mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 22:25:24 +00:00
Code Issues Releases Wiki Activity

postfix-1.1.12-20021208

Browse Source
This commit is contained in:
Wietse Venema
2002-12-08 00:00:00 -05:00
committed by Viktor Dukhovni
parent dbed5008ea
commit 29c2c7963a
54 changed files with 976 additions and 478 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
postfix/HISTORY
View File

@@ -7295,16 +7295,16 @@ Apologies for any names omitted.
syntax as the mydestination parameter. Default settings syntax as the mydestination parameter. Default settings
are backwards compatible with Postfix 1.1. are backwards compatible with Postfix 1.1.
Cleanup: just like $mydestination+$inet_interfaces control Concept: just like $mydestination+$inet_interfaces control
what routes to $local_transport, $virtual_mailbox_domains what routes to $local_transport, $virtual_mailbox_domains
now controls what routes to $virtual_transport (default now controls what routes to $virtual_transport (default
transport: virtual), and $relay_domains now controls what transport: virtual), and $relay_domains now controls what
routes to $relay_transport (default transport: relay, a routes to $relay_transport (default transport: relay, a
clone of the smtp transport). Everything else routes to clone of the smtp transport). Everything else routes to
$default_transport as before. This eliminates the need $default_transport as before. This eliminates the need
for transport maps for virtual(8) domains, and avoids for transport map entries for every virtual(8) domain, and
performance problems with inbound relay mail. This was avoids performance problems with inbound relay mail. This
improvement was suggested by Victor Duchovni. File: was improvement was suggested by Victor Duchovni. File:
trivial-rewrite/resolve.c. trivial-rewrite/resolve.c.
20021206 20021206
@@ -7315,25 +7315,52 @@ Apologies for any names omitted.
20021207 20021207
Performance: apparently, RFC 2821 blesses the use of CNAME Cleanup: deleted the description of sendmail-style virtual
domain names in SMTP commands. This speeds things up a bit. domains from the virtual(5) manual page. This part of
File: smtp/smtp_proto.c. Postfix was too confusing.
Performance: RFC 2821 blesses the use of CNAME domain names
in MAIL FROM and RCPT TO. Not having to expand CNAME domain
names speeds things up a bit. File: smtp/smtp_proto.c.
Workaround: exclude error mailer destinations from transport Workaround: exclude error mailer destinations from transport
table lookups. File: trivial-rewrite/resolve.c. mapping lookups :-(. File: trivial-rewrite/resolve.c.
Cleanup: relocated_maps lookups moved to the trivial-rewrite Cleanup: relocated_maps lookups are now moved to the
server. The queue manager no longer does any map lookups, trivial-rewrite server. As of now, the queue manager no
so it won't restart when maps change. This required that longer does any map lookups, so it won't restart when maps
resolver clients be prepared for the case that the resolver change. Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.
reports it is unable to access a lookup table. This also
required that trivial-rewrite be running as multiple
processes to reduce the impact of table lookup latencies.
Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c,
local/resolve.c, smtpd/smtpd_check.c, master/multi-server.c.
Workaround: don't discard all DNS lookup results when one Robustness: because the trivial-rewrite server now does
has a malformed name or address. File: dns/dns_lookups.c. many more table lookups, some of which are often LDAP or
SQL based, trivial-rewrite clients must be be prepared for
the case that the resolver reports a failure while processing
a request (when it was unable to access a lookup table).
Files: trivial-rewrite/resolve.c, local/resolve.c,
smtpd/smtpd_check.c.
Robustness: moving possible LDAP or SQL table lookups into
the trivial-rewrite server also required that trivial-rewrite
be running as multiple processes to reduce lookup latencies.
Files: master/multi-server.c.
Workaround: don't discard all the DNS lookup results when
only one of the results has a malformed name or address.
File: dns/dns_lookup.c.
200201208
Cleanup: with the preliminary address domain classification
concept as implemented by the trivial-rewrite address
resolver, a lot of table lookups could be eliminated from
the SMTP server. Files: smtpd/smtpd_check.c.
Feature: new relay_recipient_maps parameter, for optional
maps with all the recipients in the domains that match
$relay_domains (so you can reject mail for unknown relay
recipients). This is for consistency with virtual_xx_maps
and virtual_xx_domains, and with local_recipient_maps and
the local delivery agent. File: smtpd/smtpd_check.c.
Open problems: Open problems:

21
postfix/README_FILES/VIRTUAL_README
View File

@@ -8,9 +8,9 @@ Purpose of this software
You can use the virtual delivery agent for mailbox delivery of some You can use the virtual delivery agent for mailbox delivery of some
or all domains that are handled by a machine. or all domains that are handled by a machine.
This mechanism is different from virtual domains that are implemented This mechanism is different from simulated virtual domains that
by translating each virtual address into a real local user. For are implemented by translating each virtual address into a real
that, see the virtual(5) manual page. local user. For that, see the virtual(5) manual page.
This is what Andrew McNamara wrote when he made the virtual delivery This is what Andrew McNamara wrote when he made the virtual delivery
agent available. agent available.
@@ -80,8 +80,9 @@ virtual_mailbox_maps
If a recipient is not found the mail is returned to the sender. If a recipient is not found the mail is returned to the sender.
For security reasons, regexp maps are not allowed here, because For security reasons, regular expression maps are allowed but
their $1 etc. substitutions would open a security hole. regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
The mail administrator is expected to create and chown recipient The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time. mailbox files or maildir directories ahead of time.
@@ -102,8 +103,9 @@ virtual_uid_maps
specific user@domain.tld entry. While searching a lookup table, specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored. an address extension (user+foo@domain.tld) is ignored.
For security reasons, regexp maps are not allowed here, because For security reasons, regular expression maps are allowed but
their $1 etc. substitutions would open a security hole. regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same Specify a static map if all mailboxes should be owned by the same
UID. For example, to specify that all mailboxes are owned by the UID. For example, to specify that all mailboxes are owned by the
@@ -121,8 +123,9 @@ virtual_gid_maps
specific user@domain.tld entry. While searching a lookup table, specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored. an address extension (user+foo@domain.tld) is ignored.
For security reasons, regexp maps are not allowed here, because For security reasons, regular expression maps are allowed but
their $1 etc. substitutions would open a security hole. regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same Specify a static map if all mailboxes should be owned by the same
GID. For example, to specify that all mailboxes are owned by the GID. For example, to specify that all mailboxes are owned by the

95
postfix/RELEASE_NOTES
View File

@@ -15,13 +15,92 @@ the same bugfixes as a patch release.
Incompatible changes with Postfix snapshot 1.1.12-200212XX Incompatible changes with Postfix snapshot 1.1.12-200212XX
========================================================== ==========================================================
The default hash_queue_depth setting is reduced to 1 level of Postfix now uses the "relay" mail delivery transport for relayed
subdirectories. This improves "mailq" performance on most systems, mail (domains matching relay_domains). This may affect your
but results in poorer worst-case performance on systems with lots defer_transports settings. The old "smtp" transport is now the
of mail in the queue. default mail delivery transport for domains that do not match
relay_domains or any local or virtual domain name.
The check_relay_domains restriction is going away. The SMTP server The "virtual_maps" configuration parameter is now called
logs a warning and suggests using reject_unauth_destination instead. "virtual_alias_maps", for consistency with "virtual_mailbox_maps".
Default settings are backwards compatible with Postfix 1.1.
Postfix-style virtual domains are now called simulated virtual
domains. Sendmail-style virtual domains are no longer documented.
This part of Postfix was too confusing.
The default queue directory hash_queue_depth setting is reduced to
1 level of subdirectories per Postfix queue. This improves "mailq"
performance on most systems, but can result in poorer worst-case
performance on systems with lots of mail in the queue.
The "reject_maps_rbl" restriction is going away. The SMTP server
logs a warning and suggests using the more flexible "reject_rbl_client"
instead.
The "check_relay_domains" restriction is going away. The SMTP server
logs a warning and suggests using "reject_unauth_destination"
instead.
Major changes with Postfix snapshot 1.1.11-200212XX
===================================================
This release introduces separation of lookup tables for addresses
and for domain names of virtual domains.
- virtual_maps is replaced by virtual_alias_maps (for address
lookups) and virtual_alias_domains (for the names of what were
formerly called "Postfix-style virtual domains").
For backwards compatibility with Postfix version 1.1, the new
virtual_alias_maps parameter defaults to $virtual_maps, and the
new virtual_alias_domains parameter defaults to $virtual_alias_maps.
- virtual_mailbox_maps now has a companion parameter called
virtual_mailbox_domains (for the names of domains served by the
virtual delivery agent). virtual_mailbox_maps is now used for
address lookups only.
For backwards compatibility with Postfix version 1.1,, the new
virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
This release introduces the concept of address domain classes, each
having its own default mail delivery transport:
Destination matches Default transport Default name
--------------------------------------------------------------
$mydestination or
$inet_interfaces $local_transport local
$virtual_alias_domains (not applicable) (not applicable)
$virtual_mailbox_domains $virtual_transport virtual
$relay_domains $relay_transport relay
other $default_transport smtp
The benefits of these changes are that:
- You no longer need to specify all the virtual(8) domains in the
Postfix transport map.
- A lot of table lookups could be eliminated from the SMTP server's
mail relay control and unknown user blocking code.
Better handling of unknown recipients. Each address domain class
now has its own table with known recipients, so that you can reject
mail for unknown addresses consistently.
Destination matches Recipients defined by Remarks
--------------------------------------------------------------
$mydestination or
$inet_interfaces $local_recipient_maps optional
$virtual_alias_domains $virtual_alias_maps none
$virtual_mailbox_domains $virtual_mailbox_maps none
$relay_domains $relay_recipient_maps optional
other (not applicable) (not applicable)
Finally, regular expression maps are now allowed with local delivery
agent alias tables and with all virtual delivery agent lookup tables.
However, regular expression substitution of $1 etc. is still
forbidden for security reasons.
Incompatible changes with Postfix snapshot 1.1.11-20021108 Incompatible changes with Postfix snapshot 1.1.11-20021108
========================================================== ==========================================================
@@ -389,7 +468,7 @@ Postfix header_checks now properly recognize MIME headers in
attachments. This is much more efficient than previous versions attachments. This is much more efficient than previous versions
that recognized MIME headers via body_checks. MIME headers are that recognized MIME headers via body_checks. MIME headers are
now processed one multi-line header at a time, instead of one body now processed one multi-line header at a time, instead of one body
line at a time. line at a time.
In fact, Postfix now has three classes of header patterns: In fact, Postfix now has three classes of header patterns:
header_checks (for primary message headers except MIME headers), header_checks (for primary message headers except MIME headers),
@@ -1675,7 +1754,7 @@ environments. Specify "home_mailbox = Maildir/", or specify
required to turn on maildir delivery. required to turn on maildir delivery.
- Incremental updates of aliases and maps. Specify "postmap -i - Incremental updates of aliases and maps. Specify "postmap -i
mapname" and it will read new entries from stdin. mapname" and it will read new entries from stdin.
- Newaliases will now update more than one alias database. - Newaliases will now update more than one alias database.
Specify the names with the main.cf "alias_database" parameter. Specify the names with the main.cf "alias_database" parameter.

13
postfix/conf/aliases
View File

@@ -36,7 +36,6 @@ abuse: postmaster
# trap decode to catch security attacks # trap decode to catch security attacks
decode: root decode: root
#
# ALIASES(5) ALIASES(5) # ALIASES(5) ALIASES(5)
# #
# NAME # NAME
@@ -166,12 +165,19 @@ decode: root
# Delimiter that separates recipients from address # Delimiter that separates recipients from address
# extensions. # extensions.
# #
# BUGS
# Regular expression alias lookup tables are allowed, but
# substitution of $1 etc. is forbidden because that would
# open a security loophole.
#
# STANDARDS # STANDARDS
# RFC 822 (ARPA Internet Text Messages) # RFC 822 (ARPA Internet Text Messages)
# #
# SEE ALSO # SEE ALSO
# local(8) local delivery agent # local(8) local delivery agent
# postalias(1) alias database management # newaliases(1) alias database management
# regexp_table(5) POSIX regular expression table format
# pcre_table(5) Perl Compatible Regular Expression table format
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this
@@ -183,5 +189,4 @@ decode: root
# P.O. Box 704 # P.O. Box 704
# Yorktown Heights, NY 10598, USA # Yorktown Heights, NY 10598, USA
# #
# 1 # ALIASES(5)
#

31
postfix/conf/main.cf
View File

@@ -119,17 +119,21 @@ mail_owner = postfix
#proxy_interfaces = 1.2.3.4 #proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this # The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for. That includes # machine considers itself the final destination for.
# Sendmail-style virtual domains hosted on this machine.
# #
# Do not include Postfix-style virtual domains - those domains are # These domains are routed to the delivery agent specified with the
# specified elsewhere (see sample-virtual.cf, and sample-transport.cf). # local_transport parameter setting.
# #
# The default is $myhostname + localhost.$mydomain. On a mail domain # The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the # gateway, you should also include $mydomain.
# names of domains that this machine is backup MX host for. Specify #
# those names via the relay_domains or permit_mx_backup settings for # Do not specify the names of virtual domains - those domains are
# the SMTP server (see sample-smtpd.cf). # specified elsewhere (see sample-virtual.cf).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# sample-smtpd.cf).
# #
# The local machine is always the final destination for mail addressed # The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system # to user@[the.net.work.address] of an interface that the mail system
@@ -242,6 +246,16 @@ mail_owner = postfix
#relayhost = uucphost #relayhost = uucphost
#relayhost = [an.ip.add.ress] #relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# REJECTING UNKNOWN LOCAL USERS # REJECTING UNKNOWN LOCAL USERS
# #
# The local_recipient_maps parameter specifies optional lookup tables # The local_recipient_maps parameter specifies optional lookup tables
@@ -302,6 +316,7 @@ mail_owner = postfix
# #
# The alias_maps parameter specifies the list of alias databases used # The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent. # by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias # On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax # database, then the NIS alias database. See aliases(5) for syntax
# details. # details.

24
postfix/conf/sample-misc.cf
View File

@@ -41,7 +41,9 @@ berkeley_db_read_buffer_size = 131072
#default_database_type = dbm #default_database_type = dbm
# The default_transport parameter specifies the default message # The default_transport parameter specifies the default message
# delivery transport to use when no transport is explicitly given in # delivery transport for domains that do not match mydestination,
# inet_interfaces, virtual_alias_domains, virtual_mailbox_domains,
# relay_domains, and for which no transport is explicitly given in
# the optional transport(5) table. # the optional transport(5) table.
# #
# Specify a string of the form transport:nexthop, where transport is # Specify a string of the form transport:nexthop, where transport is
@@ -195,17 +197,21 @@ max_idle = 100s
max_use = 100 max_use = 100
# The mydestination parameter specifies the list of domains that this # The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for. That includes # machine considers itself the final destination for.
# Sendmail-style virtual domains hosted on this machine.
# #
# Do not include Postfix-style virtual domains - those domains are # These domains are routed to the delivery agent specified with the
# specified elsewhere (see sample-virtual.cf, and sample-transport.cf). # local_transport parameter setting.
# #
# The default is $myhostname + localhost.$mydomain. On a mail domain # The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the # gateway, you should also include $mydomain.
# names of domains that this machine is backup MX host for. Specify #
# those names via the relay_domains or permit_mx_backup settings for # Do not specify the names of virtual domains - those domains are
# the SMTP server (see sample-smtpd.cf). # specified elsewhere (see sample-virtual.cf).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# sample-smtpd.cf).
# #
# The local machine is always the final destination for mail addressed # The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system # to user@[the.net.work.address] of an interface that the mail system

3
postfix/conf/sample-smtpd.cf
View File

@@ -406,6 +406,9 @@ allow_untrusted_routing = no
# and restricts what destination domains (and subdomains thereof) # and restricts what destination domains (and subdomains thereof)
# this system will relay mail to. # this system will relay mail to.
# #
# These domains are routed to the delivery agent specified with the
# relay_transport parameter setting.
#
# By default, Postfix relays mail # By default, Postfix relays mail
# - from trusted clients whose IP address matches $mynetworks, # - from trusted clients whose IP address matches $mynetworks,
# - from untrusted clients to destinations that match $relay_domains # - from untrusted clients to destinations that match $relay_domains

17
postfix/conf/sample-virtual.cf
View File

@@ -4,19 +4,20 @@
# This file contains example settings of Postfix configuration # This file contains example settings of Postfix configuration
# parameters that control virtual alias database lookups. # parameters that control virtual alias database lookups.
# This file describes settings for simulated virtual domains. These # This file describes configuration settings that can be used for
# are domains for which all mail is aliased to one or more local or # aliasing and for implementing SIMULATED VIRTUAL DOMAINS (domains
# remote addresses. For details, see the virtual(5) manual page. # for which all mail is aliased to one or more local or remote
# addresses). For details, see the virtual(5) manual page.
# #
# If you need virtual domains where each virtual address can have # If you need TRUE VIRTUAL DOMAINS (domains where each virtual address
# its own mailbox, then you should use the virtual(8) delivery agent # can have its own mailbox), then you should use the virtual(8)
# instead. For details, see the VIRTUAL_README file. # delivery agent instead. For details, see the VIRTUAL_README file.
# The virtual_alias_maps parameter specifies optional lookup tables to # The virtual_alias_maps parameter specifies optional lookup tables to
# redirect specific addresses or even complete domains to another # alias specific addresses or even complete domains to another
# address. This is typically used to simulate virtual domain support. # address. This is typically used to simulate virtual domain support.
# #
# By default, no address redirection is done. # By default, no address aliasing is done.
# #
# If you use this feature, run "postmap /etc/postfix/virtual" to # If you use this feature, run "postmap /etc/postfix/virtual" to
# build the necessary DBM or DB file after change. # build the necessary DBM or DB file after change.

94
postfix/conf/transport
View File

@@ -59,6 +59,28 @@
# "do not change": use the delivery transport and nexthop # "do not change": use the delivery transport and nexthop
# information that would be used if no match were found. # information that would be used if no match were found.
# #
# TRANSPORT FIELD
# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
# When a null transport field is specified, Postfix uses one
# of the following transports:
#
# $local_transport
# The domain matches $mydestination or $inet_inter-
# faces.
#
# $virtual_transport
# The domain matches $virtual_mailbox_domains.
#
# $relay_transport
# The domain matches $relay_transport.
#
# $default_transport
# All other non-local, non-virtual destinations.
#
# NEXTHOP FIELD
# The interpretation of the nexthop field is transport # The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify host:service for a # dependent. In the case of SMTP, specify host:service for a
# non-default server port, and use [host] or [host]:port in # non-default server port, and use [host] or [host]:port in
@@ -66,6 +88,7 @@
# form can also be used with IP addresses instead of host- # form can also be used with IP addresses instead of host-
# names. # names.
# #
# LOOKUP ORDER
# With lookups from indexed files such as DB or DBM, or from # With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are # networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below: # tried in the order as listed below:
@@ -123,64 +146,63 @@
# #
# foo.org slow: # foo.org slow:
# #
# When no transport is specified, Postfix uses either # When no transport is specified, Postfix uses the transport
# $local_transport or $default_transport, depending on # that matches the address domain class (see TRANSPORT FIELD
# whether the destination matches $mydestination. The fol- # discussion above). The following sends all mail for
# lowing sends all mail for foo.org and its subdomains to # foo.org and its subdomains to host gateway.foo.org:
# host gateway.foo.org:
# #
# foo.org :[gateway.foo.org] # foo.org :[gateway.foo.org]
# .foo.org :[gateway.foo.org] # .foo.org :[gateway.foo.org]
# #
# In the above example, the [] are used to suppress MX # In the above example, the [] are used to suppress MX
# lookups. The result would likely point to your local # lookups. The result would likely point to your local
# machine. # machine.
# #
# In the case of delivery via SMTP, one may specify host- # In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host: # name:service instead of just a host:
# #
# foo.org smtp:bar.org:2025 # foo.org smtp:bar.org:2025
# #
# This directs mail for user@foo.org to host bar.org port # This directs mail for user@foo.org to host bar.org port
# 2025. Instead of a numerical port a symbolic name may be # 2025. Instead of a numerical port a symbolic name may be
# used. Specify [] around the hostname in order to disable # used. Specify [] around the hostname in order to disable
# MX lookups. # MX lookups.
# #
# The error mailer can be used to bounce mail: # The error mailer can be used to bounce mail:
# #
# .foo.org error:mail for *.foo.org is not deliv- # .foo.org error:mail for *.foo.org is not deliv-
# erable # erable
# #
# This causes all mail for user@anything.foo.org to be # This causes all mail for user@anything.foo.org to be
# bounced. # bounced.
# #
# REGULAR EXPRESSION TABLES # REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when # This section describes how the table lookups change when
# the table is given in the form of regular expressions. For # the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax, # a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5). # see regexp_table(5) or pcre_table(5).
# #
# Each pattern is a regular expression that is applied to # Each pattern is a regular expression that is applied to
# the entire domain being looked up. Thus, some.domain.hier- # the entire domain being looked up. Thus, some.domain.hier-
# archy is not broken up into parent domains. # archy is not broken up into parent domains.
# #
# Patterns are applied in the order as specified in the # Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search # table, until a pattern is found that matches the search
# string. # string.
# #
# Results are the same as with indexed file lookups, with # Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from # the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on. # the pattern can be interpolated as $1, $2 and so on.
# #
# CONFIGURATION PARAMETERS # CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant # The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax # to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the postfix reload # details and for default values. Use the postfix reload
# command after a configuration change. # command after a configuration change.
# #
# parent_domain_matches_subdomains # parent_domain_matches_subdomains
# List of Postfix features that use domain.tld pat- # List of Postfix features that use domain.tld pat-
# terns to match sub.domain.tld (as opposed to # terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns). # requiring .domain.tld patterns).
# #
# transport_maps # transport_maps
@@ -189,14 +211,21 @@
# Other parameters of interest: # Other parameters of interest:
# #
# local_transport # local_transport
# The mail delivery transport to use when no trans- # The default mail delivery transport when the desti-
# port is explicitly specified, and the destination # nation matches $mydestination or $inet_interfaces.
# matches $mydestination. #
# virtual_transport
# The default mail delivery transport when the desti-
# nation matches virtual_mailbox_domains.
#
# relay_transport
# The default mail delivery transport when the desti-
# nation matches relay_domains.
# #
# default_transport # default_transport
# The mail delivery transport to use when no trans- # The default mail delivery transport when the desti-
# port is explicitly specified, and the destination # nation does not match a local, virtual or relay
# does not match $mydestination. # destination.
# #
# mydestination # mydestination
# The destinations that are given to $local_transport # The destinations that are given to $local_transport
@@ -204,7 +233,8 @@
# #
# relayhost # relayhost
# The default host for destinations that do not match # The default host for destinations that do not match
# $mydestination. # $mydestination, $inet_interfaces, vir-
# tual_alias_domains or virtual_mailbox_domains.
# #
# SEE ALSO # SEE ALSO
# postmap(1) create mapping table # postmap(1) create mapping table

41
postfix/conf/virtual
View File

@@ -12,9 +12,17 @@
# #
# DESCRIPTION # DESCRIPTION
# The optional virtual alias table specifies address alias- # The optional virtual alias table specifies address alias-
# ing for local and non-local recipients. Virtual aliasing # ing for arbitrary local or non-local recipient addresses.
# is used by the cleanup(8) daemon. Virtual aliasing is # Virtual aliasing is recursive, and is done by the Postfix
# recursive. # cleanup(8) daemon.
#
# The main applications of virtual aliasing are:
#
# o To redirect mail from one address to one or more
# other addresses.
#
# o To simulate virtual domains where all virtual
# addresses are aliased to non-virtual addresses.
# #
# Virtual aliasing is applied only to recipient envelope # Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Think # addresses, and does not affect message headers. Think
@@ -52,8 +60,8 @@
# With a simulated virtual domain, the virtual domain has # With a simulated virtual domain, the virtual domain has
# its own user name space. Local (i.e. non-virtual) user- # its own user name space. Local (i.e. non-virtual) user-
# names are not visible in a simulated virtual domain. In # names are not visible in a simulated virtual domain. In
# particular, local aliases(5) and mailing lists are not # particular, local aliases(5) and local mailing lists are
# visible as localname@virtual.domain. # not visible as localname@simulated.domain.
# #
# Support for a simulated virtual domain looks like: # Support for a simulated virtual domain looks like:
# #
@@ -65,21 +73,21 @@
# types. # types.
# #
# /etc/postfix/virtual: # /etc/postfix/virtual:
# virtual.domain anything (right-hand content does not matter) # simulated.domain anything (right-hand content does not matter)
# postmaster@virtual.domain postmaster # postmaster@simulated.domain postmaster
# user1@virtual.domain address1 # user1@simulated.domain address1
# user2@virtual.domain address2, address3 # user2@simulated.domain address2, address3
# #
# The virtual.domain anything entry is required for a simu- # The simulated.domain anything entry is required for a sim-
# lated virtual domain. Without this entry, mail will be # ulated virtual domain. Without this entry, mail will be
# rejected with a "relay access denied" error condition. # rejected with a "relay access denied" error condition.
# #
# Do not list a simulated virtual domain name in the main.cf # Do not list a simulated virtual domain name in the main.cf
# mydestination configuration parameter. # mydestination configuration parameter.
# #
# With a simulated virtual domain, the Postfix SMTP server # With a simulated virtual domain, the Postfix SMTP server
# accepts mail for known-user@virtual.domain, and rejects # accepts mail for known-user@simulated.domain, and rejects
# mail for unknown-user@virtual.domain as undeliverable. # mail for unknown-user@simulated.domain as undeliverable.
# #
# Instead of specifying the simulated virtual domain name # Instead of specifying the simulated virtual domain name
# via the virtual_alias_maps table, you may also specify it # via the virtual_alias_maps table, you may also specify it
@@ -187,7 +195,8 @@
# local. # local.
# #
# myorigin # myorigin
# The domain that is appended to locally-posted mail. # The domain that is appended to any address that
# does not have a domain.
# #
# owner_request_special # owner_request_special
# Give special treatment to owner-xxx and xxx-request # Give special treatment to owner-xxx and xxx-request
@@ -196,8 +205,8 @@
# SEE ALSO # SEE ALSO
# cleanup(8) canonicalize and enqueue mail # cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table # postmap(1) create mapping table
# pcre_table(5) format of PCRE tables # regexp_table(5) POSIX regular expression table format
# regexp_table(5) format of POSIX regular expression tables # pcre_table(5) Perl Compatible Regular Expression table format
# #
# LICENSE # LICENSE
# The Secure Mailer license must be distributed with this # The Secure Mailer license must be distributed with this

13
postfix/html/aliases.5.html
View File

@@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre> <html> <head> </head> <body> <pre>
ALIASES(5) ALIASES(5) ALIASES(5) ALIASES(5)
<b>NAME</b> <b>NAME</b>
@@ -129,12 +128,19 @@ ALIASES(5) ALIASES(5)
Delimiter that separates recipients from address Delimiter that separates recipients from address
extensions. extensions.
<b>BUGS</b>
Regular expression alias lookup tables are allowed, but
substitution of $1 etc. is forbidden because that would
open a security loophole.
<b>STANDARDS</b> <b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages) <a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="local.8.html">local(8)</a> local delivery agent <a href="local.8.html">local(8)</a> local delivery agent
<a href="postalias.1.html">postalias(1)</a> alias database management <a href="newaliases.1.html">newaliases(1)</a> alias database management
<a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
@@ -146,6 +152,5 @@ ALIASES(5) ALIASES(5)
P.O. Box 704 P.O. Box 704
Yorktown Heights, NY 10598, USA Yorktown Heights, NY 10598, USA
1 ALIASES(5)
</pre> </body> </html> </pre> </body> </html>

2
postfix/html/cleanup.8.html
View File

@@ -209,7 +209,7 @@ CLEANUP(8) CLEANUP(8)
<a href="qmgr.8.html">qmgr(8)</a> queue manager daemon <a href="qmgr.8.html">qmgr(8)</a> queue manager daemon
syslogd(8) system logging syslogd(8) system logging
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting <a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting
<a href="virtual.5.html">virtual(5)</a> virtual address lookup table format <a href="virtual.5.html">virtual(5)</a> virtual alias lookup table format
<b>FILES</b> <b>FILES</b>
/etc/postfix/canonical*, canonical mapping table /etc/postfix/canonical*, canonical mapping table

9
postfix/html/postfix.1.html
View File

@@ -141,7 +141,14 @@ POSTFIX(1) POSTFIX(1)
$<b>config</b><i>_</i><b>directory/master.cf</b>, Postfix daemon processes $<b>config</b><i>_</i><b>directory/master.cf</b>, Postfix daemon processes
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="master.8.html">master(8)</a> Postfix master program <a href="postconf.1.html">postconf(1)</a> Postfix configuration management
<a href="postsuper.1.html">postsuper(1)</a> Postfix housekeeping
<a href="sendmail.1.html">sendmail(1)</a> Sendmail-compatible interface
<a href="postmap.1.html">postmap(1)</a> Postfix lookup table management
<a href="master.8.html">master(8)</a> Postfix master daemon
The respective manual pages for the daemon processes spec-
ified in the <b>master.cf</b> file, and the manual pages refer-
enced by those manual pages.
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this

80
postfix/html/smtpd.8.html
View File

@@ -151,21 +151,27 @@ SMTPD(8) SMTPD(8)
defined, then the SMTP server rejects mail for defined, then the SMTP server rejects mail for
unknown local users. unknown local users.
<b>relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
List of maps that define all the email addresses in
the domains that match <b>$relay</b><i>_</i><b>domains</b>. If this
parameter is defined, then the SMTP server rejects
mail for unknown relay recipients.
<b>notify</b><i>_</i><b>classes</b> <b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are: List of error classes. Of special interest are:
<b>policy</b> When a client violates any policy, mail a <b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the transcript of the entire SMTP session to the
postmaster. postmaster.
<b>protocol</b> <b>protocol</b>
When a client violates the SMTP protocol or When a client violates the SMTP protocol or
issues an unimplemented command, mail a issues an unimplemented command, mail a
transcript of the entire SMTP session to the transcript of the entire SMTP session to the
postmaster. postmaster.
<b>smtpd</b><i>_</i><b>banner</b> <b>smtpd</b><i>_</i><b>banner</b>
Text that follows the <b>220</b> status code in the SMTP Text that follows the <b>220</b> status code in the SMTP
greeting banner. greeting banner.
<b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b> <b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
@@ -173,25 +179,25 @@ SMTPD(8) SMTPD(8)
expansion of rbl template responses and other text. expansion of rbl template responses and other text.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Restrict the number of recipients that the SMTP Restrict the number of recipients that the SMTP
server accepts per message delivery. server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b> <b>smtpd</b><i>_</i><b>timeout</b>
Limit the time to send a server response and to Limit the time to send a server response and to
receive a client request. receive a client request.
<b>soft</b><i>_</i><b>bounce</b> <b>soft</b><i>_</i><b>bounce</b>
Change hard (5xx) reject responses into soft (4xx) Change hard (5xx) reject responses into soft (4xx)
reject responses. This can be useful for testing reject responses. This can be useful for testing
purposes. purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b> <b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim- The characters that Postfix accepts as VERP delim-
iter characters. iter characters.
<b>Resource</b> <b>controls</b> <b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b> <b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the Limit the amount of memory in bytes used for the
handling of partial input lines. handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b> <b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -199,8 +205,8 @@ SMTPD(8) SMTPD(8)
ing on-disk storage for envelope information. ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b> <b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail file system for the SMTP server to accept any mail
at all. at all.
<b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b> <b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
@@ -215,23 +221,23 @@ SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors, When an SMTP client has made this number of errors,
wait <i>error_count</i> seconds before responding to any wait <i>error_count</i> seconds before responding to any
client request. client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
Disconnect after a client has made this number of Disconnect after a client has made this number of
errors. errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b> <b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit SMTP session before it is penalized with tarpit
delays. delays.
<b>UCE</b> <b>control</b> <b>restrictions</b> <b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.tld</i> pat- List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns). requiring <i>.domain.tld</i> patterns).
<b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
@@ -239,19 +245,19 @@ SMTPD(8) SMTPD(8)
tem. tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b> <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
Require that clients introduce themselves at the Require that clients introduce themselves at the
beginning of an SMTP session. beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
Restrict what client hostnames are allowed in <b>HELO</b> Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands. and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b> Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands. <b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands. <b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
@@ -259,40 +265,41 @@ SMTPD(8) SMTPD(8)
mands, and what clients may issue <b>ETRN</b> commands. mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b> <b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
Restrictions on the <b>DATA</b> command. Currently, the Restrictions on the <b>DATA</b> command. Currently, the
only restriction that makes sense here is only restriction that makes sense here is
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>. <b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b> <b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX nasty relay loopholes involving trusted backup MX
hosts. hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b> <b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of contain a list of UCE restrictions. The names of
these parameters can then be used instead of the these parameters can then be used instead of the
restriction lists that they represent. restriction lists that they represent.
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b> <b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
The lookup key to be used in SMTPD access tables The lookup key to be used in SMTPD access tables
instead of the null sender address. A null sender instead of the null sender address. A null sender
address cannot be looked up. address cannot be looked up.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated) <b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
List of DNS domains that publish the addresses of List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated blacklisted hosts. This is used with the deprecated
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction. <b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b> <b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
Only domains whose primary MX hosts match the Only domains whose primary MX hosts match the
listed networks are eligible for the <b>per-</b> listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature. <b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b> <b>relay</b><i>_</i><b>domains</b>
Restrict what domains or networks this mail system Restrict what domains this mail system will relay
will relay mail from or to. mail to. The domains are routed to the delivery
agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
<b>UCE</b> <b>control</b> <b>responses</b> <b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b> <b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
@@ -345,6 +352,7 @@ SMTPD(8) SMTPD(8)
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction. <b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address resolver
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization <a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager <a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging syslogd(8) system logging

98
postfix/html/transport.5.html
View File

@@ -60,13 +60,36 @@ TRANSPORT(5) TRANSPORT(5)
"do not change": use the delivery transport and nexthop "do not change": use the delivery transport and nexthop
information that would be used if no match were found. information that would be used if no match were found.
The interpretation of the <i>nexthop</i> field is transport <b>TRANSPORT</b> <b>FIELD</b>
The transport field specifies the name of a mail delivery
transport (the first name of a mail delivery service entry
in the Postfix <b>master.cf</b> file).
When a null transport field is specified, Postfix uses one
of the following transports:
<b>$local</b><i>_</i><b>transport</b>
The domain matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>inter-</b>
<b>faces</b>.
<b>$virtual</b><i>_</i><b>transport</b>
The domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>$relay</b><i>_</i><b>transport</b>
The domain matches <b>$relay</b><i>_</i><b>transport</b>.
<b>$default</b><i>_</i><b>transport</b>
All other non-local, non-virtual destinations.
<b>NEXTHOP</b> <b>FIELD</b>
The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify <i>host</i>:<i>service</i> for a dependent. In the case of SMTP, specify <i>host</i>:<i>service</i> for a
non-default server port, and use [<i>host</i>] or [<i>host</i>]:<i>port</i> in non-default server port, and use [<i>host</i>] or [<i>host</i>]:<i>port</i> in
order to disable MX (mail exchanger) DNS lookups. The [] order to disable MX (mail exchanger) DNS lookups. The []
form can also be used with IP addresses instead of host- form can also be used with IP addresses instead of host-
names. names.
<b>LOOKUP</b> <b>ORDER</b>
With lookups from indexed files such as DB or DBM, or from With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below: tried in the order as listed below:
@@ -115,7 +138,7 @@ TRANSPORT(5) TRANSPORT(5)
<b>foo.org</b> <b>uucp:foo</b> <b>foo.org</b> <b>uucp:foo</b>
<b>.foo.org</b> <b>uucp:foo</b> <b>.foo.org</b> <b>uucp:foo</b>
When no <i>nexthop</i> host name is specified, the destination When no nexthop host name is specified, the destination
domain name is used instead. For example, the following domain name is used instead. For example, the following
directs mail for <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a directs mail for <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a
mail exchanger for <b>foo.org</b>. The <b>slow</b> transport could be mail exchanger for <b>foo.org</b>. The <b>slow</b> transport could be
@@ -124,64 +147,63 @@ TRANSPORT(5) TRANSPORT(5)
<b>foo.org</b> <b>slow:</b> <b>foo.org</b> <b>slow:</b>
When no <i>transport</i> is specified, Postfix uses either When no transport is specified, Postfix uses the transport
<b>$local</b><i>_</i><b>transport</b> or <b>$default</b><i>_</i><b>transport</b>, depending on that matches the address domain class (see TRANSPORT FIELD
whether the destination matches <b>$mydestination</b>. The fol- discussion above). The following sends all mail for
lowing sends all mail for <b>foo.org</b> and its subdomains to <b>foo.org</b> and its subdomains to host <b>gateway.foo.org</b>:
host <b>gateway.foo.org</b>:
<b>foo.org</b> <b>:[gateway.foo.org]</b> <b>foo.org</b> <b>:[gateway.foo.org]</b>
<b>.foo.org</b> <b>:[gateway.foo.org]</b> <b>.foo.org</b> <b>:[gateway.foo.org]</b>
In the above example, the [] are used to suppress MX In the above example, the [] are used to suppress MX
lookups. The result would likely point to your local lookups. The result would likely point to your local
machine. machine.
In the case of delivery via SMTP, one may specify <i>host-</i> In the case of delivery via SMTP, one may specify <i>host-</i>
<i>name</i>:<i>service</i> instead of just a host: <i>name</i>:<i>service</i> instead of just a host:
<b>foo.org</b> <b>smtp:bar.org:2025</b> <b>foo.org</b> <b>smtp:bar.org:2025</b>
This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
<b>2025</b>. Instead of a numerical port a symbolic name may be <b>2025</b>. Instead of a numerical port a symbolic name may be
used. Specify [] around the hostname in order to disable used. Specify [] around the hostname in order to disable
MX lookups. MX lookups.
The error mailer can be used to bounce mail: The error mailer can be used to bounce mail:
<b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b> <b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
<b>erable</b> <b>erable</b>
This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
bounced. bounced.
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b> <b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
This section describes how the table lookups change when This section describes how the table lookups change when
the table is given in the form of regular expressions. For the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax, a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>. see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
Each pattern is a regular expression that is applied to Each pattern is a regular expression that is applied to
the entire domain being looked up. Thus, <i>some.domain.hier-</i> the entire domain being looked up. Thus, <i>some.domain.hier-</i>
<i>archy</i> is not broken up into parent domains. <i>archy</i> is not broken up into parent domains.
Patterns are applied in the order as specified in the Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search table, until a pattern is found that matches the search
string. string.
Results are the same as with indexed file lookups, with Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on. the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>CONFIGURATION</b> <b>PARAMETERS</b> <b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b> details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change. command after a configuration change.
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b> <b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.tld</i> pat- List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns). requiring <i>.domain.tld</i> patterns).
<b>transport</b><i>_</i><b>maps</b> <b>transport</b><i>_</i><b>maps</b>
@@ -190,14 +212,21 @@ TRANSPORT(5) TRANSPORT(5)
Other parameters of interest: Other parameters of interest:
<b>local</b><i>_</i><b>transport</b> <b>local</b><i>_</i><b>transport</b>
The mail delivery transport to use when no trans- The default mail delivery transport when the desti-
port is explicitly specified, and the destination nation matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>interfaces</b>.
matches <b>$mydestination</b>.
<b>virtual</b><i>_</i><b>transport</b>
The default mail delivery transport when the desti-
nation matches <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>relay</b><i>_</i><b>transport</b>
The default mail delivery transport when the desti-
nation matches <b>relay</b><i>_</i><b>domains</b>.
<b>default</b><i>_</i><b>transport</b> <b>default</b><i>_</i><b>transport</b>
The mail delivery transport to use when no trans- The default mail delivery transport when the desti-
port is explicitly specified, and the destination nation does not match a local, virtual or relay
does not match <b>$mydestination</b>. destination.
<b>mydestination</b> <b>mydestination</b>
The destinations that are given to <b>$local</b><i>_</i><b>transport</b> The destinations that are given to <b>$local</b><i>_</i><b>transport</b>
@@ -205,7 +234,8 @@ TRANSPORT(5) TRANSPORT(5)
<b>relayhost</b> <b>relayhost</b>
The default host for destinations that do not match The default host for destinations that do not match
<b>$mydestination</b>. <b>$mydestination</b>, <b>$inet</b><i>_</i><b>interfaces</b>, <b>vir-</b>
<b>tual</b><i>_</i><b>alias</b><i>_</i><b>domains</b> or <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create mapping table <a href="postmap.1.html">postmap(1)</a> create mapping table

41
postfix/html/virtual.5.html
View File

@@ -13,9 +13,17 @@ VIRTUAL(5) VIRTUAL(5)
<b>DESCRIPTION</b> <b>DESCRIPTION</b>
The optional <b>virtual</b> alias table specifies address alias- The optional <b>virtual</b> alias table specifies address alias-
ing for local and non-local recipients. Virtual aliasing ing for arbitrary local or non-local recipient addresses.
is used by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon. Virtual aliasing is Virtual aliasing is recursive, and is done by the Postfix
recursive. <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
The main applications of virtual aliasing are:
<b>o</b> To redirect mail from one address to one or more
other addresses.
<b>o</b> To simulate virtual domains where all virtual
addresses are aliased to non-virtual addresses.
Virtual aliasing is applied only to recipient envelope Virtual aliasing is applied only to recipient envelope
addresses, and does not affect message headers. Think addresses, and does not affect message headers. Think
@@ -53,8 +61,8 @@ VIRTUAL(5) VIRTUAL(5)
With a simulated virtual domain, the virtual domain has With a simulated virtual domain, the virtual domain has
its own user name space. Local (i.e. non-virtual) user- its own user name space. Local (i.e. non-virtual) user-
names are not visible in a simulated virtual domain. In names are not visible in a simulated virtual domain. In
particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and mailing lists are not particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are
visible as <i>localname@virtual.domain</i>. not visible as <i>localname@simulated.domain</i>.
Support for a simulated virtual domain looks like: Support for a simulated virtual domain looks like:
@@ -66,21 +74,21 @@ VIRTUAL(5) VIRTUAL(5)
types. types.
/etc/postfix/virtual: /etc/postfix/virtual:
<i>virtual.domain</i> <i>anything</i> (right-hand content does not matter) <i>simulated.domain</i> <i>anything</i> (right-hand content does not matter)
<i>postmaster@virtual.domain</i> <i>postmaster</i> <i>postmaster@simulated.domain</i> <i>postmaster</i>
<i>user1@virtual.domain</i> <i>address1</i> <i>user1@simulated.domain</i> <i>address1</i>
<i>user2@virtual.domain</i> <i>address2,</i> <i>address3</i> <i>user2@simulated.domain</i> <i>address2,</i> <i>address3</i>
The <i>virtual.domain</i> <i>anything</i> entry is required for a simu- The <i>simulated.domain</i> <i>anything</i> entry is required for a sim-
lated virtual domain. Without this entry, mail will be ulated virtual domain. Without this entry, mail will be
rejected with a "relay access denied" error condition. rejected with a "relay access denied" error condition.
Do not list a simulated virtual domain name in the <b>main.cf</b> Do not list a simulated virtual domain name in the <b>main.cf</b>
<b>mydestination</b> configuration parameter. <b>mydestination</b> configuration parameter.
With a simulated virtual domain, the Postfix SMTP server With a simulated virtual domain, the Postfix SMTP server
accepts mail for <i>known-user@virtual.domain</i>, and rejects accepts mail for <i>known-user@simulated.domain</i>, and rejects
mail for <i>unknown-user</i>@<i>virtual.domain</i> as undeliverable. mail for <i>unknown-user</i>@<i>simulated.domain</i> as undeliverable.
Instead of specifying the simulated virtual domain name Instead of specifying the simulated virtual domain name
via the <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b> table, you may also specify it via the <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b> table, you may also specify it
@@ -188,7 +196,8 @@ VIRTUAL(5) VIRTUAL(5)
local. local.
<b>myorigin</b> <b>myorigin</b>
The domain that is appended to locally-posted mail. The domain that is appended to any address that
does not have a domain.
<b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b> <b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b> Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
@@ -197,8 +206,8 @@ VIRTUAL(5) VIRTUAL(5)
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail <a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
<a href="postmap.1.html">postmap(1)</a> create mapping table <a href="postmap.1.html">postmap(1)</a> create mapping table
<a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables <a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables <a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this

87
postfix/html/virtual.8.html
View File

@@ -116,7 +116,7 @@ VIRTUAL(8) VIRTUAL(8)
boxes. While it could be set to "/", this setting boxes. While it could be set to "/", this setting
isn't recommended. isn't recommended.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> (regexp maps disallowed) <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine Recipients are looked up in these maps to determine
the path to their mailbox or maildir. If the the path to their mailbox or maildir. If the
returned path ends in a slash ("/"), maildir-style returned path ends in a slash ("/"), maildir-style
@@ -134,33 +134,43 @@ VIRTUAL(8) VIRTUAL(8)
Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
prepended to this path. prepended to this path.
For security reasons, regular expression maps are
allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b> <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
The list of domains that should be delivered via The list of domains that should be delivered via
the Postfix virtual delivery agent. This uses the the Postfix virtual delivery agent. This uses the
same syntax as the <b>mydestination</b> configuration same syntax as the <b>mydestination</b> configuration
parameter. parameter.
<b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b> <b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
Specifies a minimum uid that will be accepted as a Specifies a minimum uid that will be accepted as a
return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b> return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
<b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than <b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
this will be rejected, and the message will be this will be rejected, and the message will be
deferred. deferred.
<b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> (regexp maps disallowed) <b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine Recipients are looked up in these maps to determine
the user ID to be used when writing to the target the user ID to be used when writing to the target
mailbox. mailbox.
While searching a lookup table, an address exten- While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored. sion (<i>user+foo@domain.tld</i>) is ignored.
In a lookup table, specify a left-hand side of In a lookup table, specify a left-hand side of
<i>@domain.tld</i> to match any user in the specified <i>@domain.tld</i> to match any user in the specified
domain that does not have a specific domain that does not have a specific
<i>user@domain.tld</i> entry. <i>user@domain.tld</i> entry.
<b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> (regexp maps disallowed) For security reasons, regular expression maps are
allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
<b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine Recipients are looked up in these maps to determine
the group ID to be used when writing to the target the group ID to be used when writing to the target
mailbox. mailbox.
@@ -173,72 +183,79 @@ VIRTUAL(8) VIRTUAL(8)
domain that does not have a specific domain that does not have a specific
<i>user@domain.tld</i> entry. <i>user@domain.tld</i> entry.
For security reasons, regular expression maps are
allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
<b>Locking</b> <b>controls</b> <b>Locking</b> <b>controls</b>
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b> <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
How to lock UNIX-style mailboxes: one or more of How to lock UNIX-style mailboxes: one or more of
<b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method <b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
requires that the recipient UID or GID has write requires that the recipient UID or GID has write
access to the parent directory of the mailbox file. access to the parent directory of the mailbox file.
This setting is ignored with <b>maildir</b> style deliv- This setting is ignored with <b>maildir</b> style deliv-
ery, because such deliveries are safe without ery, because such deliveries are safe without
explicit locks. explicit locks.
Use the command <b>postconf</b> <b>-l</b> to find out what lock- Use the command <b>postconf</b> <b>-l</b> to find out what lock-
ing methods are available on your system. ing methods are available on your system.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b> <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
Limit the number of attempts to acquire an exclu- Limit the number of attempts to acquire an exclu-
sive lock on a UNIX-style mailbox file. sive lock on a UNIX-style mailbox file.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b> <b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
Time (default: seconds) between successive attempts Time (default: seconds) between successive attempts
to acquire an exclusive lock on a UNIX-style mail- to acquire an exclusive lock on a UNIX-style mail-
box file. The actual delay is slightly randomized. box file. The actual delay is slightly randomized.
<b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b> <b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
Limit the time after which a stale lockfile is Limit the time after which a stale lockfile is
removed (applicable to UNIX-style mailboxes only). removed (applicable to UNIX-style mailboxes only).
<b>Resource</b> <b>controls</b> <b>Resource</b> <b>controls</b>
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b> <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same Limit the number of parallel deliveries to the same
domain via the <b>virtual</b> delivery agent. The default domain via the <b>virtual</b> delivery agent. The default
limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b> limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
<b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by <b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
the Postfix queue manager. the Postfix queue manager.
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> <b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of recipients per message delivery Limit the number of recipients per message delivery
via the <b>virtual</b> delivery agent. The default limit via the <b>virtual</b> delivery agent. The default limit
is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b> is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
<b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the <b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
Postfix queue manager. Postfix queue manager.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b> <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
The maximal size in bytes of a mailbox or maildir The maximal size in bytes of a mailbox or maildir
file. Set to zero to disable the limit. file. Set to zero to disable the limit.
<b>HISTORY</b> <b>HISTORY</b>
This agent was originally based on the Postfix local This agent was originally based on the Postfix local
delivery agent. Modifications mainly consisted of removing delivery agent. Modifications mainly consisted of removing
code that either was not applicable or that was not safe code that either was not applicable or that was not safe
in this context: aliases, ~user/.forward files, delivery in this context: aliases, ~user/.forward files, delivery
to "|command" or to /file/name. to "|command" or to /file/name.
The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein. Daniel Bernstein.
The <b>maildir</b> structure appears in the <b>qmail</b> system by The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein. Daniel Bernstein.
<b>SEE</b> <b>ALSO</b> <b>SEE</b> <b>ALSO</b>
<a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<a href="bounce.8.html">bounce(8)</a> non-delivery status reports <a href="bounce.8.html">bounce(8)</a> non-delivery status reports
syslogd(8) system logging syslogd(8) system logging
<a href="qmgr.8.html">qmgr(8)</a> queue manager <a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b> <b>LICENSE</b>
The Secure Mailer license must be distributed with this The Secure Mailer license must be distributed with this
software. software.
<b>AUTHOR(S)</b> <b>AUTHOR(S)</b>

11
postfix/man/man1/postfix.1
View File

@@ -124,7 +124,16 @@ $\fBconfig_directory/master.cf\fR, Postfix daemon processes
.SH SEE ALSO .SH SEE ALSO
.na .na
.nf .nf
master(8) Postfix master program postconf(1) Postfix configuration management
postsuper(1) Postfix housekeeping
sendmail(1) Sendmail-compatible interface
postmap(1) Postfix lookup table management
master(8) Postfix master daemon
.ad
.fi
The respective manual pages for the daemon processes
specified in the \fBmaster.cf\fR file, and the manual
pages referenced by those manual pages.
.SH LICENSE .SH LICENSE
.na .na
.nf .nf

10
postfix/man/man5/aliases.5
View File

@@ -118,6 +118,12 @@ Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
addresses. addresses.
.IP \fBrecipient_delimiter\fR .IP \fBrecipient_delimiter\fR
Delimiter that separates recipients from address extensions. Delimiter that separates recipients from address extensions.
.SH BUGS
.ad
.fi
Regular expression alias lookup tables are allowed, but
substitution of $1 etc. is forbidden because that would
open a security loophole.
.SH STANDARDS .SH STANDARDS
.na .na
.nf .nf
@@ -126,7 +132,9 @@ RFC 822 (ARPA Internet Text Messages)
.na .na
.nf .nf
local(8) local delivery agent local(8) local delivery agent
postalias(1) alias database management newaliases(1) alias database management
regexp_table(5) POSIX regular expression table format
pcre_table(5) Perl Compatible Regular Expression table format
.SH LICENSE .SH LICENSE
.na .na
.nf .nf

53
postfix/man/man5/transport.5
View File

@@ -59,13 +59,34 @@ specifies where and how to deliver mail. A null \fItransport\fR
or \fInexthop\fR field means "do not change": use the delivery or \fInexthop\fR field means "do not change": use the delivery
transport and nexthop information that would be used if no transport and nexthop information that would be used if no
match were found. match were found.
.PP .SH TRANSPORT FIELD
The interpretation of the \fInexthop\fR field is transport .ad
.fi
The transport field specifies the name of a mail delivery transport
(the first name of a mail delivery service entry in the Postfix
\fBmaster.cf\fR file).
When a null transport field is specified, Postfix uses one of the
following transports:
.IP \fB$local_transport\fR
The domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR.
.IP \fB$virtual_transport\fR
The domain matches \fB$virtual_mailbox_domains\fR.
.IP \fB$relay_transport\fR
The domain matches \fB$relay_transport\fR.
.IP \fB$default_transport\fR
All other non-local, non-virtual destinations.
.SH NEXTHOP FIELD
.ad
.fi
The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a
non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR
in order to disable MX (mail exchanger) DNS lookups. The [] form in order to disable MX (mail exchanger) DNS lookups. The [] form
can also be used with IP addresses instead of hostnames. can also be used with IP addresses instead of hostnames.
.PP .SH LOOKUP ORDER
.ad
.fi
With lookups from indexed files such as DB or DBM, or from networked With lookups from indexed files such as DB or DBM, or from networked
tables such as NIS, LDAP or SQL, patterns are tried in the order as tables such as NIS, LDAP or SQL, patterns are tried in the order as
listed below: listed below:
@@ -121,7 +142,7 @@ via the \fBuucp\fR transport to the UUCP host named \fBfoo\fR:
.ti +5 .ti +5
\fB\&.foo.org uucp:foo\fR \fB\&.foo.org uucp:foo\fR
When no \fInexthop\fR host name is specified, the destination domain When no nexthop host name is specified, the destination domain
name is used instead. For example, the following directs mail for name is used instead. For example, the following directs mail for
\fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail \fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail
exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be
@@ -130,10 +151,9 @@ something that runs at most one delivery process at a time:
.ti +5 .ti +5
\fBfoo.org slow:\fR \fBfoo.org slow:\fR
When no \fItransport\fR is specified, Postfix uses either When no transport is specified, Postfix uses the transport that
\fB$local_transport\fR or \fB$default_transport\fR, depending matches the address domain class (see TRANSPORT FIELD discussion
on whether the destination matches \fB$mydestination\fR. above). The following sends all mail for \fBfoo.org\fR and its
The following sends all mail for \fBfoo.org\fR and its
subdomains to host \fBgateway.foo.org\fR: subdomains to host \fBgateway.foo.org\fR:
.ti +5 .ti +5
@@ -199,17 +219,24 @@ List of transport lookup tables.
.PP .PP
Other parameters of interest: Other parameters of interest:
.IP \fBlocal_transport\fR .IP \fBlocal_transport\fR
The mail delivery transport to use when no transport is explicitly The default mail delivery transport when the destination matches
specified, and the destination matches \fB$mydestination\fR. \fB$mydestination\fR or \fB$inet_interfaces\fR.
.IP \fBvirtual_transport\fR
The default mail delivery transport when the destination matches
\fBvirtual_mailbox_domains\fR.
.IP \fBrelay_transport\fR
The default mail delivery transport when the destination matches
\fBrelay_domains\fR.
.IP \fBdefault_transport\fR .IP \fBdefault_transport\fR
The mail delivery transport to use when no transport is explicitly The default mail delivery transport when the destination does not
specified, and the destination does not match \fB$mydestination\fR. match a local, virtual or relay destination.
.IP \fBmydestination\fR .IP \fBmydestination\fR
The destinations that are given to \fB$local_transport\fR The destinations that are given to \fB$local_transport\fR
by default. by default.
.IP \fBrelayhost\fR .IP \fBrelayhost\fR
The default host for destinations that do not match The default host for destinations that do not match
\fB$mydestination\fR. \fB$mydestination\fR, \fB$inet_interfaces\fR,
\fBvirtual_alias_domains\fR or \fBvirtual_mailbox_domains\fR.
.SH SEE ALSO .SH SEE ALSO
.na .na
.nf .nf

35
postfix/man/man5/virtual.5
View File

@@ -17,9 +17,16 @@ format of Postfix virtual alias table
.ad .ad
.fi .fi
The optional \fBvirtual\fR alias table specifies address aliasing The optional \fBvirtual\fR alias table specifies address aliasing
for local and non-local recipients. Virtual aliasing is used for arbitrary local or non-local recipient addresses. Virtual aliasing
by the \fBcleanup\fR(8) daemon. Virtual aliasing is recursive. is recursive, and is done by the Postfix \fBcleanup\fR(8) daemon.
The main applications of virtual aliasing are:
.IP \(bu
To redirect mail from one address to one or more other addresses.
.IP \(bu
To simulate virtual domains where all virtual addresses are aliased
to non-virtual addresses.
.PP
Virtual aliasing is applied only to recipient Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers. envelope addresses, and does not affect message headers.
Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5) Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
@@ -56,8 +63,8 @@ have its own mailbox.
With a simulated virtual domain, the virtual domain has its With a simulated virtual domain, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames are not own user name space. Local (i.e. non-virtual) usernames are not
visible in a simulated virtual domain. In particular, local visible in a simulated virtual domain. In particular, local
\fBaliases\fR(5) and mailing lists are not visible as \fBaliases\fR(5) and local mailing lists are not visible as
\fIlocalname@virtual.domain\fR. \fIlocalname@simulated.domain\fR.
Support for a simulated virtual domain looks like: Support for a simulated virtual domain looks like:
@@ -72,16 +79,16 @@ See the output from \fBpostconf -m\fR for available database types.
/etc/postfix/virtual: /etc/postfix/virtual:
.nf .nf
.na .na
\fIvirtual.domain anything\fR (right-hand content does not matter) \fIsimulated.domain anything\fR (right-hand content does not matter)
\fIpostmaster@virtual.domain postmaster\fR \fIpostmaster@simulated.domain postmaster\fR
\fIuser1@virtual.domain address1\fR \fIuser1@simulated.domain address1\fR
\fIuser2@virtual.domain address2, address3\fR \fIuser2@simulated.domain address2, address3\fR
.fi .fi
.in -4 .in -4
.ad .ad
.fi .fi
.sp .sp
The \fIvirtual.domain anything\fR entry is required for a The \fIsimulated.domain anything\fR entry is required for a
simulated virtual domain. Without this entry, mail will simulated virtual domain. Without this entry, mail will
be rejected with a "relay access denied" error condition. be rejected with a "relay access denied" error condition.
@@ -89,8 +96,8 @@ Do not list a simulated virtual domain name in the \fBmain.cf
mydestination\fR configuration parameter. mydestination\fR configuration parameter.
With a simulated virtual domain, the Postfix SMTP server With a simulated virtual domain, the Postfix SMTP server
accepts mail for \fIknown-user@virtual.domain\fR, and rejects accepts mail for \fIknown-user@simulated.domain\fR, and rejects
mail for \fIunknown-user\fR@\fIvirtual.domain\fR as undeliverable. mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
Instead of specifying the simulated virtual domain name via Instead of specifying the simulated virtual domain name via
the \fBvirtual_alias_maps\fR table, you may also specify it via the \fBvirtual_alias_maps\fR table, you may also specify it via
@@ -192,7 +199,7 @@ You need to stop and start Postfix when this parameter changes.
.IP \fBmydestination\fR .IP \fBmydestination\fR
List of domains that this mail system considers local. List of domains that this mail system considers local.
.IP \fBmyorigin\fR .IP \fBmyorigin\fR
The domain that is appended to locally-posted mail. The domain that is appended to any address that does not have a domain.
.IP \fBowner_request_special\fR .IP \fBowner_request_special\fR
Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
addresses. addresses.
@@ -201,8 +208,8 @@ addresses.
.nf .nf
cleanup(8) canonicalize and enqueue mail cleanup(8) canonicalize and enqueue mail
postmap(1) create mapping table postmap(1) create mapping table
pcre_table(5) format of PCRE tables regexp_table(5) POSIX regular expression table format
regexp_table(5) format of POSIX regular expression tables pcre_table(5) Perl Compatible Regular Expression table format
.SH LICENSE .SH LICENSE
.na .na
.nf .nf

2
postfix/man/man8/cleanup.8
View File

@@ -179,7 +179,7 @@ canonical(5) canonical address lookup table format
qmgr(8) queue manager daemon qmgr(8) queue manager daemon
syslogd(8) system logging syslogd(8) system logging
trivial-rewrite(8) address rewriting trivial-rewrite(8) address rewriting
virtual(5) virtual address lookup table format virtual(5) virtual alias lookup table format
.SH FILES .SH FILES
.na .na
.nf .nf

10
postfix/man/man8/smtpd.8
View File

@@ -136,6 +136,10 @@ Limit the number of \fBReceived:\fR message headers.
List of maps with user names that are local to \fB$myorigin\fR List of maps with user names that are local to \fB$myorigin\fR
or \fB$inet_interfaces\fR. If this parameter is defined, or \fB$inet_interfaces\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown local users. then the SMTP server rejects mail for unknown local users.
.IP \fBrelay_recipient_maps\fR
List of maps that define all the email addresses in the domains
that match \fB$relay_domains\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown relay recipients.
.IP \fBnotify_classes\fR .IP \fBnotify_classes\fR
List of error classes. Of special interest are: List of error classes. Of special interest are:
.RS .RS
@@ -237,8 +241,9 @@ restriction.
Only domains whose primary MX hosts match the listed networks Only domains whose primary MX hosts match the listed networks
are eligible for the \fBpermit_mx_backup\fR feature. are eligible for the \fBpermit_mx_backup\fR feature.
.IP \fBrelay_domains\fR .IP \fBrelay_domains\fR
Restrict what domains or networks this mail system will relay Restrict what domains this mail system will relay
mail from or to. mail to. The domains are routed to the delivery agent
specified with the \fBrelay_transport\fR setting.
.SH "UCE control responses" .SH "UCE control responses"
.ad .ad
.fi .fi
@@ -279,6 +284,7 @@ restriction.
.SH SEE ALSO .SH SEE ALSO
.na .na
.nf .nf
trivial-rewrite(8) address resolver
cleanup(8) message canonicalization cleanup(8) message canonicalization
master(8) process manager master(8) process manager
syslogd(8) system logging syslogd(8) system logging

20
postfix/man/man8/virtual.8
View File

@@ -135,7 +135,7 @@ Specifies a path that is prepended to all mailbox or maildir paths.
This is a safety measure to ensure that an out of control map in This is a safety measure to ensure that an out of control map in
\fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes. \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
While it could be set to "/", this setting isn't recommended. While it could be set to "/", this setting isn't recommended.
.IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)" .IP \fBvirtual_mailbox_maps\fR
Recipients are looked up in these maps to determine the path to Recipients are looked up in these maps to determine the path to
their mailbox or maildir. If the returned path ends in a slash their mailbox or maildir. If the returned path ends in a slash
("/"), maildir-style delivery is carried out, otherwise the ("/"), maildir-style delivery is carried out, otherwise the
@@ -150,6 +150,10 @@ specific \fIuser@domain.tld\fR entry.
Note that \fBvirtual_mailbox_base\fR is unconditionally prepended Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
to this path. to this path.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
.IP \fBvirtual_mailbox_domains\fR .IP \fBvirtual_mailbox_domains\fR
The list of domains that should be delivered via the Postfix virtual The list of domains that should be delivered via the Postfix virtual
delivery agent. This uses the same syntax as the \fBmydestination\fR delivery agent. This uses the same syntax as the \fBmydestination\fR
@@ -159,7 +163,7 @@ Specifies a minimum uid that will be accepted as a return from
a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup. a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
Returned values less than this will be rejected, and the message Returned values less than this will be rejected, and the message
will be deferred. will be deferred.
.IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)" .IP \fBvirtual_uid_maps\fR
Recipients are looked up in these maps to determine the user ID to be Recipients are looked up in these maps to determine the user ID to be
used when writing to the target mailbox. used when writing to the target mailbox.
@@ -169,7 +173,11 @@ While searching a lookup table, an address extension
In a lookup table, specify a left-hand side of \fI@domain.tld\fR In a lookup table, specify a left-hand side of \fI@domain.tld\fR
to match any user in the specified domain that does not have a to match any user in the specified domain that does not have a
specific \fIuser@domain.tld\fR entry. specific \fIuser@domain.tld\fR entry.
.IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
.IP \fBvirtual_gid_maps\fR
Recipients are looked up in these maps to determine the group ID to be Recipients are looked up in these maps to determine the group ID to be
used when writing to the target mailbox. used when writing to the target mailbox.
@@ -179,6 +187,10 @@ While searching a lookup table, an address extension
In a lookup table, specify a left-hand side of \fI@domain.tld\fR In a lookup table, specify a left-hand side of \fI@domain.tld\fR
to match any user in the specified domain that does not have a to match any user in the specified domain that does not have a
specific \fIuser@domain.tld\fR entry. specific \fIuser@domain.tld\fR entry.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
.SH "Locking controls" .SH "Locking controls"
.ad .ad
.fi .fi
@@ -239,6 +251,8 @@ by Daniel Bernstein.
.SH SEE ALSO .SH SEE ALSO
.na .na
.nf .nf
regexp_table(5) POSIX regular expression table format
pcre_table(5) Perl Compatible Regular Expression table format
bounce(8) non-delivery status reports bounce(8) non-delivery status reports
syslogd(8) system logging syslogd(8) system logging
qmgr(8) queue manager qmgr(8) queue manager

16
postfix/proto/Makefile.in
View File

@@ -22,25 +22,25 @@ clobber:
rm -f $(CONFIG) rm -f $(CONFIG)
../conf/access: access ../conf/access: access
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/aliases: aliases0 aliases ../conf/aliases: aliases0 aliases
(cat aliases0; srctoman - aliases | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /') >$@ (cat aliases0; ../mantools/srctoman - aliases | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /') >$@
../conf/canonical: canonical ../conf/canonical: canonical
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/pcre_table: pcre_table ../conf/pcre_table: pcre_table
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/regexp_table: regexp_table ../conf/regexp_table: regexp_table
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/relocated: relocated ../conf/relocated: relocated
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/transport: transport ../conf/transport: transport
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/virtual: virtual ../conf/virtual: virtual
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@ ../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@

8
postfix/proto/aliases
View File

@@ -108,11 +108,17 @@
# addresses. # addresses.
# .IP \fBrecipient_delimiter\fR # .IP \fBrecipient_delimiter\fR
# Delimiter that separates recipients from address extensions. # Delimiter that separates recipients from address extensions.
# BUGS
# Regular expression alias lookup tables are allowed, but
# substitution of $1 etc. is forbidden because that would
# open a security loophole.
# STANDARDS # STANDARDS
# RFC 822 (ARPA Internet Text Messages) # RFC 822 (ARPA Internet Text Messages)
# SEE ALSO # SEE ALSO
# local(8) local delivery agent # local(8) local delivery agent
# postalias(1) alias database management # newaliases(1) alias database management
# regexp_table(5) POSIX regular expression table format
# pcre_table(5) Perl Compatible Regular Expression table format
# LICENSE # LICENSE
# .ad # .ad
# .fi # .fi

6
postfix/proto/aliases0
View File

@@ -8,6 +8,9 @@
# >>>>>>>>>> show through to Postfix. # >>>>>>>>>> show through to Postfix.
# #
# Person who should get root's mail. Don't receive mail as root!
#root: you
# Basic system aliases -- these MUST be present # Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster MAILER-DAEMON: postmaster
postmaster: root postmaster: root
@@ -33,6 +36,3 @@ abuse: postmaster
# trap decode to catch security attacks # trap decode to catch security attacks
decode: root decode: root
# Person who should get root's mail
#root: you

53
postfix/proto/transport
View File

@@ -51,13 +51,34 @@
# or \fInexthop\fR field means "do not change": use the delivery # or \fInexthop\fR field means "do not change": use the delivery
# transport and nexthop information that would be used if no # transport and nexthop information that would be used if no
# match were found. # match were found.
# .PP # .SH TRANSPORT FIELD
# The interpretation of the \fInexthop\fR field is transport # .ad
# .fi
# The transport field specifies the name of a mail delivery transport
# (the first name of a mail delivery service entry in the Postfix
# \fBmaster.cf\fR file).
#
# When a null transport field is specified, Postfix uses one of the
# following transports:
# .IP \fB$local_transport\fR
# The domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR.
# .IP \fB$virtual_transport\fR
# The domain matches \fB$virtual_mailbox_domains\fR.
# .IP \fB$relay_transport\fR
# The domain matches \fB$relay_transport\fR.
# .IP \fB$default_transport\fR
# All other non-local, non-virtual destinations.
# .SH NEXTHOP FIELD
# .ad
# .fi
# The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a # dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a
# non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR # non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR
# in order to disable MX (mail exchanger) DNS lookups. The [] form # in order to disable MX (mail exchanger) DNS lookups. The [] form
# can also be used with IP addresses instead of hostnames. # can also be used with IP addresses instead of hostnames.
# .PP # .SH LOOKUP ORDER
# .ad
# .fi
# With lookups from indexed files such as DB or DBM, or from networked # With lookups from indexed files such as DB or DBM, or from networked
# tables such as NIS, LDAP or SQL, patterns are tried in the order as # tables such as NIS, LDAP or SQL, patterns are tried in the order as
# listed below: # listed below:
@@ -109,7 +130,7 @@
# .ti +5 # .ti +5
# \fB\&.foo.org uucp:foo\fR # \fB\&.foo.org uucp:foo\fR
# #
# When no \fInexthop\fR host name is specified, the destination domain # When no nexthop host name is specified, the destination domain
# name is used instead. For example, the following directs mail for # name is used instead. For example, the following directs mail for
# \fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail # \fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail
# exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be # exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be
@@ -118,10 +139,9 @@
# .ti +5 # .ti +5
# \fBfoo.org slow:\fR # \fBfoo.org slow:\fR
# #
# When no \fItransport\fR is specified, Postfix uses either # When no transport is specified, Postfix uses the transport that
# \fB$local_transport\fR or \fB$default_transport\fR, depending # matches the address domain class (see TRANSPORT FIELD discussion
# on whether the destination matches \fB$mydestination\fR. # above). The following sends all mail for \fBfoo.org\fR and its
# The following sends all mail for \fBfoo.org\fR and its
# subdomains to host \fBgateway.foo.org\fR: # subdomains to host \fBgateway.foo.org\fR:
# #
# .ti +5 # .ti +5
@@ -183,17 +203,24 @@
# .PP # .PP
# Other parameters of interest: # Other parameters of interest:
# .IP \fBlocal_transport\fR # .IP \fBlocal_transport\fR
# The mail delivery transport to use when no transport is explicitly # The default mail delivery transport when the destination matches
# specified, and the destination matches \fB$mydestination\fR. # \fB$mydestination\fR or \fB$inet_interfaces\fR.
# .IP \fBvirtual_transport\fR
# The default mail delivery transport when the destination matches
# \fBvirtual_mailbox_domains\fR.
# .IP \fBrelay_transport\fR
# The default mail delivery transport when the destination matches
# \fBrelay_domains\fR.
# .IP \fBdefault_transport\fR # .IP \fBdefault_transport\fR
# The mail delivery transport to use when no transport is explicitly # The default mail delivery transport when the destination does not
# specified, and the destination does not match \fB$mydestination\fR. # match a local, virtual or relay destination.
# .IP \fBmydestination\fR # .IP \fBmydestination\fR
# The destinations that are given to \fB$local_transport\fR # The destinations that are given to \fB$local_transport\fR
# by default. # by default.
# .IP \fBrelayhost\fR # .IP \fBrelayhost\fR
# The default host for destinations that do not match # The default host for destinations that do not match
# \fB$mydestination\fR. # \fB$mydestination\fR, \fB$inet_interfaces\fR,
# \fBvirtual_alias_domains\fR or \fBvirtual_mailbox_domains\fR.
# SEE ALSO # SEE ALSO
# postmap(1) create mapping table # postmap(1) create mapping table
# trivial-rewrite(8) rewrite and resolve addresses # trivial-rewrite(8) rewrite and resolve addresses

35
postfix/proto/virtual
View File

@@ -11,9 +11,16 @@
# \fBpostmap -q - /etc/postfix/virtual <\fIinputfile\fR # \fBpostmap -q - /etc/postfix/virtual <\fIinputfile\fR
# DESCRIPTION # DESCRIPTION
# The optional \fBvirtual\fR alias table specifies address aliasing # The optional \fBvirtual\fR alias table specifies address aliasing
# for local and non-local recipients. Virtual aliasing is used # for arbitrary local or non-local recipient addresses. Virtual aliasing
# by the \fBcleanup\fR(8) daemon. Virtual aliasing is recursive. # is recursive, and is done by the Postfix \fBcleanup\fR(8) daemon.
# #
# The main applications of virtual aliasing are:
# .IP \(bu
# To redirect mail from one address to one or more other addresses.
# .IP \(bu
# To simulate virtual domains where all virtual addresses are aliased
# to non-virtual addresses.
# .PP
# Virtual aliasing is applied only to recipient # Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers. # envelope addresses, and does not affect message headers.
# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5) # Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
@@ -48,8 +55,8 @@
# With a simulated virtual domain, the virtual domain has its # With a simulated virtual domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames are not # own user name space. Local (i.e. non-virtual) usernames are not
# visible in a simulated virtual domain. In particular, local # visible in a simulated virtual domain. In particular, local
# \fBaliases\fR(5) and mailing lists are not visible as # \fBaliases\fR(5) and local mailing lists are not visible as
# \fIlocalname@virtual.domain\fR. # \fIlocalname@simulated.domain\fR.
# #
# Support for a simulated virtual domain looks like: # Support for a simulated virtual domain looks like:
# #
@@ -64,16 +71,16 @@
# /etc/postfix/virtual: # /etc/postfix/virtual:
# .nf # .nf
# .na # .na
# \fIvirtual.domain anything\fR (right-hand content does not matter) # \fIsimulated.domain anything\fR (right-hand content does not matter)
# \fIpostmaster@virtual.domain postmaster\fR # \fIpostmaster@simulated.domain postmaster\fR
# \fIuser1@virtual.domain address1\fR # \fIuser1@simulated.domain address1\fR
# \fIuser2@virtual.domain address2, address3\fR # \fIuser2@simulated.domain address2, address3\fR
# .fi # .fi
# .in -4 # .in -4
# .ad # .ad
# .fi # .fi
# .sp # .sp
# The \fIvirtual.domain anything\fR entry is required for a # The \fIsimulated.domain anything\fR entry is required for a
# simulated virtual domain. Without this entry, mail will # simulated virtual domain. Without this entry, mail will
# be rejected with a "relay access denied" error condition. # be rejected with a "relay access denied" error condition.
# #
@@ -81,8 +88,8 @@
# mydestination\fR configuration parameter. # mydestination\fR configuration parameter.
# #
# With a simulated virtual domain, the Postfix SMTP server # With a simulated virtual domain, the Postfix SMTP server
# accepts mail for \fIknown-user@virtual.domain\fR, and rejects # accepts mail for \fIknown-user@simulated.domain\fR, and rejects
# mail for \fIunknown-user\fR@\fIvirtual.domain\fR as undeliverable. # mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
# #
# Instead of specifying the simulated virtual domain name via # Instead of specifying the simulated virtual domain name via
# the \fBvirtual_alias_maps\fR table, you may also specify it via # the \fBvirtual_alias_maps\fR table, you may also specify it via
@@ -174,15 +181,15 @@
# .IP \fBmydestination\fR # .IP \fBmydestination\fR
# List of domains that this mail system considers local. # List of domains that this mail system considers local.
# .IP \fBmyorigin\fR # .IP \fBmyorigin\fR
# The domain that is appended to locally-posted mail. # The domain that is appended to any address that does not have a domain.
# .IP \fBowner_request_special\fR # .IP \fBowner_request_special\fR
# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR # Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
# addresses. # addresses.
# SEE ALSO # SEE ALSO
# cleanup(8) canonicalize and enqueue mail # cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table # postmap(1) create mapping table
# pcre_table(5) format of PCRE tables # regexp_table(5) POSIX regular expression table format
# regexp_table(5) format of POSIX regular expression tables # pcre_table(5) Perl Compatible Regular Expression table format
# LICENSE # LICENSE
# .ad # .ad
# .fi # .fi

2
postfix/src/cleanup/cleanup.c
View File

@@ -163,7 +163,7 @@
/* qmgr(8) queue manager daemon /* qmgr(8) queue manager daemon
/* syslogd(8) system logging /* syslogd(8) system logging
/* trivial-rewrite(8) address rewriting /* trivial-rewrite(8) address rewriting
/* virtual(5) virtual address lookup table format /* virtual(5) virtual alias lookup table format
/* FILES /* FILES
/* /etc/postfix/canonical*, canonical mapping table /* /etc/postfix/canonical*, canonical mapping table
/* /etc/postfix/virtual*, virtual mapping table /* /etc/postfix/virtual*, virtual mapping table

10
postfix/src/dns/dns_lookup.c
View File

@@ -400,7 +400,7 @@ static int dns_get_answer(DNS_REPLY *reply, int type,
DNS_RR *rr; DNS_RR *rr;
int resource_found = 0; int resource_found = 0;
int cname_found = 0; int cname_found = 0;
int default_status = DNS_NOTFOUND; int not_found_status = DNS_NOTFOUND;
/* /*
* Initialize. Skip over the name server query if we haven't yet. * Initialize. Skip over the name server query if we haven't yet.
@@ -466,7 +466,7 @@ static int dns_get_answer(DNS_REPLY *reply, int type,
resource_found++; resource_found++;
*rrlist = dns_rr_append(*rrlist, rr); *rrlist = dns_rr_append(*rrlist, rr);
} else } else
default_status = DNS_RETRY; not_found_status = DNS_RETRY;
} else } else
resource_found++; resource_found++;
} else if (fixed.type == T_CNAME) { /* cname resource */ } else if (fixed.type == T_CNAME) { /* cname resource */
@@ -487,7 +487,7 @@ static int dns_get_answer(DNS_REPLY *reply, int type,
return (DNS_OK); return (DNS_OK);
if (cname_found) if (cname_found)
return (DNS_RECURSE); return (DNS_RECURSE);
return (default_status); return (not_found_status);
} }
/* dns_lookup - DNS lookup user interface */ /* dns_lookup - DNS lookup user interface */
@@ -543,7 +543,9 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
switch (status) { switch (status) {
default: default:
if (why) if (why)
vstring_sprintf(why, "%s: Malformed name server reply", name); vstring_sprintf(why, "Name service error for name=%s type=%s: "
"Malformed name server reply",
name, dns_strtype(type));
case DNS_NOTFOUND: case DNS_NOTFOUND:
case DNS_OK: case DNS_OK:
return (status); return (status);

3
postfix/src/global/mail_params.c
View File

@@ -64,7 +64,6 @@
/* char *var_syslog_facility; /* char *var_syslog_facility;
/* char *var_relay_domains; /* char *var_relay_domains;
/* char *var_fflush_domains; /* char *var_fflush_domains;
/* char *var_def_transport;
/* char *var_mynetworks_style; /* char *var_mynetworks_style;
/* char *var_verp_delims; /* char *var_verp_delims;
/* char *var_verp_filter; /* char *var_verp_filter;
@@ -218,7 +217,6 @@ int var_daemon_timeout;
char *var_syslog_facility; char *var_syslog_facility;
char *var_relay_domains; char *var_relay_domains;
char *var_fflush_domains; char *var_fflush_domains;
char *var_def_transport;
char *var_mynetworks_style; char *var_mynetworks_style;
char *var_verp_delims; char *var_verp_delims;
char *var_verp_filter; char *var_verp_filter;
@@ -452,7 +450,6 @@ void mail_params_init()
VAR_FFLUSH_DOMAINS, DEF_FFLUSH_DOMAINS, &var_fflush_domains, 0, 0, VAR_FFLUSH_DOMAINS, DEF_FFLUSH_DOMAINS, &var_fflush_domains, 0, 0,
VAR_EXPORT_ENVIRON, DEF_EXPORT_ENVIRON, &var_export_environ, 0, 0, VAR_EXPORT_ENVIRON, DEF_EXPORT_ENVIRON, &var_export_environ, 0, 0,
VAR_IMPORT_ENVIRON, DEF_IMPORT_ENVIRON, &var_import_environ, 0, 0, VAR_IMPORT_ENVIRON, DEF_IMPORT_ENVIRON, &var_import_environ, 0, 0,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0,
VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0, VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0, VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2, VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,

4
postfix/src/global/mail_params.h
View File

@@ -1115,6 +1115,10 @@ extern char *var_relay_domains;
#define DEF_RELAY_TRANSPORT MAIL_SERVICE_RELAY #define DEF_RELAY_TRANSPORT MAIL_SERVICE_RELAY
extern char *var_relay_transport; extern char *var_relay_transport;
#define VAR_RELAY_RCPT_MAPS "relay_recipient_maps"
#define DEF_RELAY_RCPT_MAPS ""
extern char *var_relay_rcpt_maps;
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions" #define VAR_CLIENT_CHECKS "smtpd_client_restrictions"
#define DEF_CLIENT_CHECKS "" #define DEF_CLIENT_CHECKS ""
extern char *var_client_checks; extern char *var_client_checks;

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the * Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release. * release date only, unless they include the same bugfix as a patch release.
*/ */
#define MAIL_RELEASE_DATE "20021207" #define MAIL_RELEASE_DATE "20021208"
#define VAR_MAIL_VERSION "mail_version" #define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE #define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE

2
postfix/src/global/maps.c
View File

@@ -29,6 +29,8 @@
/* locking. Dictionaries are opened read-only, and in-memory /* locking. Dictionaries are opened read-only, and in-memory
/* dictionary instances are shared. /* dictionary instances are shared.
/* /*
/* Lookups are case sensitive.
/*
/* maps_create() takes list of type:name pairs and opens the /* maps_create() takes list of type:name pairs and opens the
/* named dictionaries. /* named dictionaries.
/* The result is a handle that must be specified along with all /* The result is a handle that must be specified along with all

22
postfix/src/global/resolve_clnt.c
View File

@@ -52,6 +52,28 @@
/* The address resolved to something that has invalid syntax. /* The address resolved to something that has invalid syntax.
/* .IP RESOLVE_FLAG_FAIL /* .IP RESOLVE_FLAG_FAIL
/* The request could not be completed. /* The request could not be completed.
/* .PP
/* In addition, the address domain class is returned by setting
/* one of the following flags (this is preliminary code awaiting
/* more permanent implementation of address domain class handling):
/* .IP RESOLVE_CLASS_LOCAL
/* The address domain matches $mydestination or $inet_interfaces.
/* .IP RESOLVE_CLASS_ALIAS
/* The address domain matches $virtual_alias_domains (simulated
/* virtual domains, where each address is redirected to a real
/* local or remote address).
/* .IP RESOLVE_CLASS_VIRTUAL
/* The address domain matches $virtual_mailbox_domains (true
/* virtual domains where each address can have its own mailbox).
/* .IP RESOLVE_CLASS_RELAY
/* The address domain matches $relay_domains, i.e. this is an
/* authorized mail relay destination.
/* .IP RESOLVE_CLASS_DEFAULT
/* The address matches none of the above. Access to this domain
/* should be limited to authorized senders only.
/* .PP
/* For convenience, the constant RESOLVE_CLASS_FINAL includes all
/* cases where the local machine is the final destination.
/* DIAGNOSTICS /* DIAGNOSTICS
/* Warnings: communication failure. Fatal error: mail system is down. /* Warnings: communication failure. Fatal error: mail system is down.
/* SEE ALSO /* SEE ALSO

5
postfix/src/global/resolve_clnt.h
View File

@@ -27,11 +27,14 @@
#define RESOLVE_FLAG_FAIL (1<<3) /* request failed */ #define RESOLVE_FLAG_FAIL (1<<3) /* request failed */
#define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */ #define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */
#define RESOLVE_CLASS_ERROR (1<<9) /* virtual_alias_domains */ #define RESOLVE_CLASS_ALIAS (1<<9) /* virtual_alias_domains */
#define RESOLVE_CLASS_VIRTUAL (1<<10) /* virtual_mailbox_domains */ #define RESOLVE_CLASS_VIRTUAL (1<<10) /* virtual_mailbox_domains */
#define RESOLVE_CLASS_RELAY (1<<11) /* relay_domains */ #define RESOLVE_CLASS_RELAY (1<<11) /* relay_domains */
#define RESOLVE_CLASS_DEFAULT (1<<12) /* raise reject_unauth_destination */ #define RESOLVE_CLASS_DEFAULT (1<<12) /* raise reject_unauth_destination */
#define RESOLVE_CLASS_FINAL \
(RESOLVE_CLASS_LOCAL | RESOLVE_CLASS_ALIAS | RESOLVE_CLASS_VIRTUAL)
typedef struct RESOLVE_REPLY { typedef struct RESOLVE_REPLY {
VSTRING *transport; VSTRING *transport;
VSTRING *nexthop; VSTRING *nexthop;

8
postfix/src/global/virtual8_maps_find.c
View File

@@ -22,6 +22,8 @@
/* agent. The code is made available as a library module so that /* agent. The code is made available as a library module so that
/* other programs can perform compatible queries. /* other programs can perform compatible queries.
/* /*
/* Lookups are case sensitive.
/*
/* virtual8_maps_create() takes list of type:name pairs and opens the /* virtual8_maps_create() takes list of type:name pairs and opens the
/* named dictionaries. /* named dictionaries.
/* The result is a handle that must be specified along with all /* The result is a handle that must be specified along with all
@@ -111,7 +113,7 @@ const char *virtual8_maps_find(MAPS *maps, const char *recipient)
} }
/* /*
* Look up the full address. * Look up the full address. Allow regexp table searches.
*/ */
if (bare == 0) { if (bare == 0) {
result = maps_find(maps, recipient, DICT_FLAG_NONE); result = maps_find(maps, recipient, DICT_FLAG_NONE);
@@ -147,7 +149,7 @@ int main(int argc, char **argv)
var_rcpt_delim = "+"; var_rcpt_delim = "+";
var_double_bounce_sender = DEF_DOUBLE_BOUNCE; var_double_bounce_sender = DEF_DOUBLE_BOUNCE;
maps = maps_create("testmap", argv[1], DICT_FLAG_LOCK); maps = virtual8_maps_create("testmap", argv[1], DICT_FLAG_LOCK);
buffer = vstring_alloc(1); buffer = vstring_alloc(1);
while (vstring_fgets_nonl(buffer, VSTREAM_IN)) { while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
@@ -155,7 +157,7 @@ int main(int argc, char **argv)
vstream_printf("%s -> %s\n", STR(buffer), result ? result : "(none)"); vstream_printf("%s -> %s\n", STR(buffer), result ? result : "(none)");
vstream_fflush(VSTREAM_OUT); vstream_fflush(VSTREAM_OUT);
} }
maps_free(maps); virtual8_maps_free(maps);
vstring_free(buffer); vstring_free(buffer);
return (0); return (0);
} }

2
postfix/src/local/alias.c
View File

@@ -183,8 +183,6 @@ int deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr,
* With aliases that have an owner- alias, the latter is used to set the * With aliases that have an owner- alias, the latter is used to set the
* sender and owner attributes. Otherwise, the owner attribute is reset * sender and owner attributes. Otherwise, the owner attribute is reset
* (the alias is globally visible and could be sent to by anyone). * (the alias is globally visible and could be sent to by anyone).
*
* Don't allow regexp substitutions.
*/ */
for (cpp = alias_maps->argv->argv; *cpp; cpp++) { for (cpp = alias_maps->argv->argv; *cpp; cpp++) {
if ((dict = dict_handle(*cpp)) == 0) if ((dict = dict_handle(*cpp)) == 0)

8
postfix/src/local/resolve.c
View File

@@ -114,10 +114,18 @@ int deliver_resolve_tree(LOCAL_STATE state, USER_ATTR usr_attr, TOK822 *addr
tok822_rewrite(addr, REWRITE_CANON); tok822_rewrite(addr, REWRITE_CANON);
tok822_resolve(addr, &reply); tok822_resolve(addr, &reply);
/*
* First, a healthy portion of error handling.
*/
if (reply.flags & RESOLVE_FLAG_FAIL) { if (reply.flags & RESOLVE_FLAG_FAIL) {
status = defer_append(BOUNCE_FLAG_KEEP, /* XXX */ status = defer_append(BOUNCE_FLAG_KEEP, /* XXX */
BOUNCE_ATTR(state.msg_attr), BOUNCE_ATTR(state.msg_attr),
"address resolver failure"); "address resolver failure");
} else if (reply.flags & RESOLVE_FLAG_ERROR) {
status = bounce_append(BOUNCE_FLAG_KEEP,/* XXX */
BOUNCE_ATTR(state.msg_attr),
"bad recipient address syntax: %s",
STR(reply.recipient));
} else { } else {
/* /*

15
postfix/src/master/multi_server.c
View File

@@ -249,15 +249,15 @@ static void multi_server_execute(int unused_event, char *context)
/* /*
* Do not bother the application when the client disconnected. * Do not bother the application when the client disconnected.
*/ */
if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
if (peekfd(vstream_fileno(stream)) > 0) { if (peekfd(vstream_fileno(stream)) > 0) {
if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
multi_server_service(stream, multi_server_name, multi_server_argv); multi_server_service(stream, multi_server_name, multi_server_argv);
if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
} else { } else {
multi_server_disconnect(stream); multi_server_disconnect(stream);
} }
if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
if (client_count == 0 && var_idle_limit > 0) if (client_count == 0 && var_idle_limit > 0)
event_request_timer(multi_server_timeout, (char *) 0, var_idle_limit); event_request_timer(multi_server_timeout, (char *) 0, var_idle_limit);
} }
@@ -572,6 +572,12 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
* Illustrated volume 2 page 532. We avoid select() collisions with an * Illustrated volume 2 page 532. We avoid select() collisions with an
* external lock file. * external lock file.
*/ */
/*
* XXX Can't compete for exclusive access to the listen socket because we
* also have to monitor existing client connections for service requests.
*/
#if 0
if (stream == 0 && !alone) { if (stream == 0 && !alone) {
lock_path = concatenate(DEF_PID_DIR, "/", transport, lock_path = concatenate(DEF_PID_DIR, "/", transport,
".", service_name, (char *) 0); ".", service_name, (char *) 0);
@@ -583,6 +589,7 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
myfree(lock_path); myfree(lock_path);
vstring_free(why); vstring_free(why);
} }
#endif
/* /*
* Set up call-back info. * Set up call-back info.

11
postfix/src/postfix/postfix.c
View File

@@ -110,7 +110,16 @@
/* $\fBconfig_directory/main.cf\fR, configuration parameters /* $\fBconfig_directory/main.cf\fR, configuration parameters
/* $\fBconfig_directory/master.cf\fR, Postfix daemon processes /* $\fBconfig_directory/master.cf\fR, Postfix daemon processes
/* SEE ALSO /* SEE ALSO
/* master(8) Postfix master program /* postconf(1) Postfix configuration management
/* postsuper(1) Postfix housekeeping
/* sendmail(1) Sendmail-compatible interface
/* postmap(1) Postfix lookup table management
/* master(8) Postfix master daemon
/* .ad
/* .fi
/* The respective manual pages for the daemon processes
/* specified in the \fBmaster.cf\fR file, and the manual
/* pages referenced by those manual pages.
/* LICENSE /* LICENSE
/* .ad /* .ad
/* .fi /* .fi

2
postfix/src/qmgr/qmgr_message.c
View File

@@ -671,7 +671,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
if (defer_xport_argv == 0) if (defer_xport_argv == 0)
defer_xport_argv = argv_split(var_defer_xports, " \t\r\n,"); defer_xport_argv = argv_split(var_defer_xports, " \t\r\n,");
for (cpp = defer_xport_argv->argv; *cpp; cpp++) for (cpp = defer_xport_argv->argv; *cpp; cpp++)
if (strcasecmp(*cpp, STR(reply.transport)) == 0) if (strcmp(*cpp, STR(reply.transport)) == 0)
break; break;
if (*cpp) { if (*cpp) {
qmgr_defer_recipient(message, recipient, "deferred transport"); qmgr_defer_recipient(message, recipient, "deferred transport");

4
postfix/src/smtp/Makefile.in
View File

@@ -1,9 +1,9 @@
SHELL = /bin/sh SHELL = /bin/sh
SRCS = smtp.c smtp_connect.c smtp_proto.c smtp_chat.c smtp_session.c \ SRCS = smtp.c smtp_connect.c smtp_proto.c smtp_chat.c smtp_session.c \
smtp_addr.c smtp_trouble.c smtp_unalias.c smtp_state.c \ smtp_addr.c smtp_trouble.c smtp_state.c \
smtp_sasl_proto.c smtp_sasl_glue.c smtp_sasl_proto.c smtp_sasl_glue.c
OBJS = smtp.o smtp_connect.o smtp_proto.o smtp_chat.o smtp_session.o \ OBJS = smtp.o smtp_connect.o smtp_proto.o smtp_chat.o smtp_session.o \
smtp_addr.o smtp_trouble.o smtp_unalias.o smtp_state.o \ smtp_addr.o smtp_trouble.o smtp_state.o \
smtp_sasl_proto.o smtp_sasl_glue.o smtp_sasl_proto.o smtp_sasl_glue.o
HDRS = smtp.h smtp_sasl.h HDRS = smtp.h smtp_sasl.h
TESTSRC = TESTSRC =

26
postfix/src/smtpd/smtpd.c
View File

@@ -122,6 +122,10 @@
/* List of maps with user names that are local to \fB$myorigin\fR /* List of maps with user names that are local to \fB$myorigin\fR
/* or \fB$inet_interfaces\fR. If this parameter is defined, /* or \fB$inet_interfaces\fR. If this parameter is defined,
/* then the SMTP server rejects mail for unknown local users. /* then the SMTP server rejects mail for unknown local users.
/* .IP \fBrelay_recipient_maps\fR
/* List of maps that define all the email addresses in the domains
/* that match \fB$relay_domains\fR. If this parameter is defined,
/* then the SMTP server rejects mail for unknown relay recipients.
/* .IP \fBnotify_classes\fR /* .IP \fBnotify_classes\fR
/* List of error classes. Of special interest are: /* List of error classes. Of special interest are:
/* .RS /* .RS
@@ -223,8 +227,9 @@
/* Only domains whose primary MX hosts match the listed networks /* Only domains whose primary MX hosts match the listed networks
/* are eligible for the \fBpermit_mx_backup\fR feature. /* are eligible for the \fBpermit_mx_backup\fR feature.
/* .IP \fBrelay_domains\fR /* .IP \fBrelay_domains\fR
/* Restrict what domains or networks this mail system will relay /* Restrict what domains this mail system will relay
/* mail from or to. /* mail to. The domains are routed to the delivery agent
/* specified with the \fBrelay_transport\fR setting.
/* .SH "UCE control responses" /* .SH "UCE control responses"
/* .ad /* .ad
/* .fi /* .fi
@@ -263,6 +268,7 @@
/* Response code when a client violates the \fBreject_unknown_hostname\fR /* Response code when a client violates the \fBreject_unknown_hostname\fR
/* restriction. /* restriction.
/* SEE ALSO /* SEE ALSO
/* trivial-rewrite(8) address resolver
/* cleanup(8) message canonicalization /* cleanup(8) message canonicalization
/* master(8) process manager /* master(8) process manager
/* syslogd(8) system logging /* syslogd(8) system logging
@@ -390,10 +396,8 @@ bool var_disable_vrfy_cmd;
char *var_canonical_maps; char *var_canonical_maps;
char *var_rcpt_canon_maps; char *var_rcpt_canon_maps;
char *var_virt_alias_maps; char *var_virt_alias_maps;
char *var_virt_alias_doms;
char *var_virt_mailbox_maps; char *var_virt_mailbox_maps;
char *var_virt_mailbox_doms; char *var_virt_mailbox_doms;
char *var_relocated_maps;
char *var_alias_maps; char *var_alias_maps;
char *var_local_rcpt_maps; char *var_local_rcpt_maps;
bool var_allow_untrust_route; bool var_allow_untrust_route;
@@ -410,6 +414,12 @@ char *var_smtpd_null_key;
int var_smtpd_hist_thrsh; int var_smtpd_hist_thrsh;
char *var_smtpd_exp_filter; char *var_smtpd_exp_filter;
char *var_def_rbl_reply; char *var_def_rbl_reply;
char *var_def_transport;
char *var_error_transport;
char *var_local_transport;
char *var_relay_transport;
char *var_virt_transport;
char *var_relay_rcpt_maps;
/* /*
* Silly little macros. * Silly little macros.
@@ -1644,10 +1654,8 @@ int main(int argc, char **argv)
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0, VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0, VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0, VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0, VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,
VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps, 0, 0, VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps, 0, 0,
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0, VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0, VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
@@ -1657,6 +1665,12 @@ int main(int argc, char **argv)
VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0, VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0, VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0,
VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0, VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 1, 0,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
0, 0,
}; };
static CONFIG_RAW_TABLE raw_table[] = { static CONFIG_RAW_TABLE raw_table[] = {

267
postfix/src/smtpd/smtpd_check.c
View File

@@ -108,11 +108,6 @@
/* default template is used. The \fImaps_rbl_reject_code\fR /* default template is used. The \fImaps_rbl_reject_code\fR
/* configuration parameter specifies the reject status code used in /* configuration parameter specifies the reject status code used in
/* the default template (default: 554). /* the default template (default: 554).
/* .IP reject_maps_rbl
/* Look up the reversed client network address in the real-time blackhole
/* DNS zones below the domains listed in the "maps_rbl_domains"
/* configuration parameter. This is equivalent to using
/* "reject_rbl_client" once for each such domain.
/* .IP permit_naked_ip_address /* .IP permit_naked_ip_address
/* Permit the use of a naked IP address (without enclosing []) /* Permit the use of a naked IP address (without enclosing [])
/* in HELO/EHLO commands. /* in HELO/EHLO commands.
@@ -353,11 +348,16 @@ static MAPS *rcpt_canon_maps;
static MAPS *canonical_maps; static MAPS *canonical_maps;
static MAPS *virt_alias_maps; static MAPS *virt_alias_maps;
static MAPS *virt_mailbox_maps; static MAPS *virt_mailbox_maps;
static MAPS *relay_rcpt_maps;
#ifdef TEST
static MAPS *relocated_maps; static MAPS *relocated_maps;
static STRING_LIST *virt_alias_doms; static STRING_LIST *virt_alias_doms;
static STRING_LIST *virt_mailbox_doms; static STRING_LIST *virt_mailbox_doms;
#endif
/* /*
* Response templates for various rbl domains. * Response templates for various rbl domains.
*/ */
@@ -641,11 +641,16 @@ void smtpd_check_init(void)
virt_mailbox_maps = virtual8_maps_create(VAR_VIRT_MAILBOX_MAPS, virt_mailbox_maps = virtual8_maps_create(VAR_VIRT_MAILBOX_MAPS,
var_virt_mailbox_maps, var_virt_mailbox_maps,
DICT_FLAG_LOCK); DICT_FLAG_LOCK);
relay_rcpt_maps = maps_create(VAR_RELAY_RCPT_MAPS, var_relay_rcpt_maps,
DICT_FLAG_LOCK);
#ifdef TEST
relocated_maps = maps_create(VAR_RELOCATED_MAPS, var_relocated_maps, relocated_maps = maps_create(VAR_RELOCATED_MAPS, var_relocated_maps,
DICT_FLAG_LOCK); DICT_FLAG_LOCK);
virt_alias_doms = string_list_init(MATCH_FLAG_NONE, var_virt_alias_doms); virt_alias_doms = string_list_init(MATCH_FLAG_NONE, var_virt_alias_doms);
virt_mailbox_doms = string_list_init(MATCH_FLAG_NONE, var_virt_mailbox_doms); virt_mailbox_doms = string_list_init(MATCH_FLAG_NONE, var_virt_mailbox_doms);
#endif
access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS); access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS);
@@ -869,20 +874,6 @@ static void reject_dict_retry(SMTPD_STATE *state, const char *reply_name)
451, reply_name)); 451, reply_name));
} }
/* check_str_match - reject with temporary failure if dict lookup fails */
static int check_str_match(SMTPD_STATE *state, const char *reply_name,
STRING_LIST *list, const char *key)
{
int result;
dict_errno = 0;
if ((result = string_list_match(list, key)) == 0
&& dict_errno == DICT_ERR_RETRY)
reject_dict_retry(state, reply_name);
return (result);
}
/* checkv8_maps_find - reject with temporary failure if dict lookup fails */ /* checkv8_maps_find - reject with temporary failure if dict lookup fails */
static const char *checkv8_maps_find(SMTPD_STATE *state, const char *reply_name, static const char *checkv8_maps_find(SMTPD_STATE *state, const char *reply_name,
@@ -913,37 +904,6 @@ static const char *check_mail_addr_find(SMTPD_STATE *state,
return (result); return (result);
} }
/* resolve_final - do we do final delivery for the domain? */
static int resolve_final(SMTPD_STATE *state, const char *reply_name,
const char *domain)
{
/* If matches $mydestination or $inet_interfaces. */
if (resolve_local(domain)) {
if (*var_virt_alias_doms
&& check_str_match(state, reply_name, virt_alias_doms, domain))
msg_warn("list domain %s in only one of $%s and $%s",
domain, VAR_MYDEST, VAR_VIRT_ALIAS_DOMS);
if (*var_virt_mailbox_doms
&& check_str_match(state, reply_name, virt_mailbox_doms, domain))
msg_warn("list domain %s in only one of $%s and $%s",
domain, VAR_MYDEST, VAR_VIRT_MAILBOX_DOMS);
return (1);
}
/* If Postfix-style virtual domain. */
if (*var_virt_alias_doms
&& check_str_match(state, reply_name, virt_alias_doms, domain))
return (1);
/* If virtual mailbox domain. */
if (*var_virt_mailbox_doms
&& check_str_match(state, reply_name, virt_mailbox_doms, domain))
return (1);
return (0);
}
/* reject_unknown_client - fail if client hostname is unknown */ /* reject_unknown_client - fail if client hostname is unknown */
static int reject_unknown_client(SMTPD_STATE *state) static int reject_unknown_client(SMTPD_STATE *state)
@@ -1212,7 +1172,6 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
{ {
char *myname = "permit_auth_destination"; char *myname = "permit_auth_destination";
const RESOLVE_REPLY *reply; const RESOLVE_REPLY *reply;
const char *domain;
if (msg_verbose) if (msg_verbose)
msg_info("%s: %s", myname, recipient); msg_info("%s: %s", myname, recipient);
@@ -1222,13 +1181,14 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
*/ */
reply = (const RESOLVE_REPLY *) reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient); ctable_locate(smtpd_resolve_cache, recipient);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, recipient);
/* /*
* Handle special case that is not supposed to happen. * Handle special case that is not supposed to happen.
*/ */
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0) if (strrchr(CONST_STR(reply->recipient), '@') == 0)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
domain += 1;
/* /*
* Skip source-routed non-local or virtual mail (uncertain destination). * Skip source-routed non-local or virtual mail (uncertain destination).
@@ -1240,13 +1200,13 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
* Permit final delivery: the destination matches mydestination, * Permit final delivery: the destination matches mydestination,
* virtual_alias_domains, or virtual_mailbox_domains. * virtual_alias_domains, or virtual_mailbox_domains.
*/ */
if (resolve_final(state, recipient, domain)) if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
/* /*
* Permit if the destination matches the relay_domains list. * Permit if the destination matches the relay_domains list.
*/ */
if (domain_list_match(relay_domains, domain)) if (reply->flags & RESOLVE_CLASS_RELAY)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
/* /*
@@ -1492,6 +1452,8 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
*/ */
reply = (const RESOLVE_REPLY *) reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient); ctable_locate(smtpd_resolve_cache, recipient);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, recipient);
/* /*
* If the destination is local, it is acceptable, because we are * If the destination is local, it is acceptable, because we are
@@ -1510,7 +1472,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
/* /*
* The destination is local, or it is a local virtual destination. * The destination is local, or it is a local virtual destination.
*/ */
if (resolve_final(state, recipient, domain)) if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK); return (SMTPD_CHECK_OK);
if (msg_verbose) if (msg_verbose)
@@ -1519,8 +1481,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
/* /*
* Skip numerical forms that didn't match the local system. * Skip numerical forms that didn't match the local system.
*/ */
if (domain[0] == '#' if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
|| (domain[0] == '[' && domain[strlen(domain) - 1] == ']'))
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
/* /*
@@ -1590,8 +1551,6 @@ static int reject_non_fqdn_address(SMTPD_STATE *state, char *addr,
/* /*
* Skip forms that we can't handle yet. * Skip forms that we can't handle yet.
*/ */
if (domain[0] == '#')
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']') if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
@@ -1635,6 +1594,8 @@ static int reject_unknown_address(SMTPD_STATE *state, const char *addr,
* Resolve the address. * Resolve the address.
*/ */
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr); reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, addr);
/* /*
* Skip local destinations and non-DNS forms. * Skip local destinations and non-DNS forms.
@@ -1642,9 +1603,7 @@ static int reject_unknown_address(SMTPD_STATE *state, const char *addr,
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0) if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
domain += 1; domain += 1;
if (resolve_final(state, reply_name, domain)) if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '#')
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']') if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
@@ -2017,6 +1976,8 @@ static int check_mail_access(SMTPD_STATE *state, const char *table,
* Resolve the address. * Resolve the address.
*/ */
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr); reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, addr);
/* /*
* Garbage in, garbage out. Every address from canon_addr_internal() and * Garbage in, garbage out. Every address from canon_addr_internal() and
@@ -2439,7 +2400,7 @@ static int reject_rbl_domain(SMTPD_STATE *state, const char *rbl_domain,
*/ */
if ((domain = strrchr(what, '@')) != 0) { if ((domain = strrchr(what, '@')) != 0) {
domain += 1; domain += 1;
if (domain[0] == '#' || domain[0] == '[') if (domain[0] == '[')
return (SMTPD_CHECK_DUNNO); return (SMTPD_CHECK_DUNNO);
} else } else
domain = what; domain = what;
@@ -2470,10 +2431,16 @@ static int reject_maps_rbl(SMTPD_STATE *state)
char *bp = saved_domains; char *bp = saved_domains;
char *rbl_domain; char *rbl_domain;
int result = SMTPD_CHECK_DUNNO; int result = SMTPD_CHECK_DUNNO;
static int warned;
if (msg_verbose) if (msg_verbose)
msg_info("%s: %s", myname, state->addr); msg_info("%s: %s", myname, state->addr);
if (warned == 0) {
warned++;
msg_warn("restriction %s is going away. Please use %s <domain> instead",
REJECT_MAPS_RBL, REJECT_RBL_CLIENT);
}
while ((rbl_domain = mystrtok(&bp, " \t\r\n,")) != 0) { while ((rbl_domain = mystrtok(&bp, " \t\r\n,")) != 0) {
result = reject_rbl_addr(state, rbl_domain, state->addr, result = reject_rbl_addr(state, rbl_domain, state->addr,
SMTPD_NAME_CLIENT); SMTPD_NAME_CLIENT);
@@ -2503,6 +2470,8 @@ static int reject_sender_login_mismatch(SMTPD_STATE *state, const char *sender)
* the sender address. * the sender address.
*/ */
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender); reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, sender);
owner = check_mail_addr_find(state, sender, smtpd_sender_login_maps, owner = check_mail_addr_find(state, sender, smtpd_sender_login_maps,
STR(reply->recipient), (char **) 0); STR(reply->recipient), (char **) 0);
#ifdef USE_SASL_AUTH #ifdef USE_SASL_AUTH
@@ -3116,7 +3085,6 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
char *myname = "smtpd_check_rcptmap"; char *myname = "smtpd_check_rcptmap";
char *saved_recipient; char *saved_recipient;
const RESOLVE_REPLY *reply; const RESOLVE_REPLY *reply;
const char *domain;
int status; int status;
/* /*
@@ -3145,71 +3113,94 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
*/ */
reply = (const RESOLVE_REPLY *) reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient); ctable_locate(smtpd_resolve_cache, recipient);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, recipient);
/* /*
* Skip non-DNS forms. Skip non-local numerical forms. * Make complex expressions more readable?
*/ */
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0) #define MATCH(map, rcpt) \
SMTPD_CHECK_RCPT_RETURN(0); check_mail_addr_find(state, recipient, map, rcpt, (char **) 0)
domain += 1;
if (domain[0] == '#' || domain[0] == '[')
if (!resolve_local(domain))
SMTPD_CHECK_RCPT_RETURN(0);
#define NOMATCH(map, rcpt) \ #define NOMATCH(map, rcpt) (MATCH(map, rcpt) == 0)
(check_mail_addr_find(state, recipient, map, rcpt, (char **) 0) == 0)
#define NOMATCHV8(map, rcpt) \ #define NOMATCHV8(map, rcpt) \
(checkv8_maps_find(state, recipient, map, rcpt) == 0) (checkv8_maps_find(state, recipient, map, rcpt) == 0)
/* /*
* Reject mail to unknown addresses in Postfix-style virtual domains. * XXX We throw up our hands if the address matches a canonical or
* virtual alias map. Eventually, the address resolver should give us the
* final resolved recipient address, and the SMTP server should write the
* final recipient address to the output record stream. See also the next
* comment block on recipients in simulated virtual domains.
*/ */
if (*var_virt_alias_doms if (MATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& (check_str_match(state, recipient, virt_alias_doms, domain))) { || MATCH(canonical_maps, CONST_STR(reply->recipient))
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient)) || MATCH(virt_alias_maps, CONST_STR(reply->recipient)))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient)) SMTPD_CHECK_RCPT_RETURN(0);
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
}
/* /*
* Reject mail to unknown addresses in Postfix-style virtual domains. * At this point, anything that resolves to the error mailer is known to
* be undeliverable.
*
* XXX Until the address resolver does final address resolution, known and
* unknown recipients in simulated virtual domains will both resolve to
* "error:user unknown".
*/ */
if (*var_virt_mailbox_doms if (strcmp(STR(reply->transport), var_error_transport) == 0) {
&& (check_str_match(state, recipient, virt_mailbox_doms, domain))) { (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient)) "%d <%s>: %s", 550,
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient)) recipient, STR(reply->nexthop));
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient)) SMTPD_CHECK_RCPT_RETURN(STR(error_text));
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
} }
/* /*
* Reject mail to unknown addresses in local domains (domains that match * Reject mail to unknown addresses in local domains (domains that match
* $mydestination or $inet_interfaces). Accept mail for addresses in * $mydestination or $inet_interfaces).
* Sendmail-style virtual domains. *
* XXX For now, we throw up our hands when a transport mapping overrides the
* default local delivery transport.
*
* XXX Use the less expensive maps_find() (case is already folded) instead
* of the baroque mail_addr_find(). But then we have to strip the domain
* and deal with address extensions ourselves.
*/ */
if (*var_local_rcpt_maps && resolve_local(domain)) { if ((reply->flags & RESOLVE_CLASS_LOCAL)
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient)) && *var_local_rcpt_maps
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient)) && strcmp(STR(reply->transport), var_local_transport) == 0
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient)) && NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient)) (void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
&& NOMATCH(virt_alias_maps, CONST_STR(reply->recipient)) "%d <%s>: User unknown", 550, recipient);
&& NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) { SMTPD_CHECK_RCPT_RETURN(STR(error_text));
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE, }
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text)); /*
} * Reject mail to unknown addresses in virtual mailbox domains.
*
* XXX For now, we throw up our hands when a transport mapping overrides the
* default virtual delivery transport.
*/
if ((reply->flags & RESOLVE_CLASS_VIRTUAL)
&& strcmp(STR(reply->transport), var_virt_transport) == 0
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
* Reject mail to unknown addresses in relay domains.
*
* XXX For now, we throw up our hands when a transport mapping overrides the
* default relay transport.
*/
if ((reply->flags & RESOLVE_CLASS_RELAY)
&& *var_relay_rcpt_maps
&& strcmp(STR(reply->transport), var_relay_transport) == 0
&& NOMATCH(relay_rcpt_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
} }
/* /*
@@ -3368,6 +3359,12 @@ char *var_double_bounce_sender;
char *var_rbl_reply_maps; char *var_rbl_reply_maps;
char *var_smtpd_exp_filter; char *var_smtpd_exp_filter;
char *var_def_rbl_reply; char *var_def_rbl_reply;
char *var_local_transport;
char *var_error_transport;
char *var_virt_transport;
char *var_relay_transport;
char *var_def_transport;
char *var_relay_rcpt_maps;
typedef struct { typedef struct {
char *name; char *name;
@@ -3375,6 +3372,9 @@ typedef struct {
char **target; char **target;
} STRING_TABLE; } STRING_TABLE;
#undef DEF_VIRT_ALIAS_MAPS
#define DEF_VIRT_ALIAS_MAPS ""
static STRING_TABLE string_table[] = { static STRING_TABLE string_table[] = {
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains, VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains,
VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin, VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin,
@@ -3399,6 +3399,12 @@ static STRING_TABLE string_table[] = {
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps, VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps,
VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter, VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter,
VAR_DEF_RBL_REPLY, DEF_DEF_RBL_REPLY, &var_def_rbl_reply, VAR_DEF_RBL_REPLY, DEF_DEF_RBL_REPLY, &var_def_rbl_reply,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport,
VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps,
0, 0,
}; };
@@ -3409,7 +3415,7 @@ static void string_init(void)
STRING_TABLE *sp; STRING_TABLE *sp;
for (sp = string_table; sp->name; sp++) for (sp = string_table; sp->name; sp++)
sp->target[0] = mystrdup(sp->defval[0] == '$' ? "" : sp->defval); sp->target[0] = mystrdup(sp->defval);
} }
/* string_update - update string parameter */ /* string_update - update string parameter */
@@ -3607,12 +3613,36 @@ VSTRING *canon_addr_internal(VSTRING *result, const char *addr)
void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply) void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply)
{ {
const char *domain;
if (addr == CONST_STR(reply->recipient)) if (addr == CONST_STR(reply->recipient))
msg_panic("resolve_clnt_query: result clobbers input"); msg_panic("resolve_clnt_query: result clobbers input");
vstring_strcpy(reply->transport, "foo");
vstring_strcpy(reply->nexthop, "foo");
if (strchr(addr, '%')) if (strchr(addr, '%'))
msg_fatal("%s: address rewriting is disabled", addr); msg_fatal("%s: address rewriting is disabled", addr);
if ((domain = strrchr(addr, '@')) == 0)
msg_fatal("%s: unqualified address", addr);
domain += 1;
if (resolve_local(domain)) {
reply->flags = RESOLVE_CLASS_LOCAL;
vstring_strcpy(reply->transport, var_local_transport);
vstring_strcpy(reply->nexthop, domain);
} else if (string_list_match(virt_alias_doms, domain)) {
reply->flags = RESOLVE_CLASS_ALIAS;
vstring_strcpy(reply->transport, var_error_transport);
vstring_strcpy(reply->nexthop, "user unknown");
} else if (string_list_match(virt_mailbox_doms, domain)) {
reply->flags = RESOLVE_CLASS_VIRTUAL;
vstring_strcpy(reply->transport, var_virt_transport);
vstring_strcpy(reply->nexthop, domain);
} else if (domain_list_match(relay_domains, domain)) {
reply->flags = RESOLVE_CLASS_RELAY;
vstring_strcpy(reply->transport, var_relay_transport);
vstring_strcpy(reply->nexthop, domain);
} else {
reply->flags = RESOLVE_CLASS_DEFAULT;
vstring_strcpy(reply->transport, var_def_transport);
vstring_strcpy(reply->nexthop, domain);
}
vstring_strcpy(reply->recipient, addr); vstring_strcpy(reply->recipient, addr);
} }
@@ -3746,6 +3776,13 @@ int main(int argc, char **argv)
resp = 0; resp = 0;
break; break;
} }
if (strcasecmp(args->argv[0], "relay_recipient_maps") == 0) {
UPDATE_STRING(var_relay_rcpt_maps, args->argv[1]);
UPDATE_MAPS(relay_rcpt_maps, VAR_LOCAL_RCPT_MAPS,
var_relay_rcpt_maps, DICT_FLAG_LOCK);
resp = 0;
break;
}
if (strcasecmp(args->argv[0], "canonical_maps") == 0) { if (strcasecmp(args->argv[0], "canonical_maps") == 0) {
UPDATE_STRING(var_canonical_maps, args->argv[1]); UPDATE_STRING(var_canonical_maps, args->argv[1]);
UPDATE_MAPS(canonical_maps, VAR_CANONICAL_MAPS, UPDATE_MAPS(canonical_maps, VAR_CANONICAL_MAPS,

2
postfix/src/smtpd/smtpd_check.ref
View File

@@ -139,6 +139,7 @@ OK
>>> client foo 123.123.123.123 >>> client foo 123.123.123.123
OK OK
>>> rcpt foo@watson.ibm.com >>> rcpt foo@watson.ibm.com
./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<123.123.123.123> ./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<123.123.123.123>
554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied
>>> rcpt foo@porcupine.org >>> rcpt foo@porcupine.org
@@ -182,6 +183,7 @@ OK
>>> client_restrictions reject_maps_rbl >>> client_restrictions reject_maps_rbl
OK OK
>>> client spike.porcupine.org 168.100.189.2 >>> client spike.porcupine.org 168.100.189.2
./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK OK
>>> client foo 127.0.0.2 >>> client foo 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<123.123.123.123> ./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<123.123.123.123>

2
postfix/src/smtpd/smtpd_check.ref2
View File

@@ -129,6 +129,7 @@ OK
>>> client foo 123.123.123.123 >>> client foo 123.123.123.123
OK OK
>>> rcpt foo@watson.ibm.com >>> rcpt foo@watson.ibm.com
./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<friend.bad.domain> ./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<friend.bad.domain>
554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied
>>> rcpt foo@porcupine.org >>> rcpt foo@porcupine.org
@@ -172,6 +173,7 @@ OK
>>> client_restrictions reject_maps_rbl >>> client_restrictions reject_maps_rbl
OK OK
>>> client spike.porcupine.org 168.100.189.2 >>> client spike.porcupine.org 168.100.189.2
./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK OK
>>> client foo 127.0.0.2 >>> client foo 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<friend.bad.domain> ./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<friend.bad.domain>

1
postfix/src/smtpd/smtpd_exp.ref
View File

@@ -25,6 +25,7 @@ OK
>>> client spike.porcupine.org 168.100.189.2 >>> client spike.porcupine.org 168.100.189.2
OK OK
>>> rcpt rname@rdomain >>> rcpt rname@rdomain
./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK OK
>>> client foo 127.0.0.2 >>> client foo 127.0.0.2
OK OK

29
postfix/src/trivial-rewrite/resolve.c
View File

@@ -103,7 +103,7 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
TOK822 *saved_domain = 0; TOK822 *saved_domain = 0;
TOK822 *domain = 0; TOK822 *domain = 0;
char *destination; char *destination;
const char *blame; const char *blame = 0;
*flags = 0; *flags = 0;
@@ -239,9 +239,9 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
if (virt_alias_doms if (virt_alias_doms
&& string_list_match(virt_alias_doms, STR(nexthop))) { && string_list_match(virt_alias_doms, STR(nexthop))) {
vstring_strcpy(channel, var_error_transport); vstring_strcpy(channel, var_error_transport);
vstring_strcpy(nexthop, "unknown user"); vstring_strcpy(nexthop, "User unknown");
blame = VAR_ERROR_TRANSPORT; blame = VAR_ERROR_TRANSPORT;
*flags |= RESOLVE_CLASS_ERROR; *flags |= RESOLVE_CLASS_ALIAS;
} else if (dict_errno != 0) { } else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_VIRT_ALIAS_DOMS); msg_warn("%s lookup failure", VAR_VIRT_ALIAS_DOMS);
*flags |= RESOLVE_FLAG_FAIL; *flags |= RESOLVE_FLAG_FAIL;
@@ -291,11 +291,17 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
/* /*
* Sanity checks. * Sanity checks.
*/ */
if (*STR(channel) == 0) if ((*flags & RESOLVE_FLAG_FAIL) == 0) {
msg_fatal("file %s/%s: parameter %s: null transport is not allowed", if (*STR(channel) == 0) {
var_config_dir, MAIN_CONF_FILE, blame); if (blame == 0)
if (*STR(nexthop) == 0) msg_panic("%s: null blame", myname);
msg_panic("%s: null nexthop", myname); msg_warn("file %s/%s: parameter %s: null transport is not allowed",
var_config_dir, MAIN_CONF_FILE, blame);
*flags |= RESOLVE_FLAG_FAIL;
}
if (*STR(nexthop) == 0)
msg_panic("%s: null nexthop", myname);
}
/* /*
* Bounce recipients that have moved. We do it here instead of in the * Bounce recipients that have moved. We do it here instead of in the
@@ -315,7 +321,6 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
IGNORE_ADDR_EXTENSION)) != 0) { IGNORE_ADDR_EXTENSION)) != 0) {
vstring_strcpy(channel, var_error_transport); vstring_strcpy(channel, var_error_transport);
vstring_sprintf(nexthop, "user has moved to %s", newloc); vstring_sprintf(nexthop, "user has moved to %s", newloc);
*flags |= RESOLVE_CLASS_ERROR;
} else if (dict_errno != 0) { } else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_RELOCATED_MAPS); msg_warn("%s lookup failure", VAR_RELOCATED_MAPS);
*flags |= RESOLVE_FLAG_FAIL; *flags |= RESOLVE_FLAG_FAIL;
@@ -328,9 +333,9 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
* *
* XXX Don't override the error transport :-( * XXX Don't override the error transport :-(
*/ */
if ((*flags & RESOLVE_FLAG_FAIL) == 0 if ((*flags & RESOLVE_FLAG_FAIL) == 0
&& (*flags & RESOLVE_CLASS_ERROR) != 0 && *var_transport_maps
&& *var_transport_maps) { && strcmp(STR(channel), var_error_transport) != 0) {
if (transport_lookup(STR(nextrcpt), channel, nexthop) == 0 if (transport_lookup(STR(nextrcpt), channel, nexthop) == 0
&& dict_errno != 0) { && dict_errno != 0) {
msg_warn("%s lookup failure", VAR_TRANSPORT_MAPS); msg_warn("%s lookup failure", VAR_TRANSPORT_MAPS);

2
postfix/src/trivial-rewrite/transport.c
View File

@@ -104,6 +104,8 @@ static int find_transport_entry(const char *key, int flags,
/* /*
* Look up an entry with extreme prejedice. * Look up an entry with extreme prejedice.
*
* XXX Should report lookup failure status to caller instead of aborting.
*/ */
if ((value = maps_find(transport_path, key, flags)) == 0) { if ((value = maps_find(transport_path, key, flags)) == 0) {
if (dict_errno != 0) if (dict_errno != 0)

10
postfix/src/trivial-rewrite/trivial-rewrite.c
View File

@@ -218,6 +218,7 @@ char *var_virt_mailbox_maps; /* XXX virtual_mailbox_domains */
char *var_virt_alias_doms; char *var_virt_alias_doms;
char *var_virt_mailbox_doms; char *var_virt_mailbox_doms;
char *var_relocated_maps; char *var_relocated_maps;
char *var_def_transport;
/* rewrite_service - read request and send reply */ /* rewrite_service - read request and send reply */
@@ -282,15 +283,16 @@ int main(int argc, char **argv)
{ {
static CONFIG_STR_TABLE str_table[] = { static CONFIG_STR_TABLE str_table[] = {
VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0, VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 0, 0, VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 0, 0, VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 0, 0, VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 0, 0, VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_XPORT_NULL_KEY, DEF_XPORT_NULL_KEY, &var_xport_null_key, 1, 0, VAR_XPORT_NULL_KEY, DEF_XPORT_NULL_KEY, &var_xport_null_key, 1, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0, VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0, VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0, VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0, VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0, VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0, VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0, VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,

2
postfix/src/util/dict_pcre.c
View File

@@ -433,7 +433,7 @@ static int dict_pcre_prescan(int type, VSTRING *buf, char *context)
if (type == MAC_PARSE_VARNAME) { if (type == MAC_PARSE_VARNAME) {
if (ctxt->flags & DICT_FLAG_NO_REGSUB) { if (ctxt->flags & DICT_FLAG_NO_REGSUB) {
msg_warn("pcre map %s, line %d: " msg_warn("pcre map %s, line %d: "
"regular expression substitution is not allowed" "regular expression substitution is not allowed",
ctxt->mapname, ctxt->lineno); ctxt->mapname, ctxt->lineno);
return (MAC_PARSE_ERROR); return (MAC_PARSE_ERROR);
} }

20
postfix/src/virtual/virtual.c
View File

@@ -111,7 +111,7 @@
/* This is a safety measure to ensure that an out of control map in /* This is a safety measure to ensure that an out of control map in
/* \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes. /* \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
/* While it could be set to "/", this setting isn't recommended. /* While it could be set to "/", this setting isn't recommended.
/* .IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)" /* .IP \fBvirtual_mailbox_maps\fR
/* Recipients are looked up in these maps to determine the path to /* Recipients are looked up in these maps to determine the path to
/* their mailbox or maildir. If the returned path ends in a slash /* their mailbox or maildir. If the returned path ends in a slash
/* ("/"), maildir-style delivery is carried out, otherwise the /* ("/"), maildir-style delivery is carried out, otherwise the
@@ -126,6 +126,10 @@
/* /*
/* Note that \fBvirtual_mailbox_base\fR is unconditionally prepended /* Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
/* to this path. /* to this path.
/*
/* For security reasons, regular expression maps are allowed but
/* regular expression substitution of $1 etc. is disallowed,
/* because that would open a security hole.
/* .IP \fBvirtual_mailbox_domains\fR /* .IP \fBvirtual_mailbox_domains\fR
/* The list of domains that should be delivered via the Postfix virtual /* The list of domains that should be delivered via the Postfix virtual
/* delivery agent. This uses the same syntax as the \fBmydestination\fR /* delivery agent. This uses the same syntax as the \fBmydestination\fR
@@ -135,7 +139,7 @@
/* a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup. /* a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
/* Returned values less than this will be rejected, and the message /* Returned values less than this will be rejected, and the message
/* will be deferred. /* will be deferred.
/* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)" /* .IP \fBvirtual_uid_maps\fR
/* Recipients are looked up in these maps to determine the user ID to be /* Recipients are looked up in these maps to determine the user ID to be
/* used when writing to the target mailbox. /* used when writing to the target mailbox.
/* /*
@@ -145,7 +149,11 @@
/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR /* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
/* to match any user in the specified domain that does not have a /* to match any user in the specified domain that does not have a
/* specific \fIuser@domain.tld\fR entry. /* specific \fIuser@domain.tld\fR entry.
/* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)" /*
/* For security reasons, regular expression maps are allowed but
/* regular expression substitution of $1 etc. is disallowed,
/* because that would open a security hole.
/* .IP \fBvirtual_gid_maps\fR
/* Recipients are looked up in these maps to determine the group ID to be /* Recipients are looked up in these maps to determine the group ID to be
/* used when writing to the target mailbox. /* used when writing to the target mailbox.
/* /*
@@ -155,6 +163,10 @@
/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR /* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
/* to match any user in the specified domain that does not have a /* to match any user in the specified domain that does not have a
/* specific \fIuser@domain.tld\fR entry. /* specific \fIuser@domain.tld\fR entry.
/*
/* For security reasons, regular expression maps are allowed but
/* regular expression substitution of $1 etc. is disallowed,
/* because that would open a security hole.
/* .SH "Locking controls" /* .SH "Locking controls"
/* .ad /* .ad
/* .fi /* .fi
@@ -211,6 +223,8 @@
/* The \fBmaildir\fR structure appears in the \fBqmail\fR system /* The \fBmaildir\fR structure appears in the \fBqmail\fR system
/* by Daniel Bernstein. /* by Daniel Bernstein.
/* SEE ALSO /* SEE ALSO
/* regexp_table(5) POSIX regular expression table format
/* pcre_table(5) Perl Compatible Regular Expression table format
/* bounce(8) non-delivery status reports /* bounce(8) non-delivery status reports
/* syslogd(8) system logging /* syslogd(8) system logging
/* qmgr(8) queue manager /* qmgr(8) queue manager