mirror of
https://github.com/vdukhovni/postfix
synced 2025-08-28 20:57:56 +00:00
postfix-3.5-20190908
This commit is contained in:
Wietse Venema
Viktor Dukhovni
parent
bb8da60fce
commit
1a2bf1fc7c
@ -24354,3 +24354,45 @@ Apologies for any names omitted.
|
|||||||
Safety: vstring_set_payload_size() now checks that the
|
Safety: vstring_set_payload_size() now checks that the
|
||||||
payload has not overwritten the safety terminator at the
|
payload has not overwritten the safety terminator at the
|
||||||
end of the VSTRING buffer. File: util/vstream.c.
|
end of the VSTRING buffer. File: util/vstream.c.
|
||||||
|
|
||||||
|
20190813
|
||||||
|
|
||||||
|
Documentation: access(5) map network address pattern syntax.
|
||||||
|
File: proto/access.
|
||||||
|
|
||||||
|
20190820
|
||||||
|
|
||||||
|
Workaround for poor TCP loopback performance on LINUX, where
|
||||||
|
getsockopt(..., TCP_MAXSEG, ..) reports a TCP maximal segment
|
||||||
|
size that is 1/2 to 1/3 of the MTU. For example, with kernel
|
||||||
|
5.1.16-300.fc30.x86_64 the TCP client and server announce
|
||||||
|
an mss of 65495 in the TCP handshake, but getsockopt()
|
||||||
|
returns 32741 (less than half). As a matter of principle,
|
||||||
|
Postfix won't turn on client-side TCP_NODELAY because that
|
||||||
|
hides application performance bugs, and because that still
|
||||||
|
suffers from server-side delayed ACKs. Instead, Postfix
|
||||||
|
avoids sending "small" writes back-to-back, by choosing a
|
||||||
|
VSTREAM buffer size that is a multiple of the reported
|
||||||
|
MSS. This workaround bumps the multiplier from 2x to 4x.
|
||||||
|
File: util/vstream_tweak.c.
|
||||||
|
|
||||||
|
20190825
|
||||||
|
|
||||||
|
Bugfix (introduced: 20051222): the Dovecot client could
|
||||||
|
segfault (null pointer read) or cause an SMTP server assertion
|
||||||
|
to fail when talking to a fake Dovecot server. The client
|
||||||
|
now logs a proper error instead. Problem reported by Tim
|
||||||
|
Düsterhus. File: xsasl/xsasl_dovecot_server.c.
|
||||||
|
|
||||||
|
20190906
|
||||||
|
|
||||||
|
Bugfix (introduced: Postfix 3.4): don't whitewash OpenSSL
|
||||||
|
error results after a plaintext output error. The code could
|
||||||
|
loop, and with some OpenSSL error results could flood the
|
||||||
|
log with error messages (see below for a specific case).
|
||||||
|
Problem reported by Andreas Schulze. File: tlsproxy/tlsproxy.c.
|
||||||
|
|
||||||
|
Bitrot: don't invoke SSL_shutdown() when the SSL engine
|
||||||
|
thinks it is processing a handshake. As of OpenSSL 1.something
|
||||||
|
this returns SSL_ERROR_SSL instead of SSL_ERROR_NONE. File:
|
||||||
|
tlsproxy/tlsproxy.c.
|
||||||
|
|||||||
@ -122,21 +122,17 @@
|
|||||||
#
|
#
|
||||||
# net.work
|
# net.work
|
||||||
#
|
#
|
||||||
# net Matches the specified IPv4 host address or subnet-
|
# net Matches a remote IPv4 host address or network
|
||||||
# work. An IPv4 host address is a sequence of four
|
# address range. Specify one to four decimal octets
|
||||||
# decimal octets separated by ".".
|
# separated by ".". Do not specify "[]" , "/", lead-
|
||||||
|
# ing zeros, or hexadecimal forms.
|
||||||
#
|
#
|
||||||
# Subnetworks are matched by repeatedly truncating
|
# Network ranges are matched by repeatedly truncating
|
||||||
# the last ".octet" from the remote IPv4 host address
|
# the last ".octet" from a remote IPv4 host address
|
||||||
# string until a match is found in the access table,
|
# string, until a match is found in the access table,
|
||||||
# or until further truncation is not possible.
|
# or until further truncation is not possible.
|
||||||
#
|
#
|
||||||
# NOTE 1: The access map lookup key must be in canon-
|
# NOTE: use the cidr lookup table type to specify
|
||||||
# ical form: do not specify unnecessary null charac-
|
|
||||||
# ters, and do not enclose network address informa-
|
|
||||||
# tion with "[]" characters.
|
|
||||||
#
|
|
||||||
# NOTE 2: use the cidr lookup table type to specify
|
|
||||||
# network/netmask patterns. See cidr_table(5) for
|
# network/netmask patterns. See cidr_table(5) for
|
||||||
# details.
|
# details.
|
||||||
#
|
#
|
||||||
@ -146,25 +142,20 @@
|
|||||||
#
|
#
|
||||||
# net:work
|
# net:work
|
||||||
#
|
#
|
||||||
# net Matches the specified IPv6 host address or subnet-
|
# net Matches a remote IPv6 host address or network
|
||||||
# work. An IPv6 host address is a sequence of three
|
# address range. Specify three to eight hexadecimal
|
||||||
# to eight hexadecimal octet pairs separated by ":".
|
# octet pairs separated by ":", using the compressed
|
||||||
|
# form "::" for a sequence of zero-valued octet
|
||||||
|
# pairs. Do not specify "[]", "/", leading zeros, or
|
||||||
|
# non-compressed forms.
|
||||||
#
|
#
|
||||||
# Subnetworks are matched by repeatedly truncating
|
# A network range is matched by repeatedly truncating
|
||||||
# the last ":octetpair" from the remote IPv6 host
|
# the last ":octetpair" from the compressed-form
|
||||||
# address string until a match is found in the access
|
# remote IPv6 host address string, until a match is
|
||||||
# table, or until further truncation is not possible.
|
# found in the access table, or until further trunca-
|
||||||
|
# tion is not possible.
|
||||||
#
|
#
|
||||||
# NOTE 1: the truncation and comparison are done with
|
# NOTE: use the cidr lookup table type to specify
|
||||||
# the string representation of the IPv6 host address.
|
|
||||||
# Thus, not all the ":" subnetworks will be tried.
|
|
||||||
#
|
|
||||||
# NOTE 2: The access map lookup key must be in canon-
|
|
||||||
# ical form: do not specify unnecessary null charac-
|
|
||||||
# ters, and do not enclose network address informa-
|
|
||||||
# tion with "[]" characters.
|
|
||||||
#
|
|
||||||
# NOTE 3: use the cidr lookup table type to specify
|
|
||||||
# network/netmask patterns. See cidr_table(5) for
|
# network/netmask patterns. See cidr_table(5) for
|
||||||
# details.
|
# details.
|
||||||
#
|
#
|
||||||
@ -175,64 +166,64 @@
|
|||||||
#
|
#
|
||||||
# all-numerical
|
# all-numerical
|
||||||
# An all-numerical result is treated as OK. This for-
|
# An all-numerical result is treated as OK. This for-
|
||||||
# mat is generated by address-based relay authoriza-
|
# mat is generated by address-based relay authoriza-
|
||||||
# tion schemes such as pop-before-smtp.
|
# tion schemes such as pop-before-smtp.
|
||||||
#
|
#
|
||||||
# For other accept actions, see "OTHER ACTIONS" below.
|
# For other accept actions, see "OTHER ACTIONS" below.
|
||||||
#
|
#
|
||||||
# REJECT ACTIONS
|
# REJECT ACTIONS
|
||||||
# Postfix version 2.3 and later support enhanced status
|
# Postfix version 2.3 and later support enhanced status
|
||||||
# codes as defined in RFC 3463. When no code is specified
|
# codes as defined in RFC 3463. When no code is specified
|
||||||
# at the beginning of the text below, Postfix inserts a
|
# at the beginning of the text below, Postfix inserts a
|
||||||
# default enhanced status code of "5.7.1" in the case of
|
# default enhanced status code of "5.7.1" in the case of
|
||||||
# reject actions, and "4.7.1" in the case of defer actions.
|
# reject actions, and "4.7.1" in the case of defer actions.
|
||||||
# See "ENHANCED STATUS CODES" below.
|
# See "ENHANCED STATUS CODES" below.
|
||||||
#
|
#
|
||||||
# 4NN text
|
# 4NN text
|
||||||
#
|
#
|
||||||
# 5NN text
|
# 5NN text
|
||||||
# Reject the address etc. that matches the pattern,
|
# Reject the address etc. that matches the pattern,
|
||||||
# and respond with the numerical three-digit code and
|
# and respond with the numerical three-digit code and
|
||||||
# text. 4NN means "try again later", while 5NN means
|
# text. 4NN means "try again later", while 5NN means
|
||||||
# "do not try again".
|
# "do not try again".
|
||||||
#
|
#
|
||||||
# The following responses have special meaning for
|
# The following responses have special meaning for
|
||||||
# the Postfix SMTP server:
|
# the Postfix SMTP server:
|
||||||
#
|
#
|
||||||
# 421 text (Postfix 2.3 and later)
|
# 421 text (Postfix 2.3 and later)
|
||||||
#
|
#
|
||||||
# 521 text (Postfix 2.6 and later)
|
# 521 text (Postfix 2.6 and later)
|
||||||
# After responding with the numerical
|
# After responding with the numerical
|
||||||
# three-digit code and text, disconnect imme-
|
# three-digit code and text, disconnect imme-
|
||||||
# diately from the SMTP client. This frees up
|
# diately from the SMTP client. This frees up
|
||||||
# SMTP server resources so that they can be
|
# SMTP server resources so that they can be
|
||||||
# made available to another SMTP client.
|
# made available to another SMTP client.
|
||||||
#
|
#
|
||||||
# Note: The "521" response should be used only
|
# Note: The "521" response should be used only
|
||||||
# with botnets and other malware where inter-
|
# with botnets and other malware where inter-
|
||||||
# operability is of no concern. The "send 521
|
# operability is of no concern. The "send 521
|
||||||
# and disconnect" behavior is NOT defined in
|
# and disconnect" behavior is NOT defined in
|
||||||
# the SMTP standard.
|
# the SMTP standard.
|
||||||
#
|
#
|
||||||
# REJECT optional text...
|
# REJECT optional text...
|
||||||
# Reject the address etc. that matches the pattern.
|
# Reject the address etc. that matches the pattern.
|
||||||
# Reply with "$access_map_reject_code optional
|
# Reply with "$access_map_reject_code optional
|
||||||
# text..." when the optional text is specified, oth-
|
# text..." when the optional text is specified, oth-
|
||||||
# erwise reply with a generic error response message.
|
# erwise reply with a generic error response message.
|
||||||
#
|
#
|
||||||
# DEFER optional text...
|
# DEFER optional text...
|
||||||
# Reject the address etc. that matches the pattern.
|
# Reject the address etc. that matches the pattern.
|
||||||
# Reply with "$access_map_defer_code optional
|
# Reply with "$access_map_defer_code optional
|
||||||
# text..." when the optional text is specified, oth-
|
# text..." when the optional text is specified, oth-
|
||||||
# erwise reply with a generic error response message.
|
# erwise reply with a generic error response message.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.6 and later.
|
# This feature is available in Postfix 2.6 and later.
|
||||||
#
|
#
|
||||||
# DEFER_IF_REJECT optional text...
|
# DEFER_IF_REJECT optional text...
|
||||||
# Defer the request if some later restriction would
|
# Defer the request if some later restriction would
|
||||||
# result in a REJECT action. Reply with
|
# result in a REJECT action. Reply with
|
||||||
# "$access_map_defer_code 4.7.1 optional text..."
|
# "$access_map_defer_code 4.7.1 optional text..."
|
||||||
# when the optional text is specified, otherwise
|
# when the optional text is specified, otherwise
|
||||||
# reply with a generic error response message.
|
# reply with a generic error response message.
|
||||||
#
|
#
|
||||||
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
||||||
@ -240,10 +231,10 @@
|
|||||||
# This feature is available in Postfix 2.1 and later.
|
# This feature is available in Postfix 2.1 and later.
|
||||||
#
|
#
|
||||||
# DEFER_IF_PERMIT optional text...
|
# DEFER_IF_PERMIT optional text...
|
||||||
# Defer the request if some later restriction would
|
# Defer the request if some later restriction would
|
||||||
# result in a an explicit or implicit PERMIT action.
|
# result in a an explicit or implicit PERMIT action.
|
||||||
# Reply with "$access_map_defer_code 4.7.1 optional
|
# Reply with "$access_map_defer_code 4.7.1 optional
|
||||||
# text..." when the optional text is specified, oth-
|
# text..." when the optional text is specified, oth-
|
||||||
# erwise reply with a generic error response message.
|
# erwise reply with a generic error response message.
|
||||||
#
|
#
|
||||||
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
# Prior to Postfix 2.6, the SMTP reply code is 450.
|
||||||
@ -258,195 +249,195 @@
|
|||||||
# reject_unauth_destination, and so on).
|
# reject_unauth_destination, and so on).
|
||||||
#
|
#
|
||||||
# BCC user@domain
|
# BCC user@domain
|
||||||
# Send one copy of the message to the specified
|
# Send one copy of the message to the specified
|
||||||
# recipient.
|
# recipient.
|
||||||
#
|
#
|
||||||
# If multiple BCC actions are specified within the
|
# If multiple BCC actions are specified within the
|
||||||
# same SMTP MAIL transaction, with Postfix 3.0 only
|
# same SMTP MAIL transaction, with Postfix 3.0 only
|
||||||
# the last action will be used.
|
# the last action will be used.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 3.0 and later.
|
# This feature is available in Postfix 3.0 and later.
|
||||||
#
|
#
|
||||||
# DISCARD optional text...
|
# DISCARD optional text...
|
||||||
# Claim successful delivery and silently discard the
|
# Claim successful delivery and silently discard the
|
||||||
# message. Log the optional text if specified, oth-
|
# message. Log the optional text if specified, oth-
|
||||||
# erwise log a generic message.
|
# erwise log a generic message.
|
||||||
#
|
#
|
||||||
# Note: this action currently affects all recipients
|
# Note: this action currently affects all recipients
|
||||||
# of the message. To discard only one recipient
|
# of the message. To discard only one recipient
|
||||||
# without discarding the entire message, use the
|
# without discarding the entire message, use the
|
||||||
# transport(5) table to direct mail to the discard(8)
|
# transport(5) table to direct mail to the discard(8)
|
||||||
# service.
|
# service.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.0 and later.
|
# This feature is available in Postfix 2.0 and later.
|
||||||
#
|
#
|
||||||
# DUNNO Pretend that the lookup key was not found. This
|
# DUNNO Pretend that the lookup key was not found. This
|
||||||
# prevents Postfix from trying substrings of the
|
# prevents Postfix from trying substrings of the
|
||||||
# lookup key (such as a subdomain name, or a network
|
# lookup key (such as a subdomain name, or a network
|
||||||
# address subnetwork).
|
# address subnetwork).
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.0 and later.
|
# This feature is available in Postfix 2.0 and later.
|
||||||
#
|
#
|
||||||
# FILTER transport:destination
|
# FILTER transport:destination
|
||||||
# After the message is queued, send the entire mes-
|
# After the message is queued, send the entire mes-
|
||||||
# sage through the specified external content filter.
|
# sage through the specified external content filter.
|
||||||
# The transport name specifies the first field of a
|
# The transport name specifies the first field of a
|
||||||
# mail delivery agent definition in master.cf; the
|
# mail delivery agent definition in master.cf; the
|
||||||
# syntax of the next-hop destination is described in
|
# syntax of the next-hop destination is described in
|
||||||
# the manual page of the corresponding delivery
|
# the manual page of the corresponding delivery
|
||||||
# agent. More information about external content
|
# agent. More information about external content
|
||||||
# filters is in the Postfix FILTER_README file.
|
# filters is in the Postfix FILTER_README file.
|
||||||
#
|
#
|
||||||
# Note 1: do not use $number regular expression sub-
|
# Note 1: do not use $number regular expression sub-
|
||||||
# stitutions for transport or destination unless you
|
# stitutions for transport or destination unless you
|
||||||
# know that the information has a trusted origin.
|
# know that the information has a trusted origin.
|
||||||
#
|
#
|
||||||
# Note 2: this action overrides the main.cf con-
|
# Note 2: this action overrides the main.cf con-
|
||||||
# tent_filter setting, and affects all recipients of
|
# tent_filter setting, and affects all recipients of
|
||||||
# the message. In the case that multiple FILTER
|
# the message. In the case that multiple FILTER
|
||||||
# actions fire, only the last one is executed.
|
# actions fire, only the last one is executed.
|
||||||
#
|
#
|
||||||
# Note 3: the purpose of the FILTER command is to
|
# Note 3: the purpose of the FILTER command is to
|
||||||
# override message routing. To override the recipi-
|
# override message routing. To override the recipi-
|
||||||
# ent's transport but not the next-hop destination,
|
# ent's transport but not the next-hop destination,
|
||||||
# specify an empty filter destination (Postfix 2.7
|
# specify an empty filter destination (Postfix 2.7
|
||||||
# and later), or specify a transport:destination that
|
# and later), or specify a transport:destination that
|
||||||
# delivers through a different Postfix instance
|
# delivers through a different Postfix instance
|
||||||
# (Postfix 2.6 and earlier). Other options are using
|
# (Postfix 2.6 and earlier). Other options are using
|
||||||
# the recipient-dependent transport_maps or the sen-
|
# the recipient-dependent transport_maps or the sen-
|
||||||
# der-dependent sender_dependent_default_transport-
|
# der-dependent sender_dependent_default_transport-
|
||||||
# _maps features.
|
# _maps features.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.0 and later.
|
# This feature is available in Postfix 2.0 and later.
|
||||||
#
|
#
|
||||||
# HOLD optional text...
|
# HOLD optional text...
|
||||||
# Place the message on the hold queue, where it will
|
# Place the message on the hold queue, where it will
|
||||||
# sit until someone either deletes it or releases it
|
# sit until someone either deletes it or releases it
|
||||||
# for delivery. Log the optional text if specified,
|
# for delivery. Log the optional text if specified,
|
||||||
# otherwise log a generic message.
|
# otherwise log a generic message.
|
||||||
#
|
#
|
||||||
# Mail that is placed on hold can be examined with
|
# Mail that is placed on hold can be examined with
|
||||||
# the postcat(1) command, and can be destroyed or
|
# the postcat(1) command, and can be destroyed or
|
||||||
# released with the postsuper(1) command.
|
# released with the postsuper(1) command.
|
||||||
#
|
#
|
||||||
# Note: use "postsuper -r" to release mail that was
|
# Note: use "postsuper -r" to release mail that was
|
||||||
# kept on hold for a significant fraction of $maxi-
|
# kept on hold for a significant fraction of $maxi-
|
||||||
# mal_queue_lifetime or $bounce_queue_lifetime, or
|
# mal_queue_lifetime or $bounce_queue_lifetime, or
|
||||||
# longer. Use "postsuper -H" only for mail that will
|
# longer. Use "postsuper -H" only for mail that will
|
||||||
# not expire within a few delivery attempts.
|
# not expire within a few delivery attempts.
|
||||||
#
|
#
|
||||||
# Note: this action currently affects all recipients
|
# Note: this action currently affects all recipients
|
||||||
# of the message.
|
# of the message.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.0 and later.
|
# This feature is available in Postfix 2.0 and later.
|
||||||
#
|
#
|
||||||
# PREPEND headername: headervalue
|
# PREPEND headername: headervalue
|
||||||
# Prepend the specified message header to the mes-
|
# Prepend the specified message header to the mes-
|
||||||
# sage. When more than one PREPEND action executes,
|
# sage. When more than one PREPEND action executes,
|
||||||
# the first prepended header appears before the sec-
|
# the first prepended header appears before the sec-
|
||||||
# ond etc. prepended header.
|
# ond etc. prepended header.
|
||||||
#
|
#
|
||||||
# Note: this action must execute before the message
|
# Note: this action must execute before the message
|
||||||
# content is received; it cannot execute in the con-
|
# content is received; it cannot execute in the con-
|
||||||
# text of smtpd_end_of_data_restrictions.
|
# text of smtpd_end_of_data_restrictions.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.1 and later.
|
# This feature is available in Postfix 2.1 and later.
|
||||||
#
|
#
|
||||||
# REDIRECT user@domain
|
# REDIRECT user@domain
|
||||||
# After the message is queued, send the message to
|
# After the message is queued, send the message to
|
||||||
# the specified address instead of the intended
|
# the specified address instead of the intended
|
||||||
# recipient(s). When multiple REDIRECT actions fire,
|
# recipient(s). When multiple REDIRECT actions fire,
|
||||||
# only the last one takes effect.
|
# only the last one takes effect.
|
||||||
#
|
#
|
||||||
# Note: this action overrides the FILTER action, and
|
# Note: this action overrides the FILTER action, and
|
||||||
# currently overrides all recipients of the message.
|
# currently overrides all recipients of the message.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.1 and later.
|
# This feature is available in Postfix 2.1 and later.
|
||||||
#
|
#
|
||||||
# INFO optional text...
|
# INFO optional text...
|
||||||
# Log an informational record with the optional text,
|
# Log an informational record with the optional text,
|
||||||
# together with client information and if available,
|
# together with client information and if available,
|
||||||
# with helo, sender, recipient and protocol informa-
|
# with helo, sender, recipient and protocol informa-
|
||||||
# tion.
|
# tion.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 3.0 and later.
|
# This feature is available in Postfix 3.0 and later.
|
||||||
#
|
#
|
||||||
# WARN optional text...
|
# WARN optional text...
|
||||||
# Log a warning with the optional text, together with
|
# Log a warning with the optional text, together with
|
||||||
# client information and if available, with helo,
|
# client information and if available, with helo,
|
||||||
# sender, recipient and protocol information.
|
# sender, recipient and protocol information.
|
||||||
#
|
#
|
||||||
# This feature is available in Postfix 2.1 and later.
|
# This feature is available in Postfix 2.1 and later.
|
||||||
#
|
#
|
||||||
# ENHANCED STATUS CODES
|
# ENHANCED STATUS CODES
|
||||||
# Postfix version 2.3 and later support enhanced status
|
# Postfix version 2.3 and later support enhanced status
|
||||||
# codes as defined in RFC 3463. When an enhanced status
|
# codes as defined in RFC 3463. When an enhanced status
|
||||||
# code is specified in an access table, it is subject to
|
# code is specified in an access table, it is subject to
|
||||||
# modification. The following transformations are needed
|
# modification. The following transformations are needed
|
||||||
# when the same access table is used for client, helo,
|
# when the same access table is used for client, helo,
|
||||||
# sender, or recipient access restrictions; they happen
|
# sender, or recipient access restrictions; they happen
|
||||||
# regardless of whether Postfix replies to a MAIL FROM, RCPT
|
# regardless of whether Postfix replies to a MAIL FROM, RCPT
|
||||||
# TO or other SMTP command.
|
# TO or other SMTP command.
|
||||||
#
|
#
|
||||||
# o When a sender address matches a REJECT action, the
|
# o When a sender address matches a REJECT action, the
|
||||||
# Postfix SMTP server will transform a recipient DSN
|
# Postfix SMTP server will transform a recipient DSN
|
||||||
# status (e.g., 4.1.1-4.1.6) into the corresponding
|
# status (e.g., 4.1.1-4.1.6) into the corresponding
|
||||||
# sender DSN status, and vice versa.
|
# sender DSN status, and vice versa.
|
||||||
#
|
#
|
||||||
# o When non-address information matches a REJECT
|
# o When non-address information matches a REJECT
|
||||||
# action (such as the HELO command argument or the
|
# action (such as the HELO command argument or the
|
||||||
# client hostname/address), the Postfix SMTP server
|
# client hostname/address), the Postfix SMTP server
|
||||||
# will transform a sender or recipient DSN status
|
# will transform a sender or recipient DSN status
|
||||||
# into a generic non-address DSN status (e.g.,
|
# into a generic non-address DSN status (e.g.,
|
||||||
# 4.0.0).
|
# 4.0.0).
|
||||||
#
|
#
|
||||||
# REGULAR EXPRESSION TABLES
|
# REGULAR EXPRESSION TABLES
|
||||||
# This section describes how the table lookups change when
|
# This section describes how the table lookups change when
|
||||||
# the table is given in the form of regular expressions. For
|
# the table is given in the form of regular expressions. For
|
||||||
# a description of regular expression lookup table syntax,
|
# a description of regular expression lookup table syntax,
|
||||||
# see regexp_table(5) or pcre_table(5).
|
# see regexp_table(5) or pcre_table(5).
|
||||||
#
|
#
|
||||||
# Each pattern is a regular expression that is applied to
|
# Each pattern is a regular expression that is applied to
|
||||||
# the entire string being looked up. Depending on the appli-
|
# the entire string being looked up. Depending on the appli-
|
||||||
# cation, that string is an entire client hostname, an
|
# cation, that string is an entire client hostname, an
|
||||||
# entire client IP address, or an entire mail address. Thus,
|
# entire client IP address, or an entire mail address. Thus,
|
||||||
# no parent domain or parent network search is done,
|
# no parent domain or parent network search is done,
|
||||||
# user@domain mail addresses are not broken up into their
|
# user@domain mail addresses are not broken up into their
|
||||||
# user@ and domain constituent parts, nor is user+foo broken
|
# user@ and domain constituent parts, nor is user+foo broken
|
||||||
# up into user and foo.
|
# up into user and foo.
|
||||||
#
|
#
|
||||||
# Patterns are applied in the order as specified in the ta-
|
# Patterns are applied in the order as specified in the ta-
|
||||||
# ble, until a pattern is found that matches the search
|
# ble, until a pattern is found that matches the search
|
||||||
# string.
|
# string.
|
||||||
#
|
#
|
||||||
# Actions are the same as with indexed file lookups, with
|
# Actions are the same as with indexed file lookups, with
|
||||||
# the additional feature that parenthesized substrings from
|
# the additional feature that parenthesized substrings from
|
||||||
# the pattern can be interpolated as $1, $2 and so on.
|
# the pattern can be interpolated as $1, $2 and so on.
|
||||||
#
|
#
|
||||||
# TCP-BASED TABLES
|
# TCP-BASED TABLES
|
||||||
# This section describes how the table lookups change when
|
# This section describes how the table lookups change when
|
||||||
# lookups are directed to a TCP-based server. For a descrip-
|
# lookups are directed to a TCP-based server. For a descrip-
|
||||||
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
# tion of the TCP client/server lookup protocol, see tcp_ta-
|
||||||
# ble(5). This feature is not available up to and including
|
# ble(5). This feature is not available up to and including
|
||||||
# Postfix version 2.4.
|
# Postfix version 2.4.
|
||||||
#
|
#
|
||||||
# Each lookup operation uses the entire query string once.
|
# Each lookup operation uses the entire query string once.
|
||||||
# Depending on the application, that string is an entire
|
# Depending on the application, that string is an entire
|
||||||
# client hostname, an entire client IP address, or an entire
|
# client hostname, an entire client IP address, or an entire
|
||||||
# mail address. Thus, no parent domain or parent network
|
# mail address. Thus, no parent domain or parent network
|
||||||
# search is done, user@domain mail addresses are not broken
|
# search is done, user@domain mail addresses are not broken
|
||||||
# up into their user@ and domain constituent parts, nor is
|
# up into their user@ and domain constituent parts, nor is
|
||||||
# user+foo broken up into user and foo.
|
# user+foo broken up into user and foo.
|
||||||
#
|
#
|
||||||
# Actions are the same as with indexed file lookups.
|
# Actions are the same as with indexed file lookups.
|
||||||
#
|
#
|
||||||
# EXAMPLE
|
# EXAMPLE
|
||||||
# The following example uses an indexed file, so that the
|
# The following example uses an indexed file, so that the
|
||||||
# order of table entries does not matter. The example per-
|
# order of table entries does not matter. The example per-
|
||||||
# mits access by the client at address 1.2.3.4 but rejects
|
# mits access by the client at address 1.2.3.4 but rejects
|
||||||
# all other clients in 1.2.3.0/24. Instead of hash lookup
|
# all other clients in 1.2.3.0/24. Instead of hash lookup
|
||||||
# tables, some systems use dbm. Use the command "postconf
|
# tables, some systems use dbm. Use the command "postconf
|
||||||
# -m" to find out what lookup tables Postfix supports on
|
# -m" to find out what lookup tables Postfix supports on
|
||||||
# your system.
|
# your system.
|
||||||
#
|
#
|
||||||
# /etc/postfix/main.cf:
|
# /etc/postfix/main.cf:
|
||||||
@ -457,11 +448,11 @@
|
|||||||
# 1.2.3 REJECT
|
# 1.2.3 REJECT
|
||||||
# 1.2.3.4 OK
|
# 1.2.3.4 OK
|
||||||
#
|
#
|
||||||
# Execute the command "postmap /etc/postfix/access" after
|
# Execute the command "postmap /etc/postfix/access" after
|
||||||
# editing the file.
|
# editing the file.
|
||||||
#
|
#
|
||||||
# BUGS
|
# BUGS
|
||||||
# The table format does not understand quoting conventions.
|
# The table format does not understand quoting conventions.
|
||||||
#
|
#
|
||||||
# SEE ALSO
|
# SEE ALSO
|
||||||
# postmap(1), Postfix lookup table manager
|
# postmap(1), Postfix lookup table manager
|
||||||
@ -470,13 +461,13 @@
|
|||||||
# transport(5), transport:nexthop syntax
|
# transport(5), transport:nexthop syntax
|
||||||
#
|
#
|
||||||
# README FILES
|
# README FILES
|
||||||
# Use "postconf readme_directory" or "postconf html_direc-
|
# Use "postconf readme_directory" or "postconf html_direc-
|
||||||
# tory" to locate this information.
|
# tory" to locate this information.
|
||||||
# SMTPD_ACCESS_README, built-in SMTP server access control
|
# SMTPD_ACCESS_README, built-in SMTP server access control
|
||||||
# DATABASE_README, Postfix lookup table overview
|
# DATABASE_README, Postfix lookup table overview
|
||||||
#
|
#
|
||||||
# LICENSE
|
# LICENSE
|
||||||
# The Secure Mailer license must be distributed with this
|
# The Secure Mailer license must be distributed with this
|
||||||
# software.
|
# software.
|
||||||
#
|
#
|
||||||
# AUTHOR(S)
|
# AUTHOR(S)
|
||||||
|
|||||||
@ -114,21 +114,17 @@ ACCESS(5) ACCESS(5)
|
|||||||
|
|
||||||
<i>net.work</i>
|
<i>net.work</i>
|
||||||
|
|
||||||
<i>net</i> Matches the specified IPv4 host address or subnetwork. An IPv4
|
<i>net</i> Matches a remote IPv4 host address or network address range.
|
||||||
host address is a sequence of four decimal octets separated by
|
Specify one to four decimal octets separated by ".". Do not
|
||||||
".".
|
specify "[]" , "/", leading zeros, or hexadecimal forms.
|
||||||
|
|
||||||
Subnetworks are matched by repeatedly truncating the last
|
Network ranges are matched by repeatedly truncating the last
|
||||||
".octet" from the remote IPv4 host address string until a match
|
".octet" from a remote IPv4 host address string, until a match
|
||||||
is found in the access table, or until further truncation is not
|
is found in the access table, or until further truncation is not
|
||||||
possible.
|
possible.
|
||||||
|
|
||||||
NOTE 1: The access map lookup key must be in canonical form: do
|
NOTE: use the <b>cidr</b> lookup table type to specify network/netmask
|
||||||
not specify unnecessary null characters, and do not enclose net-
|
patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
|
||||||
work address information with "[]" characters.
|
|
||||||
|
|
||||||
NOTE 2: use the <b>cidr</b> lookup table type to specify network/net-
|
|
||||||
mask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
|
|
||||||
|
|
||||||
<i>net:work:addr:ess</i>
|
<i>net:work:addr:ess</i>
|
||||||
|
|
||||||
@ -136,25 +132,19 @@ ACCESS(5) ACCESS(5)
|
|||||||
|
|
||||||
<i>net:work</i>
|
<i>net:work</i>
|
||||||
|
|
||||||
<i>net</i> Matches the specified IPv6 host address or subnetwork. An IPv6
|
<i>net</i> Matches a remote IPv6 host address or network address range.
|
||||||
host address is a sequence of three to eight hexadecimal octet
|
Specify three to eight hexadecimal octet pairs separated by ":",
|
||||||
pairs separated by ":".
|
using the compressed form "::" for a sequence of zero-valued
|
||||||
|
octet pairs. Do not specify "[]", "/", leading zeros, or
|
||||||
|
non-compressed forms.
|
||||||
|
|
||||||
Subnetworks are matched by repeatedly truncating the last
|
A network range is matched by repeatedly truncating the last
|
||||||
":octetpair" from the remote IPv6 host address string until a
|
":octetpair" from the compressed-form remote IPv6 host address
|
||||||
match is found in the access table, or until further truncation
|
string, until a match is found in the access table, or until
|
||||||
is not possible.
|
further truncation is not possible.
|
||||||
|
|
||||||
NOTE 1: the truncation and comparison are done with the string
|
NOTE: use the <b>cidr</b> lookup table type to specify network/netmask
|
||||||
representation of the IPv6 host address. Thus, not all the ":"
|
patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
|
||||||
subnetworks will be tried.
|
|
||||||
|
|
||||||
NOTE 2: The access map lookup key must be in canonical form: do
|
|
||||||
not specify unnecessary null characters, and do not enclose net-
|
|
||||||
work address information with "[]" characters.
|
|
||||||
|
|
||||||
NOTE 3: use the <b>cidr</b> lookup table type to specify network/net-
|
|
||||||
mask patterns. See <a href="cidr_table.5.html"><b>cidr_table</b>(5)</a> for details.
|
|
||||||
|
|
||||||
IPv6 support is available in Postfix 2.2 and later.
|
IPv6 support is available in Postfix 2.2 and later.
|
||||||
|
|
||||||
|
|||||||
@ -121,43 +121,33 @@ string \fBsmtpd_access_maps\fR is not listed in the Postfix
|
|||||||
.IP \fInet.work.addr\fR
|
.IP \fInet.work.addr\fR
|
||||||
.IP \fInet.work\fR
|
.IP \fInet.work\fR
|
||||||
.IP \fInet\fR
|
.IP \fInet\fR
|
||||||
Matches the specified IPv4 host address or subnetwork. An
|
Matches a remote IPv4 host address or network address range.
|
||||||
IPv4 host address is a sequence of four decimal octets
|
Specify one to four decimal octets separated by ".". Do not
|
||||||
separated by ".".
|
specify "[]" , "/", leading zeros, or hexadecimal forms.
|
||||||
|
|
||||||
Subnetworks are matched by repeatedly truncating the last
|
Network ranges are matched by repeatedly truncating the last
|
||||||
".octet" from the remote IPv4 host address string until a
|
".octet" from a remote IPv4 host address string, until a
|
||||||
match is found in the access table, or until further
|
match is found in the access table, or until further
|
||||||
truncation is not possible.
|
truncation is not possible.
|
||||||
|
|
||||||
NOTE 1: The access map lookup key must be in canonical form:
|
NOTE: use the \fBcidr\fR lookup table type to specify
|
||||||
do not specify unnecessary null characters, and do not
|
|
||||||
enclose network address information with "[]" characters.
|
|
||||||
|
|
||||||
NOTE 2: use the \fBcidr\fR lookup table type to specify
|
|
||||||
network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
||||||
.IP \fInet:work:addr:ess\fR
|
.IP \fInet:work:addr:ess\fR
|
||||||
.IP \fInet:work:addr\fR
|
.IP \fInet:work:addr\fR
|
||||||
.IP \fInet:work\fR
|
.IP \fInet:work\fR
|
||||||
.IP \fInet\fR
|
.IP \fInet\fR
|
||||||
Matches the specified IPv6 host address or subnetwork. An
|
Matches a remote IPv6 host address or network address range.
|
||||||
IPv6 host address is a sequence of three to eight hexadecimal
|
Specify three to eight hexadecimal octet pairs separated
|
||||||
octet pairs separated by ":".
|
by ":", using the compressed form "::" for a sequence of
|
||||||
|
zero\-valued octet pairs. Do not specify "[]", "/", leading
|
||||||
|
zeros, or non\-compressed forms.
|
||||||
|
|
||||||
Subnetworks are matched by repeatedly truncating the last
|
A network range is matched by repeatedly truncating the
|
||||||
":octetpair" from the remote IPv6 host address string until
|
last ":octetpair" from the compressed\-form remote IPv6 host
|
||||||
a match is found in the access table, or until further
|
address string, until a match is found in the access table,
|
||||||
truncation is not possible.
|
or until further truncation is not possible.
|
||||||
|
|
||||||
NOTE 1: the truncation and comparison are done with the
|
NOTE: use the \fBcidr\fR lookup table type to specify
|
||||||
string representation of the IPv6 host address. Thus, not
|
|
||||||
all the ":" subnetworks will be tried.
|
|
||||||
|
|
||||||
NOTE 2: The access map lookup key must be in canonical form:
|
|
||||||
do not specify unnecessary null characters, and do not
|
|
||||||
enclose network address information with "[]" characters.
|
|
||||||
|
|
||||||
NOTE 3: use the \fBcidr\fR lookup table type to specify
|
|
||||||
network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
||||||
|
|
||||||
IPv6 support is available in Postfix 2.2 and later.
|
IPv6 support is available in Postfix 2.2 and later.
|
||||||
|
|||||||
@ -105,43 +105,33 @@
|
|||||||
# .IP \fInet.work.addr\fR
|
# .IP \fInet.work.addr\fR
|
||||||
# .IP \fInet.work\fR
|
# .IP \fInet.work\fR
|
||||||
# .IP \fInet\fR
|
# .IP \fInet\fR
|
||||||
# Matches the specified IPv4 host address or subnetwork. An
|
# Matches a remote IPv4 host address or network address range.
|
||||||
# IPv4 host address is a sequence of four decimal octets
|
# Specify one to four decimal octets separated by ".". Do not
|
||||||
# separated by ".".
|
# specify "[]" , "/", leading zeros, or hexadecimal forms.
|
||||||
#
|
#
|
||||||
# Subnetworks are matched by repeatedly truncating the last
|
# Network ranges are matched by repeatedly truncating the last
|
||||||
# ".octet" from the remote IPv4 host address string until a
|
# ".octet" from a remote IPv4 host address string, until a
|
||||||
# match is found in the access table, or until further
|
# match is found in the access table, or until further
|
||||||
# truncation is not possible.
|
# truncation is not possible.
|
||||||
#
|
#
|
||||||
# NOTE 1: The access map lookup key must be in canonical form:
|
# NOTE: use the \fBcidr\fR lookup table type to specify
|
||||||
# do not specify unnecessary null characters, and do not
|
|
||||||
# enclose network address information with "[]" characters.
|
|
||||||
#
|
|
||||||
# NOTE 2: use the \fBcidr\fR lookup table type to specify
|
|
||||||
# network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
# network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
||||||
# .IP \fInet:work:addr:ess\fR
|
# .IP \fInet:work:addr:ess\fR
|
||||||
# .IP \fInet:work:addr\fR
|
# .IP \fInet:work:addr\fR
|
||||||
# .IP \fInet:work\fR
|
# .IP \fInet:work\fR
|
||||||
# .IP \fInet\fR
|
# .IP \fInet\fR
|
||||||
# Matches the specified IPv6 host address or subnetwork. An
|
# Matches a remote IPv6 host address or network address range.
|
||||||
# IPv6 host address is a sequence of three to eight hexadecimal
|
# Specify three to eight hexadecimal octet pairs separated
|
||||||
# octet pairs separated by ":".
|
# by ":", using the compressed form "::" for a sequence of
|
||||||
|
# zero-valued octet pairs. Do not specify "[]", "/", leading
|
||||||
|
# zeros, or non-compressed forms.
|
||||||
#
|
#
|
||||||
# Subnetworks are matched by repeatedly truncating the last
|
# A network range is matched by repeatedly truncating the
|
||||||
# ":octetpair" from the remote IPv6 host address string until
|
# last ":octetpair" from the compressed-form remote IPv6 host
|
||||||
# a match is found in the access table, or until further
|
# address string, until a match is found in the access table,
|
||||||
# truncation is not possible.
|
# or until further truncation is not possible.
|
||||||
#
|
#
|
||||||
# NOTE 1: the truncation and comparison are done with the
|
# NOTE: use the \fBcidr\fR lookup table type to specify
|
||||||
# string representation of the IPv6 host address. Thus, not
|
|
||||||
# all the ":" subnetworks will be tried.
|
|
||||||
#
|
|
||||||
# NOTE 2: The access map lookup key must be in canonical form:
|
|
||||||
# do not specify unnecessary null characters, and do not
|
|
||||||
# enclose network address information with "[]" characters.
|
|
||||||
#
|
|
||||||
# NOTE 3: use the \fBcidr\fR lookup table type to specify
|
|
||||||
# network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
# network/netmask patterns. See \fBcidr_table\fR(5) for details.
|
||||||
#
|
#
|
||||||
# IPv6 support is available in Postfix 2.2 and later.
|
# IPv6 support is available in Postfix 2.2 and later.
|
||||||
|
|||||||
@ -20,7 +20,7 @@
|
|||||||
* Patches change both the patchlevel and the release date. Snapshots have no
|
* Patches change both the patchlevel and the release date. Snapshots have no
|
||||||
* patchlevel; they change the release date only.
|
* patchlevel; they change the release date only.
|
||||||
*/
|
*/
|
||||||
#define MAIL_RELEASE_DATE "20190724"
|
#define MAIL_RELEASE_DATE "20190908"
|
||||||
#define MAIL_VERSION_NUMBER "3.5"
|
#define MAIL_VERSION_NUMBER "3.5"
|
||||||
|
|
||||||
#ifdef SNAPSHOT
|
#ifdef SNAPSHOT
|
||||||
|
|||||||
@ -678,7 +678,8 @@ static int tlsp_eval_tls_error(TLSP_STATE *state, int err)
|
|||||||
/*
|
/*
|
||||||
* Allow buffered-up plaintext output to trickle out.
|
* Allow buffered-up plaintext output to trickle out.
|
||||||
*/
|
*/
|
||||||
if (state->plaintext_buf && NBBIO_WRITE_PEND(state->plaintext_buf))
|
if (state->plaintext_buf && !NBBIO_ERROR_FLAGS(state->plaintext_buf)
|
||||||
|
&& NBBIO_WRITE_PEND(state->plaintext_buf))
|
||||||
return (TLSP_STAT_OK);
|
return (TLSP_STAT_OK);
|
||||||
tlsp_state_free(state);
|
tlsp_state_free(state);
|
||||||
return (TLSP_STAT_ERR);
|
return (TLSP_STAT_ERR);
|
||||||
@ -784,9 +785,8 @@ static void tlsp_strategy(TLSP_STATE *state)
|
|||||||
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
|
if (NBBIO_ERROR_FLAGS(plaintext_buf)) {
|
||||||
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
|
if (NBBIO_ACTIVE_FLAGS(plaintext_buf))
|
||||||
nbbio_disable_readwrite(state->plaintext_buf);
|
nbbio_disable_readwrite(state->plaintext_buf);
|
||||||
ssl_stat = SSL_shutdown(tls_context->con);
|
if (!SSL_in_init(tls_context->con)
|
||||||
/* XXX Wait for return value 1 if sessions are to be reused? */
|
&& (ssl_stat = SSL_shutdown(tls_context->con)) < 0) {
|
||||||
if (ssl_stat < 0) {
|
|
||||||
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
|
handshake_err = SSL_get_error(tls_context->con, ssl_stat);
|
||||||
tlsp_eval_tls_error(state, handshake_err);
|
tlsp_eval_tls_error(state, handshake_err);
|
||||||
/* At this point, state could be a dangling pointer. */
|
/* At this point, state could be a dangling pointer. */
|
||||||
|
|||||||
@ -124,12 +124,20 @@ int vstream_tweak_tcp(VSTREAM *fp)
|
|||||||
* stream buffer size to less than VSTREAM_BUFSIZE, when the request is
|
* stream buffer size to less than VSTREAM_BUFSIZE, when the request is
|
||||||
* made before the first stream read or write operation. We don't want to
|
* made before the first stream read or write operation. We don't want to
|
||||||
* reduce the buffer size.
|
* reduce the buffer size.
|
||||||
|
*
|
||||||
|
* As of 20190820 we increase the mss size multipler from 2x to 4x, because
|
||||||
|
* some LINUX loopback TCP stacks report an MSS of 21845 which is 3x
|
||||||
|
* smaller than the MTU of 65536. Even with a VSTREAM buffer 2x the
|
||||||
|
* reported MSS size, performance would suck due to Nagle or delayed ACK
|
||||||
|
* delays.
|
||||||
*/
|
*/
|
||||||
#define EFF_BUFFER_SIZE(fp) (vstream_req_bufsize(fp) ? \
|
#define EFF_BUFFER_SIZE(fp) (vstream_req_bufsize(fp) ? \
|
||||||
vstream_req_bufsize(fp) : VSTREAM_BUFSIZE)
|
vstream_req_bufsize(fp) : VSTREAM_BUFSIZE)
|
||||||
|
|
||||||
#ifdef CA_VSTREAM_CTL_BUFSIZE
|
#ifdef CA_VSTREAM_CTL_BUFSIZE
|
||||||
if (mss > EFF_BUFFER_SIZE(fp) / 2) {
|
if (mss > EFF_BUFFER_SIZE(fp) / 4) {
|
||||||
|
if (mss < INT_MAX / 2)
|
||||||
|
mss *= 2;
|
||||||
if (mss < INT_MAX / 2)
|
if (mss < INT_MAX / 2)
|
||||||
mss *= 2;
|
mss *= 2;
|
||||||
vstream_control(fp,
|
vstream_control(fp,
|
||||||
|
|||||||
@ -584,10 +584,20 @@ static int xsasl_dovecot_handle_reply(XSASL_DOVECOT_SERVER *server,
|
|||||||
if (xsasl_dovecot_parse_reply(server, &line) == 0) {
|
if (xsasl_dovecot_parse_reply(server, &line) == 0) {
|
||||||
/* authentication successful */
|
/* authentication successful */
|
||||||
xsasl_dovecot_parse_reply_args(server, line, reply, 1);
|
xsasl_dovecot_parse_reply_args(server, line, reply, 1);
|
||||||
|
if (server->username == 0) {
|
||||||
|
msg_warn("missing Dovecot server %s username field", cmd);
|
||||||
|
vstring_strcpy(reply, "Authentication backend error");
|
||||||
|
return XSASL_AUTH_FAIL;
|
||||||
|
}
|
||||||
return XSASL_AUTH_DONE;
|
return XSASL_AUTH_DONE;
|
||||||
}
|
}
|
||||||
} else if (strcmp(cmd, "CONT") == 0) {
|
} else if (strcmp(cmd, "CONT") == 0) {
|
||||||
if (xsasl_dovecot_parse_reply(server, &line) == 0) {
|
if (xsasl_dovecot_parse_reply(server, &line) == 0) {
|
||||||
|
if (line == 0) {
|
||||||
|
msg_warn("missing Dovecot server %s reply field", cmd);
|
||||||
|
vstring_strcpy(reply, "Authentication backend error");
|
||||||
|
return XSASL_AUTH_FAIL;
|
||||||
|
}
|
||||||
vstring_strcpy(reply, line);
|
vstring_strcpy(reply, line);
|
||||||
return XSASL_AUTH_MORE;
|
return XSASL_AUTH_MORE;
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user