mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 18:07:41 +00:00
Code Issues Releases Wiki Activity

postfix-3.11-20250729

Browse Source
This commit is contained in:
Wietse Z Venema 2025-07-29 00:00:00 -05:00 committed by Viktor Dukhovni
parent 13f0daa5f7
commit 1aa75d39fc
22 changed files with 284 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
postfix/HISTORY
View File

@ -29441,3 +29441,50 @@ Apologies for any names omitted.
modification time change, when they opened that table for modification time change, when they opened that table for
writing. Files: util/dict.c, util/dict_db.c, util/dict_dbm.c, writing. Files: util/dict.c, util/dict_db.c, util/dict_dbm.c,
util/dict_lmdb.c, util/dict_sdbm.c. util/dict_lmdb.c, util/dict_sdbm.c.
20250728
Documentation: in the postmap(1) manual page, fix the caveat
for the '-h' option. Robert Hansen. File: postmap/postmap.c.
Documentation: make MULTI_INSTANCE_README terminology
(default and non-default instances) consistent with
postmulti(1) terminology (primary and secondary instances).
Robert Hansen. File: proto/MULTI_INSTANCE_README.html.
Documentation: clarify vstring(3) handling of functions
that expect null-terminated inputs. File: util/vstring.c.
Bugfix (defect introduced: Postfix 3.6, date 20200710):
Postfix TLS client code logged "Untrusted TLS connection"
(wrong) instead of "Trusted TLS connection" (right), when
a server offered a trusted (valid PKI trust chain) certificate
that did not match the expected server name pattern. Viktor
Dukhovni. Files: tls/tls_client.c, tls/tls_verify.c.
Cleanup: the TLS client stores no more than one session
ticket per TLS connection (a remote TLS 1.3 server can send
multiple tickets). Viktor Dukhovni. File: tls/tls_client.c.
20250729
Cleanup: more precise handling of session tickets in the
Postfix TLS server. Viktor Dukhovni. File: tls/tls_server.c.
Cleanup: TLS_SESS_STATE.rpt_reported should be a public member.
File: tls/tls.h
Cleanup: document that TLS_SESS_STATE.ticketed is now a
dual-purpose field. File: tls/tls.h.
Support for the 'll' (long long, etc.) and 'j' (intmax_t,
etc.) format modifiers. These may appear in the expansion
of the C99 PRI?MAX macros. File: util/vbuf_print.c.
Y2038 compatibility for 32-bit computer systems: 'long'
will be too small for the YP_LAST_MODIFIED field in a NIS
or NISPLUS mail.aliases map. Jiaying Song, Wind River. File:
postalias/postalias.c. There is more time-handling code in
Postfix that would need to be converted to int64_t, or to
long long which just like time_t is a 64-bit type on many
ILP32 and LP64 systems.

76
postfix/README_FILES/MULTI_INSTANCE_README
View File

@ -16,7 +16,7 @@ Topics covered in this document:
* Null-client instances versus service instances * Null-client instances versus service instances
* Multi-instance walk-through * Multi-instance walk-through
* Components of a Postfix system * Components of a Postfix system
* The default Postfix instance * The primary Postfix instance
* Instance groups * Instance groups
* Multi-instance configuration parameters * Multi-instance configuration parameters
* Using the postmulti(1) command * Using the postmulti(1) command
@ -64,7 +64,7 @@ that multiple instances will be easier to use than ever before.
NNuullll--cclliieenntt iinnssttaanncceess vveerrssuuss sseerrvviiccee iinnssttaanncceess NNuullll--cclliieenntt iinnssttaanncceess vveerrssuuss sseerrvviiccee iinnssttaanncceess
In the multi-instance approach to configuring Postfix, the first simplification In the multi-instance approach to configuring Postfix, the first simplification
is with the default local-submission Postfix instance. is with the primary local-submission Postfix instance.
Most UNIX systems require support for email submission with the sendmail(1) Most UNIX systems require support for email submission with the sendmail(1)
command so that system processes such as cron jobs can send status reports, and command so that system processes such as cron jobs can send status reports, and
@ -103,7 +103,7 @@ scrutiny, locally submitted messages are typically limited to mail from cron
jobs and other system services. In this regard the border MTA is not different jobs and other system services. In this regard the border MTA is not different
from other Unix hosts in your environment. For this reason, it will submit from other Unix hosts in your environment. For this reason, it will submit
locally-generated email to the internal mail hub. We start the construction of locally-generated email to the internal mail hub. We start the construction of
the border mail server with the default instance, which will be a local- the border mail server with the primary instance, which will be a local-
submission null client: submission null client:
/etc/postfix/main.cf: /etc/postfix/main.cf:
@ -213,7 +213,7 @@ before the input instance can be fully tested, and when the system boots, the
and input instances into a single instance group named "mta". and input instances into a single instance group named "mta".
Just once, when adding the first secondary instance, enable multi-instance Just once, when adding the first secondary instance, enable multi-instance
support in the default (null-client) instance: support in the primary (null-client) instance:
# postmulti -e init # postmulti -e init
@ -223,7 +223,7 @@ Then create the output instance:
The instance configuration directory defaults to /etc/postfix-out, more The instance configuration directory defaults to /etc/postfix-out, more
precisely, the "postfix-out" subdirectory of the parent directory of the precisely, the "postfix-out" subdirectory of the parent directory of the
default-instance configuration directory. The new instance will be created in a primary-instance configuration directory. The new instance will be created in a
"disabled" state: "disabled" state:
/etc/postfix-out/main.cf /etc/postfix-out/main.cf
@ -240,7 +240,7 @@ default-instance configuration directory. The new instance will be created in a
This instance has a "stock" master.cf file, and its queue and data directories, This instance has a "stock" master.cf file, and its queue and data directories,
also named "postfix-out", will be located in the same parent directories as the also named "postfix-out", will be located in the same parent directories as the
corresponding directories of the default instance (e.g., /var/spool/postfix-out corresponding directories of the primary instance (e.g., /var/spool/postfix-out
and /var/lib/postfix-out). and /var/lib/postfix-out).
While this instance is immediately safe to start, it is not yet usefully While this instance is immediately safe to start, it is not yet usefully
@ -367,7 +367,7 @@ instance group:
The new instance configuration directory defaults to /etc/postfix-in, more The new instance configuration directory defaults to /etc/postfix-in, more
precisely, the "postfix-in" subdirectory of the parent directory of the precisely, the "postfix-in" subdirectory of the parent directory of the
default-instance configuration directory. The new instance will be created in a primary-instance configuration directory. The new instance will be created in a
"disabled" state: "disabled" state:
/etc/postfix-in/main.cf /etc/postfix-in/main.cf
@ -520,7 +520,7 @@ set in main.cf is $config_directory, as this defines the location of the
main.cf file itself. main.cf file itself.
Though config_directory cannot be set in main.cf, postfix(1) and most of the Though config_directory cannot be set in main.cf, postfix(1) and most of the
other command-line Postfix utilities allow you to specify a non-default other command-line Postfix utilities allow you to specify a secondary
configuration directory via a command line option (typically --cc) or via the configuration directory via a command line option (typically --cc) or via the
MAIL_CONFIG environment variable. In this way, it is possible to have multiple MAIL_CONFIG environment variable. In this way, it is possible to have multiple
configuration directories on the same machine, and to have multiple running configuration directories on the same machine, and to have multiple running
@ -535,27 +535,27 @@ Each combination of configuration directory, together with the queue directory
and data directory (specified in the corresponding main.cf file) make up a and data directory (specified in the corresponding main.cf file) make up a
Postfix iinnssttaannccee. Postfix iinnssttaannccee.
TThhee ddeeffaauulltt PPoossttffiixx iinnssttaannccee TThhee pprriimmaarryy PPoossttffiixx iinnssttaannccee
One Postfix instance is special: this is the instance whose configuration One Postfix instance is special: this is the instance whose configuration
directory is the default one compiled into the Postfix utilities. The location directory is the default one compiled into the Postfix utilities. The location
of the default configuration directory is typically /etc/postfix, and can be of the default configuration directory is typically /etc/postfix, and can be
queried via the "postconf -d config_directory" command. We call the instance queried via the "postconf -d config_directory" command. We call the instance
with this configuration directory the "default instance". with this configuration directory the "primary instance".
The default instance is responsible for local mail submission. The setgid The primary instance is responsible for local mail submission. The setgid
postdrop(1) utility is used by the sendmail(1) local submission program to postdrop(1) utility is used by the sendmail(1) local submission program to
spool messages into the mmaaiillddrroopp sub-directory of the queue directory of the spool messages into the mmaaiillddrroopp sub-directory of the queue directory of the
default instance. primary instance.
Even in the rare case when "sendmail -C" is used to submit local mail into a Even in the rare case when "sendmail -C" is used to submit local mail into a
non-default Postfix instance, for security reasons, postdrop(1) will consult secondary Postfix instance, for security reasons, postdrop(1) will consult the
the default main.cf file to check the validity of the requested non-default primary main.cf file to check the validity of the requested non-default
configuration directory. configuration directory.
So, while in most other respects, all instances are equal, the default instance So, while in most other respects, all instances are equal, the primary instance
is "more equal than others". You may choose to create additional instances, but is "more equal than others". You may choose to create secondary instances, but
you must have at least the default instance, with its configuration directory you must have at least the primary instance, with its configuration directory
in the default compiled-in location. in the default compiled-in location.
IInnssttaannccee ggrroouuppss IInnssttaannccee ggrroouuppss
@ -575,9 +575,9 @@ the related instances should be members of a single instance group (however,
the content filter usually has its own start/stop procedure that is separate the content filter usually has its own start/stop procedure that is separate
from any Postfix instance). from any Postfix instance).
The default instance main.cf file's $multi_instance_directories configuration The primary instance main.cf file's $multi_instance_directories configuration
parameter lists the configuration directories of all secondary (non-default) parameter lists the configuration directories of all secondary (non-default)
instances. Together with the default instance, these secondary instances are instances. Together with the primary instance, these secondary instances are
managed by the multi-instance manager. Instances are started in the order managed by the multi-instance manager. Instances are started in the order
listed, and stopped in the opposite order. For instances that are members of a listed, and stopped in the opposite order. For instances that are members of a
service "group", you should arrange to start the service back-to-front, with service "group", you should arrange to start the service back-to-front, with
@ -587,16 +587,16 @@ started.
MMuullttii--iinnssttaannccee ccoonnffiigguurraattiioonn ppaarraammeetteerrss MMuullttii--iinnssttaannccee ccoonnffiigguurraattiioonn ppaarraammeetteerrss
multi_instance_wrapper multi_instance_wrapper
This default-instance configuration parameter must be set to a suitable This primary-instance configuration parameter must be set to a suitable
multi-instance manager's "wrapper" program that controls the starting, multi-instance manager's "wrapper" program that controls the starting,
stopping, etc. of a multi-instance Postfix system. To use the postmulti(1) stopping, etc. of a multi-instance Postfix system. To use the postmulti(1)
manager described in this document, this parameter should be set with the manager described in this document, this parameter should be set with the
"postmulti -e init" command. "postmulti -e init" command.
multi_instance_directories multi_instance_directories
This default-instance configuration parameter specifies an optional list of This primary-instance configuration parameter specifies an optional list of
the secondary instances controlled via the multi-instance manager. the secondary instances controlled via the multi-instance manager.
Instances are listed in their "start" order, with the default instance Instances are listed in their "start" order, with the primary instance
always started first (if enabled). If $multi_instance_directories is left always started first (if enabled). If $multi_instance_directories is left
empty, the postfix(1) command runs with multi-instance support turned off, empty, the postfix(1) command runs with multi-instance support turned off,
and none of the multi_instance_ configuration parameters will have any and none of the multi_instance_ configuration parameters will have any
@ -672,37 +672,37 @@ IInniittiiaalliizziinngg tthhee mmuullttii--iinnssttaa
Before postmulti(1) is used for the first time, you must install it as the Before postmulti(1) is used for the first time, you must install it as the
multi_instance_wrapper for your Postfix system and enable multi-instance multi_instance_wrapper for your Postfix system and enable multi-instance
operation of the default Postfix instance. You can then proceed to add new or operation of the primary Postfix instance. You can then proceed to add new or
existing instances to the multi-instance configuration. This initial existing instances to the multi-instance configuration. This initial
installation is accomplished as follows: installation is accomplished as follows:
# postmulti -e init # postmulti -e init
This updates the default instance main.cf file as follows: This updates the primary instance main.cf file as follows:
# Use postmulti(1) as a postfix-wrapper(5) # Use postmulti(1) as a postfix-wrapper(5)
# #
multi_instance_wrapper = ${command_directory}/postmulti -p -- multi_instance_wrapper = ${command_directory}/postmulti -p --
# Configure the default instance to start when in multi-instance mode # Configure the primary instance to start when in multi-instance mode
# #
multi_instance_enable = yes multi_instance_enable = yes
If you prefer, you can make these changes by editing the default main.cf If you prefer, you can make these changes by editing the primary main.cf
directly, or by using "postconf -e". directly, or by using "postconf -e".
LLiissttiinngg mmaannaaggeedd iinnssttaanncceess LLiissttiinngg mmaannaaggeedd iinnssttaanncceess
The list of managed instances consists of the default instance and the The list of managed instances consists of the primary instance and the
additional instances whose configuration directories are listed (in start secondary instances whose configuration directories are listed (in start order)
order) under the multi_instance_directories parameter of the default main.cf under the multi_instance_directories parameter of the primary main.cf
configuration file. configuration file.
You can list selected instances, groups of instances or all instances by You can list selected instances, groups of instances or all instances by
specifying only the instance matching options with the "-l" option. The "-a" specifying only the instance matching options with the "-l" option. The "-a"
option is assumed if no other instance selection options are specified (this option is assumed if no other instance selection options are specified (this
behavior changes with the "-e" option). As a special case, even if it has an behavior changes with the "-e" option). As a special case, even if it has an
explicit name, the default instance can always be selected via "-i -". explicit name, the primary instance can always be selected via "-i -".
# postmulti -l -a # postmulti -l -a
# postmulti -l -g a_group # postmulti -l -g a_group
@ -732,8 +732,8 @@ either the instance name or the instance group is not set, it is shown as a "-
When selecting an existing instance via the "-i" option, you can always use the When selecting an existing instance via the "-i" option, you can always use the
full pathname of its configuration directory instead of the instance (short) full pathname of its configuration directory instead of the instance (short)
name. This is the only way to select a non-default nameless instance. The name. This is the only way to select a secondary nameless instance. The primary
default instance can be selected via "-i -", whether it has a name or not. instance can be selected via "-i -", whether it has a name or not.
To list instances in reverse start order, include the "-R" option together with To list instances in reverse start order, include the "-R" option together with
the instance selection options. the instance selection options.
@ -826,9 +826,9 @@ possibilities:
CCrreeaattiinngg aa nneeww PPoossttffiixx iinnssttaannccee CCrreeaattiinngg aa nneeww PPoossttffiixx iinnssttaannccee
The postmulti(1) command can be used to create additional Postfix instances. The postmulti(1) command can be used to create secondary Postfix instances. New
New instances are created with local submission and all "inet" services instances are created with local submission and all "inet" services disabled
disabled via the following non-default parameter settings in the main.cf file: via the following non-default parameter settings in the main.cf file:
authorized_submit_users = authorized_submit_users =
master_service_disable = inet master_service_disable = inet
@ -839,8 +839,8 @@ will also not accept any mail until they are fully configured, at which point
you can do away with one or both of the above safety measures. you can do away with one or both of the above safety measures.
The postmulti(1) command encourages a preferred way of organizing the The postmulti(1) command encourages a preferred way of organizing the
configuration directories, queue directories and data directories of non- configuration directories, queue directories and data directories of secondary
default instances. If the default instance settings are: instances. If the primary instance settings are:
config_directory = /conf-path/postfix config_directory = /conf-path/postfix
queue_directory = /queue-path/postfix queue_directory = /queue-path/postfix
@ -885,7 +885,7 @@ existing instances. By default, the configuration directories of newly managed
instances are appended to the instance list. You can use the "-i" or "-g" or "- instances are appended to the instance list. You can use the "-i" or "-g" or "-
a" options to insert the new instance before the specified instance or group, a" options to insert the new instance before the specified instance or group,
or at the beginning of the instance list (multi_instance_directories parameter or at the beginning of the instance list (multi_instance_directories parameter
of the default instance). of the primary instance).
If you do specify a name (use "-I" with a name that is not "-") for the new If you do specify a name (use "-I" with a name that is not "-") for the new
instance, you may omit any of the 3 instance installation parameters whose instance, you may omit any of the 3 instance installation parameters whose

66
postfix/html/MULTI_INSTANCE_README.html
View File

@ -40,7 +40,7 @@ management framework, and on how to deploy a custom instance manager.
<li><a href="#parts"> Components of a Postfix system </a> <li><a href="#parts"> Components of a Postfix system </a>
<li><a href="#default"> The default Postfix instance </a> <li><a href="#default"> The primary Postfix instance </a>
<li><a href="#group"> Instance groups </a> <li><a href="#group"> Instance groups </a>
@ -102,7 +102,7 @@ use than ever before. </p>
<h2><a name="split"> Null-client instances versus service instances </a></h2> <h2><a name="split"> Null-client instances versus service instances </a></h2>
<p> In the multi-instance approach to configuring Postfix, the first <p> In the multi-instance approach to configuring Postfix, the first
simplification is with the default local-submission Postfix instance. simplification is with the primary local-submission Postfix instance.
</p> </p>
<p> Most UNIX systems require support for email submission with the <p> Most UNIX systems require support for email submission with the
@ -152,7 +152,7 @@ limited to mail from cron jobs and other system services. In this
regard the border MTA is not different from other Unix hosts in regard the border MTA is not different from other Unix hosts in
your environment. For this reason, it will submit locally-generated your environment. For this reason, it will submit locally-generated
email to the internal mail hub. We start the construction of the email to the internal mail hub. We start the construction of the
border mail server with the <a href="#default_instance">default</a> border mail server with the <a href="#default">primary</a>
instance, which will be a local-submission <a instance, which will be a local-submission <a
href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>: href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
</p> </p>
@ -283,7 +283,7 @@ must start before the input instance. We will put the output and
input instances into a single instance group named "mta". </p> input instances into a single instance group named "mta". </p>
<p> Just once, when adding the first secondary instance, enable <p> Just once, when adding the first secondary instance, enable
multi-instance support in the default (null-client) instance: </p> multi-instance support in the primary (null-client) instance: </p>
<blockquote> <blockquote>
<pre> <pre>
@ -301,7 +301,7 @@ multi-instance support in the default (null-client) instance: </p>
<p> The instance configuration directory defaults to /etc/postfix-out, <p> The instance configuration directory defaults to /etc/postfix-out,
more precisely, the "postfix-out" subdirectory of the parent directory more precisely, the "postfix-out" subdirectory of the parent directory
of the default-instance configuration directory. The new instance will of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p> be created in a "disabled" state: </p>
<blockquote> <blockquote>
@ -323,7 +323,7 @@ be created in a "disabled" state: </p>
<p> This instance has a "stock" <a href="master.5.html">master.cf</a> file, and its queue and <p> This instance has a "stock" <a href="master.5.html">master.cf</a> file, and its queue and
data directories, also named "postfix-out", will be located in the data directories, also named "postfix-out", will be located in the
same parent directories as the corresponding directories of the same parent directories as the corresponding directories of the
default instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out). primary instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
</p> </p>
<p> While this instance is immediately safe to start, it is not yet <p> While this instance is immediately safe to start, it is not yet
@ -472,7 +472,7 @@ also part of the "mta" instance group: </p>
<p> The new instance configuration directory defaults to /etc/postfix-in, <p> The new instance configuration directory defaults to /etc/postfix-in,
more precisely, the "postfix-in" subdirectory of the parent directory more precisely, the "postfix-in" subdirectory of the parent directory
of the default-instance configuration directory. The new instance will of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p> be created in a "disabled" state: </p>
<blockquote> <blockquote>
@ -658,7 +658,7 @@ all but one may be optionally set to a non-default value via the
<p> Though <a href="postconf.5.html#config_directory">config_directory</a> cannot be set in <a href="postconf.5.html">main.cf</a>, <a href="postfix.1.html">postfix(1)</a> and <p> Though <a href="postconf.5.html#config_directory">config_directory</a> cannot be set in <a href="postconf.5.html">main.cf</a>, <a href="postfix.1.html">postfix(1)</a> and
most of the other command-line Postfix utilities allow you to specify a most of the other command-line Postfix utilities allow you to specify a
non-default configuration directory via a command line option (typically secondary configuration directory via a command line option (typically
<b>-c</b>) or via the MAIL_CONFIG environment variable. In this way, <b>-c</b>) or via the MAIL_CONFIG environment variable. In this way,
it is possible to have multiple configuration directories on the same it is possible to have multiple configuration directories on the same
machine, and to have multiple running <a href="master.8.html">master(8)</a> daemons each with its machine, and to have multiple running <a href="master.8.html">master(8)</a> daemons each with its
@ -672,28 +672,28 @@ directories, queue directories or data directories. </p>
directory and data directory (specified in the corresponding <a href="postconf.5.html">main.cf</a> file) directory and data directory (specified in the corresponding <a href="postconf.5.html">main.cf</a> file)
make up a Postfix <b>instance</b>. </p> make up a Postfix <b>instance</b>. </p>
<h2><a name="default"> The default Postfix instance </a></h2> <h2><a name="default"> The primary Postfix instance </a></h2>
<p> One Postfix instance is special: this is the instance whose <p> One Postfix instance is special: this is the instance whose
configuration directory is the default one compiled into the Postfix configuration directory is the default one compiled into the Postfix
utilities. The location of the default configuration directory is utilities. The location of the default configuration directory is
typically /etc/postfix, and can be queried via the "postconf -d typically /etc/postfix, and can be queried via the "postconf -d
<a href="postconf.5.html#config_directory">config_directory</a>" command. We call the instance with this configuration <a href="postconf.5.html#config_directory">config_directory</a>" command. We call the instance with this configuration
directory the "default instance". </p> directory the "primary instance". </p>
<p> The default instance is responsible for local mail submission. The <p> The primary instance is responsible for local mail submission. The
setgid <a href="postdrop.1.html">postdrop(1)</a> utility is used by the <a href="sendmail.1.html">sendmail(1)</a> local submission setgid <a href="postdrop.1.html">postdrop(1)</a> utility is used by the <a href="sendmail.1.html">sendmail(1)</a> local submission
program to spool messages into the <b>maildrop</b> sub-directory of the program to spool messages into the <b>maildrop</b> sub-directory of the
queue directory of the default instance. </p> queue directory of the primary instance. </p>
<p> Even in the rare case when "sendmail -C" is used to submit local mail <p> Even in the rare case when "sendmail -C" is used to submit local mail
into a non-default Postfix instance, for security reasons, <a href="postdrop.1.html">postdrop(1)</a> into a secondary Postfix instance, for security reasons, <a href="postdrop.1.html">postdrop(1)</a>
will consult the default <a href="postconf.5.html">main.cf</a> file to check the validity of the will consult the primary <a href="postconf.5.html">main.cf</a> file to check the validity of the
requested non-default configuration directory. </p> requested non-default configuration directory. </p>
<p> So, while in most other respects, all instances are equal, the <p> So, while in most other respects, all instances are equal, the
default instance is "more equal than others". You may choose to create primary instance is "more equal than others". You may choose to create
additional instances, but you must have at least the default instance, secondary instances, but you must have at least the primary instance,
with its configuration directory in the default compiled-in location. </p> with its configuration directory in the default compiled-in location. </p>
<h2><a name="group"> Instance groups </a></h2> <h2><a name="group"> Instance groups </a></h2>
@ -715,9 +715,9 @@ of a single instance group (however, the content filter usually has
its own start/stop procedure that is separate from any Postfix its own start/stop procedure that is separate from any Postfix
instance). </p> instance). </p>
<p> The default instance <a href="postconf.5.html">main.cf</a> file's $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> <p> The primary instance <a href="postconf.5.html">main.cf</a> file's $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a>
configuration parameter lists the configuration directories of all configuration parameter lists the configuration directories of all
secondary (non-default) instances. Together with the default instance, secondary (non-default) instances. Together with the primary instance,
these secondary instances are managed by the multi-instance manager. these secondary instances are managed by the multi-instance manager.
Instances are started in the order listed, and stopped in the Instances are started in the order listed, and stopped in the
opposite order. For instances that are members of a service "group", opposite order. For instances that are members of a service "group",
@ -731,7 +731,7 @@ stages are started. </p>
<dt> <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> </dt> <dt> <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> </dt>
<dd> <p> This default-instance configuration parameter must be set <dd> <p> This primary-instance configuration parameter must be set
to a suitable multi-instance manager's "wrapper" program that to a suitable multi-instance manager's "wrapper" program that
controls the starting, stopping, etc. of a multi-instance Postfix controls the starting, stopping, etc. of a multi-instance Postfix
system. To use the <a href="postmulti.1.html">postmulti(1)</a> manager described in this document, system. To use the <a href="postmulti.1.html">postmulti(1)</a> manager described in this document,
@ -740,10 +740,10 @@ this parameter should be set with the "<a href="#init">postmulti
<dt> <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> </dt> <dt> <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> </dt>
<dd> <p> This default-instance configuration parameter specifies <dd> <p> This primary-instance configuration parameter specifies
an optional list of the secondary instances controlled via the an optional list of the secondary instances controlled via the
multi-instance manager. Instances are listed in their "start" order, multi-instance manager. Instances are listed in their "start" order,
with the default instance always started first (if enabled). If with the primary instance always started first (if enabled). If
$<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is left empty, the <a href="postfix.1.html">postfix(1)</a> command $<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> is left empty, the <a href="postfix.1.html">postfix(1)</a> command
runs with multi-instance support turned off, and none of the runs with multi-instance support turned off, and none of the
multi_instance_ configuration parameters will have any effect. </p> multi_instance_ configuration parameters will have any effect. </p>
@ -842,7 +842,7 @@ automatically. See below. </p>
<p> Before <a href="postmulti.1.html">postmulti(1)</a> is used for the first time, you must install <p> Before <a href="postmulti.1.html">postmulti(1)</a> is used for the first time, you must install
it as the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> for your Postfix system and enable it as the <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> for your Postfix system and enable
multi-instance operation of the default Postfix instance. You can then multi-instance operation of the primary Postfix instance. You can then
proceed to add <a href="#create">new</a> or <a href="#import">existing</a> proceed to add <a href="#create">new</a> or <a href="#import">existing</a>
instances to the multi-instance configuration. This initial installation instances to the multi-instance configuration. This initial installation
is accomplished as follows: </p> is accomplished as follows: </p>
@ -853,7 +853,7 @@ is accomplished as follows: </p>
</pre> </pre>
</blockquote> </blockquote>
<p> This updates the default instance <a href="postconf.5.html">main.cf</a> file as follows: </p> <p> This updates the primary instance <a href="postconf.5.html">main.cf</a> file as follows: </p>
<blockquote> <blockquote>
<pre> <pre>
@ -861,28 +861,28 @@ is accomplished as follows: </p>
# #
<a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> = ${<a href="postconf.5.html#command_directory">command_directory</a>}/postmulti -p -- <a href="postconf.5.html#multi_instance_wrapper">multi_instance_wrapper</a> = ${<a href="postconf.5.html#command_directory">command_directory</a>}/postmulti -p --
# Configure the default instance to start when in multi-instance mode # Configure the primary instance to start when in multi-instance mode
# #
<a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes <a href="postconf.5.html#multi_instance_enable">multi_instance_enable</a> = yes
</pre> </pre>
</blockquote> </blockquote>
<p> If you prefer, you can make these changes by editing the default <p> If you prefer, you can make these changes by editing the primary
<a href="postconf.5.html">main.cf</a> directly, or by using "postconf -e". </p> <a href="postconf.5.html">main.cf</a> directly, or by using "postconf -e". </p>
<h3><a name="list"> Listing managed instances </a></h3> <h3><a name="list"> Listing managed instances </a></h3>
<p> The list of managed instances consists of the default instance and <p> The list of managed instances consists of the primary instance and
the additional instances whose configuration directories are listed the secondary instances whose configuration directories are listed
(in start order) under the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of the (in start order) under the <a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter of the
default <a href="postconf.5.html">main.cf</a> configuration file. </p> primary <a href="postconf.5.html">main.cf</a> configuration file. </p>
<p> You can list selected instances, groups of instances or all <p> You can list selected instances, groups of instances or all
instances by specifying only the instance matching options with the instances by specifying only the instance matching options with the
"-l" option. The "-a" option is assumed if no other instance "-l" option. The "-a" option is assumed if no other instance
selection options are specified (this behavior changes with the selection options are specified (this behavior changes with the
"-e" option). As a special case, even if it has an explicit name, "-e" option). As a special case, even if it has an explicit name,
the default instance can always be selected via "-i -". </p> the primary instance can always be selected via "-i -". </p>
<blockquote> <blockquote>
<pre> <pre>
@ -926,7 +926,7 @@ set, it is shown as a "-". </p>
<p> When selecting an existing instance via the "-i" option, you <p> When selecting an existing instance via the "-i" option, you
can always use the full pathname of its configuration directory can always use the full pathname of its configuration directory
instead of the instance (short) name. This is the only way to select instead of the instance (short) name. This is the only way to select
a non-default nameless instance. The default instance can be selected a secondary nameless instance. The primary instance can be selected
via "-i -", whether it has a name or not. </p> via "-i -", whether it has a name or not. </p>
<p> To list instances in reverse start order, include the "-R" <p> To list instances in reverse start order, include the "-R"
@ -1052,7 +1052,7 @@ $ postmulti -x sh -c 'echo "-- $MAIL_CONFIG"; postconf -n'
<h3><a name="create"> Creating a new Postfix instance </a></h3> <h3><a name="create"> Creating a new Postfix instance </a></h3>
<p> The <a href="postmulti.1.html">postmulti(1)</a> command can be used to create additional Postfix <p> The <a href="postmulti.1.html">postmulti(1)</a> command can be used to create secondary Postfix
instances. New instances are created with local submission and all "inet" instances. New instances are created with local submission and all "inet"
services disabled via the following non-default parameter settings in services disabled via the following non-default parameter settings in
the <a href="postconf.5.html">main.cf</a> file: </p> the <a href="postconf.5.html">main.cf</a> file: </p>
@ -1072,7 +1072,7 @@ the above safety measures. </p>
<p> The <a href="postmulti.1.html">postmulti(1)</a> command encourages a preferred way of organizing <p> The <a href="postmulti.1.html">postmulti(1)</a> command encourages a preferred way of organizing
the configuration directories, queue directories and data directories the configuration directories, queue directories and data directories
of non-default instances. If the default instance settings are: </p> of secondary instances. If the primary instance settings are: </p>
<blockquote> <blockquote>
<pre> <pre>
@ -1140,7 +1140,7 @@ the configuration directories of newly managed instances are appended
to the instance list. You can use the "-i" or "-g" or "-a" options to to the instance list. You can use the "-i" or "-g" or "-a" options to
insert the new instance before the specified instance or group, or at insert the new instance before the specified instance or group, or at
the beginning of the instance list (<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter the beginning of the instance list (<a href="postconf.5.html#multi_instance_directories">multi_instance_directories</a> parameter
of the default instance). </p> of the primary instance). </p>
<p> If you do specify a name (use "-I" with a name that is not "-") <p> If you do specify a name (use "-I" with a name that is not "-")
for the new instance, you may omit any of the 3 instance installation for the new instance, you may omit any of the 3 instance installation

2
postfix/html/postmap.1.html
View File

@ -120,7 +120,7 @@ POSTMAP(1) POSTMAP(1)
also generates header-style lookup keys for attachment MIME also generates header-style lookup keys for attachment MIME
headers and for attached message/* headers. headers and for attached message/* headers.
NOTE: with "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", the <b>-b</b> option option dis- NOTE: with "<a href="postconf.5.html#smtputf8_enable">smtputf8_enable</a> = yes", the <b>-h</b> option option dis-
ables UTF-8 syntax checks on query keys and lookup results. ables UTF-8 syntax checks on query keys and lookup results.
Specify the <b>-U</b> option to force UTF-8 syntax checks anyway. Specify the <b>-U</b> option to force UTF-8 syntax checks anyway.

2
postfix/man/man1/postmap.1
View File

@ -136,7 +136,7 @@ parsing with \fB\-m\fR. With this, the \fB\-h\fR option also
generates header\-style lookup keys for attachment MIME generates header\-style lookup keys for attachment MIME
headers and for attached message/* headers. headers and for attached message/* headers.
.sp .sp
NOTE: with "smtputf8_enable = yes", the \fB\-b\fR option NOTE: with "smtputf8_enable = yes", the \fB\-h\fR option
option disables UTF\-8 syntax checks on query keys and option disables UTF\-8 syntax checks on query keys and
lookup results. Specify the \fB\-U\fR option to force UTF\-8 lookup results. Specify the \fB\-U\fR option to force UTF\-8
syntax checks anyway. syntax checks anyway.

66
postfix/proto/MULTI_INSTANCE_README.html
View File

@ -40,7 +40,7 @@ management framework, and on how to deploy a custom instance manager.
<li><a href="#parts"> Components of a Postfix system </a> <li><a href="#parts"> Components of a Postfix system </a>
<li><a href="#default"> The default Postfix instance </a> <li><a href="#default"> The primary Postfix instance </a>
<li><a href="#group"> Instance groups </a> <li><a href="#group"> Instance groups </a>
@ -102,7 +102,7 @@ use than ever before. </p>
<h2><a name="split"> Null-client instances versus service instances </a></h2> <h2><a name="split"> Null-client instances versus service instances </a></h2>
<p> In the multi-instance approach to configuring Postfix, the first <p> In the multi-instance approach to configuring Postfix, the first
simplification is with the default local-submission Postfix instance. simplification is with the primary local-submission Postfix instance.
</p> </p>
<p> Most UNIX systems require support for email submission with the <p> Most UNIX systems require support for email submission with the
@ -152,7 +152,7 @@ limited to mail from cron jobs and other system services. In this
regard the border MTA is not different from other Unix hosts in regard the border MTA is not different from other Unix hosts in
your environment. For this reason, it will submit locally-generated your environment. For this reason, it will submit locally-generated
email to the internal mail hub. We start the construction of the email to the internal mail hub. We start the construction of the
border mail server with the <a href="#default_instance">default</a> border mail server with the <a href="#default">primary</a>
instance, which will be a local-submission <a instance, which will be a local-submission <a
href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>: href="STANDARD_CONFIGURATION_README.html#null_client">null client</a>:
</p> </p>
@ -283,7 +283,7 @@ must start before the input instance. We will put the output and
input instances into a single instance group named "mta". </p> input instances into a single instance group named "mta". </p>
<p> Just once, when adding the first secondary instance, enable <p> Just once, when adding the first secondary instance, enable
multi-instance support in the default (null-client) instance: </p> multi-instance support in the primary (null-client) instance: </p>
<blockquote> <blockquote>
<pre> <pre>
@ -301,7 +301,7 @@ multi-instance support in the default (null-client) instance: </p>
<p> The instance configuration directory defaults to /etc/postfix-out, <p> The instance configuration directory defaults to /etc/postfix-out,
more precisely, the "postfix-out" subdirectory of the parent directory more precisely, the "postfix-out" subdirectory of the parent directory
of the default-instance configuration directory. The new instance will of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p> be created in a "disabled" state: </p>
<blockquote> <blockquote>
@ -323,7 +323,7 @@ be created in a "disabled" state: </p>
<p> This instance has a "stock" master.cf file, and its queue and <p> This instance has a "stock" master.cf file, and its queue and
data directories, also named "postfix-out", will be located in the data directories, also named "postfix-out", will be located in the
same parent directories as the corresponding directories of the same parent directories as the corresponding directories of the
default instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out). primary instance (e.g., /var/spool/postfix-out and /var/lib/postfix-out).
</p> </p>
<p> While this instance is immediately safe to start, it is not yet <p> While this instance is immediately safe to start, it is not yet
@ -472,7 +472,7 @@ also part of the "mta" instance group: </p>
<p> The new instance configuration directory defaults to /etc/postfix-in, <p> The new instance configuration directory defaults to /etc/postfix-in,
more precisely, the "postfix-in" subdirectory of the parent directory more precisely, the "postfix-in" subdirectory of the parent directory
of the default-instance configuration directory. The new instance will of the primary-instance configuration directory. The new instance will
be created in a "disabled" state: </p> be created in a "disabled" state: </p>
<blockquote> <blockquote>
@ -658,7 +658,7 @@ main.cf file itself. </p>
<p> Though config_directory cannot be set in main.cf, postfix(1) and <p> Though config_directory cannot be set in main.cf, postfix(1) and
most of the other command-line Postfix utilities allow you to specify a most of the other command-line Postfix utilities allow you to specify a
non-default configuration directory via a command line option (typically secondary configuration directory via a command line option (typically
<b>-c</b>) or via the MAIL_CONFIG environment variable. In this way, <b>-c</b>) or via the MAIL_CONFIG environment variable. In this way,
it is possible to have multiple configuration directories on the same it is possible to have multiple configuration directories on the same
machine, and to have multiple running master(8) daemons each with its machine, and to have multiple running master(8) daemons each with its
@ -672,28 +672,28 @@ directories, queue directories or data directories. </p>
directory and data directory (specified in the corresponding main.cf file) directory and data directory (specified in the corresponding main.cf file)
make up a Postfix <b>instance</b>. </p> make up a Postfix <b>instance</b>. </p>
<h2><a name="default"> The default Postfix instance </a></h2> <h2><a name="default"> The primary Postfix instance </a></h2>
<p> One Postfix instance is special: this is the instance whose <p> One Postfix instance is special: this is the instance whose
configuration directory is the default one compiled into the Postfix configuration directory is the default one compiled into the Postfix
utilities. The location of the default configuration directory is utilities. The location of the default configuration directory is
typically /etc/postfix, and can be queried via the "postconf -d typically /etc/postfix, and can be queried via the "postconf -d
config_directory" command. We call the instance with this configuration config_directory" command. We call the instance with this configuration
directory the "default instance". </p> directory the "primary instance". </p>
<p> The default instance is responsible for local mail submission. The <p> The primary instance is responsible for local mail submission. The
setgid postdrop(1) utility is used by the sendmail(1) local submission setgid postdrop(1) utility is used by the sendmail(1) local submission
program to spool messages into the <b>maildrop</b> sub-directory of the program to spool messages into the <b>maildrop</b> sub-directory of the
queue directory of the default instance. </p> queue directory of the primary instance. </p>
<p> Even in the rare case when "sendmail -C" is used to submit local mail <p> Even in the rare case when "sendmail -C" is used to submit local mail
into a non-default Postfix instance, for security reasons, postdrop(1) into a secondary Postfix instance, for security reasons, postdrop(1)
will consult the default main.cf file to check the validity of the will consult the primary main.cf file to check the validity of the
requested non-default configuration directory. </p> requested non-default configuration directory. </p>
<p> So, while in most other respects, all instances are equal, the <p> So, while in most other respects, all instances are equal, the
default instance is "more equal than others". You may choose to create primary instance is "more equal than others". You may choose to create
additional instances, but you must have at least the default instance, secondary instances, but you must have at least the primary instance,
with its configuration directory in the default compiled-in location. </p> with its configuration directory in the default compiled-in location. </p>
<h2><a name="group"> Instance groups </a></h2> <h2><a name="group"> Instance groups </a></h2>
@ -715,9 +715,9 @@ of a single instance group (however, the content filter usually has
its own start/stop procedure that is separate from any Postfix its own start/stop procedure that is separate from any Postfix
instance). </p> instance). </p>
<p> The default instance main.cf file's $multi_instance_directories <p> The primary instance main.cf file's $multi_instance_directories
configuration parameter lists the configuration directories of all configuration parameter lists the configuration directories of all
secondary (non-default) instances. Together with the default instance, secondary (non-default) instances. Together with the primary instance,
these secondary instances are managed by the multi-instance manager. these secondary instances are managed by the multi-instance manager.
Instances are started in the order listed, and stopped in the Instances are started in the order listed, and stopped in the
opposite order. For instances that are members of a service "group", opposite order. For instances that are members of a service "group",
@ -731,7 +731,7 @@ stages are started. </p>
<dt> multi_instance_wrapper </dt> <dt> multi_instance_wrapper </dt>
<dd> <p> This default-instance configuration parameter must be set <dd> <p> This primary-instance configuration parameter must be set
to a suitable multi-instance manager's "wrapper" program that to a suitable multi-instance manager's "wrapper" program that
controls the starting, stopping, etc. of a multi-instance Postfix controls the starting, stopping, etc. of a multi-instance Postfix
system. To use the postmulti(1) manager described in this document, system. To use the postmulti(1) manager described in this document,
@ -740,10 +740,10 @@ this parameter should be set with the "<a href="#init">postmulti
<dt> multi_instance_directories </dt> <dt> multi_instance_directories </dt>
<dd> <p> This default-instance configuration parameter specifies <dd> <p> This primary-instance configuration parameter specifies
an optional list of the secondary instances controlled via the an optional list of the secondary instances controlled via the
multi-instance manager. Instances are listed in their "start" order, multi-instance manager. Instances are listed in their "start" order,
with the default instance always started first (if enabled). If with the primary instance always started first (if enabled). If
$multi_instance_directories is left empty, the postfix(1) command $multi_instance_directories is left empty, the postfix(1) command
runs with multi-instance support turned off, and none of the runs with multi-instance support turned off, and none of the
multi_instance_ configuration parameters will have any effect. </p> multi_instance_ configuration parameters will have any effect. </p>
@ -842,7 +842,7 @@ automatically. See below. </p>
<p> Before postmulti(1) is used for the first time, you must install <p> Before postmulti(1) is used for the first time, you must install
it as the multi_instance_wrapper for your Postfix system and enable it as the multi_instance_wrapper for your Postfix system and enable
multi-instance operation of the default Postfix instance. You can then multi-instance operation of the primary Postfix instance. You can then
proceed to add <a href="#create">new</a> or <a href="#import">existing</a> proceed to add <a href="#create">new</a> or <a href="#import">existing</a>
instances to the multi-instance configuration. This initial installation instances to the multi-instance configuration. This initial installation
is accomplished as follows: </p> is accomplished as follows: </p>
@ -853,7 +853,7 @@ is accomplished as follows: </p>
</pre> </pre>
</blockquote> </blockquote>
<p> This updates the default instance main.cf file as follows: </p> <p> This updates the primary instance main.cf file as follows: </p>
<blockquote> <blockquote>
<pre> <pre>
@ -861,28 +861,28 @@ is accomplished as follows: </p>
# #
multi_instance_wrapper = ${command_directory}/postmulti -p -- multi_instance_wrapper = ${command_directory}/postmulti -p --
# Configure the default instance to start when in multi-instance mode # Configure the primary instance to start when in multi-instance mode
# #
multi_instance_enable = yes multi_instance_enable = yes
</pre> </pre>
</blockquote> </blockquote>
<p> If you prefer, you can make these changes by editing the default <p> If you prefer, you can make these changes by editing the primary
main.cf directly, or by using "postconf -e". </p> main.cf directly, or by using "postconf -e". </p>
<h3><a name="list"> Listing managed instances </a></h3> <h3><a name="list"> Listing managed instances </a></h3>
<p> The list of managed instances consists of the default instance and <p> The list of managed instances consists of the primary instance and
the additional instances whose configuration directories are listed the secondary instances whose configuration directories are listed
(in start order) under the multi_instance_directories parameter of the (in start order) under the multi_instance_directories parameter of the
default main.cf configuration file. </p> primary main.cf configuration file. </p>
<p> You can list selected instances, groups of instances or all <p> You can list selected instances, groups of instances or all
instances by specifying only the instance matching options with the instances by specifying only the instance matching options with the
"-l" option. The "-a" option is assumed if no other instance "-l" option. The "-a" option is assumed if no other instance
selection options are specified (this behavior changes with the selection options are specified (this behavior changes with the
"-e" option). As a special case, even if it has an explicit name, "-e" option). As a special case, even if it has an explicit name,
the default instance can always be selected via "-i -". </p> the primary instance can always be selected via "-i -". </p>
<blockquote> <blockquote>
<pre> <pre>
@ -926,7 +926,7 @@ set, it is shown as a "-". </p>
<p> When selecting an existing instance via the "-i" option, you <p> When selecting an existing instance via the "-i" option, you
can always use the full pathname of its configuration directory can always use the full pathname of its configuration directory
instead of the instance (short) name. This is the only way to select instead of the instance (short) name. This is the only way to select
a non-default nameless instance. The default instance can be selected a secondary nameless instance. The primary instance can be selected
via "-i -", whether it has a name or not. </p> via "-i -", whether it has a name or not. </p>
<p> To list instances in reverse start order, include the "-R" <p> To list instances in reverse start order, include the "-R"
@ -1052,7 +1052,7 @@ $ postmulti -x sh -c 'echo "-- $MAIL_CONFIG"; postconf -n'
<h3><a name="create"> Creating a new Postfix instance </a></h3> <h3><a name="create"> Creating a new Postfix instance </a></h3>
<p> The postmulti(1) command can be used to create additional Postfix <p> The postmulti(1) command can be used to create secondary Postfix
instances. New instances are created with local submission and all "inet" instances. New instances are created with local submission and all "inet"
services disabled via the following non-default parameter settings in services disabled via the following non-default parameter settings in
the main.cf file: </p> the main.cf file: </p>
@ -1072,7 +1072,7 @@ the above safety measures. </p>
<p> The postmulti(1) command encourages a preferred way of organizing <p> The postmulti(1) command encourages a preferred way of organizing
the configuration directories, queue directories and data directories the configuration directories, queue directories and data directories
of non-default instances. If the default instance settings are: </p> of secondary instances. If the primary instance settings are: </p>
<blockquote> <blockquote>
<pre> <pre>
@ -1140,7 +1140,7 @@ the configuration directories of newly managed instances are appended
to the instance list. You can use the "-i" or "-g" or "-a" options to to the instance list. You can use the "-i" or "-g" or "-a" options to
insert the new instance before the specified instance or group, or at insert the new instance before the specified instance or group, or at
the beginning of the instance list (multi_instance_directories parameter the beginning of the instance list (multi_instance_directories parameter
of the default instance). </p> of the primary instance). </p>
<p> If you do specify a name (use "-I" with a name that is not "-") <p> If you do specify a name (use "-I" with a name that is not "-")
for the new instance, you may omit any of the 3 instance installation for the new instance, you may omit any of the 3 instance installation

1
postfix/proto/stop
View File

@ -1684,3 +1684,4 @@ LD
PRELOAD PRELOAD
rhansen rhansen
XDG XDG
crosstalk

1
postfix/proto/stop.double-cc
View File

@ -345,3 +345,4 @@ USE_TLSRPT USE_TLSRPT
encoded encoded text can contain only alpha digit encoded encoded text can contain only alpha digit
ossl_digest_new ossl_digest_new returns NULL after error ossl_digest_data ossl_digest_new ossl_digest_new returns NULL after error ossl_digest_data
Richard Hansen rhansen rhansen org Richard Hansen rhansen rhansen org
long long or long integer

6
postfix/proto/stop.double-history
View File

@ -183,3 +183,9 @@ proto proto COMPATIBILITY_README html
client Files dict h dict_proxy c proxymap proxymap c client Files dict h dict_proxy c proxymap proxymap c
cross talk between different clients File proxymap proxymap c cross talk between different clients File proxymap proxymap c
postscreen postscreen c postscreen postscreen c
for the h option Robert Hansen File postmap postmap c
Support for the ll long long etc and j intmax_t
postalias postalias c There is more time handling code in
long long which just like time_t is a 64 bit type on many
File tls tls h
dual purpose field File tls tls h

2
postfix/proto/stop.spell-cc
View File

@ -1865,3 +1865,5 @@ DIGEST
OSSL OSSL
ossl ossl
deduplicates deduplicates
intmax
lflag

3
postfix/proto/stop.spell-history
View File

@ -110,3 +110,6 @@ Unbroke
XDG XDG
ENOTSOCK ENOTSOCK
Fustà FustÃ
Jiaying
PRI
YP

2
postfix/src/global/mail_version.h
View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no * Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only. * patchlevel; they change the release date only.
*/ */
#define MAIL_RELEASE_DATE "20250717" #define MAIL_RELEASE_DATE "20250729"
#define MAIL_VERSION_NUMBER "3.11" #define MAIL_VERSION_NUMBER "3.11"
#ifdef SNAPSHOT #ifdef SNAPSHOT

4
postfix/src/postalias/postalias.c
View File

@ -487,10 +487,10 @@ static void postalias(char *map_type, char *path_name, int postalias_flags,
* this information MUST be written without a trailing null appended to * this information MUST be written without a trailing null appended to
* key or value. * key or value.
*/ */
#if (defined(HAS_NIS) || defined(HAS_NISPLUS))
mkmap->dict->flags &= ~DICT_FLAG_TRY1NULL; mkmap->dict->flags &= ~DICT_FLAG_TRY1NULL;
mkmap->dict->flags |= DICT_FLAG_TRY0NULL; mkmap->dict->flags |= DICT_FLAG_TRY0NULL;
vstring_sprintf(value_buffer, "%010ld", (long) time((time_t *) 0)); vstring_sprintf(value_buffer, "%010" PRId64, (int64_t) time((time_t *) 0));
#if (defined(HAS_NIS) || defined(HAS_NISPLUS))
mkmap->dict->flags &= ~DICT_FLAG_FOLD_FIX; mkmap->dict->flags &= ~DICT_FLAG_FOLD_FIX;
mkmap_append(mkmap, "YP_LAST_MODIFIED", STR(value_buffer)); mkmap_append(mkmap, "YP_LAST_MODIFIED", STR(value_buffer));
mkmap_append(mkmap, "YP_MASTER_NAME", var_myhostname); mkmap_append(mkmap, "YP_MASTER_NAME", var_myhostname);

2
postfix/src/postmap/postmap.c
View File

@ -126,7 +126,7 @@
/* generates header-style lookup keys for attachment MIME /* generates header-style lookup keys for attachment MIME
/* headers and for attached message/* headers. /* headers and for attached message/* headers.
/* .sp /* .sp
/* NOTE: with "smtputf8_enable = yes", the \fB-b\fR option /* NOTE: with "smtputf8_enable = yes", the \fB-h\fR option
/* option disables UTF-8 syntax checks on query keys and /* option disables UTF-8 syntax checks on query keys and
/* lookup results. Specify the \fB-U\fR option to force UTF-8 /* lookup results. Specify the \fB-U\fR option to force UTF-8
/* syntax checks anyway. /* syntax checks anyway.

5
postfix/src/tls/tls.h
View File

@ -252,10 +252,11 @@ typedef struct {
const char *srvr_sig_curve; /* server's ECDSA curve name */ const char *srvr_sig_curve; /* server's ECDSA curve name */
int srvr_sig_bits; /* server's RSA signature key bits */ int srvr_sig_bits; /* server's RSA signature key bits */
const char *srvr_sig_dgst; /* server's signature digest */ const char *srvr_sig_dgst; /* server's signature digest */
int rpt_reported; /* Failure was reported with TLSRPT */
/* Private. */ /* Private. */
SSL *con; SSL *con;
char *cache_type; /* tlsmgr(8) cache type if enabled */ char *cache_type; /* tlsmgr(8) cache type if enabled */
int ticketed; /* Session ticket issued */ int ticketed; /* Issued (server) or cached (client) */
char *serverid; /* unique server identifier */ char *serverid; /* unique server identifier */
char *namaddr; /* nam[addr] for logging */ char *namaddr; /* nam[addr] for logging */
int log_mask; /* What to log */ int log_mask; /* What to log */
@ -270,8 +271,8 @@ typedef struct {
int errordepth; /* Chain depth of error cert */ int errordepth; /* Chain depth of error cert */
int errorcode; /* First error at error depth */ int errorcode; /* First error at error depth */
int must_fail; /* Failed to load trust settings */ int must_fail; /* Failed to load trust settings */
int rpt_reported; /* Failure was reported with TLSRPT */
char *ffail_type; /* Forced verification failure */ char *ffail_type; /* Forced verification failure */
/* End of Private members. */
} TLS_SESS_STATE; } TLS_SESS_STATE;
/* /*

24
postfix/src/tls/tls_client.c
View File

@ -268,16 +268,22 @@ static int new_client_session_cb(SSL *ssl, SSL_SESSION *session)
msg_panic("%s: null session cache type in new session callback", msg_panic("%s: null session cache type in new session callback",
myname); myname);
/*-
* Store only the first ticket for a given connection.
* - Even if the server offers multiple tickets, we have no mechanism to
* store or use multiple concurrent tickets for the same nexthop.
*
* Passivate and save the session object. Errors are non-fatal, since
* caching is only an optimization.
*/
if (TLScontext->ticketed == 0 &&
(session_data = tls_session_passivate(session)) != 0) {
TLScontext->ticketed = 1;
if (TLScontext->log_mask & TLS_LOG_CACHE) if (TLScontext->log_mask & TLS_LOG_CACHE)
/* serverid contains transport:addr:port information */ /* serverid contains transport:addr:port information */
msg_info("save session %s to %s cache", msg_info("save session %s to %s cache",
TLScontext->serverid, TLScontext->cache_type); TLScontext->serverid, TLScontext->cache_type);
/*
* Passivate and save the session object. Errors are non-fatal, since
* caching is only an optimization.
*/
if ((session_data = tls_session_passivate(session)) != 0) {
tls_mgr_update(TLScontext->cache_type, TLScontext->serverid, tls_mgr_update(TLScontext->cache_type, TLScontext->serverid,
STR(session_data), LEN(session_data)); STR(session_data), LEN(session_data));
vstring_free(session_data); vstring_free(session_data);
@ -356,6 +362,14 @@ static void verify_x509(TLS_SESS_STATE *TLScontext, X509 *peercert,
tls_dane_log(TLScontext); tls_dane_log(TLScontext);
} }
} }
} else if (TLS_MUST_MATCH(TLScontext->level) &&
TLScontext->errordepth == 0 &&
TLScontext->errorcode == X509_V_ERR_HOSTNAME_MISMATCH) {
/*
* If the only error is a hostname mismatch, the certificate must have
* been trusted.
*/
TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
} }
/* /*

4
postfix/src/tls/tls_server.c
View File

@ -340,8 +340,8 @@ static int ticket_cb(SSL *con, unsigned char name[], unsigned char iv[],
if (TLScontext->log_mask & TLS_LOG_CACHE) if (TLScontext->log_mask & TLS_LOG_CACHE)
msg_info("%s: Decrypting session ticket, key expiration: %ld", msg_info("%s: Decrypting session ticket, key expiration: %ld",
TLScontext->namaddr, (long) key->tout); TLScontext->namaddr, (long) key->tout);
}
TLScontext->ticketed = 1; TLScontext->ticketed = 1;
}
return (TLS_TKT_ACCEPT); return (TLS_TKT_ACCEPT);
} }
@ -375,8 +375,8 @@ static int ticket_cb(SSL *con, unsigned char name[], unsigned char iv[],
if (TLScontext->log_mask & TLS_LOG_CACHE) if (TLScontext->log_mask & TLS_LOG_CACHE)
msg_info("%s: Decrypting session ticket, key expiration: %ld", msg_info("%s: Decrypting session ticket, key expiration: %ld",
TLScontext->namaddr, (long) key->tout); TLScontext->namaddr, (long) key->tout);
}
TLScontext->ticketed = 1; TLScontext->ticketed = 1;
}
return (TLS_TKT_ACCEPT); return (TLS_TKT_ACCEPT);
} }

16
postfix/src/tls/tls_verify.c
View File

@ -123,9 +123,21 @@
static void update_error_state(TLS_SESS_STATE *TLScontext, int depth, static void update_error_state(TLS_SESS_STATE *TLScontext, int depth,
X509 *errorcert, int errorcode) X509 *errorcert, int errorcode)
{ {
/* No news is good news */ /*
if (TLScontext->errordepth >= 0 && TLScontext->errordepth <= depth) * Report the error that is closest to the leaf certificate, any errors
* higher up the chain are immaterial until the "inner" errors are fixed.
*
* We special-case "X509_V_ERR_HOSTNAME_MISMATCH" (at depth 0) in order to
* distinguish between untrusted certificates and trusted certificates
* with a hostname mismatch. Any other error has a higher priority.
*/
if (TLScontext->errordepth >= 0) {
if (TLScontext->errordepth <= depth &&
TLScontext->errorcode != X509_V_ERR_HOSTNAME_MISMATCH)
return; return;
if (errorcode == X509_V_ERR_HOSTNAME_MISMATCH)
return;
}
/* /*
* The certificate pointer is stable during the verification callback, * The certificate pointer is stable during the verification callback,

58
postfix/src/util/vbuf_print.c
View File

@ -46,6 +46,9 @@
/* Google, Inc. /* Google, Inc.
/* 111 8th Avenue /* 111 8th Avenue
/* New York, NY 10011, USA /* New York, NY 10011, USA
/*
/* Wietse Venema
/* porcupine.org
/*--*/ /*--*/
/* System library. */ /* System library. */
@ -60,6 +63,7 @@
#include <float.h> /* range of doubles */ #include <float.h> /* range of doubles */
#include <errno.h> #include <errno.h>
#include <limits.h> /* CHAR_BIT, INT_MAX */ #include <limits.h> /* CHAR_BIT, INT_MAX */
#include <inttypes.h> /* intmax_t */
/* Application-specific. */ /* Application-specific. */
@ -97,6 +101,8 @@
* floating-point numbers, use a similar estimate, and add DBL_MAX_10_EXP * floating-point numbers, use a similar estimate, and add DBL_MAX_10_EXP
* just to be sure. * just to be sure.
*/ */
#define IMX_SPACE ((CHAR_BIT * sizeof(intmax_t)) / 2)
#define LL_SPACE ((CHAR_BIT * sizeof(long long)) / 2)
#define INT_SPACE ((CHAR_BIT * sizeof(long)) / 2) #define INT_SPACE ((CHAR_BIT * sizeof(long)) / 2)
#define DBL_SPACE ((CHAR_BIT * sizeof(double)) / 2 + DBL_MAX_10_EXP) #define DBL_SPACE ((CHAR_BIT * sizeof(double)) / 2 + DBL_MAX_10_EXP)
#define PTR_SPACE ((CHAR_BIT * sizeof(char *)) / 2) #define PTR_SPACE ((CHAR_BIT * sizeof(char *)) / 2)
@ -152,7 +158,8 @@ VBUF *vbuf_print(VBUF *bp, const char *format, va_list ap)
unsigned char *cp; unsigned char *cp;
int width; /* width and numerical precision */ int width; /* width and numerical precision */
int prec; /* are signed for overflow defense */ int prec; /* are signed for overflow defense */
unsigned long_flag; /* long or plain integer */ unsigned long_flag; /* long long, or long integer */
unsigned intmax_flag; /* intmax_t */
int ch; int ch;
char *s; char *s;
int saved_errno = errno; /* VBUF_SPACE() may clobber it */ int saved_errno = errno; /* VBUF_SPACE() may clobber it */
@ -181,7 +188,7 @@ VBUF *vbuf_print(VBUF *bp, const char *format, va_list ap)
* strings, since we are ging to let sprintf() do the hard work. * strings, since we are ging to let sprintf() do the hard work.
* In regular expression notation, we recognize: * In regular expression notation, we recognize:
* *
* %-?+?0?([0-9]+|\*)?(\.([0-9]+|\*))?l?[a-zA-Z] * %-?+?0?([0-9]+|\*)?(\.([0-9]+|\*))?l{1,2}?j?[a-zA-Z]
* *
* which includes some combinations that do not make sense. Garbage * which includes some combinations that do not make sense. Garbage
* in, garbage out. * in, garbage out.
@ -241,7 +248,12 @@ VBUF *vbuf_print(VBUF *bp, const char *format, va_list ap)
} else { } else {
prec = -1; prec = -1;
} }
if ((long_flag = (*cp == 'l')) != 0)/* long whatever */ long_flag = 0;
while (long_flag < 2 && *cp == 'l') { /* long whatever */
long_flag += 1;
VSTRING_ADDCH(fmt, *cp++);
}
if ((intmax_flag = (*cp == 'j')) != 0) /* intmax_t whatever */
VSTRING_ADDCH(fmt, *cp++); VSTRING_ADDCH(fmt, *cp++);
if (*cp == 0) /* premature end, punt */ if (*cp == 0) /* premature end, punt */
break; break;
@ -258,6 +270,8 @@ VBUF *vbuf_print(VBUF *bp, const char *format, va_list ap)
case 's': /* string-valued argument */ case 's': /* string-valued argument */
if (long_flag) if (long_flag)
msg_panic("%s: %%l%c is not supported", myname, *cp); msg_panic("%s: %%l%c is not supported", myname, *cp);
if (intmax_flag)
msg_panic("%s: %%j%c is not supported", myname, *cp);
s = va_arg(ap, char *); s = va_arg(ap, char *);
if (prec >= 0 || (width > 0 && width > strlen(s))) { if (prec >= 0 || (width > 0 && width > strlen(s))) {
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE, VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE,
@ -269,18 +283,31 @@ VBUF *vbuf_print(VBUF *bp, const char *format, va_list ap)
case 'c': /* integral-valued argument */ case 'c': /* integral-valued argument */
if (long_flag) if (long_flag)
msg_panic("%s: %%l%c is not supported", myname, *cp); msg_panic("%s: %%l%c is not supported", myname, *cp);
if (intmax_flag)
msg_panic("%s: %%j%c is not supported", myname, *cp);
/* FALLTHROUGH */ /* FALLTHROUGH */
case 'd': case 'd':
case 'u': case 'u':
case 'o': case 'o':
case 'x': case 'x':
case 'X': case 'X':
if (long_flag) if (intmax_flag && long_flag)
msg_panic("%s: '%s%c' has both 'j' and 'l' modifiers",
myname, vstring_str(fmt), *cp);
if (intmax_flag)
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + IMX_SPACE,
vstring_str(fmt), va_arg(ap, intmax_t));
else if (long_flag == 2)
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + LL_SPACE,
vstring_str(fmt), va_arg(ap, long long));
else if (long_flag == 1)
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE, VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE,
vstring_str(fmt), va_arg(ap, long)); vstring_str(fmt), va_arg(ap, long));
else else if (long_flag == 0)
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE, VBUF_SNPRINTF(bp, (width > prec ? width : prec) + INT_SPACE,
vstring_str(fmt), va_arg(ap, int)); vstring_str(fmt), va_arg(ap, int));
else
msg_panic("%s: bad long_flag: %u", myname, long_flag);
break; break;
case 'e': /* float-valued argument */ case 'e': /* float-valued argument */
case 'f': case 'f':
@ -290,12 +317,14 @@ VBUF *vbuf_print(VBUF *bp, const char *format, va_list ap)
vstring_str(fmt), va_arg(ap, double)); vstring_str(fmt), va_arg(ap, double));
break; break;
case 'm': case 'm':
/* Ignore the 'l' modifier, width and precision. */ /* Ignore the 'l' or 'j' modifier, width and precision. */
VBUF_STRCAT(bp, mystrerror(saved_errno)); VBUF_STRCAT(bp, mystrerror(saved_errno));
break; break;
case 'p': case 'p':
if (long_flag) if (long_flag)
msg_panic("%s: %%l%c is not supported", myname, *cp); msg_panic("%s: %%l%c is not supported", myname, *cp);
if (intmax_flag)
msg_panic("%s: %%j%c is not supported", myname, *cp);
VBUF_SNPRINTF(bp, (width > prec ? width : prec) + PTR_SPACE, VBUF_SNPRINTF(bp, (width > prec ? width : prec) + PTR_SPACE,
vstring_str(fmt), va_arg(ap, char *)); vstring_str(fmt), va_arg(ap, char *));
break; break;
@ -332,10 +361,16 @@ int main(int argc, char **argv)
} else { } else {
char *fmt = cp++; char *fmt = cp++;
int lflag; int lflag;
int jflag;
/* Determine the vstring_sprintf() argument type. */ /* Determine the vstring_sprintf() argument type. */
cp += strspn(cp, "+-*0123456789."); cp += strspn(cp, "+-*0123456789.");
if ((lflag = (*cp == 'l')) != 0) lflag = 0;
while (*cp == 'l') {
lflag += 1;
cp++;
}
if ((jflag = (*cp == 'j')) != 0)
cp++; cp++;
if (cp[1] != 0) { if (cp[1] != 0) {
msg_warn("bad format: \"%s\"", fmt); msg_warn("bad format: \"%s\"", fmt);
@ -354,10 +389,15 @@ int main(int argc, char **argv)
case 'u': case 'u':
case 'x': case 'x':
case 'X': case 'X':
if (lflag) if (jflag) {
vstring_sprintf(obuf, fmt, (intmax_t) atoll(val));
} else if (lflag == 2) {
vstring_sprintf(obuf, fmt, atoll(val));
} else if (lflag == 1) {
vstring_sprintf(obuf, fmt, atol(val)); vstring_sprintf(obuf, fmt, atol(val));
else } else { /* lflag==0 or bogus */
vstring_sprintf(obuf, fmt, atoi(val)); vstring_sprintf(obuf, fmt, atoi(val));
}
msg_info("\"%s\"", vstring_str(obuf)); msg_info("\"%s\"", vstring_str(obuf));
break; break;
case 's': case 's':

12
postfix/src/util/vbuf_print_test.in
View File

@ -14,6 +14,18 @@
%10ld 123456789 %10ld 123456789
%10.10ld 123456789 %10.10ld 123456789
%+lld 123456789
%-lld 123456789
%lld 123456789
%10lld 123456789
%10.10lld 123456789
%+jd 123456789
%-jd 123456789
%jd 123456789
%10jd 123456789
%10.10jd 123456789
%+lo 123456789 %+lo 123456789
%-lo 123456789 %-lo 123456789
%lo 123456789 %lo 123456789

10
postfix/src/util/vbuf_print_test.ref
View File

@ -10,6 +10,16 @@
./vbuf_print: "123456789" ./vbuf_print: "123456789"
./vbuf_print: " 123456789" ./vbuf_print: " 123456789"
./vbuf_print: "0123456789" ./vbuf_print: "0123456789"
./vbuf_print: "+123456789"
./vbuf_print: "123456789"
./vbuf_print: "123456789"
./vbuf_print: " 123456789"
./vbuf_print: "0123456789"
./vbuf_print: "+123456789"
./vbuf_print: "123456789"
./vbuf_print: "123456789"
./vbuf_print: " 123456789"
./vbuf_print: "0123456789"
./vbuf_print: "726746425" ./vbuf_print: "726746425"
./vbuf_print: "726746425" ./vbuf_print: "726746425"
./vbuf_print: "726746425" ./vbuf_print: "726746425"

2
postfix/src/util/vstring.c
View File

@ -127,6 +127,8 @@
/* The functions and macros in this module implement arbitrary-length /* The functions and macros in this module implement arbitrary-length
/* strings and common operations on those strings. The strings do not /* strings and common operations on those strings. The strings do not
/* need to be null terminated and may contain arbitrary binary data. /* need to be null terminated and may contain arbitrary binary data.
/* Operations that expect a null-terminated string as input will
/* process only the input that precedes the first null byte.
/* The strings manage their own memory and grow automatically when full. /* The strings manage their own memory and grow automatically when full.
/* The optional string null terminator does not add to the string length. /* The optional string null terminator does not add to the string length.
/* /*