mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 06:35:27 +00:00
Code Issues Releases Wiki Activity

snapshot-20010714

Browse Source
This commit is contained in:
Wietse Venema
2001-07-14 00:00:00 -05:00
committed by Viktor Dukhovni
parent a94bf41134
commit 0491e41ef6
32 changed files with 407 additions and 151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
postfix/HISTORY
View File

@@ -5322,3 +5322,28 @@ Apologies for any names omitted.
than -) Postfix will now recognize address extensions even than -) Postfix will now recognize address extensions even
with owner-foo+extension addresses. This is necessary to with owner-foo+extension addresses. This is necessary to
make VERP work for mailing lists. make VERP work for mailing lists.
20010710
Bugfix: potential memory leak in the queue managers with
the new VERP delimiter record. Fix by Patrik Rak.
20010711
Cleanup: you can now specify the VERP delimiter characters
on the sendmail(1) command line, but they are still optional.
Safety: with maildir style delivery and with hashed mailboxes
the system mail spool directory must not be world writable.
20010713
Safety: the verp_delimiter_filter parameter (default: -=+)
limits what characters Postfix accepts as VERP delimiter
characters.
20010714
Logging: the queue manager now logs a "status=expired"
record when it returns a message that is too old. Files:
*qmgr/qmgr_active.c.

40
postfix/QMQP_README
View File

@@ -3,7 +3,7 @@ Postfix QMQP server support
Postfix has preliminary server support for the QMQP protocol, so Postfix has preliminary server support for the QMQP protocol, so
that Postfix can be used as a backend for the Ezmlm-idx mailing that Postfix can be used as a backend for the Ezmlm-idx mailing
list manager. This support includes qmqp-source and qmqp-sink list manager. This support includes the qmqp-source and qmqp-sink
programs for protocol stress testing. programs for protocol stress testing.
Turning on the Postfix QMQP service Turning on the Postfix QMQP service
@@ -14,6 +14,7 @@ have to add the following line to /etc/postfix/master.cf:
628 inet n - n - - qmqpd 628 inet n - n - - qmqpd
A "postfix reload" command is necessary to enable the service.
Postfix QMQP server access control Postfix QMQP server access control
================================== ==================================
@@ -25,21 +26,48 @@ This is because the QMQP server relays mail to any destination
To authorize QMQP clients, edit /etc/postfix/main.cf and specify To authorize QMQP clients, edit /etc/postfix/main.cf and specify
a list of client patterns. a list of client patterns.
qmqp_authorized_clients = client, client, ... qmqpd_authorized_clients = client, client, ...
Example:
qmqpd_authorized_clients = $mynetworks
A list pattern specifies a host name, a domain name, an internet A list pattern specifies a host name, a domain name, an internet
address, or a network/mask pattern, where the mask specifies the address, or a network/mask pattern, where the mask specifies the
number of bits in the network part. When a pattern specifies a number of bits in the network part. When a pattern specifies a
file name, its contents are substituted for the file name; when a file name, its contents are substituted for the file name; when a
pattern is a type:name table specification, table lookup is used pattern is a type:name table specification, table lookup is used
instead. instead. This allows you to administer the trusted clients in LDAP
or regular expression maps, both of which are probably overkill.
Patterns are separated by whitespace and/or commas. In order to Patterns are separated by whitespace and/or commas. In order to
reverse the result, precede a non-file name pattern with an reverse the result, precede a non-file name pattern with an
exclamation point (!). exclamation point (!).
Setting up Ezmlm-idx to use Postfix QMQP support Setting up ezmlm-idx to use Postfix QMQP support
================================================ ================================================
You need to list the Postfix IP address in a suitable configuration Note: you still need qmail to feed the messages INTO ezmlm-idx.
file. See the ezmlm-idx documentation for details. Postfix presently only supports distribution of mailing list traffic
FROM ezmlm-idx.
http://www.ezmlm.org/faq-0.40/FAQ-4.html#ss4.19 describes how to
make ezmlm-idx work over QMQP.
The following is based on hearsay. Do not ask Wietse how to make
ezmlm-idx work. Wietse does not have the time to personally install
and play with every mailing list manager.
1 - You must list QMQP servers with numerical IP address. Hostnames
do not work. This means you cannot DNS-based load balancing to
spread the load over multiple QMQP servers.
2 - QMQP support is incomplete with ezmlm-idx-0.40.
- ezmlm-send will use QMQP if you specify the undocumented -Q
command-line option in your .qmail-listname file.
- ezmlm-get will use QMQP if the file qmpqservers/0 exists.
- ezmlm-moderate does not support QMQP. This is not a problem
if you only use unmoderated mailing lists.

16
postfix/RELEASE_NOTES
View File

@@ -1,3 +1,19 @@
Incompatible changes with snapshot-20010714
===========================================
Postfix delivery agents now refuse to create a missing maildir or
mail spool subdirectory when its parent directory is world writable.
This is necessary to prevent security problems with maildirs or
with hashed mailboxes under a world writable mail spool directory.
Major changes with snapshot-20010714
====================================
No major changes. What changes were made result in more polished
VERP (variable envelope return path) support and documentation,
and in updated documentation on how to use Postfix QMQP with the
ezmlm-idx mailing list manager.
Incompatible changes with snapshot-20010709 Incompatible changes with snapshot-20010709
=========================================== ===========================================

80
postfix/VERP_README
View File

@@ -1,33 +1,55 @@
[Note: this document still needs more examples]
Postfix VERP support Postfix VERP support
==================== ====================
Postfix supports variable envelope return path addresses, which Postfix supports variable envelope return path addresses on request.
means that each recipient receives a customized copy of the message, When VERP style delivery is requested, each recipient of a message
with the recipient address encoded in the envelope sender address. receives a customized copy of the message, with his/her own recipient
This concept was popularized by the qmail MTA and by the ezmlm address encoded in the envelope sender address.
For example, when VERP style delivery is requested, Postfix delivers
mail from owner-listname@origin for a recipient user@domain, with
a sender address that encodes the recipient as follows:
owner-listname+user=domain@origin
Thus, undeliverable mail can reveal the undeliverable recipient
address without requiring the list owner to parse bounce messages.
The VERP concept was popularized by the qmail MTA and by the ezmlm
mailing list manager. mailing list manager.
When VERP style delivery is requested, Postfix delivers mail with The whole process is controlled by two configuration parameters.
sender address prefix@origin for a recipient user@domain, with a
sender address that encodes the recipient as follows:
prefix+user=domain@origin - default_verp_delimiters (default value: +=) controls what VERP
delimiter characters Postfix uses when VERP style delivery is
requested but no explicit delimiters are specified.
so that undeliverable mail reveals what address was undeliverable. - verp_delimiter_filter (default: -+=) controls what characters
Postfix accepts as VERP delimiter characters. Many characters can
The + and = are the default VERP delimiters. You can specify non- not be used as VERP delimiter characters, either because they
default delimiters in main.cf with the default_verp_delimiters already have a special meaning in email addresses (such as the @
configuration parameter (default value: +=). Specify two characters; or the %), because they appear as part of a username or domain name
the first delimiter should match the $recipient_delimiter setting. (such as alphanumerics), or because they are non-ASCII or control
characters. And who knows, some characters may tickle bugs in
vulnerable software.
Using VERP with majordomo etc. mailing lists Using VERP with majordomo etc. mailing lists
============================================ ============================================
In order to make VERP useful with majordomo etc. mailing lists, In order to make VERP useful with majordomo etc. mailing lists,
you would configure the list manager to submit mail as: you would configure the list manager to submit mail according
to one of the following two forms:
sendmail -V -f owner-listname other-arguments... sendmail -V -f owner-listname other-arguments...
sendmail -V+= -f owner-listname other-arguments...
The first form uses the default main.cf VERP delimiter characters.
The second form allows you to explicitly specify the VERP delimiter
characters. The example shows the recommended values.
This text assumes that you have set up an owner-listname alias that This text assumes that you have set up an owner-listname alias that
routes undeliverable mail to a real person: routes undeliverable mail to a real person:
@@ -61,6 +83,10 @@ to the following address:
owner-listname+user=domain@your.domain owner-listname+user=domain@your.domain
which is processed by the command in your .forward+listname file. which is processed by the command in your .forward+listname file.
The message should contain, among others, a To: header with the
encapsulated recipient sender address:
To: owner-listname+user=domain@your.domain
It is left as an exercise for the reader to parse the To: header It is left as an exercise for the reader to parse the To: header
line and to pull out the user=domain part from the recipient address. line and to pull out the user=domain part from the recipient address.
@@ -72,25 +98,35 @@ The Postfix SMTP server has a new command XVERP to enable VERP
style delivery. The syntax allows two forms: style delivery. The syntax allows two forms:
MAIL FROM:<sender@domain> XVERP MAIL FROM:<sender@domain> XVERP
MAIL FROM:<sender@domain> XVERP=xy
where x and y are the VERP delimiters. When no VERP delimiters MAIL FROM:<sender@domain> XVERP=+=
are specified, Postfix uses the two characters specified with the
default_verp_delimiters configuration parameter. The first form uses the default main.cf VERP delimiters, the second
form overrides them explicitly. The values shown are the recommended
ones.
VERP support in the Postfix sendmail command VERP support in the Postfix sendmail command
============================================ ============================================
The Postfix sendmail command has a -V flag to request VERP style The Postfix sendmail command has a -V flag to request VERP style
delivery. It is not possible to override the default VERP delimiters. delivery. Specify one of the following two forms:
sendmail -V -f owner-listname ....
sendmail -V+= -f owner-listname ....
The first form uses the default main.cf VERP delimiters, the second
form overrides them explicitly. The values shown are the recommended
ones.
VERP support in the Postfix QMQP server VERP support in the Postfix QMQP server
======================================= =======================================
When the Postfix QMQP server receives mail with a an envelope sender When the Postfix QMQP server receives mail with an envelope sender
address of the form: address of the form:
prefix-@origin-@[] prefix-@origin-@[]
Postfix generates VERP sender addresses using prefix@domain as the Postfix generates VERP sender addresses using prefix@domain as the
original sender address, and using "-=" as the VERP delimiters. original sender address, and using "-=" as the VERP delimiters,
because qmail/ezmlm expect this.

1
postfix/html/faq.html
View File

@@ -668,6 +668,7 @@ to send mail only to <i>user@domain.com</i>.
transport_maps = hash:/etc/postfix/transport transport_maps = hash:/etc/postfix/transport
mynetworks = 12.34.56.0/24 mynetworks = 12.34.56.0/24
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
local_transport = error:local mail delivery is disabled on this machine
/etc/postfix/transport: /etc/postfix/transport:
domain.com smtp:inside-gateway.domain.com (forwards user@domain) domain.com smtp:inside-gateway.domain.com (forwards user@domain)

2
postfix/html/qmqpd.8.html
View File

@@ -102,7 +102,7 @@ QMQPD(8) QMQPD(8)
of a problem. This slows down run-away errors. of a problem. This slows down run-away errors.
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
http://cr.yp.to/proto/qmqp.html, QMQP protocol <a href="http://cr.yp.to/proto/qmqp.html">http://cr.yp.to/proto/qmqp.html</a>, QMQP protocol
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager <a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging syslogd(8) system logging

126
postfix/html/sendmail.1.html
View File

@@ -95,37 +95,48 @@ SENDMAIL(1) SENDMAIL(1)
Initial user submission. Initial user submission.
<b>-V</b> Variable Envelope Return Path. Given an envelope <b>-V</b> Variable Envelope Return Path. Given an envelope
sender address <i>prefix</i>-@<i>origin</i>, each recipient sender address of the form <i>owner-listname</i>@<i>origin</i>,
<i>user@domain</i> receives mail with a personalized enve- each recipient <i>user</i>@<i>domain</i> receives mail with a
lope sender address <i>prefix</i><b>-</b><i>user=domain</i>@<i>origin</i>. personalized envelope sender address.
<b>-bd</b> Go into daemon mode. This mode of operation is By default, the personalized envelope sender
address is <i>owner-listname</i><b>+</b><i>user</i><b>=</b><i>domain</i>@<i>origin</i>. The
default <b>+</b> and <b>=</b> characters are configurable with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-V</b><i>xy</i> As <b>-V</b>, but uses <i>x</i> and <i>y</i> as the VERP delimiter char-
acters, instead of the characters specified with
the <b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b> configuration parame-
ter.
<b>-bd</b> Go into daemon mode. This mode of operation is
implemented by executing the <b>postfix</b> <b>start</b> command. implemented by executing the <b>postfix</b> <b>start</b> command.
<b>-bi</b> Initialize alias database. See the <b>newaliases</b> com- <b>-bi</b> Initialize alias database. See the <b>newaliases</b> com-
mand above. mand above.
<b>-bm</b> Read mail from standard input and arrange for <b>-bm</b> Read mail from standard input and arrange for
delivery. This is the default mode of operation. delivery. This is the default mode of operation.
<b>-bp</b> List the mail queue. See the <b>mailq</b> command above. <b>-bp</b> List the mail queue. See the <b>mailq</b> command above.
<b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands <b>-bs</b> Stand-alone SMTP server mode. Read SMTP commands
from standard input, and write responses to stan- from standard input, and write responses to stan-
dard output. This mode of operation is implemented dard output. This mode of operation is implemented
by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon. by running the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> daemon.
<b>-f</b> <i>sender</i> <b>-f</b> <i>sender</i>
Set the envelope sender address. This is the Set the envelope sender address. This is the
address where delivery problems are sent to, unless address where delivery problems are sent to, unless
the message contains an <b>Errors-To:</b> message header. the message contains an <b>Errors-To:</b> message header.
<b>-h</b> <i>hop_count</i> (ignored) <b>-h</b> <i>hop_count</i> (ignored)
Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura- Hop count limit. Use the <b>hopcount</b><i>_</i><b>limit</b> configura-
tion parameter instead. tion parameter instead.
<b>-i</b> When reading a message from standard input, don't <b>-i</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of treat a line with only a <b>.</b> character as the end of
input. input.
<b>-m</b> (ignored) <b>-m</b> (ignored)
@@ -135,68 +146,68 @@ SENDMAIL(1) SENDMAIL(1)
Backwards compatibility. Backwards compatibility.
<b>-oA</b><i>alias_database</i> <b>-oA</b><i>alias_database</i>
Non-default alias database. Specify <i>pathname</i> or Non-default alias database. Specify <i>pathname</i> or
<i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details. <i>type</i>:<i>pathname</i>. See <a href="postalias.1.html"><b>postalias</b>(1)</a> for details.
<b>-o7</b> (ignored) <b>-o7</b> (ignored)
<b>-o8</b> (ignored) <b>-o8</b> (ignored)
The message body type. Currently, Postfix imple- The message body type. Currently, Postfix imple-
ments <b>just-send-eight</b>. ments <b>just-send-eight</b>.
<b>-oi</b> When reading a message from standard input, don't <b>-oi</b> When reading a message from standard input, don't
treat a line with only a <b>.</b> character as the end of treat a line with only a <b>.</b> character as the end of
input. input.
<b>-om</b> (ignored) <b>-om</b> (ignored)
The sender is never eliminated from alias etc. The sender is never eliminated from alias etc.
expansions. expansions.
<b>-o</b> <i>x</i> <i>value</i> (ignored) <b>-o</b> <i>x</i> <i>value</i> (ignored)
Set option <i>x</i> to <i>value</i>. Use the equivalent configu- Set option <i>x</i> to <i>value</i>. Use the equivalent configu-
ration parameter in <b>main.cf</b> instead. ration parameter in <b>main.cf</b> instead.
<b>-r</b> <i>sender</i> <b>-r</b> <i>sender</i>
Set the envelope sender address. This is the Set the envelope sender address. This is the
address where delivery problems are sent to, unless address where delivery problems are sent to, unless
the message contains an <b>Errors-To:</b> message header. the message contains an <b>Errors-To:</b> message header.
<b>-q</b> Attempt to deliver all queued mail. This is imple- <b>-q</b> Attempt to deliver all queued mail. This is imple-
mented by kicking the <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon. mented by kicking the <a href="qmgr.8.html"><b>qmgr</b>(8)</a> daemon.
<b>-q</b><i>interval</i> (ignored) <b>-q</b><i>interval</i> (ignored)
The interval between queue runs. Use the The interval between queue runs. Use the
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b> configuration parameter instead. <b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b> configuration parameter instead.
<b>-qR</b><i>site</i> <b>-qR</b><i>site</i>
Schedule immediate delivery of all mail that is Schedule immediate delivery of all mail that is
queued for the named <i>site</i>. Depending on the desti- queued for the named <i>site</i>. Depending on the desti-
nation, this uses "fast flush" service, or it has nation, this uses "fast flush" service, or it has
the same effect as <b>sendmail</b> <b>-q</b>. This is imple- the same effect as <b>sendmail</b> <b>-q</b>. This is imple-
mented by connecting to the local SMTP server. See mented by connecting to the local SMTP server. See
<a href="smtpd.8.html"><b>smtpd</b>(8)</a> for more information about the "fast <a href="smtpd.8.html"><b>smtpd</b>(8)</a> for more information about the "fast
flush" service. flush" service.
<b>-qS</b><i>site</i> <b>-qS</b><i>site</i>
This command is not implemented. Use the slower This command is not implemented. Use the slower
<b>sendmail</b> <b>-q</b> command instead. <b>sendmail</b> <b>-q</b> command instead.
<b>-t</b> Extract recipients from message headers. This <b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the requires that no recipients be specified on the
command line. command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul- <b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly tiple <b>-v</b> options make the software increasingly
verbose. verbose.
<b>SECURITY</b> <b>SECURITY</b>
By design, this program is not set-user (or group) id. By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs. be taken against malicious inputs.
<b>DIAGNOSTICS</b> <b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) and to the standard Problems are logged to <b>syslogd</b>(8) and to the standard
error stream. error stream.
<b>ENVIRONMENT</b> <b>ENVIRONMENT</b>
@@ -208,7 +219,7 @@ SENDMAIL(1) SENDMAIL(1)
<b>MAIL</b><i>_</i><b>DEBUG</b> <b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec- Enable debugging with an external command, as spec-
ified with the <b>debugger</b><i>_</i><b>command</b> configuration ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter. parameter.
<b>FILES</b> <b>FILES</b>
@@ -216,13 +227,13 @@ SENDMAIL(1) SENDMAIL(1)
/etc/postfix, configuration files /etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION</b> <b>PARAMETERS</b>
See the Postfix <b>main.cf</b> file for syntax details and for See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change. configuration change.
<b>alias</b><i>_</i><b>database</b> <b>alias</b><i>_</i><b>database</b>
Default alias database(s) for <b>newaliases</b>. The Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe- default value for this parameter is system-spe-
cific. cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b> <b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -238,57 +249,66 @@ SENDMAIL(1) SENDMAIL(1)
initialized. initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter. parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log- host matches a pattern, increase the verbose log-
ging level by the amount specified in the ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter. <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The VERP delimiter characters that are used when
the <b>-V</b> command line option is specified without
delimiter characters.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b> <b>fast</b><i>_</i><b>flush</b><i>_</i><b>domains</b>
List of domains that will receive "fast flush" ser- List of domains that will receive "fast flush" ser-
vice (default: all domains that this system is vice (default: all domains that this system is
willing to relay mail to). This greatly improves willing to relay mail to). This greatly improves
the performance of the SMTP <b>ETRN</b> request, and of the performance of the SMTP <b>ETRN</b> request, and of
the <b>sendmail</b> <b>-qR</b> command. For domains not in the the <b>sendmail</b> <b>-qR</b> command. For domains not in the
list, Postfix simply attempts to deliver all queued list, Postfix simply attempts to deliver all queued
mail. mail.
<b>fork</b><i>_</i><b>attempts</b> <b>fork</b><i>_</i><b>attempts</b>
Number of attempts to <b>fork</b>() a process before giv- Number of attempts to <b>fork</b>() a process before giv-
ing up. ing up.
<b>fork</b><i>_</i><b>delay</b> <b>fork</b><i>_</i><b>delay</b>
Delay in seconds between successive <b>fork</b>() Delay in seconds between successive <b>fork</b>()
attempts. attempts.
<b>hopcount</b><i>_</i><b>limit</b> <b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers. Limit the number of <b>Received:</b> message headers.
<b>mail</b><i>_</i><b>owner</b> <b>mail</b><i>_</i><b>owner</b>
The owner of the mail queue and of most Postfix The owner of the mail queue and of most Postfix
processes. processes.
<b>command</b><i>_</i><b>directory</b> <b>command</b><i>_</i><b>directory</b>
Directory with Postfix support commands (default: Directory with Postfix support commands (default:
<b>$program</b><i>_</i><b>directory</b>). <b>$program</b><i>_</i><b>directory</b>).
<b>daemon</b><i>_</i><b>directory</b> <b>daemon</b><i>_</i><b>directory</b>
Directory with Postfix daemon programs (default: Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>). <b>$program</b><i>_</i><b>directory</b>).
<b>queue</b><i>_</i><b>directory</b> <b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue. This is Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run also the root directory of Postfix daemons that run
chrooted. chrooted.
<b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b> <b>queue</b><i>_</i><b>run</b><i>_</i><b>delay</b>
The time between successive scans of the deferred The time between successive scans of the deferred
queue. queue.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim-
iter characters.
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="pickup.8.html">pickup(8)</a> mail pickup daemon <a href="pickup.8.html">pickup(8)</a> mail pickup daemon
<a href="postalias.1.html">postalias(1)</a> maintain alias database <a href="postalias.1.html">postalias(1)</a> maintain alias database

67
postfix/html/smtpd.8.html
View File

@@ -123,6 +123,11 @@ SMTPD(8) SMTPD(8)
ging level by the amount specified in the ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter. <b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>default</b><i>_</i><b>verp</b><i>_</i><b>delimiters</b>
The default VERP delimiter characters that are used
when the XVERP command is specified without
explicit delimiters.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b> <b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
Recipient of protocol/policy/resource/software Recipient of protocol/policy/resource/software
error notices. error notices.
@@ -166,9 +171,13 @@ SMTPD(8) SMTPD(8)
reject responses. This can be useful for testing reject responses. This can be useful for testing
purposes. purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim-
iter characters.
<b>Resource</b> <b>controls</b> <b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b> <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the Limit the amount of memory in bytes used for the
handling of partial input lines. handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b> <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -176,8 +185,8 @@ SMTPD(8) SMTPD(8)
ing on-disk storage for envelope information. ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b> <b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail file system for the SMTP server to accept any mail
at all. at all.
<b>Tarpitting</b> <b>Tarpitting</b>
@@ -187,17 +196,17 @@ SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors, When an SMTP client has made this number of errors,
wait <i>error_count</i> seconds before responding to any wait <i>error_count</i> seconds before responding to any
client request. client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
Disconnect after a client has made this number of Disconnect after a client has made this number of
errors. errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit SMTP session before it is penalized with tarpit
delays. delays.
<b>UCE</b> <b>control</b> <b>restrictions</b> <b>UCE</b> <b>control</b> <b>restrictions</b>
@@ -206,19 +215,19 @@ SMTPD(8) SMTPD(8)
tem. tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b> <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
Require that clients introduce themselves at the Require that clients introduce themselves at the
beginning of an SMTP session. beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
Restrict what client hostnames are allowed in <b>HELO</b> Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands. and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b> Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands. <b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands. <b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
@@ -226,57 +235,57 @@ SMTPD(8) SMTPD(8)
mands, and what clients may issue <b>ETRN</b> commands. mands, and what clients may issue <b>ETRN</b> commands.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b> <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX nasty relay loopholes involving trusted backup MX
hosts. hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b> <b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of contain a list of UCE restrictions. The names of
these parameters can then be used instead of the these parameters can then be used instead of the
restriction lists that they represent. restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
List of DNS domains that publish the addresses of List of DNS domains that publish the addresses of
blacklisted hosts. blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b> <b>relay</b><i>_</i><b>domains</b>
Restrict what domains or networks this mail system Restrict what domains or networks this mail system
will relay mail from or to. will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b> <b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates an access Server response when a client violates an access
database restriction. database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction. <b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction. <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b> <b>reject</b><i>_</i><b>code</b>
Response code when the client matches a <b>reject</b> Response code when the client matches a <b>reject</b>
restriction. restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client attempts to violate Server response when a client attempts to violate
the mail relay policy. the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction. <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client without address to Server response when a client without address to
name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b> name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction. restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction. <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
@@ -285,7 +294,7 @@ SMTPD(8) SMTPD(8)
syslogd(8) system logging syslogd(8) system logging
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

20
postfix/man/man1/sendmail.1
View File

@@ -84,9 +84,18 @@ Log mailer traffic. Use the \fBdebug_peer_list\fR and
Initial user submission. Initial user submission.
.IP \fB-V\fR .IP \fB-V\fR
Variable Envelope Return Path. Given an envelope sender address Variable Envelope Return Path. Given an envelope sender address
\fIprefix\fR-@\fIorigin\fR, each recipient \fIuser@domain\fR of the form \fIowner-listname\fR@\fIorigin\fR, each recipient
receives mail with a personalized envelope sender address \fIuser\fR@\fIdomain\fR receives mail with a personalized envelope
\fIprefix\fB-\fIuser=domain\fR@\fIorigin\fR. sender address.
.sp
By default, the personalized envelope sender address is
\fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default
\fB+\fR and \fB=\fR characters are configurable with the
\fBdefault_verp_delimiters\fR configuration parameter.
.IP \fB-V\fIxy\fR
As \fB-V\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter
characters, instead of the characters specified with the
\fBdefault_verp_delimiters\fR configuration parameter.
.IP \fB-bd\fR .IP \fB-bd\fR
Go into daemon mode. This mode of operation is implemented by Go into daemon mode. This mode of operation is implemented by
executing the \fBpostfix start\fR command. executing the \fBpostfix start\fR command.
@@ -216,6 +225,9 @@ pattern in the \fBdebug_peer_list\fR parameter.
List of domain or network patterns. When a remote host matches List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter. specified in the \fBdebug_peer_level\fR parameter.
.IP \fBdefault_verp_delimiters\fR
The VERP delimiter characters that are used when the \fB-V\fR
command line option is specified without delimiter characters.
.IP \fBfast_flush_domains\fR .IP \fBfast_flush_domains\fR
List of domains that will receive "fast flush" service (default: all List of domains that will receive "fast flush" service (default: all
domains that this system is willing to relay mail to). This greatly domains that this system is willing to relay mail to). This greatly
@@ -241,6 +253,8 @@ Top-level directory of the Postfix queue. This is also the root
directory of Postfix daemons that run chrooted. directory of Postfix daemons that run chrooted.
.IP \fBqueue_run_delay\fR .IP \fBqueue_run_delay\fR
The time between successive scans of the deferred queue. The time between successive scans of the deferred queue.
.IP \fBverp_delimiter_filter\fR
The characters that Postfix accepts as VERP delimiter characters.
.SH SEE ALSO .SH SEE ALSO
.na .na
.nf .nf

5
postfix/man/man8/smtpd.8
View File

@@ -118,6 +118,9 @@ pattern in the \fBdebug_peer_list\fR parameter.
List of domain or network patterns. When a remote host matches List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter. specified in the \fBdebug_peer_level\fR parameter.
.IP \fBdefault_verp_delimiters\fR
The default VERP delimiter characters that are used when the
XVERP command is specified without explicit delimiters.
.IP \fBerror_notice_recipient\fR .IP \fBerror_notice_recipient\fR
Recipient of protocol/policy/resource/software error notices. Recipient of protocol/policy/resource/software error notices.
.IP \fBhopcount_limit\fR .IP \fBhopcount_limit\fR
@@ -148,6 +151,8 @@ request.
.IP \fBsoft_bounce\fR .IP \fBsoft_bounce\fR
Change hard (5xx) reject responses into soft (4xx) reject responses. Change hard (5xx) reject responses into soft (4xx) reject responses.
This can be useful for testing purposes. This can be useful for testing purposes.
.IP \fBverp_delimiter_filter\fR
The characters that Postfix accepts as VERP delimiter characters.
.SH "Resource controls" .SH "Resource controls"
.ad .ad
.fi .fi

1
postfix/mantools/postlink
View File

@@ -48,5 +48,6 @@ exec sed '
s/[<bB>]*virtual[</bB>]*(5)/<a href="virtual.5.html">&<\/a>/ s/[<bB>]*virtual[</bB>]*(5)/<a href="virtual.5.html">&<\/a>/
s/[<bB>]*virtual[</bB>]*(8)/<a href="virtual.8.html">&<\/a>/ s/[<bB>]*virtual[</bB>]*(8)/<a href="virtual.8.html">&<\/a>/
s/\(<a href="[^"]*">\)\([<bB>]*[a-z0-9-]*[-</bB>]*\)\(\n *\)\([<bB>]*[a-z0-9-]*[</bB>]*([0-9])\)\(<\/a>\)/\1\2\5\3\1\4\5/ s/\(<a href="[^"]*">\)\([<bB>]*[a-z0-9-]*[-</bB>]*\)\(\n *\)\([<bB>]*[a-z0-9-]*[</bB>]*([0-9])\)\(<\/a>\)/\1\2\5\3\1\4\5/
s/http:\/\/[^ ,]*/<a href="&">&<\/a>/
s/RFC *\([0-9]*\)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc\1.html">&<\/a>/ s/RFC *\([0-9]*\)/<a href="http:\/\/www.faqs.org\/rfcs\/rfc\1.html">&<\/a>/
' "$@" ' "$@"

1
postfix/src/bounce/Makefile.in
View File

@@ -147,5 +147,6 @@ bounce_notify_verp.o: ../../include/post_mail.h
bounce_notify_verp.o: ../../include/cleanup_user.h bounce_notify_verp.o: ../../include/cleanup_user.h
bounce_notify_verp.o: ../../include/mail_addr.h bounce_notify_verp.o: ../../include/mail_addr.h
bounce_notify_verp.o: ../../include/mail_error.h bounce_notify_verp.o: ../../include/mail_error.h
bounce_notify_verp.o: ../../include/verp_sender.h
bounce_notify_verp.o: bounce_service.h bounce_notify_verp.o: bounce_service.h
bounce_notify_verp.o: ../../include/bounce_log.h bounce_notify_verp.o: ../../include/bounce_log.h

1
postfix/src/cleanup/Makefile.in
View File

@@ -120,6 +120,7 @@ cleanup_envelope.o: ../../include/mail_params.h
cleanup_envelope.o: ../../include/ext_prop.h cleanup_envelope.o: ../../include/ext_prop.h
cleanup_envelope.o: ../../include/mail_addr.h cleanup_envelope.o: ../../include/mail_addr.h
cleanup_envelope.o: ../../include/canon_addr.h cleanup_envelope.o: ../../include/canon_addr.h
cleanup_envelope.o: ../../include/verp_sender.h
cleanup_envelope.o: cleanup.h cleanup_envelope.o: cleanup.h
cleanup_envelope.o: ../../include/argv.h cleanup_envelope.o: ../../include/argv.h
cleanup_envelope.o: ../../include/maps.h cleanup_envelope.o: ../../include/maps.h

9
postfix/src/cleanup/cleanup_envelope.c
View File

@@ -67,6 +67,7 @@
#include <ext_prop.h> #include <ext_prop.h>
#include <mail_addr.h> #include <mail_addr.h>
#include <canon_addr.h> #include <canon_addr.h>
#include <verp_sender.h>
/* Application-specific. */ /* Application-specific. */
@@ -184,14 +185,12 @@ static void cleanup_envelope_process(CLEANUP_STATE *state, int type, char *buf,
state->errs |= CLEANUP_STAT_BAD; state->errs |= CLEANUP_STAT_BAD;
return; return;
} }
if (len == 0) { if (verp_delims_verify(buf) == 0) {
buf = var_verp_delim;
len = strlen(buf);
}
if (len == 2) {
cleanup_out(state, type, buf, len); cleanup_out(state, type, buf, len);
} else { } else {
msg_warn("%s: bad VERP delimiters: \"%s\"", state->queue_id, buf);
state->errs |= CLEANUP_STAT_BAD; state->errs |= CLEANUP_STAT_BAD;
return;
} }
} else { } else {
cleanup_out(state, type, buf, len); cleanup_out(state, type, buf, len);

2
postfix/src/cleanup/cleanup_init.c
View File

@@ -106,7 +106,6 @@ char *var_prop_extension; /* propagate unmatched extension */
char *var_always_bcc; /* big brother */ char *var_always_bcc; /* big brother */
int var_extra_rcpt_limit; /* recipient extract limit */ int var_extra_rcpt_limit; /* recipient extract limit */
char *var_rcpt_witheld; /* recipients not disclosed */ char *var_rcpt_witheld; /* recipients not disclosed */
char *var_verp_delim; /* default VERP delimiters */
CONFIG_INT_TABLE cleanup_int_table[] = { CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0, VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
@@ -134,7 +133,6 @@ CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0, VAR_PROP_EXTENSION, DEF_PROP_EXTENSION, &var_prop_extension, 0, 0,
VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0, VAR_ALWAYS_BCC, DEF_ALWAYS_BCC, &var_always_bcc, 0, 0,
VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0, VAR_RCPT_WITHELD, DEF_RCPT_WITHELD, &var_rcpt_witheld, 1, 0,
VAR_VERP_DELIM, DEF_VERP_DELIM, &var_verp_delim, 2, 2,
0, 0,
}; };

2
postfix/src/global/Makefile.in
View File

@@ -610,6 +610,7 @@ mail_params.o: mail_version.h
mail_params.o: mail_proto.h mail_params.o: mail_proto.h
mail_params.o: ../../include/vstream.h mail_params.o: ../../include/vstream.h
mail_params.o: ../../include/iostuff.h mail_params.o: ../../include/iostuff.h
mail_params.o: verp_sender.h
mail_params.o: mail_params.h mail_params.o: mail_params.h
mail_pathname.o: mail_pathname.c mail_pathname.o: mail_pathname.c
mail_pathname.o: ../../include/sys_defs.h mail_pathname.o: ../../include/sys_defs.h
@@ -1042,6 +1043,7 @@ verp_sender.o: verp_sender.c
verp_sender.o: ../../include/sys_defs.h verp_sender.o: ../../include/sys_defs.h
verp_sender.o: ../../include/vstring.h verp_sender.o: ../../include/vstring.h
verp_sender.o: ../../include/vbuf.h verp_sender.o: ../../include/vbuf.h
verp_sender.o: mail_params.h
verp_sender.o: verp_sender.h verp_sender.o: verp_sender.h
xtext.o: xtext.c xtext.o: xtext.c
xtext.o: ../../include/sys_defs.h xtext.o: ../../include/sys_defs.h

14
postfix/src/global/mail_params.c
View File

@@ -62,6 +62,8 @@
/* char *var_fflush_domains; /* char *var_fflush_domains;
/* char *var_def_transport; /* char *var_def_transport;
/* char *var_mynetworks_style; /* char *var_mynetworks_style;
/* char *var_verp_delims;
/* char *var_verp_filter;
/* /*
/* char *var_import_environ; /* char *var_import_environ;
/* char *var_export_environ; /* char *var_export_environ;
@@ -119,6 +121,7 @@
#include "mail_conf.h" #include "mail_conf.h"
#include "mail_version.h" #include "mail_version.h"
#include "mail_proto.h" #include "mail_proto.h"
#include "verp_sender.h"
#include "mail_params.h" #include "mail_params.h"
/* /*
@@ -180,6 +183,8 @@ char *var_relay_domains;
char *var_fflush_domains; char *var_fflush_domains;
char *var_def_transport; char *var_def_transport;
char *var_mynetworks_style; char *var_mynetworks_style;
char *var_verp_delims;
char *var_verp_filter;
char *var_import_environ; char *var_import_environ;
char *var_export_environ; char *var_export_environ;
@@ -303,6 +308,8 @@ void mail_params_init()
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0, VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0,
VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0, VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0, VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,
VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0,
0, 0,
}; };
static CONFIG_STR_FN_TABLE function_str_defaults_2[] = { static CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
@@ -402,4 +409,11 @@ void mail_params_init()
*/ */
if (strcasecmp(var_myhostname, var_relayhost) == 0) if (strcasecmp(var_myhostname, var_relayhost) == 0)
msg_fatal("myhostname == relayhost"); msg_fatal("myhostname == relayhost");
/*
* One more sanity check.
*/
if ((cp = verp_delims_verify(var_verp_delims)) != 0)
msg_fatal("%s or %s configuration problem: %s",
VAR_VERP_DELIMS, VAR_VERP_FILTER, cp);
} }

10
postfix/src/global/mail_params.h
View File

@@ -1275,9 +1275,13 @@ extern int var_qmqpd_err_sleep;
* VERP, more DJB intellectual cross-pollination. However, we prefer + as * VERP, more DJB intellectual cross-pollination. However, we prefer + as
* the default recipient delimiter. * the default recipient delimiter.
*/ */
#define VAR_VERP_DELIM "default_verp_delimiters" #define VAR_VERP_DELIMS "default_verp_delimiters"
#define DEF_VERP_DELIM "+=" #define DEF_VERP_DELIMS "+="
extern char *var_verp_delim; extern char *var_verp_delims;
#define VAR_VERP_FILTER "verp_delimiter_filter"
#define DEF_VERP_FILTER "-=+"
extern char *var_verp_filter;
/* LICENSE /* LICENSE
/* .ad /* .ad

2
postfix/src/global/mail_version.h
View File

@@ -15,7 +15,7 @@
* Version of this program. * Version of this program.
*/ */
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20010709" #define DEF_MAIL_VERSION "Snapshot-20010714"
extern char *var_mail_version; extern char *var_mail_version;
/* LICENSE /* LICENSE

23
postfix/src/global/verp_sender.c
View File

@@ -11,6 +11,9 @@
/* const char *delims; /* const char *delims;
/* const char *sender; /* const char *sender;
/* const char *recipient; /* const char *recipient;
/*
/* const char *verp_delims_verify(delims)
/* const char *delims;
/* DESCRIPTION /* DESCRIPTION
/* verp_sender() encodes the recipient address in the sender /* verp_sender() encodes the recipient address in the sender
/* address, using the specified delimiters. For example, /* address, using the specified delimiters. For example,
@@ -18,6 +21,12 @@
/* recipient \fIuser@domain\fR the result is /* recipient \fIuser@domain\fR the result is
/* \fIprefix+user=domain@origin\fR. /* \fIprefix+user=domain@origin\fR.
/* /*
/* verp_delims_verify() determines if the specified VERP delimiters
/* have reasonable values. What is reasonable is configured with
/* the verp_delimiter_filter configuration parameter. The result
/* is null in case of success, a description of the problem in
/* case of error.
/*
/* Arguments: /* Arguments:
/* .IP dst /* .IP dst
/* The result. The buffer is null terminated. /* The result. The buffer is null terminated.
@@ -49,6 +58,7 @@
/* Global library. */ /* Global library. */
#include <mail_params.h>
#include <verp_sender.h> #include <verp_sender.h>
/* verp_sender - encode recipient into envelope sender address */ /* verp_sender - encode recipient into envelope sender address */
@@ -81,3 +91,16 @@ VSTRING *verp_sender(VSTRING *buf, const char *delimiters,
VSTRING_TERMINATE(buf); VSTRING_TERMINATE(buf);
return (buf); return (buf);
} }
/* verp_delims_verify - sanitize VERP delimiters */
const char *verp_delims_verify(const char *delims)
{
if (strlen(delims) != 2)
return ("bad VERP delimiter character count");
if (strchr(var_verp_filter, delims[0]) == 0)
return ("bad first VERP delimiter character");
if (strchr(var_verp_filter, delims[1]) == 0)
return ("bad second VERP delimiter character");
return (0);
}

1
postfix/src/global/verp_sender.h
View File

@@ -20,6 +20,7 @@
* External interface. * External interface.
*/ */
extern VSTRING *verp_sender(VSTRING *, const char *, const char *, const char *); extern VSTRING *verp_sender(VSTRING *, const char *, const char *, const char *);
extern const char *verp_delims_verify(const char *);
/* LICENSE /* LICENSE
/* .ad /* .ad

2
postfix/src/nqmgr/Makefile.in
View File

@@ -138,6 +138,7 @@ qmgr_deliver.o: ../../include/mail_proto.h
qmgr_deliver.o: ../../include/recipient_list.h qmgr_deliver.o: ../../include/recipient_list.h
qmgr_deliver.o: ../../include/mail_params.h qmgr_deliver.o: ../../include/mail_params.h
qmgr_deliver.o: ../../include/deliver_request.h qmgr_deliver.o: ../../include/deliver_request.h
qmgr_deliver.o: ../../include/verp_sender.h
qmgr_deliver.o: qmgr.h qmgr_deliver.o: qmgr.h
qmgr_deliver.o: ../../include/scan_dir.h qmgr_deliver.o: ../../include/scan_dir.h
qmgr_deliver.o: ../../include/maps.h qmgr_deliver.o: ../../include/maps.h
@@ -204,6 +205,7 @@ qmgr_message.o: ../../include/mail_addr_find.h
qmgr_message.o: ../../include/maps.h qmgr_message.o: ../../include/maps.h
qmgr_message.o: ../../include/opened.h qmgr_message.o: ../../include/opened.h
qmgr_message.o: ../../include/resolve_local.h qmgr_message.o: ../../include/resolve_local.h
qmgr_message.o: ../../include/verp_sender.h
qmgr_message.o: ../../include/resolve_clnt.h qmgr_message.o: ../../include/resolve_clnt.h
qmgr_message.o: qmgr.h qmgr_message.o: qmgr.h
qmgr_message.o: ../../include/scan_dir.h qmgr_message.o: ../../include/scan_dir.h

4
postfix/src/nqmgr/qmgr_active.c
View File

@@ -360,8 +360,8 @@ static void qmgr_active_done_2_generic(QMGR_MESSAGE *message)
*/ */
if (message->flags) { if (message->flags) {
if (event_time() > message->arrival_time + var_max_queue_time) { if (event_time() > message->arrival_time + var_max_queue_time) {
if (msg_verbose) msg_info("%s: from=<%s>, status=expired, returned to sender",
msg_info("%s: too old, bouncing %s", myname, message->queue_id); message->queue_id, message->sender);
if (message->verp_delims == 0) if (message->verp_delims == 0)
adefer_flush(BOUNCE_FLAG_KEEP, adefer_flush(BOUNCE_FLAG_KEEP,
message->queue_name, message->queue_name,

15
postfix/src/nqmgr/qmgr_message.c
View File

@@ -121,6 +121,7 @@
#include <mail_addr_find.h> #include <mail_addr_find.h>
#include <opened.h> #include <opened.h>
#include <resolve_local.h> #include <resolve_local.h>
#include <verp_sender.h>
/* Client stubs. */ /* Client stubs. */
@@ -425,12 +426,14 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
message->warn_time = atol(start); message->warn_time = atol(start);
} }
} else if (rec_type == REC_TYPE_VERP) { } else if (rec_type == REC_TYPE_VERP) {
if (strlen(start) != 2) { if (message->verp_delims == 0) {
msg_warn("%s: bad VERP record length: \"%s\"", if (verp_delims_verify(start) != 0) {
message->queue_id, start); msg_warn("%s: bad VERP record content: \"%s\"",
} else { message->queue_id, start);
message->single_rcpt = 1; } else {
message->verp_delims = mystrdup(start); message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
} }
} }
} while (rec_type > 0 && rec_type != REC_TYPE_END); } while (rec_type > 0 && rec_type != REC_TYPE_END);

1
postfix/src/qmgr/Makefile.in
View File

@@ -189,6 +189,7 @@ qmgr_message.o: ../../include/mail_addr_find.h
qmgr_message.o: ../../include/maps.h qmgr_message.o: ../../include/maps.h
qmgr_message.o: ../../include/opened.h qmgr_message.o: ../../include/opened.h
qmgr_message.o: ../../include/resolve_local.h qmgr_message.o: ../../include/resolve_local.h
qmgr_message.o: ../../include/verp_sender.h
qmgr_message.o: ../../include/resolve_clnt.h qmgr_message.o: ../../include/resolve_clnt.h
qmgr_message.o: qmgr.h qmgr_message.o: qmgr.h
qmgr_message.o: ../../include/scan_dir.h qmgr_message.o: ../../include/scan_dir.h

4
postfix/src/qmgr/qmgr_active.c
View File

@@ -360,8 +360,8 @@ static void qmgr_active_done_2_generic(QMGR_MESSAGE *message)
*/ */
if (message->flags) { if (message->flags) {
if (event_time() > message->arrival_time + var_max_queue_time) { if (event_time() > message->arrival_time + var_max_queue_time) {
if (msg_verbose) msg_info("%s: from=<%s>, status=expired, returned to sender",
msg_info("%s: too old, bouncing %s", myname, message->queue_id); message->queue_id, message->sender);
if (message->verp_delims == 0) if (message->verp_delims == 0)
adefer_flush(BOUNCE_FLAG_KEEP, adefer_flush(BOUNCE_FLAG_KEEP,
message->queue_name, message->queue_name,

15
postfix/src/qmgr/qmgr_message.c
View File

@@ -112,6 +112,7 @@
#include <mail_addr_find.h> #include <mail_addr_find.h>
#include <opened.h> #include <opened.h>
#include <resolve_local.h> #include <resolve_local.h>
#include <verp_sender.h>
/* Client stubs. */ /* Client stubs. */
@@ -305,12 +306,14 @@ static int qmgr_message_read(QMGR_MESSAGE *message)
message->warn_time = atol(start); message->warn_time = atol(start);
} }
} else if (rec_type == REC_TYPE_VERP) { } else if (rec_type == REC_TYPE_VERP) {
if (strlen(start) != 2) { if (message->verp_delims == 0) {
msg_warn("%s: bad VERP record length: \"%s\"", if (verp_delims_verify(start) != 0) {
message->queue_id, start); msg_warn("%s: bad VERP record content: \"%s\"",
} else { message->queue_id, start);
message->single_rcpt = 1; } else {
message->verp_delims = mystrdup(start); message->single_rcpt = 1;
message->verp_delims = mystrdup(start);
}
} }
} }
} while (rec_type > 0 && rec_type != REC_TYPE_END); } while (rec_type > 0 && rec_type != REC_TYPE_END);

1
postfix/src/sendmail/Makefile.in
View File

@@ -87,3 +87,4 @@ sendmail.o: ../../include/resolve_clnt.h
sendmail.o: ../../include/mail_flush.h sendmail.o: ../../include/mail_flush.h
sendmail.o: ../../include/mail_stream.h sendmail.o: ../../include/mail_stream.h
sendmail.o: ../../include/smtp_stream.h sendmail.o: ../../include/smtp_stream.h
sendmail.o: ../../include/verp_sender.h

33
postfix/src/sendmail/sendmail.c
View File

@@ -78,9 +78,18 @@
/* Initial user submission. /* Initial user submission.
/* .IP \fB-V\fR /* .IP \fB-V\fR
/* Variable Envelope Return Path. Given an envelope sender address /* Variable Envelope Return Path. Given an envelope sender address
/* \fIprefix\fR-@\fIorigin\fR, each recipient \fIuser@domain\fR /* of the form \fIowner-listname\fR@\fIorigin\fR, each recipient
/* receives mail with a personalized envelope sender address /* \fIuser\fR@\fIdomain\fR receives mail with a personalized envelope
/* \fIprefix\fB-\fIuser=domain\fR@\fIorigin\fR. /* sender address.
/* .sp
/* By default, the personalized envelope sender address is
/* \fIowner-listname\fB+\fIuser\fB=\fIdomain\fR@\fIorigin\fR. The default
/* \fB+\fR and \fB=\fR characters are configurable with the
/* \fBdefault_verp_delimiters\fR configuration parameter.
/* .IP \fB-V\fIxy\fR
/* As \fB-V\fR, but uses \fIx\fR and \fIy\fR as the VERP delimiter
/* characters, instead of the characters specified with the
/* \fBdefault_verp_delimiters\fR configuration parameter.
/* .IP \fB-bd\fR /* .IP \fB-bd\fR
/* Go into daemon mode. This mode of operation is implemented by /* Go into daemon mode. This mode of operation is implemented by
/* executing the \fBpostfix start\fR command. /* executing the \fBpostfix start\fR command.
@@ -200,6 +209,9 @@
/* List of domain or network patterns. When a remote host matches /* List of domain or network patterns. When a remote host matches
/* a pattern, increase the verbose logging level by the amount /* a pattern, increase the verbose logging level by the amount
/* specified in the \fBdebug_peer_level\fR parameter. /* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBdefault_verp_delimiters\fR
/* The VERP delimiter characters that are used when the \fB-V\fR
/* command line option is specified without delimiter characters.
/* .IP \fBfast_flush_domains\fR /* .IP \fBfast_flush_domains\fR
/* List of domains that will receive "fast flush" service (default: all /* List of domains that will receive "fast flush" service (default: all
/* domains that this system is willing to relay mail to). This greatly /* domains that this system is willing to relay mail to). This greatly
@@ -225,6 +237,8 @@
/* directory of Postfix daemons that run chrooted. /* directory of Postfix daemons that run chrooted.
/* .IP \fBqueue_run_delay\fR /* .IP \fBqueue_run_delay\fR
/* The time between successive scans of the deferred queue. /* The time between successive scans of the deferred queue.
/* .IP \fBverp_delimiter_filter\fR
/* The characters that Postfix accepts as VERP delimiter characters.
/* SEE ALSO /* SEE ALSO
/* pickup(8) mail pickup daemon /* pickup(8) mail pickup daemon
/* postalias(1) maintain alias database /* postalias(1) maintain alias database
@@ -297,6 +311,7 @@
#include <mail_flush.h> #include <mail_flush.h>
#include <mail_stream.h> #include <mail_stream.h>
#include <smtp_stream.h> #include <smtp_stream.h>
#include <verp_sender.h>
/* Application-specific. */ /* Application-specific. */
@@ -808,7 +823,12 @@ int main(int argc, char **argv)
optind++; optind++;
continue; continue;
} }
if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UVX:b:ce:f:h:imno:p:r:q:tvx")) <= 0) if (strcmp(argv[OPTIND], "-V") == 0) {
verp_delims = var_verp_delims;
optind++;
continue;
}
if ((c = GETOPT(argc, argv, "B:C:F:GIN:R:UV:X:b:ce:f:h:imno:p:r:q:tvx")) <= 0)
break; break;
switch (c) { switch (c) {
default: default:
@@ -832,7 +852,10 @@ int main(int argc, char **argv)
case 'R': /* DSN */ case 'R': /* DSN */
break; break;
case 'V': /* VERP */ case 'V': /* VERP */
verp_delims = ""; if (verp_delims_verify(optarg) != 0)
msg_fatal("-V option requires two characters from %s",
var_verp_filter);
verp_delims = optarg;
break; break;
case 'b': case 'b':
switch (*optarg) { switch (*optarg) {

1
postfix/src/smtpd/Makefile.in
View File

@@ -119,6 +119,7 @@ smtpd.o: ../../include/mail_stream.h
smtpd.o: ../../include/mail_queue.h smtpd.o: ../../include/mail_queue.h
smtpd.o: ../../include/tok822.h smtpd.o: ../../include/tok822.h
smtpd.o: ../../include/resolve_clnt.h smtpd.o: ../../include/resolve_clnt.h
smtpd.o: ../../include/verp_sender.h
smtpd.o: ../../include/mail_server.h smtpd.o: ../../include/mail_server.h
smtpd.o: smtpd_token.h smtpd.o: smtpd_token.h
smtpd.o: smtpd.h smtpd.o: smtpd.h

14
postfix/src/smtpd/smtpd.c
View File

@@ -104,6 +104,9 @@
/* List of domain or network patterns. When a remote host matches /* List of domain or network patterns. When a remote host matches
/* a pattern, increase the verbose logging level by the amount /* a pattern, increase the verbose logging level by the amount
/* specified in the \fBdebug_peer_level\fR parameter. /* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBdefault_verp_delimiters\fR
/* The default VERP delimiter characters that are used when the
/* XVERP command is specified without explicit delimiters.
/* .IP \fBerror_notice_recipient\fR /* .IP \fBerror_notice_recipient\fR
/* Recipient of protocol/policy/resource/software error notices. /* Recipient of protocol/policy/resource/software error notices.
/* .IP \fBhopcount_limit\fR /* .IP \fBhopcount_limit\fR
@@ -134,6 +137,8 @@
/* .IP \fBsoft_bounce\fR /* .IP \fBsoft_bounce\fR
/* Change hard (5xx) reject responses into soft (4xx) reject responses. /* Change hard (5xx) reject responses into soft (4xx) reject responses.
/* This can be useful for testing purposes. /* This can be useful for testing purposes.
/* .IP \fBverp_delimiter_filter\fR
/* The characters that Postfix accepts as VERP delimiter characters.
/* .SH "Resource controls" /* .SH "Resource controls"
/* .ad /* .ad
/* .fi /* .fi
@@ -284,6 +289,7 @@
#include <mail_stream.h> #include <mail_stream.h>
#include <mail_queue.h> #include <mail_queue.h>
#include <tok822.h> #include <tok822.h>
#include <verp_sender.h>
/* Single-threaded server skeleton. */ /* Single-threaded server skeleton. */
@@ -689,14 +695,14 @@ static int mail_cmd(SMTPD_STATE *state, int argc, SMTPD_TOKEN *argv)
} }
#endif #endif
} else if (strcasecmp(arg, VERP_CMD) == 0) { } else if (strcasecmp(arg, VERP_CMD) == 0) {
verp_delims = ""; verp_delims = var_verp_delims;
} else if (strncasecmp(arg, VERP_CMD, VERP_CMD_LEN) == 0 } else if (strncasecmp(arg, VERP_CMD, VERP_CMD_LEN) == 0
&& arg[VERP_CMD_LEN] == '=') { && arg[VERP_CMD_LEN] == '=') {
verp_delims = arg + VERP_CMD_LEN + 1; verp_delims = arg + VERP_CMD_LEN + 1;
if (strlen(verp_delims) != 2) { if (verp_delims_verify(verp_delims) != 0) {
state->error_mask |= MAIL_ERROR_PROTOCOL; state->error_mask |= MAIL_ERROR_PROTOCOL;
smtpd_chat_reply(state, "501 Bad %s parameter: %s", smtpd_chat_reply(state, "501 %s needs two characters from %s",
VERP_CMD, arg); VERP_CMD, var_verp_filter);
return (-1); return (-1);
} }
} else { } else {

20
postfix/src/util/make_dirs.c
View File

@@ -54,6 +54,7 @@ int make_dirs(const char *path, int perms)
int saved_ch; int saved_ch;
struct stat st; struct stat st;
int ret; int ret;
mode_t saved_mode;
/* /*
* Initialize. Make a copy of the path that we can safely clobber. * Initialize. Make a copy of the path that we can safely clobber.
@@ -78,14 +79,31 @@ int make_dirs(const char *path, int perms)
ret = -1; ret = -1;
break; break;
} }
saved_mode = st.st_mode;
} else { } else {
if (errno != ENOENT) if (errno != ENOENT)
break; break;
/*
* Create a new directory. Unfortunately, mkdir(2) has no
* equivalent of open(2)'s O_CREAT|O_EXCL safety net, so we must
* require that the parent directory is not world writable.
* Detecting a lost race condition after the fact is not
* sufficient, as an attacker could repeat the attack and add one
* directory level at a time.
*/
if (saved_mode & S_IWOTH) {
msg_warn("refusing to mkdir %s: parent directory is writable by everyone",
saved_path);
errno = EPERM;
ret = -1;
break;
}
if ((ret = mkdir(saved_path, perms)) < 0) { if ((ret = mkdir(saved_path, perms)) < 0) {
if (errno != EEXIST) if (errno != EEXIST)
break; break;
/* Race condition? */ /* Race condition? */
if ((ret = stat(saved_path, &st)) < 0) if ((ret = stat(saved_path, &st)) < 0)
break; break;
if (!S_ISDIR(st.st_mode)) { if (!S_ISDIR(st.st_mode)) {
errno = ENOTDIR; errno = ENOTDIR;