virtual:
@ -153,95 +153,95 @@
# user1@virtual-alias.domain address1
# user2@virtual-alias.domain address2, address3
#
# The virtual-alias.domain anything entry is required for a
# The virtual-alias.domain anything entry is required for a
# virtual alias domain. Without this entry, mail is rejected
# with "relay access denied", or bounces with "mail loops
# with "relay access denied", or bounces with "mail loops
# back to myself".
#
# Do not specify virtual alias domain names in the main.cf
# Do not specify virtual alias domain names in the main.cf
# mydestination or relay_domains configuration parameters.
#
# With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as
# With a virtual alias domain, the Postfix SMTP server
# accepts mail for known-user@virtual-alias.domain, and
# rejects mail for unknown-user@virtual-alias.domain as
# undeliverable.
#
# Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via
# Instead of specifying the virtual alias domain name via
# the virtual_alias_maps table, you may also specify it via
# the main.cf virtual_alias_domains configuration parameter.
# This latter parameter uses the same syntax as the main.cf
# This latter parameter uses the same syntax as the main.cf
# mydestination configuration parameter.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire address being looked up. Thus, user@domain mail
# addresses are not broken up into their user and @domain
# addresses are not broken up into their user and @domain
# constituent parts, nor is user+foo broken up into user and
# foo.
#
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the ta-
# ble, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# TCP-BASED TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# lookups are directed to a TCP-based server. For a descrip-
# tion of the TCP client/server lookup protocol, see tcp_ta-
# ble(5). This feature is not available up to and including
# Postfix version 2.2.
#
# Each lookup operation uses the entire address once. Thus,
# user@domain mail addresses are not broken up into their
# user@domain mail addresses are not broken up into their
# user and @domain constituent parts, nor is user+foo broken
# up into user and foo.
#
# Results are the same as with indexed file lookups.
#
# BUGS
# The table format does not understand quoting conventions.
# The table format does not understand quoting conventions.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload"
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the "postfix reload"
# command after a configuration change.
#
# virtual_alias_maps
# List of virtual aliasing tables.
#
# virtual_alias_domains
# List of virtual alias domains. This uses the same
# List of virtual alias domains. This uses the same
# syntax as the mydestination parameter.
#
# propagate_unmatched_extensions
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# A list of address rewriting or forwarding mecha-
# nisms that propagate an address extension from the
# original address to the result. Specify zero or
# more of canonical, virtual, alias, forward,
# include, or generic.
#
# Other parameters of interest:
#
# inet_interfaces
# The network interface addresses that this system
# The network interface addresses that this system
# receives mail on. You need to stop and start Post-
# fix when this parameter changes.
#
# mydestination
# List of domains that this mail system considers
# List of domains that this mail system considers
# local.
#
# myorigin
# The domain that is appended to any address that
# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
@ -260,14 +260,14 @@
# canonical(5), canonical address mapping
#
# README FILES
# Use "postconf readme_directory" or "postconf html_direc-
# Use "postconf readme_directory" or "postconf html_direc-
# tory" to locate this information.
# DATABASE_README, Postfix lookup table overview
# ADDRESS_REWRITING_README, address rewriting guide
# VIRTUAL_README, domain hosting guide
#
# LICENSE
# The Secure Mailer license must be distributed with this
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)

2
postfix/html/DSN_README.html
View File

@ -139,7 +139,7 @@ as discussed in the next section. </p>
<h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
<p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> commands uses
<p> With Postfix versions before 2.3, the <a href="sendmail.1.html">sendmail(1)</a> command uses
the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V. </p>

3
postfix/html/IPV6_README.html
View File

@ -30,7 +30,8 @@ between these implementations. </p>
addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger
address space is that it makes network scanning unpractical. </p>
address space is that it makes random network scanning unpractical.
</p>
<p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in

119
postfix/html/canonical.5.html
View File

@ -43,67 +43,66 @@ CANONICAL(5) CANONICAL(5)
By default the <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping affects both message
header addresses (i.e. addresses that appear inside mes-
sages) and message envelope addresses (for example, the
addresses that are used in SMTP protocol commands). Think
Sendmail rule set <b>S3</b>, if you like. This is controlled
with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
addresses that are used in SMTP protocol commands). This
is controlled with the <b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b> parameter.
NOTE: Postfix versions 2.2 and later rewrite message head-
ers from remote SMTP clients only if the client matches
ers from remote SMTP clients only if the client matches
the <a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> parameter, or if the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> configuration parameter spec-
ifies a non-empty value. To get the behavior before Post-
fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
ifies a non-empty value. To get the behavior before Post-
fix 2.2, specify "<a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a> =
static:all".
Typically, one would use the <a href="canonical.5.html"><b>canonical</b>(5)</a> table to replace
login names by <i>Firstname.Lastname</i>, or to clean up
login names by <i>Firstname.Lastname</i>, or to clean up
addresses produced by legacy mail systems.
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
<i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with <i>vir-</i>
<i>tual domain</i> support. Use the <a href="virtual.5.html"><b>virtual</b>(5)</a> map for that pur-
pose.
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
The <a href="canonical.5.html"><b>canonical</b>(5)</a> mapping is not to be confused with local
aliasing. Use the <a href="aliases.5.html"><b>aliases</b>(5)</a> map for that purpose.
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
When <i>pattern</i> matches a mail address, replace it by
When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>.
blank lines and comments
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
is a `#'.
multi-line text
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
cal line.
<b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are
networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain address</i>
Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
Replace <i>user</i>@<i>domain</i> by <i>address</i>. This form has the
highest precedence.
This is useful to clean up addresses produced by
legacy mail systems. It can also be used to pro-
duce <i>Firstname.Lastname</i> style addresses, but see
This is useful to clean up addresses produced by
legacy mail systems. It can also be used to pro-
duce <i>Firstname.Lastname</i> style addresses, but see
below for a simpler solution.
<i>user address</i>
Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
$<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
Replace <i>user</i>@<i>site</i> by <i>address</i> when <i>site</i> is equal to
$<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydestination</a></b>,
or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b> or
$<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
This form is useful for replacing login names by
This form is useful for replacing login names by
<i>Firstname.Lastname</i>.
@<i>domain address</i>
@ -113,10 +112,10 @@ CANONICAL(5) CANONICAL(5)
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
<b>o</b> When the result has the form @<i>otherdomain</i>, the
<b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>.
<b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
<b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
@ -124,58 +123,58 @@ CANONICAL(5) CANONICAL(5)
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
whether an unmatched address extension (<i>+foo</i>) is propa-
The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to
Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
addresses are not broken up into their <i>user</i> and <i>@domain</i>
addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search
Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search
string.
Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
<i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
The table format does not understand quoting conventions.
The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant.
The text below provides only a parameter summary. See
The following <b>main.cf</b> parameters are especially relevant.
The text below provides only a parameter summary. See
<a href="postconf.5.html"><b>postconf</b>(5)</a> for more details including examples.
<b><a href="postconf.5.html#canonical_classes">canonical_classes</a></b>
What addresses are subject to canonical address
What addresses are subject to canonical address
mapping.
<b><a href="postconf.5.html#canonical_maps">canonical_maps</a></b>
@ -190,26 +189,26 @@ CANONICAL(5) CANONICAL(5)
header sender addresses.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
A list of address rewriting or forwarding mecha-
nisms that propagate an address extension from the
original address to the result. Specify zero or
more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
A list of address rewriting or forwarding mecha-
nisms that propagate an address extension from the
original address to the result. Specify zero or
more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
The network interface addresses that this system
The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#local_header_rewrite_clients">local_header_rewrite_clients</a></b>
Rewrite message header addresses in mail from these
clients and update incomplete addresses with the
clients and update incomplete addresses with the
domain name in $<a href="postconf.5.html#myorigin">myorigin</a> or $<a href="postconf.5.html#mydomain">mydomain</a>; either don't
rewrite message headers from other clients at all,
or rewrite message headers and update incomplete
addresses with the domain specified in the
rewrite message headers from other clients at all,
or rewrite message headers and update incomplete
addresses with the domain specified in the
<a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a> parameter.
<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>
@ -218,20 +217,20 @@ CANONICAL(5) CANONICAL(5)
tor.
<b><a href="postconf.5.html#masquerade_classes">masquerade_classes</a></b>
List of address classes subject to masquerading:
zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
List of address classes subject to masquerading:
zero or more of <b>envelope_sender</b>, <b>envelope_recipi-</b>
<b>ent</b>, <b>header_sender</b>, <b>header_recipient</b>.
<b><a href="postconf.5.html#masquerade_domains">masquerade_domains</a></b>
List of domains that hide their subdomain struc-
List of domains that hide their subdomain struc-
ture.
<b><a href="postconf.5.html#masquerade_exceptions">masquerade_exceptions</a></b>
List of user names that are not subject to address
List of user names that are not subject to address
masquerading.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
List of domains that this mail system considers
List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
@ -242,9 +241,9 @@ CANONICAL(5) CANONICAL(5)
addresses.
<b><a href="postconf.5.html#remote_header_rewrite_domain">remote_header_rewrite_domain</a></b>
Don't rewrite message headers from remote clients
Don't rewrite message headers from remote clients
at all when this parameter is empty; otherwise, re-
write message headers and append the specified
write message headers and append the specified
domain name to incomplete addresses.
<b>SEE ALSO</b>
@ -258,7 +257,7 @@ CANONICAL(5) CANONICAL(5)
<a href="ADDRESS_REWRITING_README.html">ADDRESS_REWRITING_README</a>, address rewriting guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

10
postfix/html/cleanup.8.html
View File

@ -125,6 +125,16 @@ CLEANUP(8) CLEANUP(8)
non-MIME message headers in attached messages, as
described in the <b><a href="postconf.5.html#header_checks">header_checks</a></b>(5) manual page.
Available in Postfix version 2.3 and later:
<b><a href="postconf.5.html#message_reject_characters">message_reject_characters</a> (empty)</b>
The set of characters that Postfix will reject in
message content.
<b><a href="postconf.5.html#message_strip_characters">message_strip_characters</a> (empty)</b>
The set of characters that Postfix will remove from
message content.
<b>MIME PROCESSING CONTROLS</b>
Available in Postfix version 2.0 and later:

170
postfix/html/ldap_table.5.html
View File

@ -324,58 +324,60 @@ LDAP_TABLE(5) LDAP_TABLE(5)
NOTE: DO NOT define this parameter for <a href="local.8.html">local(8)</a>
aliases.
This feature is available in Postfix 2.1 and later.
<b>result_attribute (default: maildrop)</b>
The attribute(s) Postfix will read from any direc-
The attribute(s) Postfix will read from any direc-
tory entries returned by the lookup, to be resolved
to an email address.
result_attribute = mailbox, maildrop
<b>special_result_attribute (No default)</b>
The attribute(s) of directory entries that can con-
tain DNs or URLs. If found, a recursive subsequent
tain DNs or URLs. If found, a recursive subsequent
search is done using their values.
special_result_attribute = member
DN recursion retrieves the same result_attributes
DN recursion retrieves the same result_attributes
as the main query, including the special attributes
for further recursion. URI processing retrieves
only those attributes that are included in the URI
definition and are *also* listed in
"result_attribute". If the URI lists any of the
map's special result attributes, these are also
for further recursion. URI processing retrieves
only those attributes that are included in the URI
definition and are *also* listed in
"result_attribute". If the URI lists any of the
map's special result attributes, these are also
retrieved and used recursively.
<b>scope (default: sub)</b>
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
The LDAP search scope: <b>sub</b>, <b>base</b>, or <b>one</b>. These
translate into LDAP_SCOPE_SUBTREE, LDAP_SCOPE_BASE,
and LDAP_SCOPE_ONELEVEL.
<b>bind (default: yes)</b>
Whether or not to bind to the LDAP server. Newer
Whether or not to bind to the LDAP server. Newer
LDAP implementations don't require clients to bind,
which saves time. Example:
bind = no
If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a
port that's an SSL tunnel to your LDAP server. If
your LDAP server doesn't natively support SSL, put
If you do need to bind, you might consider config-
uring Postfix to connect to the local machine on a
port that's an SSL tunnel to your LDAP server. If
your LDAP server doesn't natively support SSL, put
a tunnel (wrapper, proxy, whatever you want to call
it) on that system too. This should prevent the
password from traversing the network in the clear.
it) on that system too. This should prevent the
password from traversing the network in the clear.
<b>bind_dn (default: empty)</b>
If you do have to bind, do it with this distin-
If you do have to bind, do it with this distin-
guished name. Example:
bind_dn = uid=postfix, dc=your, dc=com
<b>bind_pw (default: empty)</b>
The password for the distinguished name above. If
The password for the distinguished name above. If
you have to use this, you probably want to make the
map configuration file readable only by the Postfix
user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
user. When using the obsolete <a href="ldap_table.5.html">ldap</a>:ldapsource syn-
tax, with map parameters in main.cf, it is not pos-
sible to securely store the bind password. This is
sible to securely store the bind password. This is
because main.cf needs to be world readable to allow
local accounts to submit mail via the sendmail com-
mand. Example:
@ -386,43 +388,43 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<b>cache_expiry (IGNORED with a warning)</b>
<b>cache_size (IGNORED with a warning)</b>
The above parameters are NO LONGER SUPPORTED by
The above parameters are NO LONGER SUPPORTED by
Postfix. Cache support has been dropped from
OpenLDAP as of release 2.1.13.
<b>recursion_limit (default: 1000)</b>
A limit on the nesting depth of DN and URL special
result attribute evaluation. The limit must be a
A limit on the nesting depth of DN and URL special
result attribute evaluation. The limit must be a
non-zero positive number.
<b>expansion_limit (default: 0)</b>
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
A limit on the total number of result elements
returned (as a comma separated list) by a lookup
against the map. A setting of zero disables the
limit. Lookups fail with a temporary error if the
limit is exceeded. Setting the limit to 1 ensures
that lookups do not return multiple values.
<b>size_limit (default: $expansion_limit)</b>
A limit on the number of LDAP entries returned by
any single LDAP search performed as part of the
lookup. A setting of 0 disables the limit. Expan-
sion of DN and URL references involves nested LDAP
queries, each of which is separately subjected to
A limit on the number of LDAP entries returned by
any single LDAP search performed as part of the
lookup. A setting of 0 disables the limit. Expan-
sion of DN and URL references involves nested LDAP
queries, each of which is separately subjected to
this limit.
Note: even a single LDAP entry can generate multi-
ple lookup results, via multiple result attributes
and/or multi-valued result attributes. This limit
caps the per search resource utilization on the
LDAP server, not the final multiplicity of the
lookup result. It is analogous to the "-z" option
Note: even a single LDAP entry can generate multi-
ple lookup results, via multiple result attributes
and/or multi-valued result attributes. This limit
caps the per search resource utilization on the
LDAP server, not the final multiplicity of the
lookup result. It is analogous to the "-z" option
of "ldapsearch".
<b>dereference (default: 0)</b>
When to dereference LDAP aliases. (Note that this
When to dereference LDAP aliases. (Note that this
has nothing do with Postfix aliases.) The permitted
values are those legal for the OpenLDAP/UM LDAP
values are those legal for the OpenLDAP/UM LDAP
implementations:
0 never
@ -434,99 +436,99 @@ LDAP_TABLE(5) LDAP_TABLE(5)
3 always
See ldap.h or the ldap_open(3) or ldapsearch(1) man
pages for more information. And if you're using an
pages for more information. And if you're using an
LDAP package that has other possible values, please
bring it to the attention of the postfix-
bring it to the attention of the postfix-
users@postfix.org mailing list.
<b>chase_referrals (default: 0)</b>
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
Sets (or clears) LDAP_OPT_REFERRALS (requires LDAP
version 3 support).
<b>version (default: 2)</b>
Specifies the LDAP protocol version to use.
<b>debuglevel (default: 0)</b>
What level to set for debugging in the OpenLDAP
What level to set for debugging in the OpenLDAP
libraries.
<b>LDAP SSL AND STARTTLS PARAMETERS</b>
If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can
If you're using the OpenLDAP libraries compiled with SSL
support, Postfix can connect to LDAP SSL servers and can
issue the STARTTLS command.
LDAP SSL service can be requested by using a LDAP SSL URL
LDAP SSL service can be requested by using a LDAP SSL URL
in the server_host parameter:
server_host = ldaps://ldap.example.com:636
STARTTLS can be turned on with the start_tls parameter:
start_tls = yes
Both forms require LDAP protocol version 3, which has to
Both forms require LDAP protocol version 3, which has to
be set explicitly with:
version = 3
If any of the Postfix programs querying the map is config-
ured in master.cf to run chrooted, all the certificates
ured in master.cf to run chrooted, all the certificates
and keys involved have to be copied to the chroot jail. Of
course, the private keys should only be readable by the
course, the private keys should only be readable by the
user "postfix".
The following parameters are relevant to LDAP SSL and
The following parameters are relevant to LDAP SSL and
STARTTLS:
<b>start_tls (default: no)</b>
Whether or not to issue STARTTLS upon connection to
the server. Don't set this with LDAP SSL (the SSL
the server. Don't set this with LDAP SSL (the SSL
session is setup automatically when the TCP connec-
tion is opened).
<b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_dir (No default; set either this or</b>
<b>tls_ca_cert_file)</b>
Directory containing X509 Certificate Authority
certificates in PEM format which are to be recog-
nized by the client in SSL/TLS connections. The
files each contain one CA certificate. The files
are looked up by the CA subject name hash value,
which must hence be available. If more than one CA
certificate with the same name hash value exist,
the extension must be different (e.g. 9d66eef0.0,
9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of
certificates in PEM format which are to be recog-
nized by the client in SSL/TLS connections. The
files each contain one CA certificate. The files
are looked up by the CA subject name hash value,
which must hence be available. If more than one CA
certificate with the same name hash value exist,
the extension must be different (e.g. 9d66eef0.0,
9d66eef0.1 etc). The search is performed in the
ordering of the extension number, regardless of
other properties of the certificates. Use the
c_rehash utility (from the OpenSSL distribution) to
create the necessary links.
<b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_file (No default; set either this or</b>
<b>tls_ca_cert_dir)</b>
File containing the X509 Certificate Authority cer-
tificates in PEM format which are to be recognized
by the client in SSL/TLS connections. This setting
tificates in PEM format which are to be recognized
by the client in SSL/TLS connections. This setting
takes precedence over tls_ca_cert_dir.
<b>tls_cert (No default; you must set this)</b>
File containing client's X509 certificate to be
File containing client's X509 certificate to be
used by the client in SSL/ TLS connections.
<b>tls_key (No default; you must set this)</b>
File containing the private key corresponding to
File containing the private key corresponding to
the above tls_cert.
<b>tls_require_cert (default: no)</b>
Whether or not to request server's X509 certificate
and check its validity when establishing SSL/TLS
and check its validity when establishing SSL/TLS
connections.
<b>tls_random_file (No default)</b>
Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the
Path of a file to obtain random bits from when
/dev/[u]random is not available, to be used by the
client in SSL/TLS connections.
<b>tls_cipher_suite (No default)</b>
Cipher suite to use in SSL/TLS negotiations.
<b>EXAMPLE</b>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
Here's a basic example for using LDAP to look up <a href="local.8.html">local(8)</a>
aliases. Assume that in main.cf, you have:
<a href="postconf.5.html#alias_maps">alias_maps</a> = hash:/etc/aliases,
<a href="ldap_table.5.html">ldap</a>:/etc/postfix/ldap-aliases.cf
@ -535,14 +537,14 @@ LDAP_TABLE(5) LDAP_TABLE(5)
server_host = ldap.my.com
search_base = dc=my, dc=com
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on
ldap.my.com. It will bind anonymously, search for any
directory entries whose mailacceptinggeneralid attribute
is "ldapuser", read the "maildrop" attributes of those
found, and build a list of their maildrops, which will be
treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be
Upon receiving mail for a local address "ldapuser" that
isn't found in the /etc/aliases database, Postfix will
search the LDAP server listening at port 389 on
ldap.my.com. It will bind anonymously, search for any
directory entries whose mailacceptinggeneralid attribute
is "ldapuser", read the "maildrop" attributes of those
found, and build a list of their maildrops, which will be
treated as <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a> addresses to which the message will be
delivered.
<b>SEE ALSO</b>
@ -556,13 +558,13 @@ LDAP_TABLE(5) LDAP_TABLE(5)
<a href="LDAP_README.html">LDAP_README</a>, Postfix LDAP client guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Carsten Hoeger, Hery Rakotoarisoa, John Hensley, Keith
Stevenson, LaMont Jones, Liviu Daia, Manuel Guesdon, Mike
Mattice, Prabhat K Singh, Sami Haahtinen, Samuel Tardieu,
Victor Duchovni, and many others.
LDAP_TABLE(5)

50
postfix/html/postconf.5.html
View File

@ -4110,6 +4110,25 @@ Specify 0 when mail delivery should be tried only once.
</p>
</DD>
<DT><b><a name="message_reject_characters">message_reject_characters</a>
(default: empty)</b></DT><DD>
<p> The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#message_reject_characters">message_reject_characters</a> = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="message_size_limit">message_size_limit</a>
@ -4120,6 +4139,25 @@ The maximal size in bytes of a message, including envelope information.
</p>
</DD>
<DT><b><a name="message_strip_characters">message_strip_characters</a>
(default: empty)</b></DT><DD>
<p> The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
<a href="postconf.5.html#message_strip_characters">message_strip_characters</a> = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
</DD>
<DT><b><a name="mime_boundary_length_limit">mime_boundary_length_limit</a>
@ -7938,12 +7976,18 @@ The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
</p>
<p> Specify host:port. The host can be specified as an IP address
or as a symbolic name; no MX lookups are done. When no host or
host: are specified, the local machine is assumed. </p>
<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
"unix:pathname" for a UNIX-domain endpoint. The host can be specified
as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later. </p>
</DD>

142
postfix/html/virtual.5.html
View File

@ -40,62 +40,62 @@ VIRTUAL(5) VIRTUAL(5)
address can have its own mailbox.
Virtual aliasing is applied only to recipient envelope
addresses, and does not affect message headers. Think
Sendmail rule set <b>S0</b>, if you like. Use <a href="canonical.5.html"><b>canonical</b>(5)</a> map-
ping to rewrite header and envelope addresses in general.
addresses, and does not affect message headers. Use
<a href="canonical.5.html"><b>canonical</b>(5)</a> mapping to rewrite header and envelope
addresses in general.
Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a
text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
Normally, the <a href="virtual.5.html"><b>virtual</b>(5)</a> alias table is specified as a
text file that serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> command.
The result, an indexed file in <b>dbm</b> or <b>db</b> format, is used
for fast searching by the mail system. Execute the command
"<b>postmap /etc/postfix/virtual</b>" in order to rebuild the
"<b>postmap /etc/postfix/virtual</b>" in order to rebuild the
indexed file after changing the text file.
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
When the table is provided via other means such as NIS,
LDAP or SQL, the same lookups are done as for ordinary
indexed files.
Alternatively, the table can be provided as a regular-
Alternatively, the table can be provided as a regular-
expression map where patterns are given as regular expres-
sions, or lookups can be directed to TCP-based server. In
that case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
sions, or lookups can be directed to TCP-based server. In
that case, the lookups are done in a slightly different
way as described below under "REGULAR EXPRESSION TABLES"
and "TCP-BASED TABLES".
<b>TABLE FORMAT</b>
The input format for the <a href="postmap.1.html"><b>postmap</b>(1)</a> command is as follows:
<i>pattern result</i>
When <i>pattern</i> matches a mail address, replace it by
When <i>pattern</i> matches a mail address, replace it by
the corresponding <i>result</i>.
blank lines and comments
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
Empty lines and whitespace-only lines are ignored,
as are lines whose first non-whitespace character
is a `#'.
multi-line text
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
A logical line starts with non-whitespace text. A
line that starts with whitespace continues a logi-
cal line.
<b>TABLE SEARCH ORDER</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are
networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
<i>user</i>@<i>domain address, address, ...</i>
Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This
Redirect mail for <i>user</i>@<i>domain</i> to <i>address</i>. This
form has the highest precedence.
<i>user address, address, ...</i>
Redirect mail for <i>user</i>@<i>site</i> to <i>address</i> when <i>site</i> is
equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b>
<b><a href="postconf.5.html#mydestination">tination</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
equal to $<b><a href="postconf.5.html#myorigin">myorigin</a></b>, when <i>site</i> is listed in $<b><a href="postconf.5.html#mydestination">mydes</a>-</b>
<b><a href="postconf.5.html#mydestination">tination</a></b>, or when it is listed in $<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
or $<b><a href="postconf.5.html#proxy_interfaces">proxy_interfaces</a></b>.
This functionality overlaps with functionality of
the local <i>aliases</i>(5) database. The difference is
This functionality overlaps with functionality of
the local <i>aliases</i>(5) database. The difference is
that <a href="virtual.5.html"><b>virtual</b>(5)</a> mapping can be applied to non-local
addresses.
@ -106,12 +106,12 @@ VIRTUAL(5) VIRTUAL(5)
<b>RESULT ADDRESS REWRITING</b>
The lookup result is subject to address rewriting:
<b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>. This
<b>o</b> When the result has the form @<i>otherdomain</i>, the
result becomes the same <i>user</i> in <i>otherdomain</i>. This
works only for the first address in a multi-address
lookup result.
<b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
<b>o</b> When "<b><a href="postconf.5.html#append_at_myorigin">append_at_myorigin</a>=yes</b>", append "<b>@$<a href="postconf.5.html#myorigin">myorigin</a></b>"
to addresses without "@domain".
<b>o</b> When "<b><a href="postconf.5.html#append_dot_mydomain">append_dot_mydomain</a>=yes</b>", append "<b>.$<a href="postconf.5.html#mydomain">mydomain</a></b>"
@ -119,29 +119,29 @@ VIRTUAL(5) VIRTUAL(5)
<b>ADDRESS EXTENSION</b>
When a mail address localpart contains the optional recip-
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
ient delimiter (e.g., <i>user+foo</i>@<i>domain</i>), the lookup order
becomes: <i>user+foo</i>@<i>domain</i>, <i>user</i>@<i>domain</i>, <i>user+foo</i>, <i>user</i>, and
@<i>domain</i>.
The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
whether an unmatched address extension (<i>+foo</i>) is propa-
The <b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b> parameter controls
whether an unmatched address extension (<i>+foo</i>) is propa-
gated to the result of table lookup.
<b>VIRTUAL ALIAS DOMAINS</b>
Besides virtual aliases, the virtual alias table can also
Besides virtual aliases, the virtual alias table can also
be used to implement <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. With a virtual
alias domain, all recipient addresses are aliased to
alias domain, all recipient addresses are aliased to
addresses in other domains.
Virtual alias domains are not to be confused with the vir-
tual mailbox domains that are implemented with the Postfix
<a href="virtual.8.html"><b>virtual</b>(8)</a> mail delivery agent. With virtual mailbox
domains, each recipient address can have its own mailbox.
domains, each recipient address can have its own mailbox.
With a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames
are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
With a virtual alias domain, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames
are not visible in a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. In particular,
local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are not visible
as <i>localname@virtual-alias.domain</i>.
Support for a <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> looks like:
@ -149,8 +149,8 @@ VIRTUAL(5) VIRTUAL(5)
/etc/postfix/main.cf:
<a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a> = hash:/etc/postfix/virtual
Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
See the output from "<b>postconf -m</b>" for available data-
Note: some systems use <b>dbm</b> databases instead of <b>hash</b>.
See the output from "<b>postconf -m</b>" for available data-
base types.
/etc/postfix/virtual:
@ -159,95 +159,95 @@ VIRTUAL(5) VIRTUAL(5)
<i>user1@virtual-alias.domain address1</i>
<i>user2@virtual-alias.domain address2, address3</i>
The <i>virtual-alias.domain anything</i> entry is required for a
The <i>virtual-alias.domain anything</i> entry is required for a
<a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a>. <b>Without this entry, mail is rejected</b>
<b>with "relay access denied", or bounces with "mail loops</b>
<b>with "relay access denied", or bounces with "mail loops</b>
<b>back to myself".</b>
Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
Do not specify <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> names in the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> or <b><a href="postconf.5.html#relay_domains">relay_domains</a></b> configuration parameters.
With a virtual alias domain, the Postfix SMTP server
accepts mail for <i>known-user@virtual-alias.domain</i>, and
rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
With a virtual alias domain, the Postfix SMTP server
accepts mail for <i>known-user@virtual-alias.domain</i>, and
rejects mail for <i>unknown-user</i>@<i>virtual-alias.domain</i> as
undeliverable.
Instead of specifying the <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domain</a> name via
the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
Instead of specifying the virtual alias domain name via
the <b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b> table, you may also specify it via
the <b>main.cf <a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b> configuration parameter.
This latter parameter uses the same syntax as the <b>main.cf</b>
This latter parameter uses the same syntax as the <b>main.cf</b>
<b><a href="postconf.5.html#mydestination">mydestination</a></b> configuration parameter.
<b>REGULAR EXPRESSION TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp_table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre_table</b>(5)</a>.
Each pattern is a regular expression that is applied to
Each pattern is a regular expression that is applied to
the entire address being looked up. Thus, <i>user@domain</i> mail
addresses are not broken up into their <i>user</i> and <i>@domain</i>
addresses are not broken up into their <i>user</i> and <i>@domain</i>
constituent parts, nor is <i>user+foo</i> broken up into <i>user</i> and
<i>foo</i>.
Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search
Patterns are applied in the order as specified in the ta-
ble, until a pattern is found that matches the search
string.
Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>TCP-BASED TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
lookups are directed to a TCP-based server. For a descrip-
tion of the TCP client/server lookup protocol, see <a href="tcp_table.5.html"><b>tcp_ta-</b></a>
<a href="tcp_table.5.html"><b>ble</b>(5)</a>. This feature is not available up to and including
Postfix version 2.2.
Each lookup operation uses the entire address once. Thus,
<i>user@domain</i> mail addresses are not broken up into their
<i>user@domain</i> mail addresses are not broken up into their
<i>user</i> and <i>@domain</i> constituent parts, nor is <i>user+foo</i> broken
up into <i>user</i> and <i>foo</i>.
Results are the same as with indexed file lookups.
<b>BUGS</b>
The table format does not understand quoting conventions.
The table format does not understand quoting conventions.
<b>CONFIGURATION PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the "<b>postfix reload</b>"
The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the "<b>postfix reload</b>"
command after a configuration change.
<b><a href="postconf.5.html#virtual_alias_maps">virtual_alias_maps</a></b>
List of virtual aliasing tables.
<b><a href="postconf.5.html#virtual_alias_domains">virtual_alias_domains</a></b>
List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
List of <a href="ADDRESS_CLASS_README.html#virtual_alias_class">virtual alias domains</a>. This uses the same
syntax as the <b><a href="postconf.5.html#mydestination">mydestination</a></b> parameter.
<b><a href="postconf.5.html#propagate_unmatched_extensions">propagate_unmatched_extensions</a></b>
A list of address rewriting or forwarding mecha-
nisms that propagate an address extension from the
original address to the result. Specify zero or
more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
A list of address rewriting or forwarding mecha-
nisms that propagate an address extension from the
original address to the result. Specify zero or
more of <b>canonical</b>, <b>virtual</b>, <b>alias</b>, <b>forward</b>,
<b>include</b>, or <b>generic</b>.
Other parameters of interest:
<b><a href="postconf.5.html#inet_interfaces">inet_interfaces</a></b>
The network interface addresses that this system
The network interface addresses that this system
receives mail on. You need to stop and start Post-
fix when this parameter changes.
<b><a href="postconf.5.html#mydestination">mydestination</a></b>
List of domains that this mail system considers
List of domains that this mail system considers
local.
<b><a href="postconf.5.html#myorigin">myorigin</a></b>
The domain that is appended to any address that
The domain that is appended to any address that
does not have a domain.
<b><a href="postconf.5.html#owner_request_special">owner_request_special</a></b>
@ -271,7 +271,7 @@ VIRTUAL(5) VIRTUAL(5)
<a href="VIRTUAL_README.html">VIRTUAL_README</a>, domain hosting guide
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

3
postfix/man/man5/canonical.5
View File

@ -40,8 +40,7 @@ done in a slightly different way as described below under
By default the \fBcanonical\fR(5) mapping affects both message
header addresses (i.e. addresses that appear inside messages)
and message envelope addresses (for example, the addresses
that are used in SMTP protocol commands). Think Sendmail
rule set \fBS3\fR, if you like. This is controlled with
that are used in SMTP protocol commands). This is controlled with
the \fBcanonical_classes\fR parameter.
NOTE: Postfix versions 2.2 and later rewrite message headers

2
postfix/man/man5/ldap_table.5
View File

@ -304,6 +304,8 @@ It is best not to use LDAP to store the domains eligible
for LDAP lookups.
NOTE: DO NOT define this parameter for local(8) aliases.
This feature is available in Postfix 2.1 and later.
.IP "\fBresult_attribute (default: maildrop)\fR"
The attribute(s) Postfix will read from any directory
entries returned by the lookup, to be resolved to an email

56
postfix/man/man5/postconf.5
View File

@ -506,7 +506,7 @@ and changed the default to none.
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name
\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
@ -2231,8 +2231,42 @@ Time units: s (seconds), m (minutes), h (hours), d (days), w (weeks).
The default time unit is d (days).
.PP
Specify 0 when mail delivery should be tried only once.
.SH message_reject_characters (default: empty)
The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: \ea
\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
\e\e.
.PP
Example:
.PP
.nf
.na
.ft C
message_reject_characters = \e0
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.3 and later.
.SH message_size_limit (default: 10240000)
The maximal size in bytes of a message, including envelope information.
.SH message_strip_characters (default: empty)
The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: \ea
\eb \ef \en \er \et \ev \e\fIddd\fR (up to three octal digits) and
\e\e.
.PP
Example:
.PP
.nf
.na
.ft C
message_strip_characters = \e0
.fi
.ad
.ft R
.PP
This feature is available in Postfix 2.3 and later.
.SH mime_boundary_length_limit (default: 2048)
The maximal length of MIME multipart boundary strings. The MIME
processor is unable to distinguish between boundary strings that
@ -3867,7 +3901,7 @@ is backwards compatible with Postfix 2.0.
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name
\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
@ -3893,7 +3927,7 @@ By default, no clients are allowed to specify XCLIENT.
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name
\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
@ -3918,7 +3952,7 @@ By default, no clients are allowed to specify XFORWARD.
Specify a list of network/netmask patterns, separated by commas
and/or whitespace. The mask specifies the number of bits in the
network part of a host address. You can also specify hostnames or
\&.domain names (the initial dot causes the domain to match any name
\e&.domain names (the initial dot causes the domain to match any name
below it), "/file/name" or "type:table" patterns. A "/file/name"
pattern is replaced by its contents; a "type:table" lookup table
is matched when a table entry matches a lookup string (the lookup
@ -4517,11 +4551,17 @@ The hostname and TCP port of the mail filtering proxy server.
The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
.PP
Specify host:port. The host can be specified as an IP address
or as a symbolic name; no MX lookups are done. When no host or
host: are specified, the local machine is assumed.
Specify "host:port" or "inet:host:port" for a TCP endpoint, or
"unix:pathname" for a UNIX-domain endpoint. The host can be specified
as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory.
.PP
This feature is available in Postfix 2.1 and later.
.PP
The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later.
.SH smtpd_proxy_timeout (default: 100s)
The time limit for connecting to a proxy filter and for sending or
receiving information. When a connection fails the client gets a
@ -5112,7 +5152,7 @@ or smtpd_tls_cert_file.
.PP
A certificate supplied here must be usable as SSL server
certificate and hence pass the "openssl verify -purpose sslserver
\&..." test.
\e&..." test.
.PP
Example:
.PP

2
postfix/man/man5/virtual.5
View File

@ -38,7 +38,7 @@ can have its own mailbox.
.PP
Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers.
Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
Use \fBcanonical\fR(5)
mapping to rewrite header and envelope addresses in general.
Normally, the \fBvirtual\fR(5) alias table is specified as a text file

8
postfix/man/man8/cleanup.8
View File

@ -118,6 +118,14 @@ message headers, as described in the \fBheader_checks\fR(5) manual page.
Optional lookup tables for content inspection of non-MIME message
headers in attached messages, as described in the \fBheader_checks\fR(5)
manual page.
.PP
Available in Postfix version 2.3 and later:
.IP "\fBmessage_reject_characters (empty)\fR"
The set of characters that Postfix will reject in message
content.
.IP "\fBmessage_strip_characters (empty)\fR"
The set of characters that Postfix will remove from message
content.
.SH "MIME PROCESSING CONTROLS"
.na
.nf

1
postfix/mantools/postconf2man
View File

@ -43,6 +43,7 @@ while(<>) {
$block =~ s/<\/DD>/\n/g;
$block =~ s/<DL>/\n/g;
$block =~ s/<\/DL>/\n/g;
$block =~ s/\\/\\e/g;
$block =~ s/<b>/\\fB/g;
$block =~ s/<i>/\\fI/g;
$block =~ s/<\/b>/\\fR/g;

2
postfix/mantools/postlink
View File

@ -234,7 +234,9 @@ while (<>) {
s;\bmax_use\b;<a href="postconf.5.html#max_use">$&</a>;g;
s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_backoff_time\b;<a href="postconf.5.html#maximal_backoff_time">$&</a>;g;
s;\bmaxi[-</bB>]*\n*[ <bB>]*mal_queue_lifetime\b;<a href="postconf.5.html#maximal_queue_lifetime">$&</a>;g;
s;\bmessage_reject_characters\b;<a href="postconf.5.html#message_reject_characters">$&</a>;g;
s;\bmessage_size_limit\b;<a href="postconf.5.html#message_size_limit">$&</a>;g;
s;\bmessage_strip_characters\b;<a href="postconf.5.html#message_strip_characters">$&</a>;g;
s;\bmime_boundary_length_limit\b;<a href="postconf.5.html#mime_boundary_length_limit">$&</a>;g;
s;\bmime_header_checks\b;<a href="postconf.5.html#mime_header_checks">$&</a>;g;
s;\bmime_nesting_limit\b;<a href="postconf.5.html#mime_nesting_limit">$&</a>;g;

3
postfix/postfix-install
View File

@ -44,6 +44,9 @@
# Do not ask the user for parameter settings. Installation parameters
# are specified via one of the non-interactive methods described
# below.
# .IP -package
# Build a ready-to-install package. This requires that a
# non-default install_root parameter is specified.
# INSTALLATION PARAMETER INPUT METHODS
# .ad
# .fi

2
postfix/proto/DSN_README.html
View File

@ -139,7 +139,7 @@ as discussed in the next section. </p>
<h2> <a name="compat">Postfix VERP support compatibility</a> </h2>
<p> With Postfix versions before 2.3, the sendmail(1) commands uses
<p> With Postfix versions before 2.3, the sendmail(1) command uses
the -V command-line option to request VERP-style delivery. In order
to request VERP style delivery with Postfix 2.3 and later, you must
specify -XV instead of -V. </p>

3
postfix/proto/IPV6_README.html
View File

@ -30,7 +30,8 @@ between these implementations. </p>
addresses instead of the 32-bit addresses used by IPv4. It can
therefore accommodate a much larger number of hosts and networks
without ugly kluges such as NAT. A side benefit of the much larger
address space is that it makes network scanning unpractical. </p>
address space is that it makes random network scanning unpractical.
</p>
<p> Postfix uses the same SMTP protocol over IPv6 as it already
uses over the older IPv4 network, and does AAAA record lookups in

3
postfix/proto/canonical
View File

@ -34,8 +34,7 @@
# By default the \fBcanonical\fR(5) mapping affects both message
# header addresses (i.e. addresses that appear inside messages)
# and message envelope addresses (for example, the addresses
# that are used in SMTP protocol commands). Think Sendmail
# rule set \fBS3\fR, if you like. This is controlled with
# that are used in SMTP protocol commands). This is controlled with
# the \fBcanonical_classes\fR parameter.
#
# NOTE: Postfix versions 2.2 and later rewrite message headers

2
postfix/proto/ldap_table
View File

@ -292,6 +292,8 @@
# for LDAP lookups.
#
# NOTE: DO NOT define this parameter for local(8) aliases.
#
# This feature is available in Postfix 2.1 and later.
# .IP "\fBresult_attribute (default: maildrop)\fR"
# The attribute(s) Postfix will read from any directory
# entries returned by the lookup, to be resolved to an email

42
postfix/proto/postconf.proto
View File

@ -4979,12 +4979,18 @@ The proxy receives all mail from the Postfix SMTP server, and is
supposed to give the result to another Postfix SMTP server process.
</p>
<p> Specify host:port. The host can be specified as an IP address
or as a symbolic name; no MX lookups are done. When no host or
host: are specified, the local machine is assumed. </p>
<p> Specify "host:port" or "inet:host:port" for a TCP endpoint, or
"unix:pathname" for a UNIX-domain endpoint. The host can be specified
as an IP address or as a symbolic name; no MX lookups are done.
When no "host" or "host:" are specified, the local machine is
assumed. Pathname interpretation is relative to the Postfix queue
directory. </p>
<p> This feature is available in Postfix 2.1 and later. </p>
<p> The "inet:" and "unix:" prefixes are available in Postfix 2.3
and later. </p>
%PARAM smtpd_proxy_timeout 100s
<p>
@ -8505,3 +8511,33 @@ examples are shown in the ADDRESS_REWRITING_README and
STANDARD_CONFIGURATION_README documents. </p>
<p> This feature is available in Postfix 2.2 and later. </p>
%PARAM message_reject_characters empty
<p> The set of characters that Postfix will reject in message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
message_reject_characters = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>
%PARAM message_strip_characters empty
<p> The set of characters that Postfix will remove from message
content. The usual C-like escape sequences are recognized: <tt>\a
\b \f \n \r \t \v \<i>ddd</i></tt> (up to three octal digits) and
<tt>\\</tt>. </p>
<p> Example: </p>
<pre>
message_strip_characters = \0
</pre>
<p> This feature is available in Postfix 2.3 and later. </p>

2
postfix/proto/virtual
View File

@ -32,7 +32,7 @@
# .PP
# Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers.
# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
# Use \fBcanonical\fR(5)
# mapping to rewrite header and envelope addresses in general.
#
# Normally, the \fBvirtual\fR(5) alias table is specified as a text file

2
postfix/src/bounce/bounce_notify_verp.c
View File

@ -124,7 +124,7 @@ int bounce_notify_verp(int flags, char *service, char *queue_name,
* Notify the originator, subject to DSN NOTIFY restrictions.
*/
if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */
&& (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
&& (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
bounce_status = 0;
} else {
verp_sender(verp_buf, verp_delims, recipient,

2
postfix/src/bounce/bounce_one_service.c
View File

@ -168,7 +168,7 @@ int bounce_one_service(int flags, char *queue_name, char *queue_id,
*/
else {
if (bounce_info->log_handle->rcpt.dsn_notify != 0 /* compat */
&& (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
&& (bounce_info->log_handle->rcpt.dsn_notify & DSN_NOTIFY_FAILURE) == 0) {
bounce_status = 0;
} else {
if ((bounce = post_mail_fopen_nowait(NULL_SENDER, orig_sender,

2
postfix/src/cleanup/Makefile.in
View File

@ -190,7 +190,6 @@ cleanup_bounce.o: ../../include/attr.h
cleanup_bounce.o: ../../include/been_here.h
cleanup_bounce.o: ../../include/bounce.h
cleanup_bounce.o: ../../include/cleanup_user.h
cleanup_bounce.o: ../../include/deliver_completed.h
cleanup_bounce.o: ../../include/deliver_request.h
cleanup_bounce.o: ../../include/dict.h
cleanup_bounce.o: ../../include/dsn.h
@ -317,6 +316,7 @@ cleanup_init.o: ../../include/name_mask.h
cleanup_init.o: ../../include/nvtable.h
cleanup_init.o: ../../include/resolve_clnt.h
cleanup_init.o: ../../include/string_list.h
cleanup_init.o: ../../include/stringops.h
cleanup_init.o: ../../include/sys_defs.h
cleanup_init.o: ../../include/tok822.h
cleanup_init.o: ../../include/vbuf.h

8
postfix/src/cleanup/cleanup.c
View File

@ -100,6 +100,14 @@
/* Optional lookup tables for content inspection of non-MIME message
/* headers in attached messages, as described in the \fBheader_checks\fR(5)
/* manual page.
/* .PP
/* Available in Postfix version 2.3 and later:
/* .IP "\fBmessage_reject_characters (empty)\fR"
/* The set of characters that Postfix will reject in message
/* content.
/* .IP "\fBmessage_strip_characters (empty)\fR"
/* The set of characters that Postfix will remove from message
/* content.
/* MIME PROCESSING CONTROLS
/* .ad
/* .fi

10
postfix/src/cleanup/cleanup.h
View File

@ -35,6 +35,7 @@ typedef struct CLEANUP_STATE {
VSTRING *attr_buf; /* storage for named attribute */
VSTRING *temp1; /* scratch buffer, local use only */
VSTRING *temp2; /* scratch buffer, local use only */
VSTRING *stripped_buf; /* character stripped input */
VSTREAM *dst; /* current output stream */
MAIL_STREAM *handle; /* mail stream handle */
char *queue_name; /* queue name */
@ -69,6 +70,7 @@ typedef struct CLEANUP_STATE {
int dsn_ret; /* DSN full/hdrs */
int dsn_notify; /* DSN never/delay/fail/success */
char *dsn_orcpt; /* DSN original recipient */
char *verp_delims; /* VERP delimiters (optional) */
} CLEANUP_STATE;
/*
@ -98,6 +100,12 @@ extern int cleanup_masq_flags;
extern MAPS *cleanup_send_bcc_maps;
extern MAPS *cleanup_rcpt_bcc_maps;
/*
* Character filters.
*/
extern VSTRING *cleanup_reject_chars;
extern VSTRING *cleanup_strip_chars;
/*
* Address canonicalization fine control.
*/
@ -120,7 +128,7 @@ extern MAPS *cleanup_rcpt_bcc_maps;
extern int cleanup_ext_prop_mask;
/*
* Saved queue file name, so the file can be removed in case of a fatal
* Saved queue file names, so the files can be removed in case of a fatal
* run-time error.
*/
extern char *cleanup_path;

69
postfix/src/cleanup/cleanup_api.c
View File

@ -191,7 +191,6 @@ int cleanup_flush(CLEANUP_STATE *state)
{
int status;
char *junk;
VSTRING *bounce_junk;
VSTRING *trace_junk;
/*
@ -205,41 +204,49 @@ int cleanup_flush(CLEANUP_STATE *state)
}
/*
* If there was an error that requires us to generate a bounce message,
* create bounce logfile records and reset the error flag in case of
* success. Leave it up to the queue manager to deliver the bad news. We
* can't do that ourselves, because there may also be a trace file lying
* around (with DSN SUCCESS notifications) that also needs to be reported
* to the sender, and we must be able to undo the entire cleanup request
* including bounce and trace logfiles if some error happens.
* Status sanitization. Always report success when the discard flag was
* raised by some user-specified access rule.
*/
if (state->flags & CLEANUP_FLAG_DISCARD)
state->errs = 0;
/*
* If there was an error that requires us to generate a bounce message
* (mail submitted with the Postfix sendmail command, mail forwarded by
* the local(8) delivery agent, or mail re-queued with "postsuper -r"),
* send a bounce notification, reset the error flags in case of success,
* and request deletion of the the incoming queue file and of the
* optional DSN SUCCESS records from virtual alias expansion.
*
* An incomplete message should never be bounced: it was canceled by the
* client, and may not even have an address to bounce to.
* XXX It would make no sense to knowingly report success after we already
* have bounced all recipients, especially because the information in the
* DSN SUCCESS notice is completely redundant compared to the information
* in the bounce notice (however, both may be incomplete when the queue
* file size would exceed the safety limit).
*
* If we are responsible for generating a bounce message, we must report
* success to the client unless the bounce message file could not be
* written (which is just as bad as not being able to write the message
* queue file in the first place).
* An alternative is to keep the DSN SUCCESS records and to delegate bounce
* notification to the queue manager, just like we already delegate
* success notification. This requires that we leave the undeliverable
* message in the incoming queue; versions up to 20050726 did exactly
* that. Unfortunately, this broke with over-size queue files, because
* the queue manager cannot handle incomplete queue files (and it should
* not try to do so).
*/
#define CAN_BOUNCE() \
((state->errs & CLEANUP_STAT_MASK_CANT_BOUNCE) == 0 \
&& state->sender != 0 \
&& (state->flags & CLEANUP_FLAG_BOUNCE) != 0)
if (state->errs != 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0
&& CAN_BOUNCE())
if (state->errs != 0 && CAN_BOUNCE())
cleanup_bounce(state);
/*
* If there are no errors, be very picky about queue file write errors
* because we are about to tell the sender that it can throw away its
* copy of the message.
*
* Optionally, place the message on hold, but only if the message was
* received successfully. This involves renaming the queue file before
* "finishing" it (or else the queue manager would open it for delivery)
* and updating our own idea of the queue file name for error recovery
* and for error reporting purposes.
* received successfully and only if it's not being discarded for other
* reasons. This involves renaming the queue file before "finishing" it
* (or else the queue manager would grab it too early) and updating our
* own idea of the queue file name for error recovery and for error
* reporting purposes.
*/
if (state->errs == 0 && (state->flags & CLEANUP_FLAG_DISCARD) == 0) {
if ((state->flags & CLEANUP_FLAG_HOLD) != 0) {
@ -265,22 +272,18 @@ int cleanup_flush(CLEANUP_STATE *state)
state->errs = mail_stream_finish(state->handle, (VSTRING *) 0);
} else {
mail_stream_cleanup(state->handle);
if ((state->flags & CLEANUP_FLAG_DISCARD) != 0)
state->errs = 0;
}
state->handle = 0;
state->dst = 0;
/*
* If there was an error, remove the queue file, the optional bounce
* logfile with undeliverable recipients, and the optional trace file
* with DSN SUCCESS notifications.
* If there was an error, or if the message must be discarded for other
* reasons, remove the queue file and the optional trace file with DSN
* SUCCESS records from virtual alias expansion.
*/
if (state->errs != 0 || (state->flags & CLEANUP_FLAG_DISCARD) != 0) {
if (cleanup_trace_path)
(void) REMOVE(vstring_str(cleanup_trace_path));
if (cleanup_bounce_path)
(void) REMOVE(vstring_str(cleanup_bounce_path));
if (REMOVE(cleanup_path))
msg_warn("remove %s: %m", cleanup_path);
}
@ -292,15 +295,11 @@ int cleanup_flush(CLEANUP_STATE *state)
*/
trace_junk = cleanup_trace_path;
cleanup_trace_path = 0; /* don't delete upon error */
bounce_junk = cleanup_bounce_path;
cleanup_bounce_path = 0; /* don't delete upon error */
junk = cleanup_path;
cleanup_path = 0; /* don't delete upon error */
if (trace_junk)
vstring_free(trace_junk);
if (bounce_junk)
vstring_free(bounce_junk);
myfree(junk);
/*

80
postfix/src/cleanup/cleanup_bounce.c
View File

@ -12,7 +12,8 @@
/* cleanup_bounce() updates the bounce log on request by client
/* programs that cannot handle such problems themselves.
/*
/* Upon successful completion, all error flags are reset.
/* Upon successful completion, all error flags are reset,
/* and the message is scheduled for deletion.
/* Otherwise, the CLEANUP_STAT_WRITE error flag is raised.
/*
/* Arguments:
@ -52,7 +53,6 @@
#include <dsn_mask.h>
#include <mail_queue.h>
#include <dsn_attr_map.h>
#include <deliver_completed.h>
/* Application-specific. */
@ -65,24 +65,10 @@
static void cleanup_bounce_append(CLEANUP_STATE *state, RECIPIENT *rcpt,
DSN *dsn)
{
const char *myname = "cleanup_bounce_append";
long last_offset;
if (cleanup_bounce_path == 0) {
cleanup_bounce_path = vstring_alloc(10);
(void) mail_queue_path(cleanup_bounce_path, MAIL_QUEUE_BOUNCE,
state->queue_id);
}
if (bounce_append(BOUNCE_FLAG_CLEAN, state->queue_id, state->time,
rcpt, "none", dsn) != 0) {
msg_warn("%s: bounce logfile update error", state->queue_id);
state->errs |= CLEANUP_STAT_WRITE;
} else if (rcpt->offset > 0) {
if ((last_offset = vstream_ftell(state->dst)) < 0)
msg_fatal("%s: vstream_ftell %s: %m", myname, cleanup_path);
deliver_completed(state->dst, rcpt->offset);
if (vstream_fseek(state->dst, last_offset, SEEK_SET) < 0)
msg_fatal("%s: seek %s: %m", myname, cleanup_path);
}
}
@ -108,6 +94,10 @@ int cleanup_bounce(CLEANUP_STATE *state)
int rec_type;
int junk;
long curr_offset;
const char *encoding;
const char *dsn_envid;
int dsn_ret;
int bounce_err;
/*
* Parse the failure reason if one was given, otherwise use a generic
@ -127,18 +117,19 @@ int cleanup_bounce(CLEANUP_STATE *state)
* Create a bounce logfile with one entry for each final recipient.
* Degrade gracefully in case of no recipients or no queue file.
*
* We're NOT going to flush the bounce file from the cleanup server; if we
* need to write trace logfile records, and the trace service fails, we
* must be able to cancel the entire cleanup request including any trace
* or bounce logfiles. The queue manager will flush the bounce (and
* trace) logfile, possibly after it has generated its own success or
* failure notification records.
*
* Victor Duchovni observes that the number of recipients in the queue file
* can potentially be very large due to virtual alias expansion. This can
* expand the recipient count by virtual_alias_expansion_limit (default:
* 1000) times.
*
* After a queue file size error, purge any unwritten data (so that
* vstream_fseek() won't fail while trying to flush it) and reset the
* stream error flags to avoid false alarms.
*/
if (state->errs & CLEANUP_STAT_SIZE) {
(void) vstream_fpurge(state->dst);
vstream_clearerr(state->dst);
}
if (vstream_fseek(state->dst, 0L, SEEK_SET) < 0)
msg_fatal("%s: seek %s: %m", myname, cleanup_path);
@ -206,12 +197,51 @@ int cleanup_bounce(CLEANUP_STATE *state)
/*
* No recipients. Yes, this can happen.
*/
if (rcpt == 0) {
if ((state->errs & CLEANUP_STAT_WRITE) == 0 && rcpt == 0) {
RECIPIENT_ASSIGN(&recipient, 0, "", 0, "", "unknown");
(void) DSN_SIMPLE(&dsn, dsn_status, dsn_text);
cleanup_bounce_append(state, &recipient, &dsn);
}
vstring_free(buf);
return (state->errs &= CLEANUP_STAT_WRITE);
/*
* Flush the bounce logfile to the sender. See also qmgr_active.c.
*/
if ((state->errs & CLEANUP_STAT_WRITE) == 0) {
if ((encoding = nvtable_find(state->attr, MAIL_ATTR_ENCODING)) == 0)
encoding = MAIL_ATTR_ENC_NONE;
dsn_envid = state->dsn_envid ?
state->dsn_envid : "";
dsn_ret = (state->errs & (CLEANUP_STAT_CONT | CLEANUP_STAT_SIZE)) ?
DSN_RET_HDRS : state->dsn_ret;
if (state->verp_delims == 0 || var_verp_bounce_off) {
bounce_err =
bounce_flush(BOUNCE_FLAG_CLEAN,
state->queue_name, state->queue_id,
encoding, state->sender, dsn_envid,
dsn_ret);
} else {
bounce_err =
bounce_flush_verp(BOUNCE_FLAG_CLEAN,
state->queue_name, state->queue_id,
encoding, state->sender, dsn_envid,
dsn_ret, state->verp_delims);
}
if (bounce_err != 0) {
msg_warn("%s: bounce message failure", state->queue_id);
state->errs |= CLEANUP_STAT_WRITE;
}
}
/*
* Schedule this message (and trace logfile) for deletion when all is
* well. When all is not well these files would be deleted too, but the
* client would get a different completion status so we have to carefully
* maintain the bits anyway.
*/
if ((state->errs &= CLEANUP_STAT_WRITE) == 0)
state->flags |= CLEANUP_FLAG_DISCARD;
return (state->errs);
}

16
postfix/src/cleanup/cleanup_envelope.c
View File

@ -368,6 +368,22 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type,
}
return;
}
/* XXX Needed for cleanup_bounce(); sanity check usage. */
if (type == REC_TYPE_VERP) {
if (state->verp_delims == 0) {
if (state->sender == 0 || state->sender[0] == 0) {
msg_warn("%s: ignoring VERP request for null sender",
state->queue_id);
} else if (verp_delims_verify(buf) != 0) {
msg_warn("%s: ignoring bad VERP request: \"%.100s\"",
state->queue_id, buf);
} else {
state->verp_delims = mystrdup(buf);
cleanup_out(state, type, buf, len);
}
}
return;
}
if (type == REC_TYPE_ATTR) {
if (state->attr->used >= var_qattr_count_limit) {
msg_warn("%s: message rejected: attribute count exceeds limit %d",

38
postfix/src/cleanup/cleanup_extracted.c
View File

@ -126,24 +126,24 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type,
* an upgrade without losing mail.
*/
if (type == REC_TYPE_ATTR) {
vstring_strcpy(state->attr_buf, buf);
error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value);
if (error_text != 0) {
msg_warn("%s: message rejected: malformed attribute: %s: %.100s",
state->queue_id, error_text, buf);
state->errs |= CLEANUP_STAT_BAD;
return;
}
/* Zero-length values are place holders for unavailable values. */
if (*attr_value == 0) {
msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
state->queue_id, attr_name);
return;
}
if ((junk = dsn_attr_map(attr_name)) != 0) {
buf = attr_value;
type = junk;
}
vstring_strcpy(state->attr_buf, buf);
error_text = split_nameval(STR(state->attr_buf), &attr_name, &attr_value);
if (error_text != 0) {
msg_warn("%s: message rejected: malformed attribute: %s: %.100s",
state->queue_id, error_text, buf);
state->errs |= CLEANUP_STAT_BAD;
return;
}
/* Zero-length values are place holders for unavailable values. */
if (*attr_value == 0) {
msg_warn("%s: spurious null attribute value for \"%s\" -- ignored",
state->queue_id, attr_name);
return;
}
if ((junk = dsn_attr_map(attr_name)) != 0) {
buf = attr_value;
type = junk;
}
}
/*
@ -251,7 +251,7 @@ void cleanup_extracted_process(CLEANUP_STATE *state, int type,
}
}
/* cleanup_extracted_finish - process one extracted envelope record */
/* cleanup_extracted_finish - complete the third message segment */
void cleanup_extracted_finish(CLEANUP_STATE *state)
{

35
postfix/src/cleanup/cleanup_init.c
View File

@ -24,7 +24,6 @@
/*
/* char *cleanup_path;
/* VSTRING *cleanup_trace_path;
/* VSTRING *cleanup_bounce_path;
/*
/* void cleanup_all()
/*
@ -54,8 +53,6 @@
/* trace logfile with DSN SUCCESS notifications. This information is
/* used to remove a trace file when the mail transaction is canceled.
/*
/* cleanup_bounce_path is the same for removing a bounce logfile.
/*
/* cleanup_all() must be called in case of fatal error, in order
/* to remove an incomplete queue file.
/*
@ -80,12 +77,14 @@
#include <sys_defs.h>
#include <signal.h>
#include <string.h>
/* Utility library. */
#include <msg.h>
#include <iostuff.h>
#include <name_mask.h>
#include <stringops.h>
/* Global library. */
@ -109,7 +108,6 @@ char *cleanup_path; /* queue file name */
* logfiles that need to be cleaned up when the cleanup request is aborted.
*/
VSTRING *cleanup_trace_path;
VSTRING *cleanup_bounce_path;
/*
* Tunable parameters.
@ -143,6 +141,9 @@ int var_body_check_len; /* when to stop body scan */
char *var_send_bcc_maps; /* sender auto-bcc maps */
char *var_rcpt_bcc_maps; /* recipient auto-bcc maps */
char *var_remote_rwr_domain; /* header-only surrogate */
char *var_msg_reject_chars; /* reject these characters */
char *var_msg_strip_chars; /* strip these characters */
int var_verp_bounce_off; /* don't verp the bounces */
CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
@ -156,6 +157,7 @@ CONFIG_INT_TABLE cleanup_int_table[] = {
CONFIG_BOOL_TABLE cleanup_bool_table[] = {
VAR_ENABLE_ORCPT, DEF_ENABLE_ORCPT, &var_enable_orcpt,
VAR_VERP_BOUNCE_OFF, DEF_VERP_BOUNCE_OFF, &var_verp_bounce_off,
0,
};
@ -186,6 +188,8 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_SEND_BCC_MAPS, DEF_SEND_BCC_MAPS, &var_send_bcc_maps, 0, 0,
VAR_RCPT_BCC_MAPS, DEF_RCPT_BCC_MAPS, &var_rcpt_bcc_maps, 0, 0,
VAR_REM_RWR_DOMAIN, DEF_REM_RWR_DOMAIN, &var_remote_rwr_domain, 0, 0,
VAR_MSG_REJECT_CHARS, DEF_MSG_REJECT_CHARS, &var_msg_reject_chars, 0, 0,
VAR_MSG_STRIP_CHARS, DEF_MSG_STRIP_CHARS, &var_msg_strip_chars, 0, 0,
0,
};
@ -209,6 +213,12 @@ int cleanup_masq_flags;
MAPS *cleanup_send_bcc_maps;
MAPS *cleanup_rcpt_bcc_maps;
/*
* Character filters.
*/
VSTRING *cleanup_reject_chars;
VSTRING *cleanup_strip_chars;
/*
* Address extension propagation restrictions.
*/
@ -238,10 +248,6 @@ void cleanup_sig(int sig)
(void) REMOVE(vstring_str(cleanup_trace_path));
cleanup_trace_path = 0;
}
if (cleanup_bounce_path) {
(void) REMOVE(vstring_str(cleanup_bounce_path));
cleanup_bounce_path = 0;
}
if (cleanup_path) {
(void) REMOVE(cleanup_path);
cleanup_path = 0;
@ -360,4 +366,17 @@ void cleanup_post_jail(char *unused_name, char **unused_argv)
*/
cleanup_ext_prop_mask =
ext_prop_mask(VAR_PROP_EXTENSION, var_prop_extension);
/*
* Setup the filters for characters that should be rejected, and for
* characters that should be removed.
*/
if (*var_msg_reject_chars) {
cleanup_reject_chars = vstring_alloc(strlen(var_msg_reject_chars));
unescape(cleanup_reject_chars, var_msg_reject_chars);
}
if (*var_msg_strip_chars) {
cleanup_strip_chars = vstring_alloc(strlen(var_msg_strip_chars));
unescape(cleanup_strip_chars, var_msg_strip_chars);
}
}

46
postfix/src/cleanup/cleanup_message.c
View File

@ -293,6 +293,7 @@ static void cleanup_act_log(CLEANUP_STATE *state,
#define CLEANUP_ACT_CTXT_HEADER "header"
#define CLEANUP_ACT_CTXT_BODY "body"
#define CLEANUP_ACT_CTXT_ANY "content"
/* cleanup_act - act upon a header/body match */
@ -703,8 +704,51 @@ static void cleanup_body_callback(void *context, int type,
static void cleanup_message_headerbody(CLEANUP_STATE *state, int type,
const char *buf, ssize_t len)
{
char *myname = "cleanup_message_headerbody";
const char *myname = "cleanup_message_headerbody";
MIME_STATE_DETAIL *detail;
const char *cp;
char *dst;
/*
* Reject unwanted characters.
*
* XXX Possible optimization: simplify the loop when the "reject" set
* contains only one character.
*/
if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_reject_chars) {
for (cp = buf; cp < buf + len; cp++) {
if (memchr(vstring_str(cleanup_reject_chars),
*(const unsigned char *) cp,
VSTRING_LEN(cleanup_reject_chars))) {
cleanup_act(state, CLEANUP_ACT_CTXT_ANY,
buf, "REJECT disallowed character",
"character reject");
return;
}
}
}
/*
* Strip unwanted characters. Don't overwrite the input.
*
* XXX Possible optimization: simplify the loop when the "strip" set
* contains only one character.
*
* XXX Possible optimization: copy the input only if we really have to.
*/
if ((state->flags & CLEANUP_FLAG_FILTER) && cleanup_strip_chars) {
VSTRING_RESET(state->stripped_buf);
VSTRING_SPACE(state->stripped_buf, len + 1);
dst = vstring_str(state->stripped_buf);
for (cp = buf; cp < buf + len; cp++)
if (!memchr(vstring_str(cleanup_strip_chars),
*(const unsigned char *) cp,
VSTRING_LEN(cleanup_strip_chars)))
*dst++ = *cp;
*dst = 0;
buf = vstring_str(state->stripped_buf);
len = dst - buf;
}
/*
* Copy text record to the output.

7
postfix/src/cleanup/cleanup_state.c
View File

@ -59,6 +59,8 @@ CLEANUP_STATE *cleanup_state_alloc(void)
state->attr_buf = vstring_alloc(10);
state->temp1 = vstring_alloc(10);
state->temp2 = vstring_alloc(10);
if (cleanup_strip_chars)
state->stripped_buf = vstring_alloc(10);
state->dst = 0;
state->handle = 0;
state->queue_name = 0;
@ -94,6 +96,7 @@ CLEANUP_STATE *cleanup_state_alloc(void)
state->dsn_ret = 0;
state->dsn_notify = 0;
state->dsn_orcpt = 0;
state->verp_delims = 0;
return (state);
}
@ -104,6 +107,8 @@ void cleanup_state_free(CLEANUP_STATE *state)
vstring_free(state->attr_buf);
vstring_free(state->temp1);
vstring_free(state->temp2);
if (cleanup_strip_chars)
vstring_free(state->stripped_buf);
if (state->fullname)
myfree(state->fullname);
if (state->sender)
@ -134,5 +139,7 @@ void cleanup_state_free(CLEANUP_STATE *state)
myfree(state->dsn_envid);
if (state->dsn_orcpt)
myfree(state->dsn_orcpt);
if (state->verp_delims)
myfree(state->verp_delims);
myfree((char *) state);
}

52
postfix/src/global/bounce.c
View File

@ -24,6 +24,17 @@
/* const char *dsn_envid;
/* int dsn_ret;
/*
/* int bounce_flush_verp(flags, queue, id, encoding, sender,
/* dsn_envid, dsn_ret, verp_delims)
/* int flags;
/* const char *queue;
/* const char *id;
/* const char *encoding;
/* const char *sender;
/* const char *dsn_envid;
/* int dsn_ret;
/* const char *verp_delims;
/*
/* int bounce_one(flags, queue, id, encoding, sender, envid, ret,
/* entry, recipient, relay, dsn)
/* int flags;
@ -53,6 +64,10 @@
/* built with bounce_append(). The bounce logfile is removed
/* upon successful completion.
/*
/* bounce_flush_verp() is like bounce_flush(), but sends one
/* notification per recipient, with the failed recipient encoded
/* into the sender address.
/*
/* bounce_one() bounces one recipient and immediately sends a
/* notification to the sender. This procedure does not append
/* the recipient and dsn_text to the per-message bounce log, and
@ -101,6 +116,9 @@
/* Optional DSN return full/headers option.
/* .IP dsn
/* Delivery status. See dsn(3). The specified action is ignored.
/* .IP verp_delims
/* VERP delimiter characters, used when encoding the failed
/* sender into the envelope sender address.
/* DIAGNOSTICS
/* In case of success, these functions log the action, and return a
/* zero value. Otherwise, the functions return a non-zero result,
@ -276,6 +294,40 @@ int bounce_flush(int flags, const char *queue, const char *id,
}
}
/* bounce_flush_verp - verpified notification */
int bounce_flush_verp(int flags, const char *queue, const char *id,
const char *encoding, const char *sender,
const char *dsn_envid, int dsn_ret,
const char *verp_delims)
{
/*
* When we're pretending that we can't bounce, don't send a bounce
* message.
*/
if (var_soft_bounce)
return (-1);
if (mail_command_client(MAIL_CLASS_PRIVATE, var_bounce_service,
ATTR_TYPE_NUM, MAIL_ATTR_NREQ, BOUNCE_CMD_VERP,
ATTR_TYPE_NUM, MAIL_ATTR_FLAGS, flags,
ATTR_TYPE_STR, MAIL_ATTR_QUEUE, queue,
ATTR_TYPE_STR, MAIL_ATTR_QUEUEID, id,
ATTR_TYPE_STR, MAIL_ATTR_ENCODING, encoding,
ATTR_TYPE_STR, MAIL_ATTR_SENDER, sender,
ATTR_TYPE_STR, MAIL_ATTR_DSN_ENVID, dsn_envid,
ATTR_TYPE_NUM, MAIL_ATTR_DSN_RET, dsn_ret,
ATTR_TYPE_STR, MAIL_ATTR_VERPDL, verp_delims,
ATTR_TYPE_END) == 0) {
return (0);
} else if ((flags & BOUNCE_FLAG_CLEAN) == 0) {
msg_info("%s: status=deferred (bounce failed)", id);
return (-1);
} else {
return (-1);
}
}
/* bounce_one - send notice for one recipient */
int bounce_one(int flags, const char *queue, const char *id,

2
postfix/src/global/bounce.h
View File

@ -28,6 +28,8 @@ extern int bounce_append(int, const char *, time_t, RECIPIENT *,
const char *, DSN *);
extern int bounce_flush(int, const char *, const char *, const char *,
const char *, const char *, int);
extern int bounce_flush_verp(int, const char *, const char *, const char *,
const char *, const char *, int, const char *);
extern int bounce_one(int, const char *, const char *, const char *,
const char *, const char *,
int, time_t, RECIPIENT *,

11
postfix/src/global/mail_params.h
View File

@ -2362,6 +2362,17 @@ extern char *var_smtp_ehlo_dis_maps;
*/
extern const char null_format_string[1];
/*
* Characters to reject or strip.
*/
#define VAR_MSG_REJECT_CHARS "message_reject_characters"
#define DEF_MSG_REJECT_CHARS ""
extern char *var_msg_reject_chars;
#define VAR_MSG_STRIP_CHARS "message_strip_characters"
#define DEF_MSG_STRIP_CHARS ""
extern char *var_msg_strip_chars;
/* LICENSE
/* .ad
/* .fi

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20050726"
#define MAIL_RELEASE_DATE "20050829"
#define MAIL_VERSION_NUMBER "2.3"
#ifdef SNAPSHOT

2
postfix/src/oqmgr/qmgr_active.c
View File

@ -272,6 +272,8 @@ void qmgr_active_done(QMGR_MESSAGE *message)
*
* Bounces are sent asynchronously to avoid stalling while the cleanup
* daemon waits for the qmgr to accept the "new mail" trigger.
*
* See also code in cleanup_bounce.c.
*/
if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) {
if (st.st_size == 0) {

2
postfix/src/qmgr/qmgr_active.c
View File

@ -272,6 +272,8 @@ void qmgr_active_done(QMGR_MESSAGE *message)
*
* Bounces are sent asynchronously to avoid stalling while the cleanup
* daemon waits for the qmgr to accept the "new mail" trigger.
*
* See also code in cleanup_bounce.c.
*/
if (stat(mail_queue_path((VSTRING *) 0, MAIL_QUEUE_BOUNCE, message->queue_id), &st) == 0) {
if (st.st_size == 0) {

18
postfix/src/smtpd/smtpd_proxy.c
View File

@ -250,6 +250,8 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
0, 0,
};
CLEANUP_STAT_DETAIL *detail;
int (*connect_fn) (const char *, int, int);
const char *endpoint;
/*
* This buffer persists beyond the end of a proxy session so we can
@ -258,10 +260,24 @@ int smtpd_proxy_open(SMTPD_STATE *state, const char *service,
if (state->proxy_buffer == 0)
state->proxy_buffer = vstring_alloc(10);
/*
* Find connection method (default inet)
*/
if (strncasecmp("unix:", service, 5) == 0) {
endpoint = service + 5;
connect_fn = unix_connect;
} else {
if (strncasecmp("inet:", service, 5) == 0)
endpoint = service + 5;
else
endpoint = service;
connect_fn = inet_connect;
}
/*
* Connect to proxy.
*/
if ((fd = inet_connect(service, BLOCKING, timeout)) < 0) {
if ((fd = connect_fn(endpoint, BLOCKING, timeout)) < 0) {
state->error_mask |= MAIL_ERROR_SOFTWARE;
state->err |= CLEANUP_STAT_PROXY;
msg_warn("connect to proxy service %s: %m", service);

11
postfix/src/tls/tls_misc.c
View File

@ -105,8 +105,8 @@ TLScontext_t *tls_alloc_context(int log_level, const char *peername)
TLScontext_t *TLScontext;
/*
* PORTABILITY: Do not assume that null pointers are all-zero bits.
* Use explicit assignments to initialize pointers.
* PORTABILITY: Do not assume that null pointers are all-zero bits. Use
* explicit assignments to initialize pointers.
*
* See the C language FAQ item 5.17, or if you have time to burn,
* http://www.google.com/search?q=zero+bit+null+pointer
@ -288,4 +288,11 @@ long tls_bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
return (ret);
}
#else
/*
* Broken linker workaround.
*/
int tls_dummy_for_broken_linkers;
#endif

7
postfix/src/util/sane_accept.c
View File

@ -59,6 +59,9 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len)
EWOULDBLOCK,
ENOBUFS, /* HPUX11 */
ECONNABORTED,
#ifdef EPROTO
EPROTO, /* SunOS 5.5.1 */
#endif
0,
};
int count;
@ -71,6 +74,10 @@ int sane_accept(int sock, struct sockaddr * sa, SOCKADDR_SIZE *len)
* hosed beyond recovery. There is no point treating this as a beneficial
* error result because the program would go into a tight loop.
*
* XXX Solaris 2.5.1 accept() returns EPROTO when a TCP client has
* disconnected in the mean time. Since there is no connection, it is
* safe to map the error code onto EAGAIN.
*
* XXX LINUX < 2.1 accept() wakes up before the three-way handshake is
* complete, so it can fail with ECONNRESET and other "false alarm"
* indications.

56
postfix/src/util/vstream.c
View File

@ -58,6 +58,9 @@
/* int vstream_fflush(stream)
/* VSTREAM *stream;
/*
/* int vstream_fpurge(stream)
/* VSTREAM *stream;
/*
/* ssize_t vstream_fread(stream, buf, len)
/* VSTREAM *stream;
/* char *buf;
@ -210,6 +213,12 @@
/* vstream_fflush() returns 0 in case of success, VSTREAM_EOF in
/* case of problems. It is an error to flush a read-only stream.
/*
/* vstream_fpurge() discards the contents of the stream buffer.
/* In the case of a double-buffered stream, it discards the
/* content of both the read and write buffers.
/* vstream_fpurge() returns 0 in case of success, VSTREAM_EOF in
/* case of problems.
/*
/* vstream_fread() and vstream_fwrite() perform unformatted I/O
/* on the named stream. The result value is the number of bytes
/* transferred. A short count is returned in case of end-of-file
@ -800,6 +809,53 @@ static int vstream_buf_space(VBUF *bp, ssize_t want)
return (vstream_ferror(stream) ? VSTREAM_EOF : 0); /* mmap() may fail */
}
/* vstream_fpurge - discard unread or unwritten content */
int vstream_fpurge(VSTREAM *stream)
{
const char *myname = "vstream_fpurge";
VBUF *bp = &stream->buf;
/*
* To discard all unread contents, position the read buffer at its end,
* so that we skip over any unread data, and so that the next read
* operation will refill the buffer.
*
* To discard all unwritten content, position the write buffer at its
* beginning, so that the next write operation clobbers any unwritten
* data.
*/
switch (bp->flags & (VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE)) {
case VSTREAM_FLAG_READ_DOUBLE:
VSTREAM_BUF_AT_START(&stream->write_buf);
/* FALLTHROUGH */
case VSTREAM_FLAG_READ:
VSTREAM_BUF_AT_END(bp);
break;
case VSTREAM_FLAG_DOUBLE:
VSTREAM_BUF_AT_START(&stream->write_buf);
VSTREAM_BUF_AT_END(&stream->read_buf);
break;
case VSTREAM_FLAG_WRITE_DOUBLE:
VSTREAM_BUF_AT_END(&stream->read_buf);
/* FALLTHROUGH */
case VSTREAM_FLAG_WRITE:
VSTREAM_BUF_AT_START(bp);
break;
case VSTREAM_FLAG_READ_DOUBLE | VSTREAM_FLAG_WRITE:
case VSTREAM_FLAG_READ | VSTREAM_FLAG_WRITE:
msg_panic("%s: read/write stream", myname);
}
/*
* Invalidate the cached file seek position.
*/
bp->flags &= ~VSTREAM_FLAG_SEEK;
stream->offset = 0;
return (0);
}
/* vstream_fseek - change I/O position */
off_t vstream_fseek(VSTREAM *stream, off_t offset, int whence)

1
postfix/src/util/vstream.h
View File

@ -75,6 +75,7 @@ extern VSTREAM *vstream_fopen(const char *, int, mode_t);
extern int vstream_fclose(VSTREAM *);
extern off_t vstream_fseek(VSTREAM *, off_t, int);
extern off_t vstream_ftell(VSTREAM *);
extern int vstream_fpurge(VSTREAM *);
extern int vstream_fflush(VSTREAM *);
extern int vstream_fputs(const char *, VSTREAM *);
extern VSTREAM *vstream_fdopen(int, int);