2
0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-22 09:57:34 +00:00

postfix-3.6-20210405

This commit is contained in:
Wietse Venema 2021-04-05 00:00:00 -05:00 committed by Viktor Dukhovni
parent 7922b58e01
commit 1f2df46e52
64 changed files with 381 additions and 325 deletions

View File

@ -25448,3 +25448,35 @@ Apologies for any names omitted.
Typo: the "respectful_logging" parameter had a typo and a
"postscreen_" prefix that should have been deleted. File:
global/mail_params.h
20210313
Documentation: enable_threaded_bounces also applies to
"success" and "delay" delivery status notiifications. File:
proto/postconf.proto.
20210403
Missing null pointer checks (introduced: Postfix 3.4) after
an internal I/O error during the smtp(8) to tlsproxy(8)
handshake. Found by Coverity, reported by Jaroslav Skarvada.
Based on fix by Viktor Dukhovni. File: tls/tls_proxy_client_scan.c.
Null pointer bug (introduced: Postfix 3.0) and memory leak
(introduced: Postfix 3.4) after an inline: table syntax
error in main.cf or master.cf. Found by Coverity, reported
by Jaroslav Skarvada. Based on fix by Viktor Dukhovni. File:
util/dict_inline.c.
Incomplete null pointer check (introduced: Postfix 2.10)
after truncated HaProxy version 1 handshake message. Found
by Coverity, reported by Jaroslav Skarvada. Fix by Viktor
Dukhovni. File: global/haproxy_srvr.c.
Missing null pointer check (introduced: Postfix alpha) after
null argv[0] value. Found by Coverity, reported by Jaroslav
Skarvada. File: global/mail_task.c.
20210404
Unbroke a ton of regression tests after DNS-related changes.

View File

@ -1,3 +0,0 @@
Feb 20 20:11:45 spike postfix/postscreen[40133]: ALLOWLISTED [2604:8d00:189::3]:25408
Feb 20 20:12:31 spike postfix/postscreen[40133]: ALLOWLISTED [2604:8d00:189::3]:61564

View File

@ -1,5 +1,25 @@
Wish list:
Update the OVERVIEW page: add postlogd; add tlsproxy to
connection caching section.
Make smtpd_relay_before_recipient_restrictions settable
in smtpd_checks tests.
Make the DNS resolver library pluggable, so that we can
plug in a fake resolver library for DNS-related regression
tests to make DNS tests hermetic (no external dependency).
After the resolver library is pluggable, the migration to
non-libbind resolvers becomes a practical option.
Add a robust dnssec_probe regression test (success and fail)
that does not break existing regression tests.
smtp_sasl_tls_security_options = noanonymous, and make
smtp_sasl_security_options the default dependent on the
smtp_sasl_tls_security_options default (i.e. reverse the
dependency). Or make them independent.
Try to make the master throttle more distrusting. Currently,
the master throttles a service after a child process cannot be
created (fork() fails), or if a child process fails upon its
@ -30,11 +50,6 @@ Wish list:
in posttls-finger when resolv.conf points to a host that
runs no DNS server.
The documented order of relay/recipient restrictions differs
from the implementation. This may need a new compatibility
parameter. For example:
http://postfix.1071664.n5.nabble.com/Relay-attempt-questions-td103646.html
Hardening the half-dane behavior: some sites may rely on
current behavior which allows original MX domain name for
certificate matches. Requires a new (compatibility) parameter
@ -48,11 +63,6 @@ Wish list:
events. But the currrent multi_server API fits typical usage
better.
smtp_sasl_tls_security_options = noanonymous, and make
smtp_sasl_security_options default dependent on the
smtp_sasl_tls_security_options default (i.e. reverse the
dependency).
Add a configurable filter for SMTP command syntax. Maybe
time for some inline-pcre or inline-regexp map support?

View File

@ -27,7 +27,7 @@
#
# The level below is what should be used with new (not upgrade) installs.
#
compatibility_level = 3
compatibility_level = 3.6
# SOFT BOUNCE
#
@ -276,7 +276,7 @@ unknown_local_recipient_reject_code = 550
# of listing the patterns here. Specify type:table for table-based lookups
# (the value on the table right-hand side is not used).
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = 168.100.3.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

View File

@ -156,9 +156,9 @@ BOUNCE(8) BOUNCE(8)
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#enable_threaded_bounces">enable_threaded_bounces</a> (no)</b>
Enable non-delivery notifications (bounce messages) that link to
the original message by including a References: and In-Reply_to:
header with the original Message-ID value.
Enable non-delivery, success, and delay notifications that link
to the original message by including a References: and
In-Reply-To: header with the original Message-ID value.
<b>FILES</b>
/var/spool/postfix/bounce/* non-delivery records

View File

@ -156,9 +156,9 @@ BOUNCE(8) BOUNCE(8)
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#enable_threaded_bounces">enable_threaded_bounces</a> (no)</b>
Enable non-delivery notifications (bounce messages) that link to
the original message by including a References: and In-Reply_to:
header with the original Message-ID value.
Enable non-delivery, success, and delay notifications that link
to the original message by including a References: and
In-Reply-To: header with the original Message-ID value.
<b>FILES</b>
/var/spool/postfix/bounce/* non-delivery records

View File

@ -3346,7 +3346,7 @@ address. </p>
<DT><b><a name="enable_threaded_bounces">enable_threaded_bounces</a>
(default: no)</b></DT><DD>
<p> Enable non-delivery notifications (bounce messages) that link
<p> Enable non-delivery, success, and delay notifications that link
to the original message by including a References: and In-Reply-To:
header with the original Message-ID value. There are advantages and
disadvantages to consider. </p>
@ -3354,7 +3354,7 @@ disadvantages to consider. </p>
<dl>
<dt> <b> advantage </b> </dt> <dd> This allows mail readers to present
a non-delivery notification in the same email thread as the original
a delivery status notification in the same email thread as the original
message. </dd>
<dt> <b> disadvantage </b> </dt> <dd> This makes it easy for users to

View File

@ -156,9 +156,9 @@ BOUNCE(8) BOUNCE(8)
Available in Postfix 3.6 and later:
<b><a href="postconf.5.html#enable_threaded_bounces">enable_threaded_bounces</a> (no)</b>
Enable non-delivery notifications (bounce messages) that link to
the original message by including a References: and In-Reply_to:
header with the original Message-ID value.
Enable non-delivery, success, and delay notifications that link
to the original message by including a References: and
In-Reply-To: header with the original Message-ID value.
<b>FILES</b>
/var/spool/postfix/bounce/* non-delivery records

View File

@ -2125,13 +2125,13 @@ version 2.0 behaves as if this parameter is always set to \fByes\fR.
Postfix versions before 2.0 have no support for the original recipient
address.
.SH enable_threaded_bounces (default: no)
Enable non\-delivery notifications (bounce messages) that link
Enable non\-delivery, success, and delay notifications that link
to the original message by including a References: and In\-Reply\-To:
header with the original Message\-ID value. There are advantages and
disadvantages to consider.
.IP "\fB advantage \fR"
This allows mail readers to present
a non\-delivery notification in the same email thread as the original
a delivery status notification in the same email thread as the original
message.
.br
.IP "\fB disadvantage \fR"

View File

@ -139,8 +139,8 @@ The master.cf service name of a Postfix daemon process.
.PP
Available in Postfix 3.6 and later:
.IP "\fBenable_threaded_bounces (no)\fR"
Enable non\-delivery notifications (bounce messages) that link
to the original message by including a References: and In\-Reply_to:
Enable non\-delivery, success, and delay notifications that link
to the original message by including a References: and In\-Reply\-To:
header with the original Message\-ID value.
.SH "FILES"
.na

View File

@ -18000,7 +18000,7 @@ of the null sender address.
%PARAM enable_threaded_bounces no
<p> Enable non-delivery notifications (bounce messages) that link
<p> Enable non-delivery, success, and delay notifications that link
to the original message by including a References: and In-Reply-To:
header with the original Message-ID value. There are advantages and
disadvantages to consider. </p>
@ -18008,7 +18008,7 @@ disadvantages to consider. </p>
<dl>
<dt> <b> advantage </b> </dt> <dd> This allows mail readers to present
a non-delivery notification in the same email thread as the original
a delivery status notification in the same email thread as the original
message. </dd>
<dt> <b> disadvantage </b> </dt> <dd> This makes it easy for users to

View File

@ -127,8 +127,8 @@
/* .PP
/* Available in Postfix 3.6 and later:
/* .IP "\fBenable_threaded_bounces (no)\fR"
/* Enable non-delivery notifications (bounce messages) that link
/* to the original message by including a References: and In-Reply_to:
/* Enable non-delivery, success, and delay notifications that link
/* to the original message by including a References: and In-Reply-To:
/* header with the original Message-ID value.
/* FILES
/* /var/spool/postfix/bounce/* non-delivery records

View File

@ -1,4 +1,4 @@
spike.porcupine.org 168.100.189.2
spike.porcupine.org 168.100.189.3
spike.porcupine.org 168.100.3.2
spike.porcupine.org 168.100.3.3
spike.porcupine.org 2604:8d00:189::2
spike.porcupine.org 2604:8d00:189::3

View File

@ -1,22 +1,22 @@
168.100.189.2 =?= 168.100.189.2
168.100.3.2 =?= 168.100.3.2
tested by function: yes
tested by macro: yes
2604:8d00:189::2 =?= 168.100.189.2
2604:8d00:189::2 =?= 168.100.3.2
tested by function: no
tested by macro: no
168.100.189.2 =?= 168.100.189.3
168.100.3.2 =?= 168.100.3.3
tested by function: no
tested by macro: no
2604:8d00:189::2 =?= 168.100.189.3
2604:8d00:189::2 =?= 168.100.3.3
tested by function: no
tested by macro: no
168.100.189.2 =?= 2604:8d00:189::2
168.100.3.2 =?= 2604:8d00:189::2
tested by function: no
tested by macro: no
2604:8d00:189::2 =?= 2604:8d00:189::2
tested by function: yes
tested by macro: yes
168.100.189.2 =?= 2604:8d00:189::3
168.100.3.2 =?= 2604:8d00:189::3
tested by function: no
tested by macro: no
2604:8d00:189::2 =?= 2604:8d00:189::3

View File

@ -1,2 +1,2 @@
spike.porcupine.org -> 168.100.189.2
spike.porcupine.org -> 168.100.3.2
spike.porcupine.org -> 2604:8d00:189::2

View File

@ -1,2 +1,2 @@
spike.porcupine.org 25 -> 168.100.189.2 25
spike.porcupine.org 25 -> 168.100.3.2 25
spike.porcupine.org 25 -> 2604:8d00:189::2 25

View File

@ -1,2 +1,2 @@
spike.porcupine.org -> 168.100.189.2
spike.porcupine.org -> 168.100.3.2
spike.porcupine.org -> 2604:8d00:189::2

View File

@ -1,8 +1,8 @@
./test_dns_lookup: lookup spike.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: error.reg: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: maps_find: DNS reply filter: regexp:error.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN A 168.100.189.2 = oops
./test_dns_lookup: dict_regexp_lookup: error.reg: spike.porcupine.org. 3600 IN A 168.100.3.2
./test_dns_lookup: maps_find: DNS reply filter: regexp:error.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN A 168.100.3.2 = oops
./test_dns_lookup: warning: DNS reply filter: unknown DNS filter action: "oops"
./test_dns_lookup: lookup spike.porcupine.org type AAAA flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (AAAA): OK

View File

@ -1,9 +1,9 @@
./test_dns_lookup: lookup spike.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: no-a.reg: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-a.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN A 168.100.189.2 = ignore
./test_dns_lookup: ignoring DNS RR: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: dict_regexp_lookup: no-a.reg: spike.porcupine.org. 3600 IN A 168.100.3.2
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-a.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN A 168.100.3.2 = ignore
./test_dns_lookup: ignoring DNS RR: spike.porcupine.org. 3600 IN A 168.100.3.2
./test_dns_lookup: lookup spike.porcupine.org type AAAA flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (AAAA): OK
./test_dns_lookup: dns_get_answer: type AAAA for spike.porcupine.org

View File

@ -1,8 +1,8 @@
./test_dns_lookup: lookup spike.porcupine.org type A flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for spike.porcupine.org
./test_dns_lookup: dict_regexp_lookup: no-aaaa.reg: spike.porcupine.org. 3600 IN A 168.100.189.2
./test_dns_lookup: maps_find: DNS reply filter: spike.porcupine.org. 3600 IN A 168.100.189.2: not found
./test_dns_lookup: dict_regexp_lookup: no-aaaa.reg: spike.porcupine.org. 3600 IN A 168.100.3.2
./test_dns_lookup: maps_find: DNS reply filter: spike.porcupine.org. 3600 IN A 168.100.3.2: not found
./test_dns_lookup: lookup spike.porcupine.org type AAAA flags RES_USE_DNSSEC
./test_dns_lookup: dns_query: spike.porcupine.org (AAAA): OK
./test_dns_lookup: dns_get_answer: type AAAA for spike.porcupine.org
@ -10,4 +10,4 @@
./test_dns_lookup: maps_find: DNS reply filter: regexp:no-aaaa.reg(0,lock|fold_fix): spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2 = ignore
./test_dns_lookup: ignoring DNS RR: spike.porcupine.org. 3600 IN AAAA 2604:8d00:189::2
spike.porcupine.org: fqdn: spike.porcupine.org
ad: 0, rr: spike.porcupine.org. 3600 IN A 168.100.189.2
ad: 0, rr: spike.porcupine.org. 3600 IN A 168.100.3.2

View File

@ -5,4 +5,4 @@
./test_dns_lookup: dns_query: nullmx.porcupine.org (A): OK
./test_dns_lookup: dns_get_answer: type A for nullmx.porcupine.org
nullmx.porcupine.org: fqdn: nullmx.porcupine.org
ad: 0, rr: nullmx.porcupine.org. 3600 IN A 168.100.189.13
ad: 0, rr: nullmx.porcupine.org. 3600 IN A 168.100.3.13

View File

@ -77,11 +77,10 @@ int main(int argc, char **argv)
int ch;
int lflags = DNS_REQ_FLAG_NONE;
if (var_dnssec_probe == 0)
var_dnssec_probe = mystrdup(DEF_DNSSEC_PROBE);
var_dnssec_probe = "";
msg_vstream_init(argv[0], VSTREAM_ERR);
while ((ch = GETOPT(argc, argv, "f:npv")) > 0) {
while ((ch = GETOPT(argc, argv, "f:npvs")) > 0) {
switch (ch) {
case 'v':
msg_verbose++;
@ -95,6 +94,9 @@ int main(int argc, char **argv)
case 'p':
var_dns_ncache_ttl_fix = 1;
break;
case 's':
var_dnssec_probe = DEF_DNSSEC_PROBE;
break;
default:
usage(argv);
}

View File

@ -201,6 +201,8 @@ static int haproxy_srvr_parse_proto(const char *str, int *addr_family)
if (msg_verbose)
msg_info("haproxy_srvr_parse: proto=%s", STR_OR_NULL(str));
if (str == 0)
return (-1);
#ifdef AF_INET6
if (strcasecmp(str, "TCP6") == 0) {
if (strchr((char *) proto_info->sa_family_list, AF_INET6) != 0) {

View File

@ -17,8 +17,8 @@
/*
/* The result is overwritten with each call.
/*
/* A null argv0 argument requests that the current
/* result is returned.
/* A null argv0 argument requests that the current result is
/* returned, or "unknown" when no current result exists.
/* LICENSE
/* .ad
/* .fi
@ -59,6 +59,8 @@ const char *mail_task(const char *argv0)
const char *slash;
const char *tag;
if (argv0 == 0 && canon_name == 0)
argv0 = "unknown";
if (argv0) {
if (canon_name == 0)
canon_name = vstring_alloc(10);

View File

@ -20,7 +20,7 @@
* Patches change both the patchlevel and the release date. Snapshots have no
* patchlevel; they change the release date only.
*/
#define MAIL_RELEASE_DATE "20210224"
#define MAIL_RELEASE_DATE "20210405"
#define MAIL_VERSION_NUMBER "3.6"
#ifdef SNAPSHOT

View File

@ -235,6 +235,12 @@ void maillog_client_init(const char *progname, int flags)
service_path = concatenate(var_queue_dir, "/", MAIL_CLASS_PUBLIC,
"/", var_postlog_service, (char *) 0);
} else {
/*
* var_postlog_service == 0, therefore var_maillog_file == 0.
* logger_mode == MAILLOG_CLIENT_MODE_POSTLOG && var_maillog_file ==
* 0, therefore import_service_path != 0.
*/
service_path = import_service_path;
}
maillog_client_flags = flags;

View File

@ -1,10 +1,10 @@
./namadr_list 168.100.189.0/28 dummy 168.100.189.2
./namadr_list '!168.100.189.2 168.100.189.0/28' dummy 168.100.189.2
./namadr_list '!168.100.189.2 168.100.189.0/28' dummy 168.100.189.3
./namadr_list 168.100.189.0/28 dummy 168.100.189.16
./namadr_list 168.100.189.0/98 dummy 168.100.189.16
./namadr_list 168.100.589.0/28 dummy 168.100.189.16
./namadr_list 168.100.189.0/28 dummy 168.100.989.16
./namadr_list 168.100.3.0/28 dummy 168.100.3.2
./namadr_list '!168.100.3.2 168.100.3.0/28' dummy 168.100.3.2
./namadr_list '!168.100.3.2 168.100.3.0/28' dummy 168.100.3.3
./namadr_list 168.100.3.0/28 dummy 168.100.3.16
./namadr_list 168.100.3.0/98 dummy 168.100.3.16
./namadr_list 168.100.589.0/28 dummy 168.100.3.16
./namadr_list 168.100.3.0/28 dummy 168.100.989.16
./namadr_list 2001:240:5c7:0:2d0:b7ff:fe88:2ca7 dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca7
./namadr_list '[2001:240:5c7:0:2d0:b7ff:fe88:2ca7]' dummy 2001:240:5c7:0:2d0:b7ff:fe88:2ca8
@ -13,30 +13,30 @@
./namadr_list '[2001:240:5c7::]/64' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca8
./namadr_list '[2001:24:5c7:0:2d0:b7ff:fe88:2ca8]' dummy 2001:24:5c7:0:2d0:b7ff:fe88:2ca7
./namadr_list 168.100.189.2 dummy 168.100.189.2
./namadr_list 168.100.189.2 dummy 168.100.189.3
./namadr_list '[168.100.189.2]' dummy 168.100.189.2
./namadr_list '[168.100.189.2]' dummy 168.100.189.3
./namadr_list 168.100.3.2 dummy 168.100.3.2
./namadr_list 168.100.3.2 dummy 168.100.3.3
./namadr_list '[168.100.3.2]' dummy 168.100.3.2
./namadr_list '[168.100.3.2]' dummy 168.100.3.3
echo foo !bar baz >junk; mv junk /tmp
./namadr_list !/tmp/junk dummy 168.100.189.3
./namadr_list !/tmp/junk foo 168.100.189.3
./namadr_list !/tmp/junk bar 168.100.189.3
./namadr_list !/tmp/junk baz 168.100.189.3
./namadr_list /tmp/junk dummy 168.100.189.3
./namadr_list /tmp/junk foo 168.100.189.3
./namadr_list /tmp/junk bar 168.100.189.3
./namadr_list /tmp/junk baz 168.100.189.3
./namadr_list !/tmp/junk dummy 168.100.3.3
./namadr_list !/tmp/junk foo 168.100.3.3
./namadr_list !/tmp/junk bar 168.100.3.3
./namadr_list !/tmp/junk baz 168.100.3.3
./namadr_list /tmp/junk dummy 168.100.3.3
./namadr_list /tmp/junk foo 168.100.3.3
./namadr_list /tmp/junk bar 168.100.3.3
./namadr_list /tmp/junk baz 168.100.3.3
rm -f junk
./namadr_list 'be.be' x.x.x 127.0.0.1
./namadr_list 'be/be' x.x.x 127.0.0.1
./namadr_list '[be:be]' x.x.x 127.0.0.1
./namadr_list '[be:be]' x.x.x ::1
env foo=x ./namadr_list environ:junk foo 168.100.189.3
env foo=x ./namadr_list environ:junk bar 168.100.189.3
env foo=x ./namadr_list !environ:junk foo 168.100.189.3
env foo=x ./namadr_list !environ:junk bar 168.100.189.3
env foo=x ./namadr_list !!environ:junk foo 168.100.189.3
env foo=x ./namadr_list !!environ:junk bar 168.100.189.3
./namadr_list fail:1 bar 168.100.189.3
./namadr_list !fail:1 bar 168.100.189.3
./namadr_list /tmp/nosuchfile bar 168.100.189.3
env foo=x ./namadr_list environ:junk foo 168.100.3.3
env foo=x ./namadr_list environ:junk bar 168.100.3.3
env foo=x ./namadr_list !environ:junk foo 168.100.3.3
env foo=x ./namadr_list !environ:junk bar 168.100.3.3
env foo=x ./namadr_list !!environ:junk foo 168.100.3.3
env foo=x ./namadr_list !!environ:junk bar 168.100.3.3
./namadr_list fail:1 bar 168.100.3.3
./namadr_list !fail:1 bar 168.100.3.3
./namadr_list /tmp/nosuchfile bar 168.100.3.3

View File

@ -1,11 +1,11 @@
dummy/168.100.189.2: YES
dummy/168.100.189.2: NO
dummy/168.100.189.3: YES
dummy/168.100.189.16: NO
./namadr_list: warning: command line: bad net/mask pattern: "168.100.189.0/98"
dummy/168.100.189.16: ERROR
dummy/168.100.3.2: YES
dummy/168.100.3.2: NO
dummy/168.100.3.3: YES
dummy/168.100.3.16: NO
./namadr_list: warning: command line: bad net/mask pattern: "168.100.3.0/98"
dummy/168.100.3.16: ERROR
./namadr_list: warning: command line: bad net/mask pattern: "168.100.589.0/28"
dummy/168.100.189.16: ERROR
dummy/168.100.3.16: ERROR
dummy/168.100.989.16: NO
./namadr_list: error: unsupported dictionary type: 2001
./namadr_list: warning: 2001:240:5c7:0:2d0:b7ff:fe88:2ca7 is unavailable. unsupported dictionary type: 2001
@ -19,35 +19,35 @@ dummy/2001:240:5c7:0:2d0:b7ff:fe88:2ca8: YES
dummy/2001:24:5c7:0:2d0:b7ff:fe88:2ca8: NO
dummy/2001:24:5c7:0:2d0:b7ff:fe88:2ca8: YES
dummy/2001:24:5c7:0:2d0:b7ff:fe88:2ca7: NO
dummy/168.100.189.2: YES
dummy/168.100.189.3: NO
dummy/168.100.189.2: YES
dummy/168.100.189.3: NO
dummy/168.100.189.3: NO
foo/168.100.189.3: NO
bar/168.100.189.3: YES
baz/168.100.189.3: NO
dummy/168.100.189.3: NO
foo/168.100.189.3: YES
bar/168.100.189.3: NO
baz/168.100.189.3: YES
dummy/168.100.3.2: YES
dummy/168.100.3.3: NO
dummy/168.100.3.2: YES
dummy/168.100.3.3: NO
dummy/168.100.3.3: NO
foo/168.100.3.3: NO
bar/168.100.3.3: YES
baz/168.100.3.3: NO
dummy/168.100.3.3: NO
foo/168.100.3.3: YES
bar/168.100.3.3: NO
baz/168.100.3.3: YES
x.x.x/127.0.0.1: NO
./namadr_list: warning: command line: bad net/mask pattern: "be/be"
x.x.x/127.0.0.1: ERROR
x.x.x/127.0.0.1: NO
./namadr_list: warning: command line: bad address pattern: "be:be"
x.x.x/::1: ERROR
foo/168.100.189.3: YES
bar/168.100.189.3: NO
foo/168.100.189.3: NO
bar/168.100.189.3: NO
foo/168.100.189.3: YES
bar/168.100.189.3: NO
foo/168.100.3.3: YES
bar/168.100.3.3: NO
foo/168.100.3.3: NO
bar/168.100.3.3: NO
foo/168.100.3.3: YES
bar/168.100.3.3: NO
./namadr_list: warning: command line: fail:1: table lookup problem
bar/168.100.189.3: ERROR
bar/168.100.3.3: ERROR
./namadr_list: warning: command line: fail:1: table lookup problem
bar/168.100.189.3: ERROR
bar/168.100.3.3: ERROR
./namadr_list: error: open file /tmp/nosuchfile: No such file or directory
./namadr_list: warning: non-existent:/tmp/nosuchfile is unavailable. open file /tmp/nosuchfile: No such file or directory
./namadr_list: warning: command line: non-existent:/tmp/nosuchfile: table lookup problem
bar/168.100.189.3: ERROR
bar/168.100.3.3: ERROR

View File

@ -1,10 +1,10 @@
mynetworks=168.100.189.0/27
mynetworks=168.100.3.0/27
server_acl=permit_mynetworks,reject
address=168.100.189.2
mynetworks=!168.100.189.2,168.100.189.0/27
address=168.100.189.2
address=168.100.189.3
address=168.100.3.2
mynetworks=!168.100.3.2,168.100.3.0/27
address=168.100.3.2
address=168.100.3.3
mynetworks=fail:1
address=168.100.189.4
address=168.100.3.4
server_acl=fail:1,reject
address=168.100.189.2
address=168.100.3.2

View File

@ -1,18 +1,18 @@
> mynetworks=168.100.189.0/27
> mynetworks=168.100.3.0/27
> server_acl=permit_mynetworks,reject
> address=168.100.189.2
168.100.189.2: permit
> mynetworks=!168.100.189.2,168.100.189.0/27
> address=168.100.189.2
168.100.189.2: reject
> address=168.100.189.3
168.100.189.3: permit
> address=168.100.3.2
168.100.3.2: permit
> mynetworks=!168.100.3.2,168.100.3.0/27
> address=168.100.3.2
168.100.3.2: reject
> address=168.100.3.3
168.100.3.3: permit
> mynetworks=fail:1
> address=168.100.189.4
> address=168.100.3.4
unknown: warning: mynetworks: fail:1: table lookup problem
unknown: warning: server_acl: permit_mynetworks: mynetworks lookup error -- ignoring the remainder of this access list
168.100.189.4: error
168.100.3.4: error
> server_acl=fail:1,reject
> address=168.100.189.2
> address=168.100.3.2
unknown: warning: server_acl: fail:1: table lookup error -- ignoring the remainder of this access list
168.100.189.2: error
168.100.3.2: error

View File

@ -1,7 +1,7 @@
postalias: fatal: table fail:aliases: query error: Unknown error: 0
postalias: fatal: table fail:aliases: query error: Unknown error: 0
postalias: fatal: table fail:aliases: delete error: Unknown error: 0
postalias: fatal: table fail:aliases: delete error: Unknown error: 0
postalias: fatal: table fail:aliases: sequence error: Unknown error: 0
postalias: fatal: table fail:aliases: write error: Unknown error: 0
postalias: fatal: table fail:aliases: write error: Unknown error: 0
postalias: fatal: table fail:aliases: query error: Application error
postalias: fatal: table fail:aliases: query error: Application error
postalias: fatal: table fail:aliases: delete error: Application error
postalias: fatal: table fail:aliases: delete error: Application error
postalias: fatal: table fail:aliases: sequence error: Application error
postalias: fatal: table fail:aliases: write error: Application error
postalias: fatal: table fail:aliases: write error: Application error

View File

@ -1,8 +1,8 @@
postmap: fatal: table fail:aliases: query error: Unknown error: 0
postmap: fatal: table fail:aliases: query error: Unknown error: 0
postmap: fatal: table fail:aliases: query error: Unknown error: 0
postmap: fatal: table fail:aliases: delete error: Unknown error: 0
postmap: fatal: table fail:aliases: delete error: Unknown error: 0
postmap: fatal: table fail:aliases: sequence error: Unknown error: 0
postmap: fatal: table fail:aliases: write error: Unknown error: 0
postmap: fatal: table fail:aliases: write error: Unknown error: 0
postmap: fatal: table fail:aliases: query error: Application error
postmap: fatal: table fail:aliases: query error: Application error
postmap: fatal: table fail:aliases: query error: Application error
postmap: fatal: table fail:aliases: delete error: Application error
postmap: fatal: table fail:aliases: delete error: Application error
postmap: fatal: table fail:aliases: sequence error: Application error
postmap: fatal: table fail:aliases: write error: Application error
postmap: fatal: table fail:aliases: write error: Application error

View File

@ -146,7 +146,7 @@ smtpd_check_dsn_test: smtpd_check smtpd_check_dsn.in smtpd_check_dsn.ref smtpd_c
diff smtpd_check_dsn.ref smtpd_check.tmp
rm -f smtpd_check.tmp smtpd_check_access.*
# This requires that 168,100.189.7 is a local or virtual interface.
# This requires that 168.100.3.7 is a local or virtual interface.
smtpd_check_backup_test: smtpd_check smtpd_check_backup.in smtpd_check_backup.ref
$(SHLIB_ENV) $(VALGRIND) ./smtpd_check <smtpd_check_backup.in >smtpd_check.tmp 2>&1

View File

@ -2,7 +2,7 @@
# Initialize
#
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
relay_domains porcupine.org
smtpd_null_access_lookup_key <>
#

View File

@ -3,7 +3,7 @@
>>> #
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> relay_domains porcupine.org
OK

View File

@ -2,7 +2,7 @@
# Initialize
#
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
local_recipient_maps inline:{foo_canon=whatever,bar_canon=whatever}
mydestination example.com
myorigin example.com

View File

@ -3,7 +3,7 @@
>>> #
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> local_recipient_maps inline:{foo_canon=whatever,bar_canon=whatever}
OK

View File

@ -5870,6 +5870,11 @@ static int int_update(char **argv)
return (0);
}
/*
* Boolean parameters.
*/
bool var_relay_before_rcpt_checks;
/*
* Restrictions.
*/

View File

@ -4,7 +4,7 @@
#! ../bin/postmap smtpd_check_access
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
relay_domains porcupine.org
maps_rbl_domains dnsbltest.porcupine.org
#
@ -12,7 +12,7 @@ maps_rbl_domains dnsbltest.porcupine.org
#
client_restrictions permit_mynetworks,reject_unknown_client,hash:./smtpd_check_access
client unknown 131.155.210.17
client unknown 168.100.189.13
client unknown 168.100.3.13
client random.bad.domain 123.123.123.123
client friend.bad.domain 123.123.123.123
client bad.domain 123.123.123.123
@ -46,7 +46,7 @@ helo 123.123.123.123
sender_restrictions permit_mynetworks,reject_unknown_client
client unknown 131.155.210.17
mail foo@ibm.com
client unknown 168.100.189.13
client unknown 168.100.3.13
mail foo@ibm.com
client foo 123.123.123.123
mail foo@ibm.com
@ -68,13 +68,13 @@ mail foo@friend.bad.domain
recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains
client unknown 131.155.210.17
rcpt foo@ibm.com
client unknown 168.100.189.13
client unknown 168.100.3.13
rcpt foo@ibm.com
client foo 123.123.123.123
rcpt foo@ibm.com
rcpt foo@porcupine.org
recipient_restrictions check_relay_domains
client foo.porcupine.org 168.100.189.13
client foo.porcupine.org 168.100.3.13
rcpt foo@ibm.com
rcpt foo@porcupine.org
client foo 123.123.123.123
@ -91,7 +91,7 @@ mail foo@friend.bad.domain
# RBL
#
client_restrictions reject_maps_rbl
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
client foo 127.0.0.2
#
# Hybrids
@ -117,7 +117,7 @@ rcpt foo@porcupine.org
# MX backup
#
#mydestination spike.porcupine.org,localhost.porcupine.org
#inet_interfaces 168.100.189.2,127.0.0.1
#inet_interfaces 168.100.3.2,127.0.0.1
#recipient_restrictions permit_mx_backup,reject
#rcpt wietse@wzv.win.tue.nl
#rcpt wietse@trouble.org

View File

@ -4,7 +4,7 @@
#! ../bin/postmap smtpd_check_access
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
relay_domains porcupine.org
maps_rbl_domains dnsbltest.porcupine.org
#
@ -12,7 +12,7 @@ maps_rbl_domains dnsbltest.porcupine.org
#
client_restrictions permit_mynetworks,reject_unknown_client,check_client_access,hash:./smtpd_check_access
client unknown 131.155.210.17
client unknown 168.100.189.13
client unknown 168.100.3.13
client random.bad.domain 123.123.123.123
client friend.bad.domain 123.123.123.123
client bad.domain 123.123.123.123
@ -38,7 +38,7 @@ helo friend.bad.domain
sender_restrictions permit_mynetworks,reject_unknown_client
client unknown 131.155.210.17
mail foo@ibm.com
client unknown 168.100.189.13
client unknown 168.100.3.13
mail foo@ibm.com
client foo 123.123.123.123
mail foo@ibm.com
@ -60,13 +60,13 @@ mail foo@friend.bad.domain
recipient_restrictions permit_mynetworks,reject_unknown_client,check_relay_domains
client unknown 131.155.210.17
rcpt foo@ibm.com
client unknown 168.100.189.13
client unknown 168.100.3.13
rcpt foo@ibm.com
client foo 123.123.123.123
rcpt foo@ibm.com
rcpt foo@porcupine.org
recipient_restrictions check_relay_domains
client foo.porcupine.org 168.100.189.13
client foo.porcupine.org 168.100.3.13
rcpt foo@ibm.com
rcpt foo@porcupine.org
client foo 123.123.123.123
@ -83,7 +83,7 @@ mail foo@friend.bad.domain
# RBL
#
client_restrictions reject_maps_rbl
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
client foo 127.0.0.2
#
# unknown sender/recipient domain

View File

@ -1,6 +1,6 @@
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
relay_domains porcupine.org
local_recipient_maps unix:passwd.byname
client unknown 131.155.210.17

View File

@ -5,7 +5,7 @@
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> relay_domains porcupine.org
OK
@ -19,7 +19,7 @@ OK
>>> client unknown 131.155.210.17
./smtpd_check: <queue id>: reject: CONNECT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; proto=SMTP
450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]
>>> client unknown 168.100.189.13
>>> client unknown 168.100.3.13
OK
>>> client random.bad.domain 123.123.123.123
./smtpd_check: <queue id>: reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.7.1 <random.bad.domain[123.123.123.123]>: Client host rejected: match bad.domain; proto=SMTP
@ -94,7 +94,7 @@ OK
>>> mail foo@ibm.com
./smtpd_check: <queue id>: reject: MAIL from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from=<foo@ibm.com> proto=SMTP helo=<123.123.123.123>
450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]
>>> client unknown 168.100.189.13
>>> client unknown 168.100.3.13
OK
>>> mail foo@ibm.com
OK
@ -143,7 +143,7 @@ OK
>>> rcpt foo@ibm.com
./smtpd_check: <queue id>: reject: RCPT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from=<foo@friend.bad.domain> to=<foo@ibm.com> proto=SMTP helo=<123.123.123.123>
450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]
>>> client unknown 168.100.189.13
>>> client unknown 168.100.3.13
OK
>>> rcpt foo@ibm.com
OK
@ -157,7 +157,7 @@ OK
OK
>>> recipient_restrictions check_relay_domains
OK
>>> client foo.porcupine.org 168.100.189.13
>>> client foo.porcupine.org 168.100.3.13
OK
>>> rcpt foo@ibm.com
OK
@ -193,7 +193,7 @@ OK
>>> #
>>> client_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead
OK
>>> client foo 127.0.0.2
@ -245,7 +245,7 @@ OK
>>> # MX backup
>>> #
>>> #mydestination spike.porcupine.org,localhost.porcupine.org
>>> #inet_interfaces 168.100.189.2,127.0.0.1
>>> #inet_interfaces 168.100.3.2,127.0.0.1
>>> #recipient_restrictions permit_mx_backup,reject
>>> #rcpt wietse@wzv.win.tue.nl
>>> #rcpt wietse@trouble.org

View File

@ -5,7 +5,7 @@
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> relay_domains porcupine.org
OK
@ -19,7 +19,7 @@ OK
>>> client unknown 131.155.210.17
./smtpd_check: <queue id>: reject: CONNECT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; proto=SMTP
450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]
>>> client unknown 168.100.189.13
>>> client unknown 168.100.3.13
OK
>>> client random.bad.domain 123.123.123.123
./smtpd_check: <queue id>: reject: CONNECT from random.bad.domain[123.123.123.123]: 554 5.7.1 <random.bad.domain[123.123.123.123]>: Client host rejected: match bad.domain; proto=SMTP
@ -74,7 +74,7 @@ OK
>>> mail foo@ibm.com
./smtpd_check: <queue id>: reject: MAIL from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from=<foo@ibm.com> proto=SMTP helo=<friend.bad.domain>
450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]
>>> client unknown 168.100.189.13
>>> client unknown 168.100.3.13
OK
>>> mail foo@ibm.com
OK
@ -123,7 +123,7 @@ OK
>>> rcpt foo@ibm.com
./smtpd_check: <queue id>: reject: RCPT from unknown[131.155.210.17]: 450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]; from=<foo@friend.bad.domain> to=<foo@ibm.com> proto=SMTP helo=<friend.bad.domain>
450 4.7.1 Client host rejected: cannot find your hostname, [131.155.210.17]
>>> client unknown 168.100.189.13
>>> client unknown 168.100.3.13
OK
>>> rcpt foo@ibm.com
OK
@ -137,7 +137,7 @@ OK
OK
>>> recipient_restrictions check_relay_domains
OK
>>> client foo.porcupine.org 168.100.189.13
>>> client foo.porcupine.org 168.100.3.13
OK
>>> rcpt foo@ibm.com
OK
@ -173,7 +173,7 @@ OK
>>> #
>>> client_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead
OK
>>> client foo 127.0.0.2

View File

@ -4,17 +4,17 @@
#! ../bin/postmap smtpd_check_access
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
#
# MX backup
#
mydestination wzv.porcupine.org,localhost.porcupine.org
inet_interfaces 168.100.189.7,127.0.0.1
inet_interfaces 168.100.3.7,127.0.0.1
recipient_restrictions permit_mx_backup,reject
rcpt wietse@wzv.porcupine.org
rcpt wietse@backup.porcupine.org
rcpt wietse@porcupine.org
permit_mx_backup_networks 168.100.189.5
permit_mx_backup_networks 168.100.3.5
rcpt wietse@backup.porcupine.org
permit_mx_backup_networks 168.100.189.4
permit_mx_backup_networks 168.100.3.4
rcpt wietse@backup.porcupine.org

View File

@ -5,14 +5,14 @@
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> #
>>> # MX backup
>>> #
>>> mydestination wzv.porcupine.org,localhost.porcupine.org
OK
>>> inet_interfaces 168.100.189.7,127.0.0.1
>>> inet_interfaces 168.100.3.7,127.0.0.1
OK
>>> recipient_restrictions permit_mx_backup,reject
OK
@ -23,12 +23,12 @@ OK
>>> rcpt wietse@porcupine.org
./smtpd_check: <queue id>: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <wietse@porcupine.org>: Recipient address rejected: Access denied; to=<wietse@porcupine.org> proto=SMTP
554 5.7.1 <wietse@porcupine.org>: Recipient address rejected: Access denied
>>> permit_mx_backup_networks 168.100.189.5
>>> permit_mx_backup_networks 168.100.3.5
OK
>>> rcpt wietse@backup.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <wietse@backup.porcupine.org>: Recipient address rejected: Access denied; to=<wietse@backup.porcupine.org> proto=SMTP
554 5.7.1 <wietse@backup.porcupine.org>: Recipient address rejected: Access denied
>>> permit_mx_backup_networks 168.100.189.4
>>> permit_mx_backup_networks 168.100.3.4
OK
>>> rcpt wietse@backup.porcupine.org
OK

View File

@ -4,7 +4,7 @@
#! ../bin/postmap smtpd_check_access
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
#
# Test the client restrictions.
#

View File

@ -5,7 +5,7 @@
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> #
>>> # Test the client restrictions.

View File

@ -30,11 +30,11 @@ OK
>>> mail user@spike.porcupine.org
OK
>>> helo spike.porcupine.org
./smtpd_check: ignoring DNS RR: spike.porcupine.org. TTL IN A 168.100.189.2
./smtpd_check: ignoring DNS RR: spike.porcupine.org. TTL IN A 168.100.3.2
OK
>>> # EXPECT OK + "all A records dropped" warning + no delayed reject.
>>> helo fist.porcupine.org
./smtpd_check: ignoring DNS RR: fist.porcupine.org. TTL IN A 168.100.189.4
./smtpd_check: ignoring DNS RR: fist.porcupine.org. TTL IN A 168.100.3.4
./smtpd_check: warning: fist.porcupine.org: address or MX lookup error: DNS reply filter drops all results
OK
>>> mail user@spike.porcupine.org
@ -96,11 +96,11 @@ OK
OK
>>> # EXPECT OK (host has AAAA record).
>>> mail user@spike.porcupine.org
./smtpd_check: ignoring DNS RR: spike.porcupine.org. TTL IN A 168.100.189.2
./smtpd_check: ignoring DNS RR: spike.porcupine.org. TTL IN A 168.100.3.2
OK
>>> # EXPECT OK + "all A records dropped" warning.
>>> mail user@fist.porcupine.org
./smtpd_check: ignoring DNS RR: fist.porcupine.org. TTL IN A 168.100.189.4
./smtpd_check: ignoring DNS RR: fist.porcupine.org. TTL IN A 168.100.3.4
./smtpd_check: warning: fist.porcupine.org: MX or address lookup error: DNS reply filter drops all results
OK
>>> smtpd_dns_reply_filter regexp:../dns/error.reg

View File

@ -3,7 +3,7 @@
#
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
mydestination porcupine.org
relay_domains porcupine.org
helo foobar
@ -14,11 +14,11 @@ helo foobar
# Allowlist overrides reject.
client_restrictions permit_dnswl_client,wild.porcupine.org,reject
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
# Allowlist does not fire - reject.
client_restrictions permit_dnswl_client,porcupine.org,reject
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
# Allowlist does not override reject_unauth_destination.
client_restrictions permit
@ -35,21 +35,21 @@ rcpt wietse@porcupine.org
# Allowlist overrides reject.
client_restrictions permit_rhswl_client,dnswl.porcupine.org,reject
# Non-allowlisted client name - reject.
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
# Allowlisted client name - accept.
client example.tld 168.100.189.2
client example.tld 168.100.3.2
# Allowlist does not override reject_unauth_destination.
client_restrictions permit
recipient_restrictions permit_rhswl_client,dnswl.porcupine.org,reject_unauth_destination
# Non-allowlisted client name.
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
# Unauthorized destination - reject.
rcpt rname@rdomain
# Authorized destination - accept.
rcpt wietse@porcupine.org
# Allowlisted client name.
client example.tld 168.100.189.2
client example.tld 168.100.3.2
# Unauthorized destination - reject.
rcpt rname@rdomain
# Authorized destination - accept.

View File

@ -4,7 +4,7 @@
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> mydestination porcupine.org
OK
@ -20,15 +20,15 @@ OK
>>> # Allowlist overrides reject.
>>> client_restrictions permit_dnswl_client,wild.porcupine.org,reject
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>>
>>> # Allowlist does not fire - reject.
>>> client_restrictions permit_dnswl_client,porcupine.org,reject
OK
>>> client spike.porcupine.org 168.100.189.2
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <spike.porcupine.org[168.100.189.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar>
554 5.7.1 <spike.porcupine.org[168.100.189.2]>: Client host rejected: Access denied
>>> client spike.porcupine.org 168.100.3.2
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar>
554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied
>>>
>>> # Allowlist does not override reject_unauth_destination.
>>> client_restrictions permit
@ -37,7 +37,7 @@ OK
OK
>>> # Unauthorized destination - reject.
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 <rname@rdomain>: Relay access denied
>>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org
@ -51,11 +51,11 @@ OK
>>> client_restrictions permit_rhswl_client,dnswl.porcupine.org,reject
OK
>>> # Non-allowlisted client name - reject.
>>> client spike.porcupine.org 168.100.189.2
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <spike.porcupine.org[168.100.189.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar>
554 5.7.1 <spike.porcupine.org[168.100.189.2]>: Client host rejected: Access denied
>>> client spike.porcupine.org 168.100.3.2
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied; proto=SMTP helo=<foobar>
554 5.7.1 <spike.porcupine.org[168.100.3.2]>: Client host rejected: Access denied
>>> # Allowlisted client name - accept.
>>> client example.tld 168.100.189.2
>>> client example.tld 168.100.3.2
OK
>>>
>>> # Allowlist does not override reject_unauth_destination.
@ -64,31 +64,31 @@ OK
>>> recipient_restrictions permit_rhswl_client,dnswl.porcupine.org,reject_unauth_destination
OK
>>> # Non-allowlisted client name.
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> # Unauthorized destination - reject.
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 <rname@rdomain>: Relay access denied
>>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org
OK
>>> # Allowlisted client name.
>>> client example.tld 168.100.189.2
>>> client example.tld 168.100.3.2
OK
>>> # Unauthorized destination - reject.
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <rname@rdomain>: Relay access denied; to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 <rname@rdomain>: Relay access denied
>>> # Authorized destination - accept.
>>> rcpt wietse@porcupine.org
OK
>>> # Numeric TLD - dunno.
>>> rcpt wietse@12345
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <wietse@12345>: Relay access denied; to=<wietse@12345> proto=SMTP helo=<foobar>
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <wietse@12345>: Relay access denied; to=<wietse@12345> proto=SMTP helo=<foobar>
554 5.7.1 <wietse@12345>: Relay access denied
>>> rcpt wietse@12345.porcupine.org
OK
>>> rcpt wietse@porcupine.12345
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.189.2]: 554 5.7.1 <wietse@porcupine.12345>: Relay access denied; to=<wietse@porcupine.12345> proto=SMTP helo=<foobar>
./smtpd_check: <queue id>: reject: RCPT from example.tld[168.100.3.2]: 554 5.7.1 <wietse@porcupine.12345>: Relay access denied; to=<wietse@porcupine.12345> proto=SMTP helo=<foobar>
554 5.7.1 <wietse@porcupine.12345>: Relay access denied

View File

@ -40,7 +40,7 @@ rcpt reject@dunno.domain
#
# Test mynetworks.
#
mynetworks 168.100.189.1/27
mynetworks 168.100.3.1/27
#
# Expect REJECT (server configuration error)
#

View File

@ -63,13 +63,13 @@ OK
>>> #
>>> # Test mynetworks.
>>> #
>>> mynetworks 168.100.189.1/27
>>> mynetworks 168.100.3.1/27
OK
>>> #
>>> # Expect REJECT (server configuration error)
>>> #
>>> rcpt reject@dunno.domain
./smtpd_check: warning: mynetworks: non-null host address bits in "168.100.189.1/27", perhaps you should use "168.100.189.0/27" instead
./smtpd_check: warning: mynetworks: non-null host address bits in "168.100.3.1/27", perhaps you should use "168.100.3.0/27" instead
./smtpd_check: <queue id>: reject: RCPT from foo.dunno.com[131.155.210.17]: 451 4.3.0 <reject@dunno.domain>: Temporary lookup failure; from=<reject@dunno.domain> to=<reject@dunno.domain> proto=SMTP helo=<foobar>
451 4.3.0 <reject@dunno.domain>: Temporary lookup failure
>>> #

View File

@ -4,7 +4,7 @@
#! ../bin/postmap smtpd_check_access
#msg_verbose 1
smtpd_delay_reject 0
mynetworks 127.0.0.0/8,168.100.189.0/28
mynetworks 127.0.0.0/8,168.100.3.0/28
relay_domains porcupine.org
maps_rbl_domains dnsbltest.porcupine.org
rbl_reply_maps hash:smtpd_check_access
@ -14,13 +14,13 @@ helo foobar
#
mail sname@sdomain
recipient_restrictions reject_maps_rbl
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
rcpt rname@rdomain
client foo 127.0.0.2
rcpt rname@rdomain
#
recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
rcpt rname@rdomain
client foo 127.0.0.2
rcpt rname@rdomain
@ -33,7 +33,7 @@ rcpt rname@rdomain
# RHSBL sender domain name
#
recipient_restrictions reject_rhsbl_sender,rhsbl.porcupine.org
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
mail sname@example.tld
rcpt rname@rdomain
mail sname@sdomain
@ -49,7 +49,7 @@ rcpt rname@rdomain
# RHSBL recipient domain name
#
recipient_restrictions reject_rhsbl_recipient,rhsbl.porcupine.org
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
mail sname@sdomain
rcpt rname@rdomain
rcpt rname@example.tld

View File

@ -5,7 +5,7 @@
>>> #msg_verbose 1
>>> smtpd_delay_reject 0
OK
>>> mynetworks 127.0.0.0/8,168.100.189.0/28
>>> mynetworks 127.0.0.0/8,168.100.3.0/28
OK
>>> relay_domains porcupine.org
OK
@ -22,7 +22,7 @@ OK
OK
>>> recipient_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> rcpt rname@rdomain
./smtpd_check: warning: support for restriction "reject_maps_rbl" will be removed from Postfix; use "reject_rbl_client domain-name" instead
@ -35,7 +35,7 @@ OK
>>> #
>>> recipient_restrictions reject_rbl_client,dnsbltest.porcupine.org
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> rcpt rname@rdomain
OK
@ -60,13 +60,13 @@ OK
>>> #
>>> recipient_restrictions reject_rhsbl_sender,rhsbl.porcupine.org
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> mail sname@example.tld
OK
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@example.tld sender_name=sname sender_domain=example.tld recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=sname@example.tld rbl_class=Sender address; from=<sname@example.tld> to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@example.tld sender_name=sname sender_domain=example.tld recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=sname@example.tld rbl_class=Sender address
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@example.tld sender_name=sname sender_domain=example.tld recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=sname@example.tld rbl_class=Sender address; from=<sname@example.tld> to=<rname@rdomain> proto=SMTP helo=<foobar>
554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@example.tld sender_name=sname sender_domain=example.tld recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=sname@example.tld rbl_class=Sender address
>>> mail sname@sdomain
OK
>>> rcpt rname@rdomain
@ -88,15 +88,15 @@ OK
>>> #
>>> recipient_restrictions reject_rhsbl_recipient,rhsbl.porcupine.org
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> mail sname@sdomain
OK
>>> rcpt rname@rdomain
OK
>>> rcpt rname@example.tld
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=rname@example.tld rbl_class=Recipient address; from=<sname@sdomain> to=<rname@example.tld> proto=SMTP helo=<foobar>
554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=rname@example.tld rbl_class=Recipient address
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=rname@example.tld rbl_class=Recipient address; from=<sname@sdomain> to=<rname@example.tld> proto=SMTP helo=<foobar>
554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=foobar sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@example.tld recipient_name=rname recipient_domain=example.tld rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=rname@example.tld rbl_class=Recipient address
>>> #
>>> # RHSBL helo domain name
>>> #
@ -107,5 +107,5 @@ OK
>>> mail sname@sdomain
OK
>>> rcpt rname@rdomain
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=example.tld sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=example.tld rbl_class=Helo command; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld>
554 5.7.1 client=spike.porcupine.org[168.100.189.2] client_address=168.100.189.2 client_name=spike.porcupine.org helo_name=example.tld sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=example.tld rbl_class=Helo command
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=example.tld sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=example.tld rbl_class=Helo command; from=<sname@sdomain> to=<rname@rdomain> proto=SMTP helo=<example.tld>
554 5.7.1 client=spike.porcupine.org[168.100.3.2] client_address=168.100.3.2 client_name=spike.porcupine.org helo_name=example.tld sender=sname@sdomain sender_name=sname sender_domain=sdomain recipient=rname@rdomain recipient_name=rname recipient_domain=rdomain rbl_code=554 rbl_domain=rhsbl.porcupine.org rbl_txt=RHSBL test rbl_what=example.tld rbl_class=Helo command

View File

@ -4,7 +4,7 @@
#! ../bin/postmap smtpd_check_access
#msg_verbose 1
#smtpd_delay_reject 0
#mynetworks 127.0.0.0/8,168.100.189.0/28
#mynetworks 127.0.0.0/8,168.100.3.0/28
#relay_domains porcupine.org
#maps_rbl_domains dnsbltest.porcupine.org
#rbl_reply_maps hash:smtpd_check_access
@ -14,7 +14,7 @@
#
smtpd_delay_reject 0
helo_restrictions reject_unknown_helo_hostname
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
mail sname@sdomain
rcpt rname@rdomain
helo nxdomain.porcupine.org
@ -25,7 +25,7 @@ helo spike.porcupine.org
#
smtpd_delay_reject 0
sender_restrictions reject_unknown_sender_domain
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
helo spike.porcupine.org
rcpt rname@rdomain
mail sname@nxdomain.porcupine.org
@ -38,7 +38,7 @@ smtpd_delay_reject 0
sender_restrictions permit
recipient_restrictions reject_unknown_recipient_domain
relay_restrictions reject_unauth_destination
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
helo spike.porcupine.org
mail sname@sdomain
relay_domains nxdomain.porcupine.org
@ -52,7 +52,7 @@ rcpt rname@spike.porcupine.org
#
smtpd_delay_reject 0
sender_restrictions check_sender_mx_access,hash:smtpd_check_access
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
mail sname@nxdomain.porcupine.org
mail sname@nullmx.porcupine.org
mail sname@spike.porcupine.org

View File

@ -4,7 +4,7 @@
>>> #! ../bin/postmap smtpd_check_access
>>> #msg_verbose 1
>>> #smtpd_delay_reject 0
>>> #mynetworks 127.0.0.0/8,168.100.189.0/28
>>> #mynetworks 127.0.0.0/8,168.100.3.0/28
>>> #relay_domains porcupine.org
>>> #maps_rbl_domains dnsbltest.porcupine.org
>>> #rbl_reply_maps hash:smtpd_check_access
@ -16,14 +16,14 @@
OK
>>> helo_restrictions reject_unknown_helo_hostname
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> mail sname@sdomain
OK
>>> rcpt rname@rdomain
OK
>>> helo nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found; from=<sname@sdomain> proto=SMTP helo=<nxdomain.porcupine.org>
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.3.2]: 450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found; from=<sname@sdomain> proto=SMTP helo=<nxdomain.porcupine.org>
450 4.7.1 <nxdomain.porcupine.org>: Helo command rejected: Host not found
>>> helo nullmx.porcupine.org
OK
@ -36,17 +36,17 @@ OK
OK
>>> sender_restrictions reject_unknown_sender_domain
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> helo spike.porcupine.org
OK
>>> rcpt rname@rdomain
OK
>>> mail sname@nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 450 4.1.8 <sname@nxdomain.porcupine.org>: Sender address rejected: Domain not found; from=<sname@nxdomain.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.3.2]: 450 4.1.8 <sname@nxdomain.porcupine.org>: Sender address rejected: Domain not found; from=<sname@nxdomain.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
450 4.1.8 <sname@nxdomain.porcupine.org>: Sender address rejected: Domain not found
>>> mail sname@nullmx.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 550 5.7.27 <sname@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX); from=<sname@nullmx.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.3.2]: 550 5.7.27 <sname@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX); from=<sname@nullmx.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
550 5.7.27 <sname@nullmx.porcupine.org>: Sender address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX)
>>> mail sname@spike.porcupine.org
OK
@ -61,7 +61,7 @@ OK
OK
>>> relay_restrictions reject_unauth_destination
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> helo spike.porcupine.org
OK
@ -70,12 +70,12 @@ OK
>>> relay_domains nxdomain.porcupine.org
OK
>>> rcpt rname@nxdomain.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 450 4.1.2 <rname@nxdomain.porcupine.org>: Recipient address rejected: Domain not found; from=<sname@sdomain> to=<rname@nxdomain.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 450 4.1.2 <rname@nxdomain.porcupine.org>: Recipient address rejected: Domain not found; from=<sname@sdomain> to=<rname@nxdomain.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
450 4.1.2 <rname@nxdomain.porcupine.org>: Recipient address rejected: Domain not found
>>> relay_domains nullmx.porcupine.org
OK
>>> rcpt rname@nullmx.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 556 5.1.10 <rname@nullmx.porcupine.org>: Recipient address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX); from=<sname@sdomain> to=<rname@nullmx.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 556 5.1.10 <rname@nullmx.porcupine.org>: Recipient address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX); from=<sname@sdomain> to=<rname@nullmx.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
556 5.1.10 <rname@nullmx.porcupine.org>: Recipient address rejected: Domain nullmx.porcupine.org does not accept mail (nullMX)
>>> relay_domains spike.porcupine.org
OK
@ -88,7 +88,7 @@ OK
OK
>>> sender_restrictions check_sender_mx_access,hash:smtpd_check_access
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> mail sname@nxdomain.porcupine.org
./smtpd_check: warning: Unable to look up MX host nxdomain.porcupine.org for Sender address sname@nxdomain.porcupine.org: hostname nor servname provided, or not known
@ -96,5 +96,5 @@ OK
>>> mail sname@nullmx.porcupine.org
OK
>>> mail sname@spike.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <sname@spike.porcupine.org>: Sender address rejected: ns or mx server spike.porcupine.org; from=<sname@spike.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <sname@spike.porcupine.org>: Sender address rejected: ns or mx server spike.porcupine.org; from=<sname@spike.porcupine.org> proto=SMTP helo=<spike.porcupine.org>
554 5.7.1 <sname@spike.porcupine.org>: Sender address rejected: ns or mx server spike.porcupine.org

View File

@ -5,52 +5,52 @@
#msg_verbose 1
smtpd_delay_reject 0
relay_domains porcupine.org
client spike.porcupine.org 168.100.189.2
client spike.porcupine.org 168.100.3.2
#
# Check MX access
#
helo_restrictions check_helo_mx_access,inline:{168.100.189.2=reject}
helo_restrictions check_helo_mx_access,inline:{168.100.3.2=reject}
helo www.porcupine.org
helo example.tld
helo foo@postfix.org
sender_restrictions check_sender_mx_access,inline:{168.100.189.2=reject}
sender_restrictions check_sender_mx_access,inline:{168.100.3.2=reject}
mail foo@www.porcupine.org
mail example.tld
mail foo@postfix.org
recipient_restrictions check_recipient_mx_access,inline:{168.100.189.2=reject}
recipient_restrictions check_recipient_mx_access,inline:{168.100.3.2=reject}
rcpt foo@www.porcupine.org
rcpt foo@example.tld
rcpt foo@postfix.org
#
# Check NS access
#
helo_restrictions check_helo_ns_access,inline:{168.100.1.2=reject}
helo_restrictions check_helo_ns_access,inline:{168.100.3.75=reject}
helo www.porcupine.org
helo example.tld
helo foo@postfix.org
sender_restrictions check_sender_ns_access,inline:{168.100.1.2=reject}
sender_restrictions check_sender_ns_access,inline:{168.100.3.75=reject}
mail foo@www.porcupine.org
mail example.tld
mail foo@postfix.org
recipient_restrictions check_recipient_ns_access,inline:{168.100.1.2=reject}
recipient_restrictions check_recipient_ns_access,inline:{168.100.3.75=reject}
rcpt foo@www.porcupine.org
rcpt foo@example.tld
rcpt foo@postfix.org
#
# Check A access
#
helo_restrictions check_helo_a_access,inline:{168.100.189.2=reject}
helo_restrictions check_helo_a_access,inline:{168.100.3.2=reject}
helo spike.porcupine.org
helo www.porcupine.org
client_restrictions check_client_a_access,inline:{168.100.189.2=reject}
client_restrictions check_client_a_access,inline:{168.100.3.2=reject}
client spike.porcupine.org 1.2.3.4
client www.porcupine.org 1.2.3.4
reverse_client_restrictions check_reverse_client_a_access,inline:{168.100.189.2=reject}
reverse_client_restrictions check_reverse_client_a_access,inline:{168.100.3.2=reject}
client spike.porcupine.org 1.2.3.4
client www.porcupine.org 1.2.3.4
sender_restrictions check_sender_a_access,inline:{168.100.189.2=reject}
sender_restrictions check_sender_a_access,inline:{168.100.3.2=reject}
mail foo@spike.porcupine.org
mail foo@www.porcupine.org
recipient_restrictions check_recipient_a_access,inline:{168.100.189.2=reject}
recipient_restrictions check_recipient_a_access,inline:{168.100.3.2=reject}
rcpt foo@spike.porcupine.org
rcpt foo@www.porcupine.org

View File

@ -7,35 +7,35 @@
OK
>>> relay_domains porcupine.org
OK
>>> client spike.porcupine.org 168.100.189.2
>>> client spike.porcupine.org 168.100.3.2
OK
>>> #
>>> # Check MX access
>>> #
>>> helo_restrictions check_helo_mx_access,inline:{168.100.189.2=reject}
>>> helo_restrictions check_helo_mx_access,inline:{168.100.3.2=reject}
OK
>>> helo www.porcupine.org
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <www.porcupine.org>: Helo command rejected: Access denied; proto=SMTP helo=<www.porcupine.org>
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <www.porcupine.org>: Helo command rejected: Access denied; proto=SMTP helo=<www.porcupine.org>
554 5.7.1 <www.porcupine.org>: Helo command rejected: Access denied
>>> helo example.tld
./smtpd_check: warning: Unable to look up MX host example.tld for Helo command example.tld: hostname nor servname provided, or not known
OK
>>> helo foo@postfix.org
OK
>>> sender_restrictions check_sender_mx_access,inline:{168.100.189.2=reject}
>>> sender_restrictions check_sender_mx_access,inline:{168.100.3.2=reject}
OK
>>> mail foo@www.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@www.porcupine.org>: Sender address rejected: Access denied; from=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@www.porcupine.org>: Sender address rejected: Access denied; from=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@www.porcupine.org>: Sender address rejected: Access denied
>>> mail example.tld
./smtpd_check: warning: Unable to look up MX host example.tld for Sender address example.tld: hostname nor servname provided, or not known
OK
>>> mail foo@postfix.org
OK
>>> recipient_restrictions check_recipient_mx_access,inline:{168.100.189.2=reject}
>>> recipient_restrictions check_recipient_mx_access,inline:{168.100.3.2=reject}
OK
>>> rcpt foo@www.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@www.porcupine.org>: Recipient address rejected: Access denied; from=<foo@postfix.org> to=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@www.porcupine.org>: Recipient address rejected: Access denied; from=<foo@postfix.org> to=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@www.porcupine.org>: Recipient address rejected: Access denied
>>> rcpt foo@example.tld
./smtpd_check: warning: Unable to look up MX host example.tld for Recipient address foo@example.tld: hostname nor servname provided, or not known
@ -45,71 +45,71 @@ OK
>>> #
>>> # Check NS access
>>> #
>>> helo_restrictions check_helo_ns_access,inline:{168.100.1.2=reject}
>>> helo_restrictions check_helo_ns_access,inline:{168.100.3.75=reject}
OK
>>> helo www.porcupine.org
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <www.porcupine.org>: Helo command rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<www.porcupine.org>
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <www.porcupine.org>: Helo command rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<www.porcupine.org>
554 5.7.1 <www.porcupine.org>: Helo command rejected: Access denied
>>> helo example.tld
./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
OK
>>> helo foo@postfix.org
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@postfix.org>: Helo command rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@postfix.org>: Helo command rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@postfix.org>: Helo command rejected: Access denied
>>> sender_restrictions check_sender_ns_access,inline:{168.100.1.2=reject}
>>> sender_restrictions check_sender_ns_access,inline:{168.100.3.75=reject}
OK
>>> mail foo@www.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@www.porcupine.org>: Sender address rejected: Access denied; from=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@www.porcupine.org>: Sender address rejected: Access denied; from=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@www.porcupine.org>: Sender address rejected: Access denied
>>> mail example.tld
./smtpd_check: warning: Unable to look up NS host for example.tld: Host not found
OK
>>> mail foo@postfix.org
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@postfix.org>: Sender address rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: MAIL from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@postfix.org>: Sender address rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@postfix.org>: Sender address rejected: Access denied
>>> recipient_restrictions check_recipient_ns_access,inline:{168.100.1.2=reject}
>>> recipient_restrictions check_recipient_ns_access,inline:{168.100.3.75=reject}
OK
>>> rcpt foo@www.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@www.porcupine.org>: Recipient address rejected: Access denied; from=<foo@postfix.org> to=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@www.porcupine.org>: Recipient address rejected: Access denied; from=<foo@postfix.org> to=<foo@www.porcupine.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@www.porcupine.org>: Recipient address rejected: Access denied
>>> rcpt foo@example.tld
./smtpd_check: warning: Unable to look up NS host for foo@example.tld: Host not found
OK
>>> rcpt foo@postfix.org
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <foo@postfix.org>: Recipient address rejected: Access denied; from=<foo@postfix.org> to=<foo@postfix.org> proto=SMTP helo=<foo@postfix.org>
./smtpd_check: <queue id>: reject: RCPT from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <foo@postfix.org>: Recipient address rejected: Access denied; from=<foo@postfix.org> to=<foo@postfix.org> proto=SMTP helo=<foo@postfix.org>
554 5.7.1 <foo@postfix.org>: Recipient address rejected: Access denied
>>> #
>>> # Check A access
>>> #
>>> helo_restrictions check_helo_a_access,inline:{168.100.189.2=reject}
>>> helo_restrictions check_helo_a_access,inline:{168.100.3.2=reject}
OK
>>> helo spike.porcupine.org
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.189.2]: 554 5.7.1 <spike.porcupine.org>: Helo command rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<spike.porcupine.org>
./smtpd_check: <queue id>: reject: HELO from spike.porcupine.org[168.100.3.2]: 554 5.7.1 <spike.porcupine.org>: Helo command rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<spike.porcupine.org>
554 5.7.1 <spike.porcupine.org>: Helo command rejected: Access denied
>>> helo www.porcupine.org
OK
>>> client_restrictions check_client_a_access,inline:{168.100.189.2=reject}
>>> client_restrictions check_client_a_access,inline:{168.100.3.2=reject}
OK
>>> client spike.porcupine.org 1.2.3.4
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[1.2.3.4]: 554 5.7.1 <spike.porcupine.org[1.2.3.4]>: Client host rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<www.porcupine.org>
554 5.7.1 <spike.porcupine.org[1.2.3.4]>: Client host rejected: Access denied
>>> client www.porcupine.org 1.2.3.4
OK
>>> reverse_client_restrictions check_reverse_client_a_access,inline:{168.100.189.2=reject}
>>> reverse_client_restrictions check_reverse_client_a_access,inline:{168.100.3.2=reject}
bad command
>>> client spike.porcupine.org 1.2.3.4
./smtpd_check: <queue id>: reject: CONNECT from spike.porcupine.org[1.2.3.4]: 554 5.7.1 <spike.porcupine.org[1.2.3.4]>: Client host rejected: Access denied; from=<foo@postfix.org> proto=SMTP helo=<www.porcupine.org>
554 5.7.1 <spike.porcupine.org[1.2.3.4]>: Client host rejected: Access denied
>>> client www.porcupine.org 1.2.3.4
OK
>>> sender_restrictions check_sender_a_access,inline:{168.100.189.2=reject}
>>> sender_restrictions check_sender_a_access,inline:{168.100.3.2=reject}
OK
>>> mail foo@spike.porcupine.org
./smtpd_check: <queue id>: reject: MAIL from www.porcupine.org[1.2.3.4]: 554 5.7.1 <foo@spike.porcupine.org>: Sender address rejected: Access denied; from=<foo@spike.porcupine.org> proto=SMTP helo=<www.porcupine.org>
554 5.7.1 <foo@spike.porcupine.org>: Sender address rejected: Access denied
>>> mail foo@www.porcupine.org
OK
>>> recipient_restrictions check_recipient_a_access,inline:{168.100.189.2=reject}
>>> recipient_restrictions check_recipient_a_access,inline:{168.100.3.2=reject}
OK
>>> rcpt foo@spike.porcupine.org
./smtpd_check: <queue id>: reject: RCPT from www.porcupine.org[1.2.3.4]: 554 5.7.1 <foo@spike.porcupine.org>: Recipient address rejected: Access denied; from=<foo@www.porcupine.org> to=<foo@spike.porcupine.org> proto=SMTP helo=<www.porcupine.org>

View File

@ -713,7 +713,7 @@ timecmp_test: timecmp
$(SHLIB_ENV) ${VALGRIND} ./timecmp
myaddrinfo_test: myaddrinfo myaddrinfo.ref myaddrinfo.ref2
$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo all belly.porcupine.org 168.100.189.2 >myaddrinfo.tmp 2>&1
$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo all belly.porcupine.org 168.100.3.2 >myaddrinfo.tmp 2>&1
diff myaddrinfo.ref myaddrinfo.tmp
rm -f myaddrinfo.tmp
$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo all null.porcupine.org 10.0.0.0 >myaddrinfo.tmp 2>&1
@ -721,7 +721,7 @@ myaddrinfo_test: myaddrinfo myaddrinfo.ref myaddrinfo.ref2
rm -f myaddrinfo.tmp
myaddrinfo4_test: myaddrinfo4 myaddrinfo4.ref myaddrinfo4.ref2
$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo4 all belly.porcupine.org 168.100.189.2 >myaddrinfo4.tmp 2>&1
$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo4 all belly.porcupine.org 168.100.3.2 >myaddrinfo4.tmp 2>&1
diff myaddrinfo4.ref myaddrinfo4.tmp
$(SHLIB_ENV) ${VALGRIND} ./myaddrinfo4 all null.porcupine.org 10.0.0.0 >myaddrinfo4.tmp 2>&1
diff myaddrinfo4.ref2 myaddrinfo4.tmp

View File

@ -113,9 +113,9 @@ DICT *dict_inline_open(const char *name, int open_flags, int dict_flags)
dict = dict_open3(DICT_TYPE_HT, name, open_flags, dict_flags);
dict_type_override(dict, DICT_TYPE_INLINE);
while ((nameval = mystrtokq(&cp, CHARS_COMMA_SP, CHARS_BRACE)) != 0) {
if ((nameval[0] != CHARS_BRACE[0]
|| (err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP)) == 0)
&& (err = split_qnameval(nameval, &vname, &value)) != 0)
if (nameval[0] == CHARS_BRACE[0])
err = free_me = extpar(&nameval, CHARS_BRACE, EXTPAR_FLAG_STRIP);
if (err != 0 || (err = split_qnameval(nameval, &vname, &value)) != 0)
break;
if ((dict->flags & DICT_FLAG_SRC_RHS_IS_FILE) != 0) {

View File

@ -1,9 +1,9 @@
168.100.189.2
168.100.189.2
168.100.189.1
168.100.189.3
168.100.189.3
168.100.189.3
168.100.189.4
168.100.189.1
168.100.189.4
168.100.3.2
168.100.3.2
168.100.3.1
168.100.3.3
168.100.3.3
168.100.3.3
168.100.3.4
168.100.3.1
168.100.3.4

View File

@ -1,15 +1,15 @@
unknown: list before sort/uniq
unknown: 168.100.189.2
unknown: 168.100.189.2
unknown: 168.100.189.1
unknown: 168.100.189.3
unknown: 168.100.189.3
unknown: 168.100.189.3
unknown: 168.100.189.4
unknown: 168.100.189.1
unknown: 168.100.189.4
unknown: 168.100.3.2
unknown: 168.100.3.2
unknown: 168.100.3.1
unknown: 168.100.3.3
unknown: 168.100.3.3
unknown: 168.100.3.3
unknown: 168.100.3.4
unknown: 168.100.3.1
unknown: 168.100.3.4
unknown: list after sort/uniq
unknown: 168.100.189.1
unknown: 168.100.189.2
unknown: 168.100.189.3
unknown: 168.100.189.4
unknown: 168.100.3.1
unknown: 168.100.3.2
unknown: 168.100.3.3
unknown: 168.100.3.4

View File

@ -1,8 +1,8 @@
./myaddrinfo: === hostname belly.porcupine.org ===
./myaddrinfo: belly.porcupine.org -> family=2 sock=1 proto=6 168.100.189.6
./myaddrinfo: 168.100.189.6 -> belly.porcupine.org
./myaddrinfo: belly.porcupine.org -> family=2 sock=1 proto=6 168.100.3.6
./myaddrinfo: 168.100.3.6 -> belly.porcupine.org
./myaddrinfo: belly.porcupine.org -> family=28 sock=1 proto=6 2604:8d00:189::6
./myaddrinfo: 2604:8d00:189::6 -> belly.porcupine.org
./myaddrinfo: === host address 168.100.189.2 ===
./myaddrinfo: 168.100.189.2 -> family=2 sock=1 proto=6 168.100.189.2
./myaddrinfo: 168.100.189.2 -> spike.porcupine.org
./myaddrinfo: === host address 168.100.3.2 ===
./myaddrinfo: 168.100.3.2 -> family=2 sock=1 proto=6 168.100.3.2
./myaddrinfo: 168.100.3.2 -> spike.porcupine.org

View File

@ -1,6 +1,6 @@
./myaddrinfo4: === hostname belly.porcupine.org ===
./myaddrinfo4: belly.porcupine.org -> family=2 sock=1 proto=6 168.100.189.6
./myaddrinfo4: 168.100.189.6 -> belly.porcupine.org
./myaddrinfo4: === host address 168.100.189.2 ===
./myaddrinfo4: 168.100.189.2 -> family=2 sock=1 proto=6 168.100.189.2
./myaddrinfo4: 168.100.189.2 -> spike.porcupine.org
./myaddrinfo4: belly.porcupine.org -> family=2 sock=1 proto=6 168.100.3.6
./myaddrinfo4: 168.100.3.6 -> belly.porcupine.org
./myaddrinfo4: === host address 168.100.3.2 ===
./myaddrinfo4: 168.100.3.2 -> family=2 sock=1 proto=6 168.100.3.2
./myaddrinfo4: 168.100.3.2 -> spike.porcupine.org