mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-09-01 06:35:27 +00:00
Code Issues Releases Wiki Activity

snapshot-20000928

Browse Source
This commit is contained in:
Wietse Venema
2000-09-28 00:00:00 -05:00
committed by Viktor Dukhovni
parent 6609114c50
commit 0e032173f7
32 changed files with 869 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
postfix/ETRN_README Normal file
View File

@@ -0,0 +1,33 @@
Enabling the Postfix fast ETRN service
======================================
Add an entry to the master.cf file for the new flush daemon:
/etc/postfix/master.cf:
flush unix n - n - 0 flushd
Configure a list of domains that have fast ETRN service and
what clients can use the service:
/etc/postfix/etrn:
domain.name permit_mynetworks
Run the postmap command:
# postmap /etc/postfix/etrn
Create any missing directories that are needed for fast ETRN service:
# postfix check
Configure Postfix to use the fast ETRN service:
/etc/postfix/main.cf:
etrn_maps = hash:/etc/postfix/etrn
(specify dbm instead of hash if your machine uses DBM databases
rather than DB).
Refresh Postfix:
# postfix reload

15
postfix/HISTORY
View File

@@ -4304,3 +4304,18 @@ Apologies for any names omitted.
First implementation of a logfile-based fast flush server,
which is the basis for ETRN and "sendmail -qRsite".
20000928
Bugfix: the stricter dns_lookup() argument checks revealed
that Postfix was doing DNS lookups for domain literals
([ip.address]) when expanding aliases in MAIL FROM and RCPT
TO address parameters. Reported by Jim Littlefield. File:
smtp/smtp_unalias.c.
Documentation: added text on the biff=yes/no parameter to
conf/sample-local.cf (text provided by Paul Wagland,
relational-consultancy.com.
Robustness? Log errors from SASL library code as warnings
not as fatal errors. Files: smtp*/*glue.c.

14
postfix/RELEASE_NOTES
View File

@@ -1,6 +1,20 @@
Incompatible changes with snapshot-20000924
===========================================
After building and installing, you need to "postfix check"
and "postfix reload".
The ETRN service is no longer enabled by default. You need to
configure what domains and what clients can use ETRN. See the
ETRN_README file for more information.
The smtpd_etrn_restrictions are gone.
The "flush" queue should be listed in "hash_queue_names".
Incompatible changes with snapshot-20000924
===========================================
The postmaster address in the "sorry" text at the top of bounced
mail is now just postmaster, not postmaster@sending.machine. The
idea is to refer users to their own postmaster.

110
postfix/conf/etrn Normal file
View File

@@ -0,0 +1,110 @@
#
# ETRN(5) ETRN(5)
#
# NAME
# etrn - format of Postfix etrn table
#
# SYNOPSIS
# etrn_maps = hash:/etc/postfix/etrn
# etrn_maps = dbm:/etc/postfix/etrn
#
# postmap /etc/postfix/etrn
#
# DESCRIPTION
# The optional etrn file specifies what destination domain
# names can be specified in SMTP ETRN commands. This infor-
# mation is used by the smtpd(8) and flushd(8) daemon.
#
# Normally, the file serves as input to the postmap(1) com-
# mand. The result, an indexed file in dbm or db format, is
# used for fast searching by the mail system. Execute the
# command postmap /etc/postfix/etrn in order to rebuild the
# indexed file after changing the etrn table.
#
# When the table is provided via other means such as NIS,
# LDAP, SQL, or as regular expressions, the same lookups are
# done as for ordinary indexed files.
#
# TABLE FORMAT
# The format of the etrn table is as follows:
#
# blanks and comments
# Blank lines are ignored, as are lines beginning
# with `#'.
#
# domain restrictions
# The left-hand side, domain, specifies a destination
# domain name that can be specified in ETRN commands.
#
# The right-hand side specifies one or more access
# restrictions. Restrictions are processed in the
# given order and the search stops at the first
# match.
#
# reject_unknown_client
# Reject the request if the client hostname is
# unknown.
#
# permit_mynetworks
# Permit the request if the client address
# matches $mynetworks.
#
# reject_maps_rbl
# Reject the request if the reverse client
# network address is listed under
# $maps_rbl_domains.
#
# reject Reject the request. Place this at the end of
#
# 1
#
# ETRN(5) ETRN(5)
#
# a restriction list.
#
# permit Permit the request. Place this at the end of
# a restriction list.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the postfix reload
# command after a configuration change.
#
# etrn_maps
# Tables that specify what domains have ETRN service.
# For each table entry, the left-hand side specifies
# a destination domain name that can be specified in
# an ETRN request, and the right-hand side specifies
# a list of access restrictions for SMTP clients that
# issue ETRN for the domain.
#
# fast_flush_maps
# The table with names of destinations that this MTA
# provides the fast flush service for. By default,
# this is set to $etrn_maps.
#
# relay_domains
# The list of domains that this MTA is willing to
# forward mail from or to. This defaults to $mydesti-
# nation, $fast_flush_maps.
#
# SEE ALSO
# smtpd(8) Postfix SMTP server
# flushd(1) Postfix fast flush service
# sendmail(5) sendmail-compatible interface
# pcre_table(5) format of PCRE tables
# regexp_table(5) format of POSIX regular expression tables
#
# LICENSE
# The Secure Mailer license must be distributed with this
# software.
#
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# 2
#

2
postfix/conf/master.cf
View File

@@ -75,7 +75,7 @@ bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
smtp unix - - n - - smtp
showq unix n - n - - showq
flush unix n - n - - flushd
flush unix n - n - 0 flushd
error unix - - n - - error
local unix - n n - - local
lmtp unix - - n - - lmtp

11
postfix/conf/sample-local.cf
View File

@@ -7,6 +7,17 @@
# See the sample-aliases.cf file for parameters that are specific to
# alias database lookup.
# The biff parameter specifies whether or not to contact the biff
# server. This server sends "new mail" notifications to users who
# have requested new mail notification with "biff y".
#
# For compatibility reasons this feature is on by default. On systems
# with lots of interactive users, this "protocol" can be a real
# performance pig. Specify "biff = no" to disable.
#
# biff = no
biff = yes
#
# OVERRIDE LOCAL TRANSPORT
#

10
postfix/conf/sample-misc.cf
View File

@@ -38,6 +38,16 @@ default_transport = smtp
#
double_bounce_sender = double-bounce
# The fast_flush_maps parameter specifies what destination domain
# names can be used in SMTP ETRN requests and in "sendmail -qRdomain.name"
# commands. By default, the value is $etrn_maps, the set of domain names
# that can be used in SMTP ETRN requests (see sample-smtpd.cf).
#
# The fast_flush_maps parameter is also used in the default settings
# of the relay_domains configuration parameter.
#
fast_flush_maps =
# The hash_queue_depth parameter specifies the number of subdirectory
# levels below the queue directories listed in the hash_queue_names
# parameter.

44
postfix/conf/sample-smtpd.cf
View File

@@ -14,6 +14,27 @@
#
#disable_vrfy_command = no
# The etrn_maps parameter specifies what domains have ETRN service.
# For each table entry, the left-hand side specifies a destination
# domain name, and the right-hand side specifies a list of access
# restrictions for clients that issue ETRN for the domain.
#
# The default is to disallow ETRN commands. The following restrictions
# are available:
#
# reject_unknown_client: reject the request if the client hostname is unknown.
# permit_mynetworks: permit if the client address matches $mynetworks.
# reject_maps_rbl: reject if the reverse client network address
# is listed under $maps_rbl_domains.
# reject: reject the request. Place this at the end of a restriction.
# permit: permit the request. Place this at the end of a restriction.
#
# etrn_maps is also the default value for the fast_flush_maps parameter
# which controls the fast flush service which is used for ETRN and for
# "sendmail -qRdomain.name"
#
etrn_maps =
# The smtpd_banner parameter specifies the text that follows the 220
# status code in the SMTP greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
@@ -26,27 +47,6 @@
# smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP $mail_name
# The smtpd_etrn_restrictions parameter restricts what clients are
# allowed to issue the ETRN command. The present Postfix ETRN differs
# from other ETRN implementations in that it flushes mail for all
# destinations. This will change in the future.
#
# The default is to allow ETRN from any host. The following restrictions
# are available:
#
# reject_unknown_client: reject the request if the client hostname is unknown.
# permit_mynetworks: permit if the client address matches $mynetworks.
# check_client_access maptype:mapname
# maptype:mapname: look up client name, parent domains, client address,
# or networks obtained by stripping octets.
# Reject if result is REJECT or "[45]xx text"
# Permit otherwise.
# reject_maps_rbl: reject if the reverse client network address
# is listed under $maps_rbl_domains.
# reject: reject the request. Place this at the end of a restriction.
# permit: permit the request. Place this at the end of a restriction.
smtpd_etrn_restrictions =
# The smtpd_recipient_limit parameter restricts the number of recipients
# that the SMTP server accepts per message delivery.
#
@@ -313,7 +313,7 @@ maps_rbl_domains = rbl.maps.vix.com
# permit_mx_backup restriction, in the description of the
# smtpd_recipient_restrictions parameter.
#
relay_domains = $mydestination
relay_domains = $mydestination $fast_flush_maps
#
# RESPONSE CODES

6
postfix/html/Makefile.in
View File

@@ -11,7 +11,8 @@ COMMANDS= mailq.1.html newaliases.1.html postalias.1.html postcat.1.html \
postlog.1.html postdrop.1.html postmap.1.html sendmail.1.html \
postsuper.1.html
CONFIG = access.5.html aliases.5.html canonical.5.html relocated.5.html \
transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html
transport.5.html virtual.5.html pcre_table.5.html regexp_table.5.html \
etrn.5.html
update: $(DAEMONS) $(COMMANDS) $(CONFIG)
@@ -131,6 +132,9 @@ aliases.5.html: ../proto/aliases
canonical.5.html: ../proto/canonical
srctoman - $? | nroff -man | man2html | postlink >$@
etrn.5.html: ../proto/etrn
srctoman - $? | nroff -man | man2html | postlink >$@
pcre_table.5.html: ../proto/pcre_table
srctoman - $? | nroff -man | man2html | postlink >$@

134
postfix/html/etrn.5.html Normal file
View File

@@ -0,0 +1,134 @@
<html> <head> </head> <body> <pre>
ETRN(5) ETRN(5)
<b>NAME</b>
etrn - format of Postfix etrn table
<b>SYNOPSIS</b>
<b>etrn</b><i>_</i><b>maps</b> <b>=</b> <b>hash:/etc/postfix/etrn</b>
<b>etrn</b><i>_</i><b>maps</b> <b>=</b> <b>dbm:/etc/postfix/etrn</b>
<b>postmap</b> <b>/etc/postfix/etrn</b>
<b>DESCRIPTION</b>
The optional <b>etrn</b> file specifies what destination domain
names can be specified in SMTP <b>ETRN</b> commands. This infor-
mation is used by the <a href="smtpd.8.html"><b>smtpd</b>(8)</a> and <a href="flushd.8.html"><b>flushd</b>(8)</a> daemon.
Normally, the file serves as input to the <a href="postmap.1.html"><b>postmap</b>(1)</a> com-
mand. The result, an indexed file in <b>dbm</b> or <b>db</b> format, is
used for fast searching by the mail system. Execute the
command <b>postmap</b> <b>/etc/postfix/etrn</b> in order to rebuild the
indexed file after changing the etrn table.
When the table is provided via other means such as NIS,
LDAP, SQL, or as regular expressions, the same lookups are
done as for ordinary indexed files.
<b>TABLE</b> <b>FORMAT</b>
The format of the <b>etrn</b> table is as follows:
blanks and comments
Blank lines are ignored, as are lines beginning
with `#'.
<i>domain</i> <i>restrictions</i>
The left-hand side, <i>domain</i>, specifies a destination
domain name that can be specified in <b>ETRN</b> commands.
The right-hand side specifies one or more access
restrictions. Restrictions are processed in the
given order and the search stops at the first
match.
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>client</b>
Reject the request if the client hostname is
unknown.
<b>permit</b><i>_</i><b>mynetworks</b>
Permit the request if the client address
matches $mynetworks.
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b>
Reject the request if the reverse client
network address is listed under
$maps_rbl_domains.
<b>reject</b> Reject the request. Place this at the end of
1
ETRN(5) ETRN(5)
a restriction list.
<b>permit</b> Permit the request. Place this at the end of
a restriction list.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>etrn</b><i>_</i><b>maps</b>
Tables that specify what domains have <b>ETRN</b> service.
For each table entry, the left-hand side specifies
a destination domain name that can be specified in
an <b>ETRN</b> request, and the right-hand side specifies
a list of access restrictions for SMTP clients that
issue <b>ETRN</b> for the domain.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>
The table with names of destinations that this MTA
provides the fast flush service for. By default,
this is set to $<b>etrn</b><i>_</i><b>maps</b>.
<b>relay</b><i>_</i><b>domains</b>
The list of domains that this MTA is willing to
forward mail from or to. This defaults to <b>$mydesti-</b>
<b>nation,</b> <b>$fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>.
<b>SEE</b> <b>ALSO</b>
<a href="smtpd.8.html">smtpd(8)</a> Postfix SMTP server
flushd(1) Postfix fast flush service
sendmail(5) sendmail-compatible interface
<a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA
2
</pre> </body> </html>

78
postfix/html/flushd.8.html
View File

@@ -19,11 +19,11 @@ FLUSHD(8) FLUSHD(8)
This server implements the following requests:
FLUSH_REQ_ADD sitename queue_id
Append a record to the per-site fast flush logfile
for the specified queue ID.
<b>FLUSH</b><i>_</i><b>REQ</b><i>_</i><b>ADD</b> <i>sitename</i> <i>queue_id</i>
Append <i>queue_id</i> to the fast flush logfile for the
specified site.
FLUSH_REQ_SEND sitename
<b>FLUSH</b><i>_</i><b>REQ</b><i>_</i><b>SEND</b> <i>sitename</i>
Arrange for the delivery of all messages that are
listed in the fast flush logfile for the specified
site. After the logfile is processed, the file is
@@ -31,34 +31,34 @@ FLUSHD(8) FLUSHD(8)
The response to the client is one of:
FLUSH_STAT_OK
<b>FLUSH</b><i>_</i><b>STAT</b><i>_</i><b>OK</b>
The request completed normally.
FLUSH_STAT_BAD
<b>FLUSH</b><i>_</i><b>STAT</b><i>_</i><b>BAD</b>
The flush server rejected the request (bad request
name, bad request parameter value).
FLUSH_STAT_UNKNOWN
<b>FLUSH</b><i>_</i><b>STAT</b><i>_</i><b>UNKNOWN</b>
The specified site has no fast flush logfile and is
not configured to have one.
Fast flush logfiles are truncated only after a flush
request. In order to prevent fast flush logfiles from
growing without bounds, and to prevent them from accumu-
lating too much outdated information, the flush service
generates a pro-active flush request once every every 1000
append requests. This should not impact operation.
<b>SECURITY</b>
The fast flush server is moderately security-sensitive. It
does not talk to the network, but it does talk to local
does not talk to the network, but it does talk to local
unprivileged users, in order to emulate "sendmail -qRsite"
behavior. For this reason all strings in a request are
truncated at ine_length_limit.
behavior. For this reason all strings in a request are
truncated at <i>line_length_limit</i>.
The fast flush server can run chrooted at fixed low privi-
lege.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
In reality, this server schedules delivery of messages,
regardless of their destination. This limitation is due to
the fact that one queue runner has to handle mail for
@@ -71,28 +71,40 @@ FLUSHD(8) FLUSHD(8)
FLUSHD(8) FLUSHD(8)
multiple destinations.
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8).
<b>BUGS</b>
In reality, this server schedules delivery of messages,
regardless of their destination. This limitation is due to
the fact that one queue runner has to handle mail for mul-
tiple destinations.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>etrn</b><i>_</i><b>maps</b>
Tables that specify what domains have <b>ETRN</b> service.
For each table entry, the left-hand side specifies
a destination domain name that can be specified in
an <b>ETRN</b> request, and the right-hand side specifies
a list of access restrictions for SMTP clients that
issue <b>ETRN</b> for the domain.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>
The table with names of destinations that this MTA
provides the fast flush service for, and with
clients that may issue the ETRN command for those
destinations. Postfix maintains fast flush logfiles
only for destinations listed in this table.
provides the fast flush service for. By default,
this is set to $<b>etrn</b><i>_</i><b>maps</b>.
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Maximal length of strings in a fast flush client
request.
<b>SEE</b> <b>ALSO</b>
<a href="smtp.8.html">smtp(8)</a> Postfix SMTP client
smtpd) Postfix SMTP server
<a href="smtpd.8.html">smtpd(8)</a> Postfix SMTP server
<a href="qmgr.8.html">qmgr(8)</a> Postfix queue manager
syslogd(8) system logging
@@ -113,18 +125,6 @@ FLUSHD(8) FLUSHD(8)

88
postfix/html/sendmail.1.html
View File

@@ -190,7 +190,7 @@ SENDMAIL(1) SENDMAIL(1)
queued for the named <i>site</i>. This functionality is
available only for sites that are configured for
the <b>fast</b> <b>flush</b> service support as described in
<b>flushd</b>(8). For other sites, this command is
<b>flushd</b>(8). For other sites, use the slower
@@ -203,28 +203,28 @@ SENDMAIL(1) SENDMAIL(1)
SENDMAIL(1) SENDMAIL(1)
equivalent to using the slower <b>sendmail</b> <b>-q</b> instead.
<b>sendmail</b> <b>-q</b> command instead.
<b>-qS</b><i>site</i>
The site name is ignored. This command is equiva-
lent to using the slower <b>sendmail</b> <b>-q</b> instead.
This command is not implemented. Use the slower
<b>sendmail</b> <b>-q</b> command instead.
<b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the
<b>-t</b> Extract recipients from message headers. This
requires that no recipients be specified on the
command line.
<b>-v</b> Enable verbose logging for debugging purposes. Mul-
tiple <b>-v</b> options make the software increasingly
tiple <b>-v</b> options make the software increasingly
verbose.
<b>SECURITY</b>
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
By design, this program is not set-user (or group) id.
However, it must handle data from untrusted users or
untrusted machines. Thus, the usual precautions need to
be taken against malicious inputs.
<b>DIAGNOSTICS</b>
Problems are logged to <b>syslogd</b>(8) and to the standard
Problems are logged to <b>syslogd</b>(8) and to the standard
error stream.
<b>ENVIRONMENT</b>
@@ -236,7 +236,7 @@ SENDMAIL(1) SENDMAIL(1)
<b>MAIL</b><i>_</i><b>DEBUG</b>
Enable debugging with an external command, as spec-
ified with the <b>debugger</b><i>_</i><b>command</b> configuration
ified with the <b>debugger</b><i>_</i><b>command</b> configuration
parameter.
<b>FILES</b>
@@ -244,13 +244,13 @@ SENDMAIL(1) SENDMAIL(1)
/etc/postfix, configuration files
<b>CONFIGURATION</b> <b>PARAMETERS</b>
See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a
See the Postfix <b>main.cf</b> file for syntax details and for
default values. Use the <b>postfix</b> <b>reload</b> command after a
configuration change.
<b>alias</b><i>_</i><b>database</b>
Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe-
Default alias database(s) for <b>newaliases</b>. The
default value for this parameter is system-spe-
cific.
<b>bounce</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -278,16 +278,29 @@ SENDMAIL(1) SENDMAIL(1)
initialized.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote
Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>etrn</b><i>_</i><b>maps</b>
Tables that specify what domains have <b>ETRN</b> service.
For each table entry, the left-hand side specifies
a destination domain name that can be specified in
an <b>ETRN</b> request, and the right-hand side specifies
a list of access restrictions for SMTP clients that
issue <b>ETRN</b> for the domain.
<b>fast</b><i>_</i><b>flush</b><i>_</i><b>maps</b>
The table with names of destinations that this MTA
provides the fast flush service for. By default,
this is set to $<b>etrn</b><i>_</i><b>maps</b>.
<b>fork</b><i>_</i><b>attempts</b>
Number of attempts to <b>fork</b>() a process before giv-
ing up.
@@ -311,6 +324,17 @@ SENDMAIL(1) SENDMAIL(1)
Directory with Postfix daemon programs (default:
<b>$program</b><i>_</i><b>directory</b>).
5
SENDMAIL(1) SENDMAIL(1)
<b>queue</b><i>_</i><b>directory</b>
Top-level directory of the Postfix queue. This is
also the root directory of Postfix daemons that run
@@ -323,18 +347,6 @@ SENDMAIL(1) SENDMAIL(1)
<b>SEE</b> <b>ALSO</b>
<a href="pickup.8.html">pickup(8)</a> mail pickup daemon
<a href="postalias.1.html">postalias(1)</a> maintain alias database
5
SENDMAIL(1) SENDMAIL(1)
<a href="postdrop.1.html">postdrop(1)</a> privileged posting agent
<a href="postfix.1.html">postfix(1)</a> mail system control
<a href="postkick.1.html">postkick(1)</a> kick a Postfix daemon
@@ -371,18 +383,6 @@ SENDMAIL(1) SENDMAIL(1)

132
postfix/html/smtpd.8.html
View File

@@ -26,9 +26,9 @@ SMTPD(8) SMTPD(8)
system is not running.
The SMTP server implements a variety of policies for con-
nection requests, and for parameters given to <b>HELO,</b> <b>MAIL</b>
<b>FROM,</b> <b>VRFY</b> and <b>RCPT</b> <b>TO</b> commands. They are detailed below
and in the <b>main.cf</b> configuration file.
nection requests, and for parameters given to <b>HELO,</b> <b>ETRN,</b>
<b>MAIL</b> <b>FROM,</b> <b>VRFY</b>, and <b>RCPT</b> <b>TO</b> commands. They are detailed
below and in the <b>main.cf</b> configuration file.
<b>SECURITY</b>
The SMTP server is moderately security-sensitive. It talks
@@ -42,7 +42,7 @@ SMTPD(8) SMTPD(8)
<a href="http://www.faqs.org/rfcs/rfc1652.html">RFC 1652</a> (8bit-MIME transport)
<a href="http://www.faqs.org/rfcs/rfc1854.html">RFC 1854</a> (SMTP Pipelining)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
<a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command) (partial)
<a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> (ETRN command)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<b>DIAGNOSTICS</b>
@@ -52,13 +52,13 @@ SMTPD(8) SMTPD(8)
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
<b>BUGS</b>
<a href="http://www.faqs.org/rfcs/rfc1985.html">RFC 1985</a> is implemented by forcing delivery of all
deferred mail.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
@@ -71,27 +71,24 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Compatibility</b> <b>controls</b>
<b>strict</b><i>_</i><b>rfc821</b><i>_</i><b>envelopes</b>
Disallow non-<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> style addresses in envelopes.
For example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
Disallow non-<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> style addresses in envelopes.
For example, allow <a href="http://www.faqs.org/rfcs/rfc822.html">RFC822</a>-style address forms with
comments, like Sendmail does.
<b>Content</b> <b>inspection</b> <b>controls</b>
<b>content</b><i>_</i><b>filter</b>
The name of a mail delivery transport that filters
The name of a mail delivery transport that filters
mail and that either bounces mail or re-injects the
result back into Postfix. This parameter uses the
same syntax as the right-hand side of a Postfix
result back into Postfix. This parameter uses the
same syntax as the right-hand side of a Postfix
transport table.
<b>Authenication</b> <b>controls</b>
<b>enable</b><i>_</i><b>sasl</b><i>_</i><b>authentication</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). This functionality is available only when
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). This functionality is available only when
explicitly selected at program build time and
explicitly enabled at runtime.
@@ -115,7 +112,7 @@ SMTPD(8) SMTPD(8)
<b>Miscellaneous</b>
<b>always</b><i>_</i><b>bcc</b>
Address to send a copy of each message that enters
Address to send a copy of each message that enters
the system.
<b>command</b><i>_</i><b>directory</b>
@@ -123,8 +120,11 @@ SMTPD(8) SMTPD(8)
<b>$program</b><i>_</i><b>directory</b>).
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Increment in verbose logging level when a remote
Increment in verbose logging level when a remote
host matches a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
parameter.
@@ -137,18 +137,24 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
Recipient of protocol/policy/resource/software
Recipient of protocol/policy/resource/software
error notices.
<b>etrn</b><i>_</i><b>maps</b>
Tables that specify what domains have <b>ETRN</b> service.
For each table entry, the left-hand side specifies
a destination domain name that can be specified in
an <b>ETRN</b> request, and the right-hand side specifies
a list of access restrictions for clients that
issue <b>ETRN</b> for the domain.
<b>hopcount</b><i>_</i><b>limit</b>
Limit the number of <b>Received:</b> message headers.
@@ -184,13 +190,7 @@ SMTPD(8) SMTPD(8)
receive a client request.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
@@ -203,6 +203,14 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
Limit the total size in bytes of a message, includ-
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
@@ -249,14 +257,6 @@ SMTPD(8) SMTPD(8)
Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
Restrict what domain names can be used in <b>ETRN</b> com-
mands, and what clients may issue <b>ETRN</b> commands.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
@@ -269,60 +269,60 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
hosts.
<b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
restriction lists that they represent.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b>
List of DNS domains that publish the addresses of
List of DNS domains that publish the addresses of
blacklisted hosts.
<b>relay</b><i>_</i><b>domains</b>
Restrict what domains or networks this mail system
Restrict what domains or networks this mail system
will relay mail from or to.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates an access
Server response when a client violates an access
database restriction.
<b>invalid</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>reject</b><i>_</i><b>invalid</b><i>_</i><b>hostname</b> restriction.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> restriction.
<b>reject</b><i>_</i><b>code</b>
Response code when the client matches a <b>reject</b>
Response code when the client matches a <b>reject</b>
restriction.
<b>relay</b><i>_</i><b>domains</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client attempts to violate
Server response when a client attempts to violate
the mail relay policy.
<b>unknown</b><i>_</i><b>address</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>address</b> restriction.
<b>unknown</b><i>_</i><b>client</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client without address to
name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
Server response when a client without address to
name mapping violates the <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>clients</b>
restriction.
<b>unknown</b><i>_</i><b>hostname</b><i>_</i><b>reject</b><i>_</i><b>code</b>
Server response when a client violates the
Server response when a client violates the
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
@@ -335,8 +335,13 @@ SMTPD(8) SMTPD(8)
SMTPD(8) SMTPD(8)
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
@@ -381,11 +386,6 @@ SMTPD(8) SMTPD(8)

11
postfix/html/uce.html
View File

@@ -1015,7 +1015,16 @@ restriction list.
<dt>Default:
<dd><b>relay_domains = <a href="basic.html#mydestination">
$mydestination</a></b>
$mydestination $fast_flush_maps</a></b>
<p>
(The <b>$fast_flush_maps</b> parameter specifies, among others,
what destinations can be used in SMTP ETRN requests or in <b>sendmail
-qR</b><i>sitename</i> commands. This parameter defaults to
<b>$etrn_maps</b>, the list of destinations that can be used in
SMTP ETRN requests. More details in the <a href="etrn.5.html">etrn</a>
manual page.)
<p>

6
postfix/man/Makefile.in
View File

@@ -11,7 +11,8 @@ COMMANDS= man1/postalias.1 man1/postcat.1 man1/postconf.1 man1/postfix.1 \
man1/postmap.1 man1/sendmail.1 man1/mailq.1 man1/newaliases.1 \
man1/postsuper.1
CONFIG = man5/access.5 man5/aliases.5 man5/canonical.5 man5/relocated.5 \
man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5
man5/transport.5 man5/virtual.5 man5/pcre_table.5 man5/regexp_table.5 \
man5/etrn.5
update: $(DAEMONS) $(COMMANDS) $(CONFIG)
@@ -128,6 +129,9 @@ man5/aliases.5: ../proto/aliases
man5/canonical.5: ../proto/canonical
../mantools/srctoman - $? >$@
man5/etrn.5: ../proto/etrn
../mantools/srctoman - $? >$@
man5/pcre_table.5: ../proto/pcre_table
../mantools/srctoman - $? >$@

17
postfix/man/man1/sendmail.1
View File

@@ -140,11 +140,11 @@ Schedule immediate delivery of all mail that is queued for the named
\fIsite\fR.
This functionality is available only for sites that are configured
for the \fBfast flush\fR service support as described in
\fBflushd\fR(8). For other sites, this command is equivalent to
using the slower \fBsendmail -q\fR instead.
\fBflushd\fR(8). For other sites, use the slower \fBsendmail -q\fR
command instead.
.IP \fB-qS\fIsite\fR
The site name is ignored. This command is equivalent to using
the slower \fBsendmail -q\fR instead.
This command is not implemented. Use the slower \fBsendmail -q\fR
command instead.
.IP \fB-t\fR
Extract recipients from message headers. This requires that no
recipients be specified on the command line.
@@ -208,6 +208,15 @@ pattern in the \fBdebug_peer_list\fR parameter.
List of domain or network patterns. When a remote host matches
a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBetrn_maps\fR
Tables that specify what domains have \fBETRN\fR service. For each
table entry, the left-hand side specifies a destination domain name
that can be specified in an \fBETRN\fR request, and the right-hand
side specifies a list of access restrictions for SMTP clients that
issue \fBETRN\fR for the domain.
.IP \fBfast_flush_maps\fR
The table with names of destinations that this MTA provides the
fast flush service for. By default, this is set to $\fBetrn_maps\fR.
.IP \fBfork_attempts\fR
Number of attempts to \fBfork\fR() a process before giving up.
.IP \fBfork_delay\fR

101
postfix/man/man5/etrn.5 Normal file
View File

@@ -0,0 +1,101 @@
.TH ETRN 5
.ad
.fi
.SH NAME
etrn
\-
format of Postfix etrn table
.SH SYNOPSIS
.na
.nf
\fBetrn_maps = hash:/etc/postfix/etrn\fR
\fBetrn_maps = dbm:/etc/postfix/etrn\fR
\fBpostmap /etc/postfix/etrn\fR
.SH DESCRIPTION
.ad
.fi
The optional \fBetrn\fR file specifies what destination domain
names can be specified in SMTP \fBETRN\fR commands. This information
is used by the \fBsmtpd\fR(8) and \fBflushd\fR(8) daemon.
Normally, the file serves as input to the \fBpostmap\fR(1) command.
The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
is used for fast searching by the mail system. Execute the command
\fBpostmap /etc/postfix/etrn\fR in order to rebuild the indexed
file after changing the etrn table.
When the table is provided via other means such as NIS, LDAP,
SQL, or as regular expressions, the same lookups are done as
for ordinary indexed files.
.SH TABLE FORMAT
.na
.nf
.ad
.fi
The format of the \fBetrn\fR table is as follows:
.IP "blanks and comments"
Blank lines are ignored, as are lines beginning with `#'.
.IP "\fIdomain restrictions\fR"
The left-hand side, \fIdomain\fR, specifies a destination domain
name that can be specified in \fBETRN\fR commands.
.sp
The right-hand side specifies one or more access restrictions.
Restrictions are processed in the given order and the search
stops at the first match.
.RS
.IP \fBreject_unknown_client\fR
Reject the request if the client hostname is unknown.
.IP \fBpermit_mynetworks\fR
Permit the request if the client address matches $mynetworks.
.IP \fBreject_maps_rbl\fR
Reject the request if the reverse client network address
is listed under $maps_rbl_domains.
.IP \fBreject\fR
Reject the request. Place this at the end of a restriction list.
.IP \fBpermit\fR
Permit the request. Place this at the end of a restriction list.
.RE
.PP
.SH CONFIGURATION PARAMETERS
.na
.nf
.ad
.fi
The following \fBmain.cf\fR parameters are especially relevant to
this topic. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.IP \fBetrn_maps\fR
Tables that specify what domains have \fBETRN\fR service. For each
table entry, the left-hand side specifies a destination domain name
that can be specified in an \fBETRN\fR request, and the right-hand
side specifies a list of access restrictions for SMTP clients that
issue \fBETRN\fR for the domain.
.IP \fBfast_flush_maps\fR
The table with names of destinations that this MTA provides the
fast flush service for. By default, this is set to $\fBetrn_maps\fR.
.IP \fBrelay_domains\fR
The list of domains that this MTA is willing to forward mail from
or to. This defaults to \fB$mydestination, $fast_flush_maps\fR.
.SH SEE ALSO
.na
.nf
smtpd(8) Postfix SMTP server
flushd(1) Postfix fast flush service
sendmail(5) sendmail-compatible interface
pcre_table(5) format of PCRE tables
regexp_table(5) format of POSIX regular expression tables
.SH LICENSE
.na
.nf
.ad
.fi
The Secure Mailer license must be distributed with this software.
.SH AUTHOR(S)
.na
.nf
Wietse Venema
IBM T.J. Watson Research
P.O. Box 704
Yorktown Heights, NY 10598, USA

35
postfix/man/man8/flushd.8
View File

@@ -18,23 +18,29 @@ This program expects to be run from the \fBmaster\fR(8) process
manager.
This server implements the following requests:
.IP "FLUSH_REQ_ADD sitename queue_id"
Append a record to the per-site fast flush logfile for the specified
queue ID.
.IP "FLUSH_REQ_SEND sitename"
.IP "\fBFLUSH_REQ_ADD\fI sitename queue_id\fR"
Append \fIqueue_id\fR to the fast flush logfile for the
specified site.
.IP "\fBFLUSH_REQ_SEND\fI sitename\fR"
Arrange for the delivery of all messages that are listed in the fast
flush logfile for the specified site. After the logfile is processed,
the file is truncated to length zero.
.PP
The response to the client is one of:
.IP FLUSH_STAT_OK
.IP \fBFLUSH_STAT_OK\fR
The request completed normally.
.IP FLUSH_STAT_BAD
.IP \fBFLUSH_STAT_BAD\fR
The flush server rejected the request (bad request name, bad
request parameter value).
.IP FLUSH_STAT_UNKNOWN
.IP \fBFLUSH_STAT_UNKNOWN\fR
The specified site has no fast flush logfile and is not configured
to have one.
.PP
Fast flush logfiles are truncated only after a flush request. In
order to prevent fast flush logfiles from growing without bounds,
and to prevent them from accumulating too much outdated information,
the flush service generates a pro-active flush request once every
every 1000 append requests. This should not impact operation.
.SH SECURITY
.na
.nf
@@ -43,7 +49,7 @@ to have one.
The fast flush server is moderately security-sensitive. It does not
talk to the network, but it does talk to local unprivileged users, in
order to emulate "sendmail -qRsite" behavior. For this reason all
strings in a request are truncated at \fline_length_limit\fR.
strings in a request are truncated at \fIline_length_limit\fR.
The fast flush server can run chrooted at fixed low privilege.
.SH DIAGNOSTICS
@@ -65,18 +71,21 @@ The following \fBmain.cf\fR parameters are especially relevant to
this program. See the Postfix \fBmain.cf\fR file for syntax details
and for default values. Use the \fBpostfix reload\fR command after
a configuration change.
.IP \fBetrn_maps\fR
Tables that specify what domains have \fBETRN\fR service. For each
table entry, the left-hand side specifies a destination domain name
that can be specified in an \fBETRN\fR request, and the right-hand
side specifies a list of access restrictions for SMTP clients that
issue \fBETRN\fR for the domain.
.IP \fBfast_flush_maps\fR
The table with names of destinations that this MTA provides the
fast flush service for, and with clients that may issue the ETRN
command for those destinations. Postfix maintains fast flush logfiles
only for destinations listed in this table.
fast flush service for. By default, this is set to $\fBetrn_maps\fR.
.IP \fBline_length_limit\fR
Maximal length of strings in a fast flush client request.
.SH SEE ALSO
.na
.nf
smtp(8) Postfix SMTP client
smtpd) Postfix SMTP server
smtpd(8) Postfix SMTP server
qmgr(8) Postfix queue manager
syslogd(8) system logging
.SH LICENSE

17
postfix/man/man8/smtpd.8
View File

@@ -26,7 +26,7 @@ mode, the SMTP server can accept mail even while the mail
system is not running.
The SMTP server implements a variety of policies for connection
requests, and for parameters given to \fBHELO, MAIL FROM, VRFY\fR
requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR,
and \fBRCPT TO\fR commands. They are detailed below and in the
\fBmain.cf\fR configuration file.
.SH SECURITY
@@ -46,7 +46,7 @@ RFC 1651 (SMTP service extensions)
RFC 1652 (8bit-MIME transport)
RFC 1854 (SMTP Pipelining)
RFC 1870 (Message Size Declaration)
RFC 1985 (ETRN command) (partial)
RFC 1985 (ETRN command)
RFC 2554 (AUTH command)
.SH DIAGNOSTICS
.ad
@@ -56,10 +56,6 @@ Problems and transactions are logged to \fBsyslogd\fR(8).
Depending on the setting of the \fBnotify_classes\fR parameter,
the postmaster is notified of bounces, protocol problems,
policy violations, and of other trouble.
.SH BUGS
.ad
.fi
RFC 1985 is implemented by forcing delivery of all deferred mail.
.SH CONFIGURATION PARAMETERS
.na
.nf
@@ -117,6 +113,12 @@ a pattern, increase the verbose logging level by the amount
specified in the \fBdebug_peer_level\fR parameter.
.IP \fBerror_notice_recipient\fR
Recipient of protocol/policy/resource/software error notices.
.IP \fBetrn_maps\fR
Tables that specify what domains have \fBETRN\fR service. For
each table entry, the left-hand side specifies a destination
domain name that can be specified in an \fBETRN\fR request, and
the right-hand side specifies a list of access restrictions for
clients that issue \fBETRN\fR for the domain.
.IP \fBhopcount_limit\fR
Limit the number of \fBReceived:\fR message headers.
.IP \fBlocal_recipient_maps\fR
@@ -184,9 +186,6 @@ Restrict what client hostnames are allowed in \fBHELO\fR and
Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
.IP \fBsmtpd_recipient_restrictions\fR
Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
.IP \fBsmtpd_etrn_restrictions\fR
Restrict what domain names can be used in \fBETRN\fR commands,
and what clients may issue \fBETRN\fR commands.
.IP \fBallow_untrusted_routing\fR
Allow untrusted clients to specify addresses with sender-specified
routing. Enabling this opens up nasty relay loopholes involving

5
postfix/proto/Makefile.in
View File

@@ -4,7 +4,7 @@ SHELL = /bin/sh
CONFIG = ../conf/access ../conf/aliases ../conf/canonical ../conf/relocated \
../conf/transport ../conf/virtual ../conf/pcre_table \
../conf/regexp_table
../conf/regexp_table ../conf/etrn
update: $(CONFIG)
@@ -28,6 +28,9 @@ clobber:
../conf/canonical: canonical
srctoman - $? | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/etrn: etrn
srctoman - $? | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/pcre_table: pcre_table
srctoman - $? | nroff -man | col -bx | uniq | sed 's/^/# /' >$@

88
postfix/proto/etrn Normal file
View File

@@ -0,0 +1,88 @@
#++
# NAME
# etrn 5
# SUMMARY
# format of Postfix etrn table
# SYNOPSIS
# \fBetrn_maps = hash:/etc/postfix/etrn\fR
# \fBetrn_maps = dbm:/etc/postfix/etrn\fR
#
# \fBpostmap /etc/postfix/etrn\fR
# DESCRIPTION
# The optional \fBetrn\fR file specifies what destination domain
# names can be specified in SMTP \fBETRN\fR commands. This information
# is used by the \fBsmtpd\fR(8) and \fBflushd\fR(8) daemon.
#
# Normally, the file serves as input to the \fBpostmap\fR(1) command.
# The result, an indexed file in \fBdbm\fR or \fBdb\fR format,
# is used for fast searching by the mail system. Execute the command
# \fBpostmap /etc/postfix/etrn\fR in order to rebuild the indexed
# file after changing the etrn table.
#
# When the table is provided via other means such as NIS, LDAP,
# SQL, or as regular expressions, the same lookups are done as
# for ordinary indexed files.
# TABLE FORMAT
# .ad
# .fi
# The format of the \fBetrn\fR table is as follows:
# .IP "blanks and comments"
# Blank lines are ignored, as are lines beginning with `#'.
# .IP "\fIdomain restrictions\fR"
# The left-hand side, \fIdomain\fR, specifies a destination domain
# name that can be specified in \fBETRN\fR commands.
# .sp
# The right-hand side specifies one or more access restrictions.
# Restrictions are processed in the given order and the search
# stops at the first match.
# .RS
# .IP \fBreject_unknown_client\fR
# Reject the request if the client hostname is unknown.
# .IP \fBpermit_mynetworks\fR
# Permit the request if the client address matches $mynetworks.
# .IP \fBreject_maps_rbl\fR
# Reject the request if the reverse client network address
# is listed under $maps_rbl_domains.
# .IP \fBreject\fR
# Reject the request. Place this at the end of a restriction list.
# .IP \fBpermit\fR
# Permit the request. Place this at the end of a restriction list.
# .RE
# .PP
# CONFIGURATION PARAMETERS
# .ad
# .fi
# The following \fBmain.cf\fR parameters are especially relevant to
# this topic. See the Postfix \fBmain.cf\fR file for syntax details
# and for default values. Use the \fBpostfix reload\fR command after
# a configuration change.
# .IP \fBetrn_maps\fR
# Tables that specify what domains have \fBETRN\fR service. For each
# table entry, the left-hand side specifies a destination domain name
# that can be specified in an \fBETRN\fR request, and the right-hand
# side specifies a list of access restrictions for SMTP clients that
# issue \fBETRN\fR for the domain.
# .IP \fBfast_flush_maps\fR
# The table with names of destinations that this MTA provides the
# fast flush service for. By default, this is set to $\fBetrn_maps\fR.
# .IP \fBrelay_domains\fR
# The list of domains that this MTA is willing to forward mail from
# or to. This defaults to \fB$mydestination, $fast_flush_maps\fR.
# SEE ALSO
# smtpd(8) Postfix SMTP server
# flushd(1) Postfix fast flush service
# sendmail(5) sendmail-compatible interface
# pcre_table(5) format of PCRE tables
# regexp_table(5) format of POSIX regular expression tables
# LICENSE
# .ad
# .fi
# The Secure Mailer license must be distributed with this software.
# AUTHOR(S)
# Wietse Venema
# IBM T.J. Watson Research
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#--
# By default, this file is not used. See sample-smtpd.cf

25
postfix/src/flushd/.printfck Normal file
View File

@@ -0,0 +1,25 @@
been_here_xt 2 0
bounce_append 5 0
cleanup_out_format 1 0
defer_append 5 0
mail_command 1 0
mail_print 1 0
msg_error 0 0
msg_fatal 0 0
msg_info 0 0
msg_panic 0 0
msg_warn 0 0
opened 4 0
post_mail_fprintf 1 0
qmgr_message_bounce 2 0
rec_fprintf 2 0
sent 4 0
smtp_cmd 1 0
smtp_mesg_fail 2 0
smtp_printf 1 0
smtp_rcpt_fail 3 0
smtp_site_fail 2 0
udp_syslog 1 0
vstream_fprintf 1 0
vstream_printf 0 0
vstring_sprintf 1 0

68
postfix/src/flushd/flushd.c
View File

@@ -12,30 +12,36 @@
/* manager.
/*
/* This server implements the following requests:
/* .IP "FLUSH_REQ_ADD sitename queue_id"
/* Append a record to the per-site fast flush logfile for the specified
/* queue ID.
/* .IP "FLUSH_REQ_SEND sitename"
/* Arrange for the delivery of all messages that are listed in the fast
/* flush logfile for the specified site. After the logfile is processed,
/* .IP "\fBFLUSH_REQ_ADD\fI sitename queue_id\fR"
/* Append \fIqueue_id\fR to the fast flush logfile for the
/* specified site.
/* .IP "\fBFLUSH_REQ_SEND\fI sitename\fR"
/* Arrange for the delivery of all messages that are listed in the fast
/* flush logfile for the specified site. After the logfile is processed,
/* the file is truncated to length zero.
/* .PP
/* The response to the client is one of:
/* .IP FLUSH_STAT_OK
/* .IP \fBFLUSH_STAT_OK\fR
/* The request completed normally.
/* .IP FLUSH_STAT_BAD
/* .IP \fBFLUSH_STAT_BAD\fR
/* The flush server rejected the request (bad request name, bad
/* request parameter value).
/* .IP FLUSH_STAT_UNKNOWN
/* .IP \fBFLUSH_STAT_UNKNOWN\fR
/* The specified site has no fast flush logfile and is not configured
/* to have one.
/* .PP
/* Fast flush logfiles are truncated only after a flush request. In
/* order to prevent fast flush logfiles from growing without bounds,
/* and to prevent them from accumulating too much outdated information,
/* the flush service generates a pro-active flush request once every
/* every 1000 append requests. This should not impact operation.
/* SECURITY
/* .ad
/* .fi
/* The fast flush server is moderately security-sensitive. It does not
/* talk to the network, but it does talk to local unprivileged users, in
/* order to emulate "sendmail -qRsite" behavior. For this reason all
/* strings in a request are truncated at \fline_length_limit\fR.
/* strings in a request are truncated at \fIline_length_limit\fR.
/*
/* The fast flush server can run chrooted at fixed low privilege.
/* DIAGNOSTICS
@@ -51,16 +57,19 @@
/* this program. See the Postfix \fBmain.cf\fR file for syntax details
/* and for default values. Use the \fBpostfix reload\fR command after
/* a configuration change.
/* .IP \fBetrn_maps\fR
/* Tables that specify what domains have \fBETRN\fR service. For each
/* table entry, the left-hand side specifies a destination domain name
/* that can be specified in an \fBETRN\fR request, and the right-hand
/* side specifies a list of access restrictions for SMTP clients that
/* issue \fBETRN\fR for the domain.
/* .IP \fBfast_flush_maps\fR
/* The table with names of destinations that this MTA provides the
/* fast flush service for, and with clients that may issue the ETRN
/* command for those destinations. Postfix maintains fast flush logfiles
/* only for destinations listed in this table.
/* fast flush service for. By default, this is set to $\fBetrn_maps\fR.
/* .IP \fBline_length_limit\fR
/* Maximal length of strings in a fast flush client request.
/* SEE ALSO
/* smtp(8) Postfix SMTP client
/* smtpd) Postfix SMTP server
/* smtpd(8) Postfix SMTP server
/* qmgr(8) Postfix queue manager
/* syslogd(8) system logging
/* LICENSE
@@ -110,6 +119,7 @@
/*
* Tunable parameters.
*/
char *var_etrn_maps;
char *var_fflush_maps;
/* Application-specific. */
@@ -133,14 +143,14 @@ static int flush_append(const char *site, const char *queue_id)
* Open or create the logfile. We allow for the fact that a logfile
* exists for a site that is no longer listed in the fast flush maps.
*/
if ((log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_WRONLY, 0600)) == 0) {
if ((log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_APPEND | O_WRONLY, 0600)) == 0) {
if (errno != ENOENT)
msg_fatal("%s: open fast flush log for site %s: %m", myname, site);
if (maps_find(fflush_maps, site, 0) == 0) {
msg_warn("no fast flush support configured for site %s", site);
return (FLUSH_STAT_UNKNOWN);
}
log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_CREAT | O_WRONLY, 0600);
log = mail_queue_open(MAIL_QUEUE_FLUSH, site, O_CREAT | O_APPEND | O_WRONLY, 0600);
if (log == 0)
msg_fatal("%s: open fast flush log for site %s: %m", myname, site);
}
@@ -219,10 +229,10 @@ static int flush_site(const char *site)
* This is the part that dominates running time: schedule the listed
* queue files for delivery by updating their file time stamps. This
* should take no more than a couple seconds under normal conditions
* (sites that receive millions of messages in a day do not use fast
* flush routinely). Filter out duplicate names to avoid hammering the
* file system, with some finite limit on the amount of memory that we
* are willing to sacrifice. Graceful degradation.
* (sites that receive millions of messages in a day should not use fast
* flush service). Filter out duplicate names to avoid hammering the file
* system, with some finite limit on the amount of memory that we are
* willing to sacrifice. Graceful degradation.
*/
queue_id = vstring_alloc(10);
queue_file = vstring_alloc(10);
@@ -292,6 +302,7 @@ static void flush_service(VSTREAM *client_stream, char *unused_service,
VSTRING *site = vstring_alloc(10);
VSTRING *queue_id;
int status = FLUSH_STAT_BAD;
static int counter;
/*
* Sanity check. This service takes no command-line arguments.
@@ -333,6 +344,20 @@ static void flush_service(VSTREAM *client_stream, char *unused_service,
}
}
mail_print(client_stream, "%d", status);
/*
* Once in a while we generate a pro-active flush request to ensure that
* the logfile does not grow unreasonably, and to ensure that it does not
* contain too much outdated information. Flush our reply to the client
* so that it does not have to wait while the pro-active flush happens.
*/
if (status == FLUSH_STAT_OK && STREQ(STR(request), FLUSH_REQ_ADD)
&& (++counter + event_time() + getpid()) % 1000 == 0) {
vstream_fflush(client_stream);
if (msg_verbose)
msg_info("site %s: time for a pro-active flush", STR(site));
(void) flush_site(STR(site));
}
vstring_free(site);
vstring_free(request);
}
@@ -363,6 +388,7 @@ static void pre_jail_init(char *unused_service, char **unused_argv)
int main(int argc, char **argv)
{
static CONFIG_STR_TABLE str_table[] = {
VAR_ETRN_MAPS, DEF_ETRN_MAPS, &var_etrn_maps, 0, 0,
VAR_FFLUSH_MAPS, DEF_FFLUSH_MAPS, &var_fflush_maps, 0, 0,
0,
};

12
postfix/src/global/mail_params.h
View File

@@ -592,7 +592,7 @@ extern int var_debug_peer_level;
* subdirectories, and how deep the forest is.
*/
#define VAR_HASH_QUEUE_NAMES "hash_queue_names"
#define DEF_HASH_QUEUE_NAMES "defer"
#define DEF_HASH_QUEUE_NAMES "defer,flush"
extern char *var_hash_queue_names;
#define VAR_HASH_QUEUE_DEPTH "hash_queue_depth"
@@ -896,7 +896,7 @@ extern int var_trigger_timeout;
extern char *var_mynetworks;
#define VAR_RELAY_DOMAINS "relay_domains"
#define DEF_RELAY_DOMAINS "$mydestination"
#define DEF_RELAY_DOMAINS "$mydestination $fast_flush_maps"
extern char *var_relay_domains;
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions"
@@ -1065,10 +1065,14 @@ extern void mail_params_init(void);
extern char *var_filter_xport;
/*
* Fast flush support.
* ETRN and fast flush support.
*/
#define VAR_ETRN_MAPS "etrn_maps"
#define DEF_ETRN_MAPS ""
extern char *var_etrn_maps;
#define VAR_FFLUSH_MAPS "fast_flush_maps"
#define DEF_FFLUSH_MAPS ""
#define DEF_FFLUSH_MAPS "$etrn_maps"
extern char *var_fflush_maps;
/* LICENSE

3
postfix/src/global/mail_queue.c
View File

@@ -285,7 +285,8 @@ int mail_queue_id_ok(const char *queue_id)
/*
* Must be in valid hostname form.
*/
if (valid_hostname(queue_id))
if ((strchr(queue_id, '.') || strchr(queue_id, '-'))
&& valid_hostname(queue_id))
return (1);
/*

2
postfix/src/global/mail_version.h
View File

@@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20000927"
#define DEF_MAIL_VERSION "Snapshot-20000928"
extern char *var_mail_version;
/* LICENSE

25
postfix/src/sendmail/sendmail.c
View File

@@ -134,11 +134,11 @@
/* \fIsite\fR.
/* This functionality is available only for sites that are configured
/* for the \fBfast flush\fR service support as described in
/* \fBflushd\fR(8). For other sites, this command is equivalent to
/* using the slower \fBsendmail -q\fR instead.
/* \fBflushd\fR(8). For other sites, use the slower \fBsendmail -q\fR
/* command instead.
/* .IP \fB-qS\fIsite\fR
/* The site name is ignored. This command is equivalent to using
/* the slower \fBsendmail -q\fR instead.
/* This command is not implemented. Use the slower \fBsendmail -q\fR
/* command instead.
/* .IP \fB-t\fR
/* Extract recipients from message headers. This requires that no
/* recipients be specified on the command line.
@@ -192,6 +192,15 @@
/* List of domain or network patterns. When a remote host matches
/* a pattern, increase the verbose logging level by the amount
/* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBetrn_maps\fR
/* Tables that specify what domains have \fBETRN\fR service. For each
/* table entry, the left-hand side specifies a destination domain name
/* that can be specified in an \fBETRN\fR request, and the right-hand
/* side specifies a list of access restrictions for SMTP clients that
/* issue \fBETRN\fR for the domain.
/* .IP \fBfast_flush_maps\fR
/* The table with names of destinations that this MTA provides the
/* fast flush service for. By default, this is set to $\fBetrn_maps\fR.
/* .IP \fBfork_attempts\fR
/* Number of attempts to \fBfork\fR() a process before giving up.
/* .IP \fBfork_delay\fR
@@ -571,9 +580,7 @@ static void flush_site(const char *site)
case FLUSH_STAT_OK:
break;
case FLUSH_STAT_UNKNOWN:
msg_warn("No \"sendmail -qR\" support for site %s", site);
msg_warn("Using the slower \"sendmail -q\" instead");
flush_queue();
msg_fatal("No \"sendmail -qR\" support is configured for %s", site);
break;
case FLUSH_STAT_BAD:
msg_fatal("invalid request: %s", site);
@@ -822,10 +829,6 @@ int main(int argc, char **argv)
}
} else if (optarg[0] == 'R') {
site_to_flush = optarg + 1;
} else if (optarg[0] == 'S') {
msg_warn(
"-qS is not implemented - using \"sendmail -q\" instead");
mode = SM_MODE_FLUSHQ;
} else {
msg_fatal("-q%c is not implemented", optarg[0]);
}

4
postfix/src/smtp/smtp_sasl_glue.c
View File

@@ -137,9 +137,7 @@ static int smtp_sasl_log(void *unused_context, int priority,
const char *message)
{
switch (priority) {
case SASL_LOG_ERR:
msg_fatal("%s", message);
break;
case SASL_LOG_ERR:
case SASL_LOG_WARNING:
msg_warn("%s", message);
break;

3
postfix/src/smtp/smtp_unalias.c
View File

@@ -68,6 +68,9 @@ const char *smtp_unalias_name(const char *name)
VSTRING *fqdn;
char *result;
if (*name == '[')
return (name);
/*
* Initialize the cache on the fly. The smtp client is designed to exit
* after servicing a limited number of requests, so there is no need to

15
postfix/src/smtpd/smtpd.c
View File

@@ -20,7 +20,7 @@
/* system is not running.
/*
/* The SMTP server implements a variety of policies for connection
/* requests, and for parameters given to \fBHELO, MAIL FROM, VRFY\fR
/* requests, and for parameters given to \fBHELO, ETRN, MAIL FROM, VRFY\fR,
/* and \fBRCPT TO\fR commands. They are detailed below and in the
/* \fBmain.cf\fR configuration file.
/* SECURITY
@@ -36,7 +36,7 @@
/* RFC 1652 (8bit-MIME transport)
/* RFC 1854 (SMTP Pipelining)
/* RFC 1870 (Message Size Declaration)
/* RFC 1985 (ETRN command) (partial)
/* RFC 1985 (ETRN command)
/* RFC 2554 (AUTH command)
/* DIAGNOSTICS
/* Problems and transactions are logged to \fBsyslogd\fR(8).
@@ -44,8 +44,6 @@
/* Depending on the setting of the \fBnotify_classes\fR parameter,
/* the postmaster is notified of bounces, protocol problems,
/* policy violations, and of other trouble.
/* BUGS
/* RFC 1985 is implemented by forcing delivery of all deferred mail.
/* CONFIGURATION PARAMETERS
/* .ad
/* .fi
@@ -101,6 +99,12 @@
/* specified in the \fBdebug_peer_level\fR parameter.
/* .IP \fBerror_notice_recipient\fR
/* Recipient of protocol/policy/resource/software error notices.
/* .IP \fBetrn_maps\fR
/* Tables that specify what domains have \fBETRN\fR service. For
/* each table entry, the left-hand side specifies a destination
/* domain name that can be specified in an \fBETRN\fR request, and
/* the right-hand side specifies a list of access restrictions for
/* clients that issue \fBETRN\fR for the domain.
/* .IP \fBhopcount_limit\fR
/* Limit the number of \fBReceived:\fR message headers.
/* .IP \fBlocal_recipient_maps\fR
@@ -168,9 +172,6 @@
/* Restrict what sender addresses are allowed in \fBMAIL FROM\fR commands.
/* .IP \fBsmtpd_recipient_restrictions\fR
/* Restrict what recipient addresses are allowed in \fBRCPT TO\fR commands.
/* .IP \fBsmtpd_etrn_restrictions\fR
/* Restrict what domain names can be used in \fBETRN\fR commands,
/* and what clients may issue \fBETRN\fR commands.
/* .IP \fBallow_untrusted_routing\fR
/* Allow untrusted clients to specify addresses with sender-specified
/* routing. Enabling this opens up nasty relay loopholes involving

5
postfix/src/smtpd/smtpd_check.c
View File

@@ -81,6 +81,9 @@
/* .IP "check_recipient_access maptype:mapname"
/* Look up the resolved recipient address in the named access table,
/* any parent domains of the recipient domain, and the localpart@.
/* .IP "check_etrn_access maptype:mapname"
/* Look up the client hostname or IP address in the named access table.
/* This table is used for ETRN command access control only.
/* .IP reject_maps_rbl
/* Look up the reversed client network address in the real-time blackhole
/* DNS zones below the domains listed in the "maps_rbl_domains"
@@ -1919,7 +1922,7 @@ char *smtpd_check_etrn(SMTPD_STATE *state, char *domain)
pattern);
msg_warn("do not specify lookup tables inside fast flush maps");
msg_warn("define a restriction class and specify its name instead");
status = SMTPD_CHECK_OK;
status = SMTPD_CHECK_DUNNO;
} else {
restrictions = argv_split(pattern, " \t\r\n");
state->recursion = 0;

4
postfix/src/smtpd/smtpd_sasl_glue.c
View File

@@ -116,9 +116,7 @@ static int smtpd_sasl_log(void *unused_context, int priority,
const char *message)
{
switch (priority) {
case SASL_LOG_ERR:
msg_fatal("%s", message);
break;
case SASL_LOG_ERR:
case SASL_LOG_WARNING:
msg_warn("%s", message);
break;