mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 21:55:20 +00:00
Code Issues Releases Wiki Activity

snapshot-20010714

Browse Source
This commit is contained in:
Wietse Venema
2001-07-14 00:00:00 -05:00
committed by Viktor Dukhovni
parent a94bf41134
commit 0491e41ef6
32 changed files with 407 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
postfix/HISTORY
View File

@@ -5322,3 +5322,28 @@ Apologies for any names omitted.
than -) Postfix will now recognize address extensions even
with owner-foo+extension addresses. This is necessary to
make VERP work for mailing lists.
20010710
Bugfix: potential memory leak in the queue managers with
the new VERP delimiter record. Fix by Patrik Rak.
20010711
Cleanup: you can now specify the VERP delimiter characters
on the sendmail(1) command line, but they are still optional.
Safety: with maildir style delivery and with hashed mailboxes
the system mail spool directory must not be world writable.
20010713
Safety: the verp_delimiter_filter parameter (default: -=+)
limits what characters Postfix accepts as VERP delimiter
characters.
20010714
Logging: the queue manager now logs a "status=expired"
record when it returns a message that is too old. Files:
*qmgr/qmgr_active.c.

40
postfix/QMQP_README
View File

@@ -3,7 +3,7 @@ Postfix QMQP server support
Postfix has preliminary server support for the QMQP protocol, so
that Postfix can be used as a backend for the Ezmlm-idx mailing
list manager. This support includes qmqp-source and qmqp-sink
list manager. This support includes the qmqp-source and qmqp-sink
programs for protocol stress testing.
Turning on the Postfix QMQP service
@@ -14,6 +14,7 @@ have to add the following line to /etc/postfix/master.cf:
628 inet n - n - - qmqpd
A "postfix reload" command is necessary to enable the service.
Postfix QMQP server access control
==================================
@@ -25,21 +26,48 @@ This is because the QMQP server relays mail to any destination
To authorize QMQP clients, edit /etc/postfix/main.cf and specify
a list of client patterns.
qmqp_authorized_clients = client, client, ...
qmqpd_authorized_clients = client, client, ...
Example:
qmqpd_authorized_clients = $mynetworks
A list pattern specifies a host name, a domain name, an internet
address, or a network/mask pattern, where the mask specifies the
number of bits in the network part. When a pattern specifies a
file name, its contents are substituted for the file name; when a
pattern is a type:name table specification, table lookup is used
instead.
instead. This allows you to administer the trusted clients in LDAP
or regular expression maps, both of which are probably overkill.
Patterns are separated by whitespace and/or commas. In order to
reverse the result, precede a non-file name pattern with an
exclamation point (!).
Setting up Ezmlm-idx to use Postfix QMQP support
Setting up ezmlm-idx to use Postfix QMQP support
================================================
You need to list the Postfix IP address in a suitable configuration
file. See the ezmlm-idx documentation for details.
Note: you still need qmail to feed the messages INTO ezmlm-idx.
Postfix presently only supports distribution of mailing list traffic
FROM ezmlm-idx.
http://www.ezmlm.org/faq-0.40/FAQ-4.html#ss4.19 describes how to
make ezmlm-idx work over QMQP.
The following is based on hearsay. Do not ask Wietse how to make
ezmlm-idx work. Wietse does not have the time to personally install
and play with every mailing list manager.
1 - You must list QMQP servers with numerical IP address. Hostnames
do not work. This means you cannot DNS-based load balancing to
spread the load over multiple QMQP servers.
2 - QMQP support is incomplete with ezmlm-idx-0.40.
- ezmlm-send will use QMQP if you specify the undocumented -Q
command-line option in your .qmail-listname file.
- ezmlm-get will use QMQP if the file qmpqservers/0 exists.
- ezmlm-moderate does not support QMQP. This is not a problem
if you only use unmoderated mailing lists.

16
postfix/RELEASE_NOTES
View File

@@ -1,3 +1,19 @@
Incompatible changes with snapshot-20010714
===========================================
Postfix delivery agents now refuse to create a missing maildir or
mail spool subdirectory when its parent directory is world writable.
This is necessary to prevent security problems with maildirs or
with hashed mailboxes under a world writable mail spool directory.
Major changes with snapshot-20010714
====================================
No major changes. What changes were made result in more polished
VERP (variable envelope return path) support and documentation,
and in updated documentation on how to use Postfix QMQP with the
ezmlm-idx mailing list manager.
Incompatible changes with snapshot-20010709
===========================================

80
postfix/VERP_README
View File

@@ -1,33 +1,55 @@
[Note: this document still needs more examples]
Postfix VERP support
====================
Postfix supports variable envelope return path addresses, which
means that each recipient receives a customized copy of the message,
with the recipient address encoded in the envelope sender address.
This concept was popularized by the qmail MTA and by the ezmlm
Postfix supports variable envelope return path addresses on request.
When VERP style delivery is requested, each recipient of a message
receives a customized copy of the message, with his/her own recipient
address encoded in the envelope sender address.
For example, when VERP style delivery is requested, Postfix delivers
mail from owner-listname@origin for a recipient user@domain, with
a sender address that encodes the recipient as follows:
owner-listname+user=domain@origin
Thus, undeliverable mail can reveal the undeliverable recipient
address without requiring the list owner to parse bounce messages.
The VERP concept was popularized by the qmail MTA and by the ezmlm
mailing list manager.
When VERP style delivery is requested, Postfix delivers mail with
sender address prefix@origin for a recipient user@domain, with a
sender address that encodes the recipient as follows:
The whole process is controlled by two configuration parameters.
prefix+user=domain@origin
- default_verp_delimiters (default value: +=) controls what VERP
delimiter characters Postfix uses when VERP style delivery is
requested but no explicit delimiters are specified.
so that undeliverable mail reveals what address was undeliverable.
The + and = are the default VERP delimiters. You can specify non-
default delimiters in main.cf with the default_verp_delimiters
configuration parameter (default value: +=). Specify two characters;
the first delimiter should match the $recipient_delimiter setting.
- verp_delimiter_filter (default: -+=) controls what characters
Postfix accepts as VERP delimiter characters. Many characters can
not be used as VERP delimiter characters, either because they
already have a special meaning in email addresses (such as the @
or the %), because they appear as part of a username or domain name
(such as alphanumerics), or because they are non-ASCII or control
characters. And who knows, some characters may tickle bugs in
vulnerable software.
Using VERP with majordomo etc. mailing lists
============================================
In order to make VERP useful with majordomo etc. mailing lists,
you would configure the list manager to submit mail as:
you would configure the list manager to submit mail according
to one of the following two forms:
sendmail -V -f owner-listname other-arguments...
sendmail -V+= -f owner-listname other-arguments...
The first form uses the default main.cf VERP delimiter characters.
The second form allows you to explicitly specify the VERP delimiter
characters. The example shows the recommended values.
This text assumes that you have set up an owner-listname alias that
routes undeliverable mail to a real person:
@@ -61,6 +83,10 @@ to the following address:
owner-listname+user=domain@your.domain
which is processed by the command in your .forward+listname file.
The message should contain, among others, a To: header with the
encapsulated recipient sender address:
To: owner-listname+user=domain@your.domain
It is left as an exercise for the reader to parse the To: header
line and to pull out the user=domain part from the recipient address.
@@ -72,25 +98,35 @@ The Postfix SMTP server has a new command XVERP to enable VERP
style delivery. The syntax allows two forms:
MAIL FROM:<sender@domain> XVERP
MAIL FROM:<sender@domain> XVERP=xy
where x and y are the VERP delimiters. When no VERP delimiters
are specified, Postfix uses the two characters specified with the
default_verp_delimiters configuration parameter.
MAIL FROM:<sender@domain> XVERP=+=
The first form uses the default main.cf VERP delimiters, the second
form overrides them explicitly. The values shown are the recommended
ones.
VERP support in the Postfix sendmail command
============================================
The Postfix sendmail command has a -V flag to request VERP style
delivery. It is not possible to override the default VERP delimiters.
delivery. Specify one of the following two forms:
sendmail -V -f owner-listname ....
sendmail -V+= -f owner-listname ....
The first form uses the default main.cf VERP delimiters, the second
form overrides them explicitly. The values shown are the recommended
ones.
VERP support in the Postfix QMQP server
=======================================
When the Postfix QMQP server receives mail with a an envelope sender
When the Postfix QMQP server receives mail with an envelope sender
address of the form:
prefix-@origin-@[]
Postfix generates VERP sender addresses using prefix@domain as the
original sender address, and using "-=" as the VERP delimiters.
original sender address, and using "-=" as the VERP delimiters,
because qmail/ezmlm expect this.

1
postfix/html/faq.html
View File

@@ -668,6 +668,7 @@ to send mail only to <i>user@domain.com</i>.
transport_maps = hash:/etc/postfix/transport
mynetworks = 12.34.56.0/24
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
local_transport = error:local mail delivery is disabled on this machine
/etc/postfix/transport:
domain.com smtp:inside-gateway.domain.com (forwards user@domain)

2
postfix/html/qmqpd.8.html
View File

@@ -102,7 +102,7 @@ QMQPD(8) QMQPD(8)
of a problem. This slows down run-away errors.
<b>SEE</b> <b>ALSO</b>
http://cr.yp.to/proto/qmqp.html, QMQP protocol
<a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging

126
postfix/html/sendmail.1.html
View File

@@ -95,37 +95,48 @@ SENDMAIL(1) SENDMAIL(1)
Initial user submission.
<b>-V</b> Variable Envelope Return Path. Given an envelope
sender address <i>prefix</i>-@<i>origin</i>, each recipient
<i>user@domain</i> receives mail with a personalized enve-
lope sender address <i>prefix</i><b>-</b><i>user=domain</i>@<i>origin</i>.
sender address of the form <i>owner-listname</i>@<i>origin</i>,
each recipient <i>user</i>@<i>domain</i> receives mail with a
personalized envelope sender address.
<b>-bd</b> Go into daemon mode. This mode of operation is
By default, the personalized envelope sender
address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
default <b>+</b> and <b>=</b> characters are configurable with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-V</b><i>xy</i> As <b>-V</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter char-
acters, instead of the characters specified with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-bd</b> Go into daemon mode. This mode of operation is
implemented by executing the <b>postfix</b> <b>start</b> command.
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
mand above.
<b>-bm</b> Read mail from standard input and arrange for
<b>-bm</b> Read mail from standard input and arrange for
delivery. This is the default mode of operation.
<b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan-
dard output. This mode of operation is implemented
by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
<b>-f</b> <i>sender</i>
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an <b>Errors-To:</b> message header.
the message contains an <b>Errors-To:</b> message header.
<b>-h</b> <i>hop_count</i> (ignored)
Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
tion parameter instead.
<b>-i</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
<b>-i</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
input.
<b>-m</b> (ignored)
@@ -135,68 +146,68 @@ SENDMAIL(1) SENDMAIL(1)
Backwards compatibility.
<b>-oA</b><i>alias_database</i>
Non-default alias database. Specify <i>pathname</i> or
Non-default alias database. Specify <i>pathname</i> or
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-o7</b> (ignored)
<b>-o8</b> (ignored)
The message body type. Currently, Postfix imple-
The message body type. Currently, Postfix imple-
ments <b>just-send-eight</b>.
<b>-oi</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
<b>-oi</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of
input.
<b>-om</b> (ignored)
The sender is never eliminated from alias etc.
The sender is never eliminated from alias etc.
expansions.
<b>-o</b> <i>x</i> <i>value</i> (ignored)
Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
ration parameter in <b>main.cf</b> instead.
<b>-r</b> <i>sender</i>
Set the envelope sender address. This is the
address where delivery problems are sent to, unless
the message contains an <b>Errors-To:</b> message header.
the message contains an <b>Errors-To:</b> message header.
<b>-q</b> Attempt to deliver all queued mail. This is imple-
<b>-q</b> Attempt to deliver all queued mail. This is imple-
mented by kicking the <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
<b>-q</b><i>interval</i> (ignored)
The interval between queue runs. Use the
The interval between queue runs. Use the
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b> configuration parameter instead.
<b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. Depending on the desti-
nation, this uses "fast flush" service, or it has
the same effect as <b>sendmail</b> <b>-q</b>. This is imple-
Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. Depending on the desti-
nation, this uses "fast flush" service, or it has
the same effect as <b>sendmail</b> <b>-q</b>. This is imple-
mented by connecting to the local SMTP server. See
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> for more information about the "fast
flush" service.
<b>-qS</b><i>site</i>
This command is not implemented. Use the slower
This command is not implemented. Use the slower
<b>sendmail</b> <b>-q</b> command instead.
<b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the
<b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the
command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
<b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) and to the standard
Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
@@ -208,7 +219,7 @@ SENDMAIL(1) SENDMAIL(1)
<b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec-
ified with the <b>debugger</b><i>_</i><b>command</b> configuration
ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter.
<b>FILES</b>
@@ -216,13 +227,13 @@ SENDMAIL(1) SENDMAIL(1)
/etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b>
See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a
See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change.
<b>alias</b><i>_</i><b>database</b>
Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe-
Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe-
cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -238,57 +249,66 @@ SENDMAIL(1) SENDMAIL(1)
initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote
Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The VERP delimiter characters that are used when
the <b>-V</b> command line option is specified without
delimiter characters.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
List of domains that will receive "fast flush" ser-
vice (default: all domains that this system is
willing to relay mail to). This greatly improves
the performance of the SMTP <b>ETRN</b> request, and of
the <b>sendmail</b> <b>-qR</b> command. For domains not in the
vice (default: all domains that this system is
willing to relay mail to). This greatly improves
the performance of the SMTP <b>ETRN</b> request, and of
the <b>sendmail</b> <b>-qR</b> command. For domains not in the
list, Postfix simply attempts to deliver all queued
mail.
<b>fork</b><i>_</i><b>attempts</b>
Number of attempts to <b>fork</b>() a process before giv-
Number of attempts to <b>fork</b>() a process before giv-
ing up.
<b>fork</b><i>_</i><b>delay</b>
Delay in seconds between successive <b>fork</b>()
Delay in seconds between successive <b>fork</b>()
attempts.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
<b>mail</b><i>_</i><b>owner</b>
The owner of the mail queue and of most Postfix
The owner of the mail queue and of most Postfix
processes.
<b>command</b><i>_</i><b>directory</b>
Directory with Postfix support commands (default:
Directory with Postfix support commands (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>daemon</b><i>_</i><b>directory</b>
Directory with Postfix daemon programs (default:
Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
<b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue. This is
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
chrooted.
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
The time between successive scans of the deferred
The time between successive scans of the deferred
queue.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim-
iter characters.
<b>SEE</b> <b>ALSO</b>
<a href="pickup.8.html">pickup(8)</a> mail pickup daemon
<a href="postalias.1.html">postalias(1)</a> maintain alias database

67
postfix/html/smtpd.8.html
View File

@@ -123,6 +123,11 @@ SMTPD(8) SMTPD(8)
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The default VERP delimiter characters that are used
when the XVERP command is specified without
explicit delimiters.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
Recipient of protocol/policy/resource/software
error notices.
@@ -166,9 +171,13 @@ SMTPD(8) SMTPD(8)
reject responses. This can be useful for testing
purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim-
iter characters.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the
Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -176,8 +185,8 @@ SMTPD(8) SMTPD(8)
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
<b>Tarpitting</b>
@@ -187,17 +196,17 @@ SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
wait <i>error_count</i> seconds before responding to any
wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
Disconnect after a client has made this number of
Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
@@ -206,19 +215,19 @@ SMTPD(8) SMTPD(8)
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
Require that clients introduce themselves at the
Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
Restrict what client hostnames are allowed in <b>HELO</b>
Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in
Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
@@ -226,57 +235,57 @@ SMTPD(8) SMTPD(8)
mands, and what clients may issue <b>ETRN</b> commands.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
List of DNS domains that publish the addresses of
List of DNS domains that publish the addresses of
blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b>
Restrict what domains or networks this mail system
Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates an access
Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
Response code when the client matches a <b>reject</b>
Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client attempts to violate
Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client without address to
name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
Server response when a client without address to
name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
@@ -285,7 +294,7 @@ SMTPD(8) SMTPD(8)
syslogd(8) system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

20
postfix/man/man1/sendmail.1
View File

@@ -84,9 +84,18 @@ Log mailer traffic. Use the \fBdebug_peer_list\fR and
Initial user submission.
.IP \fB-V\fR
Variable Envelope Return Path. Given an envelope sender address
\fIprefix\fR-@\fIorigin\fR, each recipient \fIuser@domain\fR
receives mail with a personalized envelope sender address
\fIprefix\fB-\fIuser=domain\fR@\fIorigin\fR.
of the form \fIowner-listname\fR@\fIorigin\fR, each recipient
\fIuser\fR@\fIdomain\fR receives mail with a personalized envelope
sender address.
.sp
By default, the personalized envelope sender address is
\fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default
\fB+\fR and \fB=\fR characters are configurable with the
\fBdefault_verp_delimiters\fR configuration parameter.
.IP \fB-V\fIxy\fR
As \fB-V\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter
characters, instead of the characters specified with the
\fBdefault_verp_delimiters\fR configuration parameter.
.IP \fB-bd\fR
Go into daemon mode. This mode of operation is implemented by
executing the \fBpostfix start\fR command.
@@ -216,6 +225,9 @@ pattern in the \fBdebug_peer_list\fR parameter.
List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBdefault_verp_delimiters\fR
The VERP delimiter characters that are used when the \fB-V\fR
command line option is specified without delimiter characters.
.IP \fBfast_flush_domains\fR
List of domains that will receive "fast flush" service (default: all
domains that this system is willing to relay mail to). This greatly
@@ -241,6 +253,8 @@ Top-level directory of the Postfix queue. This is also the root
directory of Postfix daemons that run chrooted.
.IP \fBqueue_run_delay\fR
The time between successive scans of the deferred queue.
.IP \fBverp_delimiter_filter\fR
The characters that Postfix accepts as VERP delimiter characters.
.SH SEE ALSO
.na
.nf

5
postfix/man/man8/smtpd.8
View File

@@ -118,6 +118,9 @@ pattern in the \fBdebug_peer_list\fR parameter.
List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBdefault_verp_delimiters\fR
The default VERP delimiter characters that are used when the
XVERP command is specified without explicit delimiters.
.IP \fBerror_notice_recipient\fR
Recipient of protocol/policy/resource/software error notices.
.IP \fBhopcount_limit\fR
@@ -148,6 +151,8 @@ request.
.IP \fBsoft_bounce\fR
Change hard (5xx) reject responses into soft (4xx) reject responses.
This can be useful for testing purposes.
.IP \fBverp_delimiter_filter\fR
The characters that Postfix accepts as VERP delimiter characters.
.SH "Resource controls"
.ad
.fi

1
postfix/mantools/postlink
View File

@@ -48,5 +48,6 @@ exec sed '
s/[<bB>]*virtual[</bB>]*(5)/<a href="virtual.5.html">&<\/a>/
s/[<bB>]*virtual[</bB>]*(8)/<a href="virtual.8.html">&<\/a>/
s/\(<a href="[^"]*">\)\([<bB>]*[a-z0-9-]*[-</bB>]*\)\(\n *\)\([<bB>]*[a-z0-9-]*[</bB>]*([0-9])\)\(<\/a>\)/\1\2\5\3\1\4\5/
s/http:\/\/[^ ,]*/<a href="&">&<\/a>/
s/RFC *\([0-9]*\)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc\1.html">&<\/a>/
' "$@"

1
postfix/src/bounce/Makefile.in
View File

@@ -147,5 +147,6 @@ bounce_notify_verp.o: ../../include/post_mail.h
bounce_notify_verp.o: ../../include/cleanup_user.h
bounce_notify_verp.o: ../../include/mail_addr.h
bounce_notify_verp.o: ../../include/mail_error.h
bounce_notify_verp.o: ../../include/verp_sender.h
bounce_notify_verp.o: bounce_service.h
bounce_notify_verp.o: ../../include/bounce_log.h

1
postfix/src/cleanup/Makefile.in
View File

@@ -120,6 +120,7 @@ cleanup_envelope.o: ../../include/mail_params.h
cleanup_envelope.o: ../../include/ext_prop.h
cleanup_envelope.o: ../../include/mail_addr.h
cleanup_envelope.o: ../../include/canon_addr.h
cleanup_envelope.o: ../../include/verp_sender.h
cleanup_envelope.o: cleanup.h
cleanup_envelope.o: ../../include/argv.h
cleanup_envelope.o: ../../include/maps.h

9
postfix/src/cleanup/cleanup_envelope.c
View File

@@ -67,6 +67,7 @@
#include <ext_prop.h>
#include <mail_addr.h>
#include <canon_addr.h>
#include <verp_sender.h>
/* Application-specific. */
@@ -184,14 +185,12 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, char *buf,
state->errs |= CLEANUP_STAT_BAD;
return;
}
if (len == 0) {
buf = var_verp_delim;
len = strlen(buf);
}
if (len == 2) {
if (verp_delims_verify(buf) == 0) {
cleanup_out(state, type, buf, len);
} else {
msg_warn("%s: bad VERP delimiters: \"%s\"", state->queue_id, buf);
state->errs |= CLEANUP_STAT_BAD;
return;
}
} else {
cleanup_out(state, type, buf, len);

2
postfix/src/cleanup/cleanup_init.c
View File

@@ -106,7 +106,6 @@ char *var_prop_extension; /* propagate unmatched extension */
char *var_always_bcc; /* big brother */
int var_extra_rcpt_limit; /* recipient extract limit */
char *var_rcpt_witheld; /* recipients not disclosed */
char *var_verp_delim; /* default VERP delimiters */
CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
@@ -134,7 +133,6 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
VAR_VERP_DELIM, DEF_VERP_DELIM, &var_verp_delim, 2, 2,
0,
};

2
postfix/src/global/Makefile.in
View File

@@ -610,6 +610,7 @@ mail_params.o: mail_version.h
mail_params.o: mail_proto.h
mail_params.o: ../../include/vstream.h
mail_params.o: ../../include/iostuff.h
mail_params.o: verp_sender.h
mail_params.o: mail_params.h
mail_pathname.o: mail_pathname.c
mail_pathname.o: ../../include/sys_defs.h
@@ -1042,6 +1043,7 @@ verp_sender.o: verp_sender.c
verp_sender.o: ../../include/sys_defs.h
verp_sender.o: ../../include/vstring.h
verp_sender.o: ../../include/vbuf.h
verp_sender.o: mail_params.h
verp_sender.o: verp_sender.h
xtext.o: xtext.c
xtext.o: ../../include/sys_defs.h

14
postfix/src/global/mail_params.c
View File

@@ -62,6 +62,8 @@
/* char *var_fflush_domains;
/* char *var_def_transport;
/* char *var_mynetworks_style;
/* char *var_verp_delims;
/* char *var_verp_filter;
/*
/* char *var_import_environ;
/* char *var_export_environ;
@@ -119,6 +121,7 @@
#include "mail_conf.h"
#include "mail_version.h"
#include "mail_proto.h"
#include "verp_sender.h"
#include "mail_params.h"
/*
@@ -180,6 +183,8 @@ char *var_relay_domains;
char *var_fflush_domains;
char *var_def_transport;
char *var_mynetworks_style;
char *var_verp_delims;
char *var_verp_filter;
char *var_import_environ;
char *var_export_environ;
@@ -303,6 +308,8 @@ void mail_params_init()
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0,
VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,
VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0,
0,
};
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
@@ -402,4 +409,11 @@ void mail_params_init()
*/
if (strcasecmp(var_myhostname, var_relayhost) == 0)
msg_fatal("myhostname == relayhost");
/*
* One more sanity check.
*/
if ((cp = verp_delims_verify(var_verp_delims)) != 0)
msg_fatal("%s or %s configuration problem: %s",
VAR_VERP_DELIMS, VAR_VERP_FILTER, cp);
}

10
postfix/src/global/mail_params.h
View File

@@ -1275,9 +1275,13 @@ extern int var_qmqpd_err_sleep;
* VERP, more DJB intellectual cross-pollination. However, we prefer + as
* the default recipient delimiter.
*/
#define VAR_VERP_DELIM "default_verp_delimiters"
#define DEF_VERP_DELIM "+="
extern char *var_verp_delim;
#define VAR_VERP_DELIMS "default_verp_delimiters"
#define DEF_VERP_DELIMS "+="
extern char *var_verp_delims;
#define VAR_VERP_FILTER "verp_delimiter_filter"
#define DEF_VERP_FILTER "-=+"
extern char *var_verp_filter;
/* LICENSE
/* .ad

2
postfix/src/global/mail_version.h
View File

@@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20010709"
#define DEF_MAIL_VERSION "Snapshot-20010714"
extern char *var_mail_version;
/* LICENSE

23
postfix/src/global/verp_sender.c
View File

@@ -11,6 +11,9 @@
/* const char *delims;
/* const char *sender;
/* const char *recipient;
/*
/* const char *verp_delims_verify(delims)
/* const char *delims;
/* DESCRIPTION
/* verp_sender() encodes the recipient address in the sender
/* address, using the specified delimiters. For example,
@@ -18,6 +21,12 @@
/* recipient \fIuser@domain\fR the result is
/* \fIprefix+user=domain@origin\fR.
/*
/* verp_delims_verify() determines if the specified VERP delimiters
/* have reasonable values. What is reasonable is configured with
/* the verp_delimiter_filter configuration parameter. The result
/* is null in case of success, a description of the problem in
/* case of error.
/*
/* Arguments:
/* .IP dst
/* The result. The buffer is null terminated.
@@ -49,6 +58,7 @@
/* Global library. */
#include <mail_params.h>
#include <verp_sender.h>
/* verp_sender - encode recipient into envelope sender address */
@@ -81,3 +91,16 @@ VSTRING *verp_sender(VSTRING *buf, const char *delimiters,
VSTRING_TERMINATE(buf);
return (buf);
}
/* verp_delims_verify - sanitize VERP delimiters */
const char *verp_delims_verify(const char *delims)
{
if (strlen(delims) != 2)
return ("bad VERP delimiter character count");
if (strchr(var_verp_filter, delims[0]) == 0)
return ("bad first VERP delimiter character");
if (strchr(var_verp_filter, delims[1]) == 0)
return ("bad second VERP delimiter character");
return (0);
}

1
postfix/src/global/verp_sender.h
View File

@@ -20,6 +20,7 @@
* External interface.
*/
extern VSTRING *verp_sender(VSTRING *, const char *, const char *, const char *);
extern const char *verp_delims_verify(const char *);
/* LICENSE
/* .ad

2
postfix/src/nqmgr/Makefile.in
View File

@@ -138,6 +138,7 @@ qmgr_deliver.o: ../../include/mail_proto.h
qmgr_deliver.o: ../../include/recipient_list.h
qmgr_deliver.o: ../../include/mail_params.h
qmgr_deliver.o: ../../include/deliver_request.h
qmgr_deliver.o: ../../include/verp_sender.h
qmgr_deliver.o: qmgr.h
qmgr_deliver.o: ../../include/scan_dir.h
qmgr_deliver.o: ../../include/maps.h
@@ -204,6 +205,7 @@ qmgr_message.o: ../../include/mail_addr_find.h
qmgr_message.o: ../../include/maps.h
qmgr_message.o: ../../include/opened.h
qmgr_message.o: ../../include/resolve_local.h
qmgr_message.o: ../../include/verp_sender.h
qmgr_message.o: ../../include/resolve_clnt.h
qmgr_message.o: qmgr.h
qmgr_message.o: ../../include/scan_dir.h

4
postfix/src/nqmgr/qmgr_active.c
View File

@@ -360,8 +360,8 @@ static void qmgr_active_done_2_generic(QMGR_MESSAGE *message)
*/
if (message->flags) {
if (event_time() > message->arrival_time + var_max_queue_time) {
if (msg_verbose)
msg_info("%s: too old, bouncing %s", myname, message->queue_id);
msg_info("%s: from=<%s>, status=expired, returned to sender",
message->queue_id, message->sender);
if (message->verp_delims == 0)
adefer_flush(BOUNCE_FLAG_KEEP,
message->queue_name,

15
postfix/src/nqmgr/qmgr_message.c
View File

@@ -121,6 +121,7 @@
#include <mail_addr_find.h>
#include <opened.h>
#include <resolve_local.h>
#include <verp_sender.h>
/* Client stubs. */
@@ -425,12 +426,14 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
message->warn_time = atol(start);
}
} else if (rec_type == REC_TYPE_VERP) {
if (strlen(start) != 2) {
msg_warn("%s: bad VERP record length: \"%s\"",
message->queue_id, start);
} else {
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
if (message->verp_delims == 0) {
if (verp_delims_verify(start) != 0) {
msg_warn("%s: bad VERP record content: \"%s\"",
message->queue_id, start);
} else {
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
}
}
} while (rec_type > 0 && rec_type != REC_TYPE_END);

1
postfix/src/qmgr/Makefile.in
View File

@@ -189,6 +189,7 @@ qmgr_message.o: ../../include/mail_addr_find.h
qmgr_message.o: ../../include/maps.h
qmgr_message.o: ../../include/opened.h
qmgr_message.o: ../../include/resolve_local.h
qmgr_message.o: ../../include/verp_sender.h
qmgr_message.o: ../../include/resolve_clnt.h
qmgr_message.o: qmgr.h
qmgr_message.o: ../../include/scan_dir.h

4
postfix/src/qmgr/qmgr_active.c
View File

@@ -360,8 +360,8 @@ static void qmgr_active_done_2_generic(QMGR_MESSAGE *message)
*/
if (message->flags) {
if (event_time() > message->arrival_time + var_max_queue_time) {
if (msg_verbose)
msg_info("%s: too old, bouncing %s", myname, message->queue_id);
msg_info("%s: from=<%s>, status=expired, returned to sender",
message->queue_id, message->sender);
if (message->verp_delims == 0)
adefer_flush(BOUNCE_FLAG_KEEP,
message->queue_name,

15
postfix/src/qmgr/qmgr_message.c
View File

@@ -112,6 +112,7 @@
#include <mail_addr_find.h>
#include <opened.h>
#include <resolve_local.h>
#include <verp_sender.h>
/* Client stubs. */
@@ -305,12 +306,14 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
message->warn_time = atol(start);
}
} else if (rec_type == REC_TYPE_VERP) {
if (strlen(start) != 2) {
msg_warn("%s: bad VERP record length: \"%s\"",
message->queue_id, start);
} else {
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
if (message->verp_delims == 0) {
if (verp_delims_verify(start) != 0) {
msg_warn("%s: bad VERP record content: \"%s\"",
message->queue_id, start);
} else {
message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
}
}
} while (rec_type > 0 && rec_type != REC_TYPE_END);

1
postfix/src/sendmail/Makefile.in
View File

@@ -87,3 +87,4 @@ sendmail.o: ../../include/resolve_clnt.h
sendmail.o: ../../include/mail_flush.h
sendmail.o: ../../include/mail_stream.h
sendmail.o: ../../include/smtp_stream.h
sendmail.o: ../../include/verp_sender.h

33
postfix/src/sendmail/sendmail.c
View File

@@ -78,9 +78,18 @@
/* Initial user submission.
/* .IP \fB-V\fR
/* Variable Envelope Return Path. Given an envelope sender address
/* \fIprefix\fR-@\fIorigin\fR, each recipient \fIuser@domain\fR
/* receives mail with a personalized envelope sender address
/* \fIprefix\fB-\fIuser=domain\fR@\fIorigin\fR.
/* of the form \fIowner-listname\fR@\fIorigin\fR, each recipient
/* \fIuser\fR@\fIdomain\fR receives mail with a personalized envelope
/* sender address.
/* .sp
/* By default, the personalized envelope sender address is
/* \fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default
/* \fB+\fR and \fB=\fR characters are configurable with the
/* \fBdefault_verp_delimiters\fR configuration parameter.
/* .IP \fB-V\fIxy\fR
/* As \fB-V\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter
/* characters, instead of the characters specified with the
/* \fBdefault_verp_delimiters\fR configuration parameter.
/* .IP \fB-bd\fR
/* Go into daemon mode. This mode of operation is implemented by
/* executing the \fBpostfix start\fR command.
@@ -200,6 +209,9 @@
/* List of domain or network patterns. When a remote host matches
/* a pattern, increase the verbose logging level by the amount
/* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBdefault_verp_delimiters\fR
/* The VERP delimiter characters that are used when the \fB-V\fR
/* command line option is specified without delimiter characters.
/* .IP \fBfast_flush_domains\fR
/* List of domains that will receive "fast flush" service (default: all
/* domains that this system is willing to relay mail to). This greatly
@@ -225,6 +237,8 @@
/* directory of Postfix daemons that run chrooted.
/* .IP \fBqueue_run_delay\fR
/* The time between successive scans of the deferred queue.
/* .IP \fBverp_delimiter_filter\fR
/* The characters that Postfix accepts as VERP delimiter characters.
/* SEE ALSO
/* pickup(8) mail pickup daemon
/* postalias(1) maintain alias database
@@ -297,6 +311,7 @@
#include <mail_flush.h>
#include <mail_stream.h>
#include <smtp_stream.h>
#include <verp_sender.h>
/* Application-specific. */
@@ -808,7 +823,12 @@ int main(int argc, char **argv)
optind++;
continue;
}
if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UVX:b:ce:f:h:imno:p:r:q:tvx")) <= 0)
if (strcmp(argv[OPTIND], "-V") == 0) {
verp_delims = var_verp_delims;
optind++;
continue;
}
if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0)
break;
switch (c) {
default:
@@ -832,7 +852,10 @@ int main(int argc, char **argv)
case 'R': /* DSN */
break;
case 'V': /* VERP */
verp_delims = "";
if (verp_delims_verify(optarg) != 0)
msg_fatal("-V option requires two characters from %s",
var_verp_filter);
verp_delims = optarg;
break;
case 'b':
switch (*optarg) {

1
postfix/src/smtpd/Makefile.in
View File

@@ -119,6 +119,7 @@ smtpd.o: ../../include/mail_stream.h
smtpd.o: ../../include/mail_queue.h
smtpd.o: ../../include/tok822.h
smtpd.o: ../../include/resolve_clnt.h
smtpd.o: ../../include/verp_sender.h
smtpd.o: ../../include/mail_server.h
smtpd.o: smtpd_token.h
smtpd.o: smtpd.h

14
postfix/src/smtpd/smtpd.c
View File

@@ -104,6 +104,9 @@
/* List of domain or network patterns. When a remote host matches
/* a pattern, increase the verbose logging level by the amount
/* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBdefault_verp_delimiters\fR
/* The default VERP delimiter characters that are used when the
/* XVERP command is specified without explicit delimiters.
/* .IP \fBerror_notice_recipient\fR
/* Recipient of protocol/policy/resource/software error notices.
/* .IP \fBhopcount_limit\fR
@@ -134,6 +137,8 @@
/* .IP \fBsoft_bounce\fR
/* Change hard (5xx) reject responses into soft (4xx) reject responses.
/* This can be useful for testing purposes.
/* .IP \fBverp_delimiter_filter\fR
/* The characters that Postfix accepts as VERP delimiter characters.
/* .SH "Resource controls"
/* .ad
/* .fi
@@ -284,6 +289,7 @@
#include <mail_stream.h>
#include <mail_queue.h>
#include <tok822.h>
#include <verp_sender.h>
/* Single-threaded server skeleton. */
@@ -689,14 +695,14 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
}
#endif
} else if (strcasecmp(arg, VERP_CMD) == 0) {
verp_delims = "";
verp_delims = var_verp_delims;
} else if (strncasecmp(arg, VERP_CMD, VERP_CMD_LEN) == 0
&& arg[VERP_CMD_LEN] == '=') {
verp_delims = arg + VERP_CMD_LEN + 1;
if (strlen(verp_delims) != 2) {
if (verp_delims_verify(verp_delims) != 0) {
state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 Bad %s parameter: %s",
VERP_CMD, arg);
smtpd_chat_reply(state, "501 %s needs two characters from %s",
VERP_CMD, var_verp_filter);
return (-1);
}
} else {

20
postfix/src/util/make_dirs.c
View File

@@ -54,6 +54,7 @@ int make_dirs(const char *path, int perms)
int saved_ch;
struct stat st;
int ret;
mode_t saved_mode;
/*
* Initialize. Make a copy of the path that we can safely clobber.
@@ -78,14 +79,31 @@ int make_dirs(const char *path, int perms)
ret = -1;
break;
}
saved_mode = st.st_mode;
} else {
if (errno != ENOENT)
break;
/*
* Create a new directory. Unfortunately, mkdir(2) has no
* equivalent of open(2)'s O_CREAT|O_EXCL safety net, so we must
* require that the parent directory is not world writable.
* Detecting a lost race condition after the fact is not
* sufficient, as an attacker could repeat the attack and add one
* directory level at a time.
*/
if (saved_mode & S_IWOTH) {
msg_warn("refusing to mkdir %s: parent directory is writable by everyone",
saved_path);
errno = EPERM;
ret = -1;
break;
}
if ((ret = mkdir(saved_path, perms)) < 0) {
if (errno != EEXIST)
break;
/* Race condition? */
if ((ret = stat(saved_path, &st)) < 0)
if ((ret = stat(saved_path, &st)) < 0)
break;
if (!S_ISDIR(st.st_mode)) {
errno = ENOTDIR;