diff --git a/postfix/HISTORY b/postfix/HISTORY
index 679a788a8..1f0614f7a 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -3648,3 +3648,24 @@ Apologies for any names omitted.
time (see cleanup/cleanup_api.c); also got rid of the global
state variables and fixed a couple bugs that were introduced
with 20000115-22.
+
+20000204
+
+ Feature: in daemon mode, the MAIL FROM size check can be
+ postponed until RCPT TO so that Postfix can log sender and
+ recipient. Simon J Mudd. Files: smtpd/smtpd.c
+
+ Robustness: limit the number of recipient addresses that
+ can be extracted from message headers. Parameter:
+ extract_recipient_limit (default: 10240). Files:
+ cleaup/cleanup_message.c, cleanup/cleanup_extracted.c.
+
+ Cleanup: the message header reject logging now includes
+ sender and recipient address (if possible), so that the
+ logging looks more like the other reject logging. File:
+ cleanup/cleanup_message.c.
+
+ Documentation: added sections on regular expression tables
+ to the access, canonical, virtual, transport and relocated
+ man pages, and write new man pages that are specific to
+ regular expressions: pcre_table.5 and regexp_table.5.
diff --git a/postfix/RELEASE_NOTES b/postfix/RELEASE_NOTES
index ac4111da2..6a45b4ddb 100644
--- a/postfix/RELEASE_NOTES
+++ b/postfix/RELEASE_NOTES
@@ -1,9 +1,10 @@
-Incompatible changes with snapshot-20000203
+Incompatible changes with snapshot-20000204
===========================================
-None sofar.
+This release is mainly to have a reference point after reorganizing
+the cleanup daemon.
-Major changes with snapshot-20000203
+Major changes with snapshot-20000204
====================================
Questionable feature: with "smtp_skip_5xx_greeting = yes", Postfix
diff --git a/postfix/cleanup/cleanup.c b/postfix/cleanup/cleanup.c
index a8f1e913f..7121dc0ea 100644
--- a/postfix/cleanup/cleanup.c
+++ b/postfix/cleanup/cleanup.c
@@ -95,6 +95,8 @@
/* Limit the number of envelope recipients that are remembered.
/* .IP \fBheader_size_limit\fR
/* Limit the amount of memory in bytes used to process a message header.
+/* .IP \fBextract_recipient_limit\fR
+/* Limit the amount of recipients extracted from message headers.
/* SEE ALSO
/* canonical(5) canonical address lookup table format
/* qmgr(8) queue manager daemon
diff --git a/postfix/cleanup/cleanup_api.c b/postfix/cleanup/cleanup_api.c
index a8b950302..0d530da9b 100644
--- a/postfix/cleanup/cleanup_api.c
+++ b/postfix/cleanup/cleanup_api.c
@@ -144,8 +144,8 @@ void cleanup_control(CLEANUP_STATE *state, int flags)
* throw away the input only in case of real show-stopper errors, such as
* unrecognizable data (which should never happen) or insufficient space
* for the queue file (which will happen occasionally). Otherwise,
- * discard input after any lethal error. See the CLEANUP_OUT_OK()
- * macro definition.
+ * discard input after any lethal error. See the CLEANUP_OUT_OK() macro
+ * definition.
*/
if ((state->flags = flags) & CLEANUP_FLAG_BOUNCE) {
state->err_mask =
@@ -168,10 +168,12 @@ int cleanup_close(CLEANUP_STATE *state)
* the execute bits on a file only when we really want the queue manager
* to process it.
*/
- if (state->recip == 0)
- state->errs |= CLEANUP_STAT_RCPT;
- if (state->end_seen == 0)
- state->errs |= CLEANUP_STAT_BAD;
+ if (CLEANUP_OUT_OK(state)) {
+ if (state->recip == 0)
+ state->errs |= CLEANUP_STAT_RCPT;
+ if (state->end_seen == 0)
+ state->errs |= CLEANUP_STAT_BAD;
+ }
/*
* If there are no errors, be very picky about queue file write errors
@@ -204,6 +206,8 @@ int cleanup_close(CLEANUP_STATE *state)
* message headers because we could not process all the message headers).
* However, cleanup_strerror() prioritizes errors so that it can report
* the cause (e.g., header buffer overflow), which is more useful.
+ *
+ * XXX When bouncing, should log sender because qmgr won't be able to.
*/
#define CAN_BOUNCE() \
((state->errs & (CLEANUP_STAT_BAD | CLEANUP_STAT_WRITE)) == 0 \
@@ -215,7 +219,7 @@ int cleanup_close(CLEANUP_STATE *state)
if (bounce_recip(BOUNCE_FLAG_CLEAN,
MAIL_QUEUE_INCOMING, state->queue_id,
state->sender, state->recip ?
- state->recip : "", "cleanup", state->time,
+ state->recip : "unknown", "cleanup", state->time,
"Message processing aborted: %s",
cleanup_strerror(state->errs)) == 0) {
state->errs = 0;
diff --git a/postfix/cleanup/cleanup_extracted.c b/postfix/cleanup/cleanup_extracted.c
index 4a3fb36cb..b95a37299 100644
--- a/postfix/cleanup/cleanup_extracted.c
+++ b/postfix/cleanup/cleanup_extracted.c
@@ -144,23 +144,27 @@ static void cleanup_extracted_process(CLEANUP_STATE *state, int type, char *buf,
*/
if (state->recip == 0 && (state->errs & CLEANUP_STAT_HOVFL) == 0) {
rcpt = (state->resent[0] ? state->resent_recip : state->recipients);
- if (*var_always_bcc && rcpt->argv[0]) {
- clean_addr = vstring_alloc(100);
- cleanup_rewrite_internal(clean_addr, var_always_bcc);
- if (cleanup_rcpt_canon_maps)
- cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
+ if (rcpt->argc >= var_extra_rcpt_limit) {
+ state->errs |= CLEANUP_STAT_ROVFL;
+ } else {
+ if (*var_always_bcc && rcpt->argv[0]) {
+ clean_addr = vstring_alloc(100);
+ cleanup_rewrite_internal(clean_addr, var_always_bcc);
+ if (cleanup_rcpt_canon_maps)
+ cleanup_map11_internal(state, clean_addr, cleanup_rcpt_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- if (cleanup_comm_canon_maps)
- cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
+ if (cleanup_comm_canon_maps)
+ cleanup_map11_internal(state, clean_addr, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- argv_add(rcpt, STR(clean_addr), (char *) 0);
- vstring_free(clean_addr);
+ argv_add(rcpt, STR(clean_addr), (char *) 0);
+ vstring_free(clean_addr);
+ }
+ argv_terminate(rcpt);
+ for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++)
+ cleanup_out_recipient(state, *cpp);
+ if (rcpt->argv[0])
+ state->recip = mystrdup(rcpt->argv[0]);
}
- argv_terminate(rcpt);
- for (cpp = rcpt->argv; CLEANUP_OUT_OK(state) && *cpp; cpp++)
- cleanup_out_recipient(state, *cpp);
- if (rcpt->argv[0])
- state->recip = mystrdup(rcpt->argv[0]);
}
/*
diff --git a/postfix/cleanup/cleanup_init.c b/postfix/cleanup/cleanup_init.c
index c3b1a537b..2de75692c 100644
--- a/postfix/cleanup/cleanup_init.c
+++ b/postfix/cleanup/cleanup_init.c
@@ -23,7 +23,7 @@
/* void cleanup_all()
/* DESCRIPTION
/* This module implements a callable interface to the cleanup service
-/* for one-time initializations that must be done before any message
+/* for one-time initializations that must be done before any message
/* processing can take place.
/*
/* cleanup_int_table[] and cleanup_str_table[] specify configuration
@@ -33,7 +33,7 @@
/*
/* cleanup_pre_jail() and cleanup_post_jail() perform mandatory
/* initializations before and after the process enters the optional
-/* chroot jail. These functions satisfy the interface as specified
+/* chroot jail. These functions satisfy the interface as specified
/* in single_service(3).
/*
/* cleanup_path is either a null pointer or it is the name of a queue
@@ -42,7 +42,7 @@
/*
/* cleanup_all() must be called in case of fatal error, in order
/* to remove an incomplete queue file. Normally, as part of process
-/* initialization, one registers a msg_cleanup() handler and a signal()
+/* initialization, one registers a msg_cleanup() handler and a signal()
/* handler that both call cleanup_all() before terminating the process.
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
@@ -101,14 +101,17 @@ char *var_empty_addr; /* destination of bounced bounces */
int var_delay_warn_time; /* delay that triggers warning */
char *var_prop_extension; /* propagate unmatched extension */
char *var_always_bcc; /* big brother */
+int var_extra_rcpt_limit; /* recipient extract limit */
CONFIG_INT_TABLE cleanup_int_table[] = {
VAR_HOPCOUNT_LIMIT, DEF_HOPCOUNT_LIMIT, &var_hopcount_limit, 1, 0,
VAR_HEADER_LIMIT, DEF_HEADER_LIMIT, &var_header_limit, 1, 0,
VAR_DUP_FILTER_LIMIT, DEF_DUP_FILTER_LIMIT, &var_dup_filter_limit, 0, 0,
VAR_DELAY_WARN_TIME, DEF_DELAY_WARN_TIME, &var_delay_warn_time, 0, 0,
+ VAR_EXTRA_RCPT_LIMIT, DEF_EXTRA_RCPT_LIMIT, &var_extra_rcpt_limit, 0, 0,
0,
};
+
CONFIG_STR_TABLE cleanup_str_table[] = {
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
VAR_SEND_CANON_MAPS, DEF_SEND_CANON_MAPS, &var_send_canon_maps, 0, 0,
diff --git a/postfix/cleanup/cleanup_message.c b/postfix/cleanup/cleanup_message.c
index 532ddce5d..c4fb5a91e 100644
--- a/postfix/cleanup/cleanup_message.c
+++ b/postfix/cleanup/cleanup_message.c
@@ -202,6 +202,7 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
TOK822 *tree;
TOK822 **addr_list;
TOK822 **tpp;
+ ARGV *rcpt;
if (msg_verbose)
msg_info("rewrite_recip: %s", hdr_opts->name);
@@ -222,11 +223,14 @@ static void cleanup_rewrite_recip(CLEANUP_STATE *state, HEADER_OPTS *hdr_opts)
if (cleanup_comm_canon_maps)
cleanup_map11_tree(state, *tpp, cleanup_comm_canon_maps,
cleanup_ext_prop_mask & EXT_PROP_CANONICAL);
- tok822_internalize(state->temp1, tpp[0]->head, TOK822_STR_DEFL);
- if (state->recip == 0 && (hdr_opts->flags & HDR_OPT_EXTRACT) != 0)
- argv_add((hdr_opts->flags & HDR_OPT_RR) ?
- state->resent_recip : state->recipients,
- vstring_str(state->temp1), (char *) 0);
+ if (state->recip == 0 && (hdr_opts->flags & HDR_OPT_EXTRACT) != 0) {
+ rcpt = (hdr_opts->flags & HDR_OPT_RR) ?
+ state->resent_recip : state->recipients;
+ if (rcpt->argc < var_extra_rcpt_limit) {
+ tok822_internalize(state->temp1, tpp[0]->head, TOK822_STR_DEFL);
+ argv_add(rcpt, vstring_str(state->temp1), (char *) 0);
+ }
+ }
if (cleanup_masq_domains)
cleanup_masquerade_tree(*tpp, cleanup_masq_domains);
if (hdr_opts->type == HDR_RETURN_RECEIPT_TO && !state->return_receipt)
@@ -260,7 +264,9 @@ static void cleanup_header(CLEANUP_STATE *state)
if ((value = maps_find(cleanup_header_checks, header, 0)) != 0) {
if (strcasecmp(value, "REJECT") == 0) {
- msg_warn("%s: reject: header %.100s", state->queue_id, header);
+ msg_info("%s: reject: header %.100s; from=<%s> to=<%s>",
+ state->queue_id, header, state->sender,
+ state->recip ? state->recip : "unknown");
state->errs |= CLEANUP_STAT_CONT;
}
}
diff --git a/postfix/conf/access b/postfix/conf/access
index 6fcde8c3f..e994a9473 100644
--- a/postfix/conf/access
+++ b/postfix/conf/access
@@ -34,7 +34,8 @@
# PATTERNS
# .ad
# .fi
-# With lookups from indexed files, patterns are tried in the order as
+# With lookups from indexed files such as DB or DBM, or from networked
+# tables such as NIS, LDAP or SQL, patterns are tried in the order as
# listed below:
# .IP \fIuser\fR@\fIdomain\fR
# Matches the specified mail address.
@@ -73,13 +74,12 @@
# Each pattern is a regular expression that is applied to the entire
# string being looked up. Depending on the application, that string
# is an entire client hostname, an entire client IP address, or an
-# entire mail address. Patterns are applied in order as specified,
-# until a pattern is found that matches the search string.
+# entire mail address. Thus, no parent domain or parent network search
+# is done, and \fIuser@domain\fR mail addresses are not broken up into
+# their \fIuser@\fR and \fIdomain\fR constituent parts.
#
-# In contrast to lookups from indexed files, no parent domain or
-# parent network search is done with regular expression tables,
-# and \fIuser@domain\fR mail addresses are not broken up into their
-# \fIuser@\fR and \fIdomain\fR constituent parts.
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
#
# Actions are the same as with normal indexed file lookups, with
# the additional feature that parenthesized substrings from the
@@ -90,7 +90,7 @@
# postmap(1) create mapping table
# smtpd(8) smtp server
# pcre_table(5) format of PCRE tables
-# regexp_table(5) format of POSIX regexp tables
+# regexp_table(5) format of POSIX regular expression tables
# LICENSE
# .ad
# .fi
diff --git a/postfix/conf/canonical b/postfix/conf/canonical
index 1f464bb60..448ae5040 100644
--- a/postfix/conf/canonical
+++ b/postfix/conf/canonical
@@ -10,12 +10,19 @@
# local and non-local addresses. The mapping is used by the
# \fBcleanup\fR(8) daemon. The address mapping is recursive.
#
-# The file serves as input to the \fBpostmap\fR(1) command. The result,
-# an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-# fast searching by the mail system. After an update
+# Normally, the file serves as input to the \fBpostmap\fR(1) command.
+# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+# is used for fast searching by the mail system. After an update
# it may take a minute or so before the change becomes visible.
# Issue a \fBpostfix reload\fR command to eliminate the delay.
#
+# When the table is provided via other means such as NIS, LDAP
+# or SQL, the same lookups are done as for ordinary indexed files.
+#
+# Alternatively, the table can be provided as a regular-expression
+# map where patterns are given as regular expressions. In that case,
+# the lookups are done in a slightly different way as described below.
+#
# The \fBcanonical\fR mapping affects both message header addresses
# (i.e. addresses that appear inside messages) and message envelope
# addresses (for example, the addresses that are used in SMTP protocol
@@ -30,11 +37,19 @@
#
# The \fBcanonical\fR mapping is not to be confused with local aliasing.
# Use the \fBaliases\fR(5) map for that purpose.
-#
-# The format of the \fBcanonical\fR table is as follows, mappings
-# being tried in the order as listed in this manual page:
+# TABLE FORMAT
+# .ad
+# .fi
+# The format of the \fBcanonical\fR table is as follows:
# .IP "blanks and comments"
# Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+# When \fIpattern\fR matches a mail address, replace it by the
+# corresponding \fIresult\fR.
+# .PP
+# With lookups from indexed files such as DB or DBM, or from networked
+# tables such as NIS, LDAP or SQL, patterns are tried in the order as
+# listed below:
# .IP "\fIuser\fR@\fIdomain address\fR"
# \fIuser\fR@\fIdomain\fR is replaced by \fIaddress\fR. This form
# has the highest precedence.
@@ -65,6 +80,25 @@
# to the result of table lookup. The matching order is:
# \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR,
# \fIuser+foo\fR, \fIuser\fR, and @\fIdomain\fR.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+# This section describes how the table lookups change when the table
+# is given in the form of regular expressions. For a description of
+# regular expression lookup table syntax, see \fBregexp_table\fR(5)
+# or \fBpcre_table\fR(5).
+#
+# Each pattern is a regular expression that is applied to the entire
+# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+# broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+# nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+#
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
+#
+# Results are the same as with normal indexed file lookups, with
+# the additional feature that parenthesized substrings from the
+# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
# BUGS
# The table format does not understand quoting conventions.
# CONFIGURATION PARAMETERS
@@ -101,6 +135,8 @@
# cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table
# virtual(5) virtual domain mapping
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
# LICENSE
# .ad
# .fi
diff --git a/postfix/conf/pcre_table b/postfix/conf/pcre_table
index cdecf7822..525d7fb0e 100644
--- a/postfix/conf/pcre_table
+++ b/postfix/conf/pcre_table
@@ -1 +1,79 @@
-THIS IS TODO
+#++
+# NAME
+# pcre_table 5
+# SUMMARY
+# format of Postfix PCRE tables
+# SYNOPSIS
+# pcre:/etc/postfix/filename
+# DESCRIPTION
+# The Postfix mail system uses optional tables for address
+# rewriting or mail routing. These tables usually are in
+# \fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables
+# can be specified in Perl Compatible Regular Expression form.
+#
+# To find out what types of lookup tables your Postfix system
+# supports use the \fBpostconf -m\fR command.
+#
+# The general form of a PCRE table is:
+# .IP "blanks and comments"
+# Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+# When \fIpattern\fR matches a search string, use the corresponding
+# \fIresult\fR. A line that starts with white space continues the
+# preceding line.
+# .PP
+# Each pattern is a perl-like regular expression. The expression
+# delimiter can be any character, except whitespace or characters
+# that have special meaning (traditionally the forward slash is used).
+# The regular expression can contain whitespace.
+#
+# By default, matching is case-insensitive, although following
+# the second slash with an `i' flag will reverse this. Other flags
+# are supported, but the only other useful one is `U', which makes
+# matching ungreedy (see PCRE documentation and source for more
+# info).
+#
+# Each pattern is applied to the entire string being looked up.
+# Depending on the application, that string is an entire client
+# hostname, an entire client IP address, or an entire mail address.
+# Thus, no parent domain or parent network search is done, and
+# \fIuser@domain\fR mail addresses are not broken up into their
+# \fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+# broken up into \fIuser\fR and \fIfoo\fR.
+#
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
+#
+# Substitution of sub-strings from the matched expression is
+# possible using the conventional perl syntax ($1, $2, etc.). The
+# macros in the replacement string may need to be written as ${n}
+# or $(n) if they aren't followed by whitespace.
+# EXAMPLES
+# # Protect your outgoing majordomo exploders
+# /^(?!owner-)(.*)-outgoing@(my\.domain)$/ 550 Use ${1}@${2} instead
+#
+# # Bounce friend@whatever, except when whatever is our domain (you would
+# # be better just bouncing all friend@ mail - this is just an example).
+# /^friend@(?!my\.domain).*$/ 550 Stick this in your pipe $0
+#
+# # A multi-line entry. The text is sent as one line.
+# #
+# /^noddy@connect\.com\.au$/
+# \ 550 This user is a funny one. You really don't want to send mail to
+# \ them as it only makes their head spin.
+# SEE ALSO
+# regexp_table(5) format of POSIX regular expression tables
+# AUTHOR(S)
+# The PCRE table lookup code was originally written by:
+# Andrew McNamara
+# andrewm@connect.com.au
+# connect.com.au Pty. Ltd.
+# Level 3, 213 Miller St
+# North Sydney, NSW, Australia
+#
+# Adopted and adapted by:
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#--
diff --git a/postfix/conf/regexp_table b/postfix/conf/regexp_table
index cdecf7822..d91251325 100644
--- a/postfix/conf/regexp_table
+++ b/postfix/conf/regexp_table
@@ -1 +1,83 @@
-THIS IS TODO
+#++
+# NAME
+# regexp_table 5
+# SUMMARY
+# format of Postfix regular expression tables
+# SYNOPSIS
+# regexp:/etc/postfix/filename
+# DESCRIPTION
+# The Postfix mail system uses optional tables for address
+# rewriting or mail routing. These tables usually are in
+# \fBdbm\fR or \fBdb\fR format. Alternatively, lookup tables
+# can be specified in POSIX regular expression form.
+#
+# To find out what types of lookup tables your Postfix system
+# supports use the \fBpostconf -m\fR command.
+#
+# The general form of a Postfix regular expression table is:
+# .IP "blanks and comments"
+# Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+# When \fIpattern\fR matches a search string, use the corresponding
+# \fIresult\fR. A line that starts with white space continues the
+# preceding line.
+# .IP "\fIpattern1!pattern2 result\fR"
+# Matches \fIpattern1\fR but not \fIpattern2\fR.
+# .PP
+# Each pattern is a regular expression enclosed by a pair of delimiters.
+# The regular expression syntax is described in \fIre_format\fR(7).
+# The expression delimiter can be any character, except whitespace
+# or characters that have special meaning (traditionally the forward
+# slash is used). The regular expression can contain whitespace.
+#
+# By default, matching is case-insensitive, although following
+# the second slash with an `i' flag will reverse this. Other flags
+# are `x' (disable extended expression syntax), and `m' (enable
+# multi-line mode).
+#
+# Each pattern is applied to the entire string being looked up.
+# Depending on the application, that string is an entire client
+# hostname, an entire client IP address, or an entire mail address.
+# Thus, no parent domain or parent network search is done, and
+# \fIuser@domain\fR mail addresses are not broken up into their
+# \fIuser\fR and \fIdomain\fR constituent parts, nor is \fIuser+foo\fR
+# broken up into \fIuser\fR and \fIfoo\fR.
+#
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
+#
+# Substitution of sub-strings from the matched expression is
+# possible using $1, $2, etc.. The macros in the replacement string
+# may need to be written as ${n} or $(n) if they aren't followed
+# by whitespace.
+# EXAMPLES
+# # Disallow sender-specified routing. This is a must if you relay mail
+# # for other domains.
+# /[%!@].*[%!@]/ 550 Sender-specified routing rejected
+#
+# # Postmaster is OK, that way they can talk to us about how to fix
+# # their problem.
+# /^postmaster@.*$/ OK
+#
+# # Protect your outgoing majordomo exploders
+# /^(.*)-outgoing@(.*)$/!/^owner-.*/ 550 Use ${1}@${2} instead
+# SEE ALSO
+# pcre_table(5) format of PCRE tables
+# AUTHOR(S)
+# The regexp table lookup code was originally written by:
+# LaMont Jones
+# lamont@hp.com
+#
+# That code was based on the PCRE dictionary contributed by:
+# Andrew McNamara
+# andrewm@connect.com.au
+# connect.com.au Pty. Ltd.
+# Level 3, 213 Miller St
+# North Sydney, NSW, Australia
+#
+# Adopted and adapted by:
+# Wietse Venema
+# IBM T.J. Watson Research
+# P.O. Box 704
+# Yorktown Heights, NY 10598, USA
+#--
diff --git a/postfix/conf/relocated b/postfix/conf/relocated
index 1c3c216cf..aa736cccc 100644
--- a/postfix/conf/relocated
+++ b/postfix/conf/relocated
@@ -9,13 +9,22 @@
# The optional \fBrelocated\fR file provides the information that is
# used in "user has moved to \fInew_location\fR" bounce messages.
#
-# The file serves as input to the \fBpostmap\fR(1) command. The result,
-# an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-# fast searching by the mail system. After an update
+# Normally, the file serves as input to the \fBpostmap\fR(1) command.
+# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+# is used for fast searching by the mail system. After an update
# issue a \fBpostfix reload\fR command to make the change visible.
#
-# Table lookups are case insensitive.
+# When the table is provided via other means such as NIS, LDAP
+# or SQL, the same lookups are done as for ordinary indexed files.
#
+# Alternatively, the table can be provided as a regular-expression
+# map where patterns are given as regular expressions. In that case,
+# the lookups are done in a slightly different way as described below.
+#
+# Table lookups are case insensitive.
+# TABLE FORMAT
+# .ad
+# .fi
# The format of the table is as follows:
# .IP \(bu
# Blank lines are ignored, as are lines beginning with `#'.
@@ -27,7 +36,9 @@
# Where \fInew_location\fR specifies contact information such as
# an email address, or perhaps a street address or telephone number.
# .PP
-# The \fIkey\fR field is one of the following:
+# With lookups from indexed files such as DB or DBM, or from networked
+# tables such as NIS, LDAP or SQL, the \fIkey\fR field is one of the
+# following:
# .IP \fIuser\fR@\fIdomain\fR
# Matches \fIuser\fR@\fIdomain\fR. This form has precedence over all
# other forms.
@@ -45,6 +56,25 @@
# optional recipient delimiter (e.g., \fIuser+foo\fR@\fIdomain\fR),
# the search is repeated for the unextended address (e.g.
# \fIuser\fR@\fIdomain\fR).
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+# This section describes how the table lookups change when the table
+# is given in the form of regular expressions. For a description of
+# regular expression lookup table syntax, see \fBregexp_table\fR(5)
+# or \fBpcre_table\fR(5).
+#
+# Each pattern is a regular expression that is applied to the entire
+# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+# broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+# nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+#
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
+#
+# Results are the same as with normal indexed file lookups, with
+# the additional feature that parenthesized substrings from the
+# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
# BUGS
# The table format does not understand quoting conventions.
# CONFIGURATION PARAMETERS
@@ -66,6 +96,8 @@
# The domain that is appended to locally-posted mail.
# SEE ALSO
# postmap(1) create lookup table
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
# LICENSE
# .ad
# .fi
@@ -76,5 +108,5 @@
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#--
-
+
# By default, this file is not used. See sample-relocated.cf
diff --git a/postfix/conf/sample-pcre.cf b/postfix/conf/sample-pcre.cf
index 2bfa1a122..48b829784 100644
--- a/postfix/conf/sample-pcre.cf
+++ b/postfix/conf/sample-pcre.cf
@@ -7,7 +7,7 @@
# the forward slash is used). The regular expression can contain
# whitespace.
#
-# By default, matching is case-INsensative, although following
+# By default, matching is case-INsensitive, although following
# the second slash with an 'i' will reverse this. Other flags are
# supported, but the only other useful one is 'U', which makes
# matching ungreedy (see PCRE documentation and source for more
diff --git a/postfix/conf/transport b/postfix/conf/transport
index 258a7b37d..8b80bb00c 100644
--- a/postfix/conf/transport
+++ b/postfix/conf/transport
@@ -10,14 +10,30 @@
# hierarchies to message delivery transports and/or relay hosts. The
# mapping is used by the \fBtrivial-rewrite\fR(8) daemon.
#
-# The file serves as input to the \fBpostmap\fR(1) command. The result,
-# an indexed file in \fBdbm\fR or \fBdb\fR format, is used for
-# fast searching by the mail system. After updating this table,
+# Normally, the file serves as input to the \fBpostmap\fR(1) command.
+# The result, an indexed file in \fBdbm\fR or \fBdb\fR format, is used
+# for fast searching by the mail system. After updating this table,
# issue the \fBpostfix reload\fR command to make the change visible.
#
+# When the table is provided via other means such as NIS, LDAP
+# or SQL, the same lookups are done as for ordinary indexed files.
+#
+# Alternatively, the table can be provided as a regular-expression
+# map where patterns are given as regular expressions. In that case,
+# the lookups are done in a slightly different way as described below.
+# TABLE FORMAT
+# .ad
+# .fi
# The format of the transport table is as follows:
# .IP "blanks and comments"
# Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+# When \fIpattern\fR matches the domain, use the corresponding
+# \fIresult\fR.
+# .PP
+# With lookups from indexed files such as DB or DBM, or from networked
+# tables such as NIS, LDAP or SQL, patterns are tried in the order as
+# listed below:
# .IP "\fIdomain transport\fR:\fInexthop\fR"
# Mail for \fIdomain\fR is delivered through \fItransport\fR to
# \fInexthop\fR.
@@ -32,7 +48,7 @@
# for example:
#
# .ti +5
-# \fBhostname.my.domain local:\fR
+# \fBhostname.my.domain local:\fR
# .ti +5
# \fBlocalhost.my.domain local:\fR
#
@@ -88,8 +104,26 @@
# .ti +5
# \fB\&.foo.org error:mail for *.foo.org is not deliverable\fR
#
-# This causes all mail for \fIuser\fR@\fIanything\fBfoo.org\fR
+# This causes all mail for \fIuser\fR@\fIanything\fBfoo.org\fR
# to be bounced.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+# This section describes how the table lookups change when the table
+# is given in the form of regular expressions. For a description of
+# regular expression lookup table syntax, see \fBregexp_table\fR(5)
+# or \fBpcre_table\fR(5).
+#
+# Each pattern is a regular expression that is applied to the entire
+# domain being looked up. Thus, \fIsome.domain.hierarchy\fR is not
+# broken up into parent domains.
+#
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
+#
+# Results are the same as with normal indexed file lookups, with
+# the additional feature that parenthesized substrings from the
+# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
# CONFIGURATION PARAMETERS
# .ad
# .fi
@@ -108,6 +142,8 @@
# SEE ALSO
# postmap(1) create mapping table
# trivial-rewrite(8) rewrite and resolve addresses
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
# LICENSE
# .ad
# .fi
diff --git a/postfix/conf/virtual b/postfix/conf/virtual
index ef2e34934..bc29dca1a 100644
--- a/postfix/conf/virtual
+++ b/postfix/conf/virtual
@@ -15,12 +15,21 @@
# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
# mapping to rewrite header and envelope addresses in general.
#
-# The file serves as input to the \fBpostmap\fR(1) command. The
-# result, an indexed file in \fBdbm\fR or \fBdb\fR format,
+# Normally, the file serves as input to the \fBpostmap\fR(1) command.
+# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. After an update
# it may take a minute or so before the change becomes visible.
# Issue a \fBpostfix reload\fR command to eliminate the delay.
#
+# When the table is provided via other means such as NIS, LDAP
+# or SQL, the same lookups are done as for ordinary indexed files.
+#
+# Alternatively, the table can be provided as a regular-expression
+# map where patterns are given as regular expressions. In that case,
+# the lookups are done in a slightly different way as described below.
+# TABLE FORMAT
+# .ad
+# .fi
# Typical support for a virtual domain looks like the following:
#
# .in +4
@@ -38,6 +47,13 @@
# tried in the order as listed in this manual page:
# .IP "blanks and comments"
# Blank lines are ignored, as are lines beginning with `#'.
+# .IP "\fIpattern result\fR"
+# When \fIpattern\fR matches a mail address, replace it by the
+# corresponding \fIresult\fR.
+# .PP
+# With lookups from indexed files such as DB or DBM, or from networked
+# tables such as NIS, LDAP or SQL, patterns are tried in the order as
+# listed below:
# .IP "\fIuser\fR@\fIdomain address, address, ...\fR"
# Mail for \fIuser\fR@\fIdomain\fR is redirected to \fIaddress\fR.
# This form has the highest precedence.
@@ -66,6 +82,25 @@
# propagated to the result of expansion. The matching order is:
# \fIuser+foo\fR@\fIdomain\fR, \fIuser\fR@\fIdomain\fR,
# \fIuser+foo\fR, \fIuser\fR, and @\fIdomain\fR.
+# REGULAR EXPRESSION TABLES
+# .ad
+# .fi
+# This section describes how the table lookups change when the table
+# is given in the form of regular expressions. For a description of
+# regular expression lookup table syntax, see \fBregexp_table\fR(5)
+# or \fBpcre_table\fR(5).
+#
+# Each pattern is a regular expression that is applied to the entire
+# address being looked up. Thus, \fIuser@domain\fR mail addresses are not
+# broken up into their \fIuser\fR and \fI@domain\fR constituent parts,
+# nor is \fIuser+foo\fR broken up into \fIuser\fR and \fIfoo\fR.
+#
+# Patterns are applied in the order as specified in the table, until a
+# pattern is found that matches the search string.
+#
+# Results are the same as with normal indexed file lookups, with
+# the additional feature that parenthesized substrings from the
+# pattern can be interpolated as \fB$1\fR, \fB$2\fR and so on.
# BUGS
# The table format does not understand quoting conventions.
# CONFIGURATION PARAMETERS
@@ -91,6 +126,8 @@
# SEE ALSO
# cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table
+# pcre_table(5) format of PCRE tables
+# regexp_table(5) format of POSIX regular expression tables
# LICENSE
# .ad
# .fi
diff --git a/postfix/global/cleanup_strerror.c b/postfix/global/cleanup_strerror.c
index 088f31aaa..144b74e72 100644
--- a/postfix/global/cleanup_strerror.c
+++ b/postfix/global/cleanup_strerror.c
@@ -50,6 +50,7 @@ struct cleanup_stat_map {
static struct cleanup_stat_map cleanup_stat_map[] = {
CLEANUP_STAT_BAD, "Internal protocol error",
CLEANUP_STAT_HOVFL, "Message header too long",
+ CLEANUP_STAT_ROVFL, "Too many extracted recipients",
CLEANUP_STAT_RCPT, "No recipients specified",
CLEANUP_STAT_HOPS, "Too many hops",
CLEANUP_STAT_SIZE, "Message file too big",
diff --git a/postfix/global/cleanup_user.h b/postfix/global/cleanup_user.h
index cc7d768e4..8dff91022 100644
--- a/postfix/global/cleanup_user.h
+++ b/postfix/global/cleanup_user.h
@@ -32,8 +32,9 @@
#define CLEANUP_STAT_SYN (1<<5) /* Bad address syntax */
#define CLEANUP_STAT_RCPT (1<<6) /* No recipients found */
#define CLEANUP_STAT_HOVFL (1<<7) /* Header overflow */
+#define CLEANUP_STAT_ROVFL (1<<8) /* Recipient overflow */
-#define CLEANUP_STAT_LETHAL (~CLEANUP_STAT_HOVFL) /* lethal errors */
+#define CLEANUP_STAT_LETHAL ~(CLEANUP_STAT_HOVFL|CLEANUP_STAT_ROVFL)
extern const char *cleanup_strerror(unsigned);
diff --git a/postfix/global/mail_params.h b/postfix/global/mail_params.h
index d7f309d68..807ae0f37 100644
--- a/postfix/global/mail_params.h
+++ b/postfix/global/mail_params.h
@@ -639,6 +639,10 @@ extern int var_hopcount_limit;
#define DEF_HEADER_LIMIT 102400
extern int var_header_limit;
+#define VAR_EXTRA_RCPT_LIMIT "extract_recipient_limit"
+#define DEF_EXTRA_RCPT_LIMIT 10240
+extern int var_extra_rcpt_limit;
+
/*
* Message/queue size limits.
*/
diff --git a/postfix/global/mail_version.h b/postfix/global/mail_version.h
index 956d19670..ee9afa2a3 100644
--- a/postfix/global/mail_version.h
+++ b/postfix/global/mail_version.h
@@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
-#define DEF_MAIL_VERSION "Snapshot-20000203"
+#define DEF_MAIL_VERSION "Snapshot-20000204"
extern char *var_mail_version;
/* LICENSE
diff --git a/postfix/html/access.5.html b/postfix/html/access.5.html
index 47059a1a1..7371cac91 100644
--- a/postfix/html/access.5.html
+++ b/postfix/html/access.5.html
@@ -45,23 +45,23 @@ ACCESS(5) ACCESS(5)
address, perform the corresponding action.
PATTERNS
- With lookups from indexed files, patterns are tried in the
- order as listed below:
+ With lookups from indexed files such as DB or DBM, or from
+ networked tables such as NIS, LDAP or SQL, patterns are
+ tried in the order as listed below:
user@domain
Matches the specified mail address.
domain.name
- Matches the domain.name itself and any subdomain
- thereof, either in hostnames or in mail addresses.
+ Matches the domain.name itself and any subdomain
+ thereof, either in hostnames or in mail addresses.
Top-level domains will never be matched.
- user@ Matches all mail addresses with the specified user
+ user@ Matches all mail addresses with the specified user
part.
-
1
@@ -77,13 +77,13 @@ ACCESS(5) ACCESS(5)
net.work
- net Matches any host address in the specified network.
- A network address is a sequence of one or more
+ net Matches any host address in the specified network.
+ A network address is a sequence of one or more
octets separated by ".".
ACTIONS
[45]XX text
- Reject the address etc. that matches the pattern,
+ Reject the address etc. that matches the pattern,
and respond with the numerical code and text.
REJECT Reject the address etc. that matches the pattern. A
@@ -95,35 +95,35 @@ ACCESS(5) ACCESS(5)
Accept the address etc. that matches the pattern.
REGULAR EXPRESSION TABLES
- This section describes how the table lookups change when
+ This section describes how the table lookups change when
the table is given in the form of regular expressions. For
- a description of regular expression lookup table syntax,
- see regexp_table(5) or pcre_table(5).
+ a description of regular expression lookup table syntax,
+ see regexp_table(5) or pcre_table(5).
- Each pattern is a regular expression that is applied to
+ Each pattern is a regular expression that is applied to
the entire string being looked up. Depending on the appli-
- cation, that string is an entire client hostname, an
- entire client IP address, or an entire mail address. Pat-
- terns are applied in order as specified, until a pattern
- is found that matches the search string.
+ cation, that string is an entire client hostname, an
+ entire client IP address, or an entire mail address. Thus,
+ no parent domain or parent network search is done, and
+ user@domain mail addresses are not broken up into their
+ user@ and domain constituent parts.
- In contrast to lookups from indexed files, no parent
- domain or parent network search is done with regular
- expression tables, and user@domain mail addresses are not
- broken up into their user@ and domain constituent parts.
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
+ string.
- Actions are the same as with normal indexed file lookups,
- with the additional feature that parenthesized substrings
- from the pattern can be interpolated as $1, $2 and so on.
+ Actions are the same as with normal indexed file lookups,
+ with the additional feature that parenthesized substrings
+ from the pattern can be interpolated as $1, $2 and so on.
BUGS
- The table format does not understand quoting conventions.
+ The table format does not understand quoting conventions.
SEE ALSO
postmap(1) create mapping table
smtpd(8) smtp server
pcre_table(5) format of PCRE tables
- regexp_table(5) format of POSIX regexp tables
+ regexp_table(5) format of POSIX regular expression tables
@@ -138,7 +138,7 @@ ACCESS(5) ACCESS(5)
LICENSE
- The Secure Mailer license must be distributed with this
+ The Secure Mailer license must be distributed with this
software.
AUTHOR(S)
diff --git a/postfix/html/canonical.5.html b/postfix/html/canonical.5.html
index fdfc525b6..6bd8000b8 100644
--- a/postfix/html/canonical.5.html
+++ b/postfix/html/canonical.5.html
@@ -16,11 +16,21 @@ CANONICAL(5) CANONICAL(5)
for local and non-local addresses. The mapping is used by
the cleanup(8) daemon. The address mapping is recursive.
- The file serves as input to the postmap(1) command. The
- result, an indexed file in dbm or db format, is used for
- fast searching by the mail system. After an update it may
- take a minute or so before the change becomes visible.
- Issue a postfix reload command to eliminate the delay.
+ Normally, the file serves as input to the postmap(1) com-
+ mand. The result, an indexed file in dbm or db format, is
+ used for fast searching by the mail system. After an
+ update it may take a minute or so before the change
+ becomes visible. Issue a postfix reload command to elimi-
+ nate the delay.
+
+ When the table is provided via other means such as NIS,
+ LDAP or SQL, the same lookups are done as for ordinary
+ indexed files.
+
+ Alternatively, the table can be provided as a regular-
+ expression map where patterns are given as regular expres-
+ sions. In that case, the lookups are done in a slightly
+ different way as described below.
The canonical mapping affects both message header
addresses (i.e. addresses that appear inside messages) and
@@ -38,13 +48,33 @@ CANONICAL(5) CANONICAL(5)
The canonical mapping is not to be confused with local
aliasing. Use the aliases(5) map for that purpose.
- The format of the canonical table is as follows, mappings
- being tried in the order as listed in this manual page:
+TABLE FORMAT
+ The format of the canonical table is as follows:
blanks and comments
- Blank lines are ignored, as are lines beginning
+ Blank lines are ignored, as are lines beginning
with `#'.
+ pattern result
+ When pattern matches a mail address, replace it by
+ the corresponding result.
+
+
+
+
+ 1
+
+
+
+
+
+CANONICAL(5) CANONICAL(5)
+
+
+ With lookups from indexed files such as DB or DBM, or from
+ networked tables such as NIS, LDAP or SQL, patterns are
+ tried in the order as listed below:
+
user@domain address
user@domain is replaced by address. This form has
the highest precedence.
@@ -59,18 +89,6 @@ CANONICAL(5) CANONICAL(5)
to $myorigin, when site is listed in $mydestina-
tion, or when it is listed in $inet_interfaces.
-
-
-
- 1
-
-
-
-
-
-CANONICAL(5) CANONICAL(5)
-
-
This form is useful for replacing login names by
Firstname.Lastname.
@@ -90,6 +108,38 @@ CANONICAL(5) CANONICAL(5)
matching order is: user+foo@domain, user@domain, user+foo,
user, and @domain.
+REGULAR EXPRESSION TABLES
+ This section describes how the table lookups change when
+ the table is given in the form of regular expressions. For
+ a description of regular expression lookup table syntax,
+ see regexp_table(5) or pcre_table(5).
+
+ Each pattern is a regular expression that is applied to
+ the entire address being looked up. Thus, user@domain mail
+ addresses are not broken up into their user and @domain
+ constituent parts, nor is user+foo broken up into user and
+ foo.
+
+ Patterns are applied in the order as specified in the
+ table, until a pattern is found that matches the search
+ string.
+
+ Results are the same as with normal indexed file lookups,
+
+
+
+ 2
+
+
+
+
+
+CANONICAL(5) CANONICAL(5)
+
+
+ with the additional feature that parenthesized substrings
+ from the pattern can be interpolated as $1, $2 and so on.
+
BUGS
The table format does not understand quoting conventions.
@@ -124,19 +174,6 @@ CANONICAL(5) CANONICAL(5)
List of user names that are not subject to address
masquerading.
-
-
-
-
- 2
-
-
-
-
-
-CANONICAL(5) CANONICAL(5)
-
-
mydestination
List of domains that this mail system considers
local.
@@ -152,6 +189,19 @@ CANONICAL(5) CANONICAL(5)
cleanup(8) canonicalize and enqueue mail
postmap(1) create mapping table
virtual(5) virtual domain mapping
+ pcre_table(5) format of PCRE tables
+ regexp_table(5) format of POSIX regular expression tables
+
+
+
+ 3
+
+
+
+
+
+CANONICAL(5) CANONICAL(5)
+
LICENSE
The Secure Mailer license must be distributed with this
@@ -194,7 +244,23 @@ CANONICAL(5) CANONICAL(5)
- 3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 4