mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-31 06:05:37 +00:00
Code Issues Releases Wiki Activity

postfix-1.1.12-20021208

Browse Source
This commit is contained in:
Wietse Venema
2002-12-08 00:00:00 -05:00
committed by Viktor Dukhovni
parent dbed5008ea
commit 29c2c7963a
54 changed files with 976 additions and 478 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
postfix/HISTORY
View File

@@ -7295,16 +7295,16 @@ Apologies for any names omitted.
syntax as the mydestination parameter. Default settings
are backwards compatible with Postfix 1.1.
Cleanup: just like $mydestination+$inet_interfaces control
Concept: just like $mydestination+$inet_interfaces control
what routes to $local_transport, $virtual_mailbox_domains
now controls what routes to $virtual_transport (default
transport: virtual), and $relay_domains now controls what
routes to $relay_transport (default transport: relay, a
clone of the smtp transport). Everything else routes to
$default_transport as before. This eliminates the need
for transport maps for virtual(8) domains, and avoids
performance problems with inbound relay mail. This was
improvement was suggested by Victor Duchovni. File:
for transport map entries for every virtual(8) domain, and
avoids performance problems with inbound relay mail. This
was improvement was suggested by Victor Duchovni. File:
trivial-rewrite/resolve.c.
20021206
@@ -7315,25 +7315,52 @@ Apologies for any names omitted.
20021207
Performance: apparently, RFC 2821 blesses the use of CNAME
domain names in SMTP commands. This speeds things up a bit.
File: smtp/smtp_proto.c.
Cleanup: deleted the description of sendmail-style virtual
domains from the virtual(5) manual page. This part of
Postfix was too confusing.
Performance: RFC 2821 blesses the use of CNAME domain names
in MAIL FROM and RCPT TO. Not having to expand CNAME domain
names speeds things up a bit. File: smtp/smtp_proto.c.
Workaround: exclude error mailer destinations from transport
table lookups. File: trivial-rewrite/resolve.c.
mapping lookups :-(. File: trivial-rewrite/resolve.c.
Cleanup: relocated_maps lookups moved to the trivial-rewrite
server. The queue manager no longer does any map lookups,
so it won't restart when maps change. This required that
resolver clients be prepared for the case that the resolver
reports it is unable to access a lookup table. This also
required that trivial-rewrite be running as multiple
processes to reduce the impact of table lookup latencies.
Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c,
local/resolve.c, smtpd/smtpd_check.c, master/multi-server.c.
Cleanup: relocated_maps lookups are now moved to the
trivial-rewrite server. As of now, the queue manager no
longer does any map lookups, so it won't restart when maps
change. Files: *qmgr/qmgr_message.c, trivial-rewrite/resolve.c.
Workaround: don't discard all DNS lookup results when one
has a malformed name or address. File: dns/dns_lookups.c.
Robustness: because the trivial-rewrite server now does
many more table lookups, some of which are often LDAP or
SQL based, trivial-rewrite clients must be be prepared for
the case that the resolver reports a failure while processing
a request (when it was unable to access a lookup table).
Files: trivial-rewrite/resolve.c, local/resolve.c,
smtpd/smtpd_check.c.
Robustness: moving possible LDAP or SQL table lookups into
the trivial-rewrite server also required that trivial-rewrite
be running as multiple processes to reduce lookup latencies.
Files: master/multi-server.c.
Workaround: don't discard all the DNS lookup results when
only one of the results has a malformed name or address.
File: dns/dns_lookup.c.
200201208
Cleanup: with the preliminary address domain classification
concept as implemented by the trivial-rewrite address
resolver, a lot of table lookups could be eliminated from
the SMTP server. Files: smtpd/smtpd_check.c.
Feature: new relay_recipient_maps parameter, for optional
maps with all the recipients in the domains that match
$relay_domains (so you can reject mail for unknown relay
recipients). This is for consistency with virtual_xx_maps
and virtual_xx_domains, and with local_recipient_maps and
the local delivery agent. File: smtpd/smtpd_check.c.
Open problems:

21
postfix/README_FILES/VIRTUAL_README
View File

@@ -8,9 +8,9 @@ Purpose of this software
You can use the virtual delivery agent for mailbox delivery of some
or all domains that are handled by a machine.
This mechanism is different from virtual domains that are implemented
by translating each virtual address into a real local user. For
that, see the virtual(5) manual page.
This mechanism is different from simulated virtual domains that
are implemented by translating each virtual address into a real
local user. For that, see the virtual(5) manual page.
This is what Andrew McNamara wrote when he made the virtual delivery
agent available.
@@ -80,8 +80,9 @@ virtual_mailbox_maps
If a recipient is not found the mail is returned to the sender.
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
@@ -102,8 +103,9 @@ virtual_uid_maps
specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored.
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same
UID. For example, to specify that all mailboxes are owned by the
@@ -121,8 +123,9 @@ virtual_gid_maps
specific user@domain.tld entry. While searching a lookup table,
an address extension (user+foo@domain.tld) is ignored.
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
Specify a static map if all mailboxes should be owned by the same
GID. For example, to specify that all mailboxes are owned by the

91
postfix/RELEASE_NOTES
View File

@@ -15,13 +15,92 @@ the same bugfixes as a patch release.
Incompatible changes with Postfix snapshot 1.1.12-200212XX
==========================================================
The default hash_queue_depth setting is reduced to 1 level of
subdirectories. This improves "mailq" performance on most systems,
but results in poorer worst-case performance on systems with lots
of mail in the queue.
Postfix now uses the "relay" mail delivery transport for relayed
mail (domains matching relay_domains). This may affect your
defer_transports settings. The old "smtp" transport is now the
default mail delivery transport for domains that do not match
relay_domains or any local or virtual domain name.
The check_relay_domains restriction is going away. The SMTP server
logs a warning and suggests using reject_unauth_destination instead.
The "virtual_maps" configuration parameter is now called
"virtual_alias_maps", for consistency with "virtual_mailbox_maps".
Default settings are backwards compatible with Postfix 1.1.
Postfix-style virtual domains are now called simulated virtual
domains. Sendmail-style virtual domains are no longer documented.
This part of Postfix was too confusing.
The default queue directory hash_queue_depth setting is reduced to
1 level of subdirectories per Postfix queue. This improves "mailq"
performance on most systems, but can result in poorer worst-case
performance on systems with lots of mail in the queue.
The "reject_maps_rbl" restriction is going away. The SMTP server
logs a warning and suggests using the more flexible "reject_rbl_client"
instead.
The "check_relay_domains" restriction is going away. The SMTP server
logs a warning and suggests using "reject_unauth_destination"
instead.
Major changes with Postfix snapshot 1.1.11-200212XX
===================================================
This release introduces separation of lookup tables for addresses
and for domain names of virtual domains.
- virtual_maps is replaced by virtual_alias_maps (for address
lookups) and virtual_alias_domains (for the names of what were
formerly called "Postfix-style virtual domains").
For backwards compatibility with Postfix version 1.1, the new
virtual_alias_maps parameter defaults to $virtual_maps, and the
new virtual_alias_domains parameter defaults to $virtual_alias_maps.
- virtual_mailbox_maps now has a companion parameter called
virtual_mailbox_domains (for the names of domains served by the
virtual delivery agent). virtual_mailbox_maps is now used for
address lookups only.
For backwards compatibility with Postfix version 1.1,, the new
virtual_mailbox_domains parameter defaults to $virtual_mailbox_maps.
This release introduces the concept of address domain classes, each
having its own default mail delivery transport:
Destination matches Default transport Default name
--------------------------------------------------------------
$mydestination or
$inet_interfaces $local_transport local
$virtual_alias_domains (not applicable) (not applicable)
$virtual_mailbox_domains $virtual_transport virtual
$relay_domains $relay_transport relay
other $default_transport smtp
The benefits of these changes are that:
- You no longer need to specify all the virtual(8) domains in the
Postfix transport map.
- A lot of table lookups could be eliminated from the SMTP server's
mail relay control and unknown user blocking code.
Better handling of unknown recipients. Each address domain class
now has its own table with known recipients, so that you can reject
mail for unknown addresses consistently.
Destination matches Recipients defined by Remarks
--------------------------------------------------------------
$mydestination or
$inet_interfaces $local_recipient_maps optional
$virtual_alias_domains $virtual_alias_maps none
$virtual_mailbox_domains $virtual_mailbox_maps none
$relay_domains $relay_recipient_maps optional
other (not applicable) (not applicable)
Finally, regular expression maps are now allowed with local delivery
agent alias tables and with all virtual delivery agent lookup tables.
However, regular expression substitution of $1 etc. is still
forbidden for security reasons.
Incompatible changes with Postfix snapshot 1.1.11-20021108
==========================================================

13
postfix/conf/aliases
View File

@@ -36,7 +36,6 @@ abuse: postmaster
# trap decode to catch security attacks
decode: root
#
# ALIASES(5) ALIASES(5)
#
# NAME
@@ -166,12 +165,19 @@ decode: root
# Delimiter that separates recipients from address
# extensions.
#
# BUGS
# Regular expression alias lookup tables are allowed, but
# substitution of $1 etc. is forbidden because that would
# open a security loophole.
#
# STANDARDS
# RFC 822 (ARPA Internet Text Messages)
#
# SEE ALSO
# local(8) local delivery agent
# postalias(1) alias database management
# newaliases(1) alias database management
# regexp_table(5) POSIX regular expression table format
# pcre_table(5) Perl Compatible Regular Expression table format
#
# LICENSE
# The Secure Mailer license must be distributed with this
@@ -183,5 +189,4 @@ decode: root
# P.O. Box 704
# Yorktown Heights, NY 10598, USA
#
# 1
#
# ALIASES(5)

31
postfix/conf/main.cf
View File

@@ -119,17 +119,21 @@ mail_owner = postfix
#proxy_interfaces = 1.2.3.4
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for. That includes
# Sendmail-style virtual domains hosted on this machine.
# machine considers itself the final destination for.
#
# Do not include Postfix-style virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the
# names of domains that this machine is backup MX host for. Specify
# those names via the relay_domains or permit_mx_backup settings for
# the SMTP server (see sample-smtpd.cf).
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# sample-smtpd.cf).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
@@ -242,6 +246,16 @@ mail_owner = postfix
#relayhost = uucphost
#relayhost = [an.ip.add.ress]
# REJECTING UNKNOWN RELAY USERS
#
# The relay_recipient_maps parameter specifies optional lookup tables
# with all addresses in the domains that match $relay_domains.
#
# If this parameter is defined, then the SMTP server will reject
# mail for unknown relay users.
#
#relay_recipient_maps = hash:/etc/postfix/relay_recipients
# REJECTING UNKNOWN LOCAL USERS
#
# The local_recipient_maps parameter specifies optional lookup tables
@@ -302,6 +316,7 @@ mail_owner = postfix
#
# The alias_maps parameter specifies the list of alias databases used
# by the local delivery agent. The default list is system dependent.
#
# On systems with NIS, the default is to search the local alias
# database, then the NIS alias database. See aliases(5) for syntax
# details.

24
postfix/conf/sample-misc.cf
View File

@@ -41,7 +41,9 @@ berkeley_db_read_buffer_size = 131072
#default_database_type = dbm
# The default_transport parameter specifies the default message
# delivery transport to use when no transport is explicitly given in
# delivery transport for domains that do not match mydestination,
# inet_interfaces, virtual_alias_domains, virtual_mailbox_domains,
# relay_domains, and for which no transport is explicitly given in
# the optional transport(5) table.
#
# Specify a string of the form transport:nexthop, where transport is
@@ -195,17 +197,21 @@ max_idle = 100s
max_use = 100
# The mydestination parameter specifies the list of domains that this
# machine considers itself the final destination for. That includes
# Sendmail-style virtual domains hosted on this machine.
# machine considers itself the final destination for.
#
# Do not include Postfix-style virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf, and sample-transport.cf).
# These domains are routed to the delivery agent specified with the
# local_transport parameter setting.
#
# The default is $myhostname + localhost.$mydomain. On a mail domain
# gateway, you should also include $mydomain. Do not specify the
# names of domains that this machine is backup MX host for. Specify
# those names via the relay_domains or permit_mx_backup settings for
# the SMTP server (see sample-smtpd.cf).
# gateway, you should also include $mydomain.
#
# Do not specify the names of virtual domains - those domains are
# specified elsewhere (see sample-virtual.cf).
#
# Do not specify the names of domains that this machine is backup MX
# host for. Specify those names via the relay_domains settings for
# the SMTP server, or use permit_mx_backup if you are lazy (see
# sample-smtpd.cf).
#
# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system

3
postfix/conf/sample-smtpd.cf
View File

@@ -406,6 +406,9 @@ allow_untrusted_routing = no
# and restricts what destination domains (and subdomains thereof)
# this system will relay mail to.
#
# These domains are routed to the delivery agent specified with the
# relay_transport parameter setting.
#
# By default, Postfix relays mail
# - from trusted clients whose IP address matches $mynetworks,
# - from untrusted clients to destinations that match $relay_domains

17
postfix/conf/sample-virtual.cf
View File

@@ -4,19 +4,20 @@
# This file contains example settings of Postfix configuration
# parameters that control virtual alias database lookups.
# This file describes settings for simulated virtual domains. These
# are domains for which all mail is aliased to one or more local or
# remote addresses. For details, see the virtual(5) manual page.
# This file describes configuration settings that can be used for
# aliasing and for implementing SIMULATED VIRTUAL DOMAINS (domains
# for which all mail is aliased to one or more local or remote
# addresses). For details, see the virtual(5) manual page.
#
# If you need virtual domains where each virtual address can have
# its own mailbox, then you should use the virtual(8) delivery agent
# instead. For details, see the VIRTUAL_README file.
# If you need TRUE VIRTUAL DOMAINS (domains where each virtual address
# can have its own mailbox), then you should use the virtual(8)
# delivery agent instead. For details, see the VIRTUAL_README file.
# The virtual_alias_maps parameter specifies optional lookup tables to
# redirect specific addresses or even complete domains to another
# alias specific addresses or even complete domains to another
# address. This is typically used to simulate virtual domain support.
#
# By default, no address redirection is done.
# By default, no address aliasing is done.
#
# If you use this feature, run "postmap /etc/postfix/virtual" to
# build the necessary DBM or DB file after change.

94
postfix/conf/transport
View File

@@ -59,6 +59,28 @@
# "do not change": use the delivery transport and nexthop
# information that would be used if no match were found.
#
# TRANSPORT FIELD
# The transport field specifies the name of a mail delivery
# transport (the first name of a mail delivery service entry
# in the Postfix master.cf file).
#
# When a null transport field is specified, Postfix uses one
# of the following transports:
#
# $local_transport
# The domain matches $mydestination or $inet_inter-
# faces.
#
# $virtual_transport
# The domain matches $virtual_mailbox_domains.
#
# $relay_transport
# The domain matches $relay_transport.
#
# $default_transport
# All other non-local, non-virtual destinations.
#
# NEXTHOP FIELD
# The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify host:service for a
# non-default server port, and use [host] or [host]:port in
@@ -66,6 +88,7 @@
# form can also be used with IP addresses instead of host-
# names.
#
# LOOKUP ORDER
# With lookups from indexed files such as DB or DBM, or from
# networked tables such as NIS, LDAP or SQL, patterns are
# tried in the order as listed below:
@@ -123,64 +146,63 @@
#
# foo.org slow:
#
# When no transport is specified, Postfix uses either
# $local_transport or $default_transport, depending on
# whether the destination matches $mydestination. The fol-
# lowing sends all mail for foo.org and its subdomains to
# host gateway.foo.org:
# When no transport is specified, Postfix uses the transport
# that matches the address domain class (see TRANSPORT FIELD
# discussion above). The following sends all mail for
# foo.org and its subdomains to host gateway.foo.org:
#
# foo.org :[gateway.foo.org]
# .foo.org :[gateway.foo.org]
#
# In the above example, the [] are used to suppress MX
# lookups. The result would likely point to your local
# In the above example, the [] are used to suppress MX
# lookups. The result would likely point to your local
# machine.
#
# In the case of delivery via SMTP, one may specify host-
# In the case of delivery via SMTP, one may specify host-
# name:service instead of just a host:
#
# foo.org smtp:bar.org:2025
#
# This directs mail for user@foo.org to host bar.org port
# 2025. Instead of a numerical port a symbolic name may be
# used. Specify [] around the hostname in order to disable
# This directs mail for user@foo.org to host bar.org port
# 2025. Instead of a numerical port a symbolic name may be
# used. Specify [] around the hostname in order to disable
# MX lookups.
#
# The error mailer can be used to bounce mail:
#
# .foo.org error:mail for *.foo.org is not deliv-
# .foo.org error:mail for *.foo.org is not deliv-
# erable
#
# This causes all mail for user@anything.foo.org to be
# This causes all mail for user@anything.foo.org to be
# bounced.
#
# REGULAR EXPRESSION TABLES
# This section describes how the table lookups change when
# This section describes how the table lookups change when
# the table is given in the form of regular expressions. For
# a description of regular expression lookup table syntax,
# a description of regular expression lookup table syntax,
# see regexp_table(5) or pcre_table(5).
#
# Each pattern is a regular expression that is applied to
# Each pattern is a regular expression that is applied to
# the entire domain being looked up. Thus, some.domain.hier-
# archy is not broken up into parent domains.
#
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
# Patterns are applied in the order as specified in the
# table, until a pattern is found that matches the search
# string.
#
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# Results are the same as with indexed file lookups, with
# the additional feature that parenthesized substrings from
# the pattern can be interpolated as $1, $2 and so on.
#
# CONFIGURATION PARAMETERS
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the postfix reload
# The following main.cf parameters are especially relevant
# to this topic. See the Postfix main.cf file for syntax
# details and for default values. Use the postfix reload
# command after a configuration change.
#
# parent_domain_matches_subdomains
# List of Postfix features that use domain.tld pat-
# terns to match sub.domain.tld (as opposed to
# List of Postfix features that use domain.tld pat-
# terns to match sub.domain.tld (as opposed to
# requiring .domain.tld patterns).
#
# transport_maps
@@ -189,14 +211,21 @@
# Other parameters of interest:
#
# local_transport
# The mail delivery transport to use when no trans-
# port is explicitly specified, and the destination
# matches $mydestination.
# The default mail delivery transport when the desti-
# nation matches $mydestination or $inet_interfaces.
#
# virtual_transport
# The default mail delivery transport when the desti-
# nation matches virtual_mailbox_domains.
#
# relay_transport
# The default mail delivery transport when the desti-
# nation matches relay_domains.
#
# default_transport
# The mail delivery transport to use when no trans-
# port is explicitly specified, and the destination
# does not match $mydestination.
# The default mail delivery transport when the desti-
# nation does not match a local, virtual or relay
# destination.
#
# mydestination
# The destinations that are given to $local_transport
@@ -204,7 +233,8 @@
#
# relayhost
# The default host for destinations that do not match
# $mydestination.
# $mydestination, $inet_interfaces, vir-
# tual_alias_domains or virtual_mailbox_domains.
#
# SEE ALSO
# postmap(1) create mapping table

41
postfix/conf/virtual
View File

@@ -12,9 +12,17 @@
#
# DESCRIPTION
# The optional virtual alias table specifies address alias-
# ing for local and non-local recipients. Virtual aliasing
# is used by the cleanup(8) daemon. Virtual aliasing is
# recursive.
# ing for arbitrary local or non-local recipient addresses.
# Virtual aliasing is recursive, and is done by the Postfix
# cleanup(8) daemon.
#
# The main applications of virtual aliasing are:
#
# o To redirect mail from one address to one or more
# other addresses.
#
# o To simulate virtual domains where all virtual
# addresses are aliased to non-virtual addresses.
#
# Virtual aliasing is applied only to recipient envelope
# addresses, and does not affect message headers. Think
@@ -52,8 +60,8 @@
# With a simulated virtual domain, the virtual domain has
# its own user name space. Local (i.e. non-virtual) user-
# names are not visible in a simulated virtual domain. In
# particular, local aliases(5) and mailing lists are not
# visible as localname@virtual.domain.
# particular, local aliases(5) and local mailing lists are
# not visible as localname@simulated.domain.
#
# Support for a simulated virtual domain looks like:
#
@@ -65,21 +73,21 @@
# types.
#
# /etc/postfix/virtual:
# virtual.domain anything (right-hand content does not matter)
# postmaster@virtual.domain postmaster
# user1@virtual.domain address1
# user2@virtual.domain address2, address3
# simulated.domain anything (right-hand content does not matter)
# postmaster@simulated.domain postmaster
# user1@simulated.domain address1
# user2@simulated.domain address2, address3
#
# The virtual.domain anything entry is required for a simu-
# lated virtual domain. Without this entry, mail will be
# The simulated.domain anything entry is required for a sim-
# ulated virtual domain. Without this entry, mail will be
# rejected with a "relay access denied" error condition.
#
# Do not list a simulated virtual domain name in the main.cf
# mydestination configuration parameter.
#
# With a simulated virtual domain, the Postfix SMTP server
# accepts mail for known-user@virtual.domain, and rejects
# mail for unknown-user@virtual.domain as undeliverable.
# accepts mail for known-user@simulated.domain, and rejects
# mail for unknown-user@simulated.domain as undeliverable.
#
# Instead of specifying the simulated virtual domain name
# via the virtual_alias_maps table, you may also specify it
@@ -187,7 +195,8 @@
# local.
#
# myorigin
# The domain that is appended to locally-posted mail.
# The domain that is appended to any address that
# does not have a domain.
#
# owner_request_special
# Give special treatment to owner-xxx and xxx-request
@@ -196,8 +205,8 @@
# SEE ALSO
# cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table
# pcre_table(5) format of PCRE tables
# regexp_table(5) format of POSIX regular expression tables
# regexp_table(5) POSIX regular expression table format
# pcre_table(5) Perl Compatible Regular Expression table format
#
# LICENSE
# The Secure Mailer license must be distributed with this

13
postfix/html/aliases.5.html
View File

@@ -1,5 +1,4 @@
<html> <head> </head> <body> <pre>
ALIASES(5) ALIASES(5)
<b>NAME</b>
@@ -129,12 +128,19 @@ ALIASES(5) ALIASES(5)
Delimiter that separates recipients from address
extensions.
<b>BUGS</b>
Regular expression alias lookup tables are allowed, but
substitution of $1 etc. is forbidden because that would
open a security loophole.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc822.html">RFC 822</a> (ARPA Internet Text Messages)
<b>SEE</b> <b>ALSO</b>
<a href="local.8.html">local(8)</a> local delivery agent
<a href="postalias.1.html">postalias(1)</a> alias database management
<a href="newaliases.1.html">newaliases(1)</a> alias database management
<a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
@@ -146,6 +152,5 @@ ALIASES(5) ALIASES(5)
P.O. Box 704
Yorktown Heights, NY 10598, USA
1
ALIASES(5)
</pre> </body> </html>

2
postfix/html/cleanup.8.html
View File

@@ -209,7 +209,7 @@ CLEANUP(8) CLEANUP(8)
<a href="qmgr.8.html">qmgr(8)</a> queue manager daemon
syslogd(8) system logging
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address rewriting
<a href="virtual.5.html">virtual(5)</a> virtual address lookup table format
<a href="virtual.5.html">virtual(5)</a> virtual alias lookup table format
<b>FILES</b>
/etc/postfix/canonical*, canonical mapping table

9
postfix/html/postfix.1.html
View File

@@ -141,7 +141,14 @@ POSTFIX(1) POSTFIX(1)
$<b>config</b><i>_</i><b>directory/master.cf</b>, Postfix daemon processes
<b>SEE</b> <b>ALSO</b>
<a href="master.8.html">master(8)</a> Postfix master program
<a href="postconf.1.html">postconf(1)</a> Postfix configuration management
<a href="postsuper.1.html">postsuper(1)</a> Postfix housekeeping
<a href="sendmail.1.html">sendmail(1)</a> Sendmail-compatible interface
<a href="postmap.1.html">postmap(1)</a> Postfix lookup table management
<a href="master.8.html">master(8)</a> Postfix master daemon
The respective manual pages for the daemon processes spec-
ified in the <b>master.cf</b> file, and the manual pages refer-
enced by those manual pages.
<b>LICENSE</b>
The Secure Mailer license must be distributed with this

80
postfix/html/smtpd.8.html
View File

@@ -151,21 +151,27 @@ SMTPD(8) SMTPD(8)
defined, then the SMTP server rejects mail for
unknown local users.
<b>relay</b><i>_</i><b>recipient</b><i>_</i><b>maps</b>
List of maps that define all the email addresses in
the domains that match <b>$relay</b><i>_</i><b>domains</b>. If this
parameter is defined, then the SMTP server rejects
mail for unknown relay recipients.
<b>notify</b><i>_</i><b>classes</b>
List of error classes. Of special interest are:
<b>policy</b> When a client violates any policy, mail a
<b>policy</b> When a client violates any policy, mail a
transcript of the entire SMTP session to the
postmaster.
<b>protocol</b>
When a client violates the SMTP protocol or
When a client violates the SMTP protocol or
issues an unimplemented command, mail a
transcript of the entire SMTP session to the
postmaster.
<b>smtpd</b><i>_</i><b>banner</b>
Text that follows the <b>220</b> status code in the SMTP
Text that follows the <b>220</b> status code in the SMTP
greeting banner.
<b>smtpd</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
@@ -173,25 +179,25 @@ SMTPD(8) SMTPD(8)
expansion of rbl template responses and other text.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Restrict the number of recipients that the SMTP
Restrict the number of recipients that the SMTP
server accepts per message delivery.
<b>smtpd</b><i>_</i><b>timeout</b>
Limit the time to send a server response and to
Limit the time to send a server response and to
receive a client request.
<b>soft</b><i>_</i><b>bounce</b>
Change hard (5xx) reject responses into soft (4xx)
reject responses. This can be useful for testing
Change hard (5xx) reject responses into soft (4xx)
reject responses. This can be useful for testing
purposes.
<b>verp</b><i>_</i><b>delimiter</b><i>_</i><b>filter</b>
The characters that Postfix accepts as VERP delim-
The characters that Postfix accepts as VERP delim-
iter characters.
<b>Resource</b> <b>controls</b>
<b>line</b><i>_</i><b>length</b><i>_</i><b>limit</b>
Limit the amount of memory in bytes used for the
Limit the amount of memory in bytes used for the
handling of partial input lines.
<b>message</b><i>_</i><b>size</b><i>_</i><b>limit</b>
@@ -199,8 +205,8 @@ SMTPD(8) SMTPD(8)
ing on-disk storage for envelope information.
<b>queue</b><i>_</i><b>minfree</b>
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
Minimal amount of free space in bytes in the queue
file system for the SMTP server to accept any mail
at all.
<b>smtpd</b><i>_</i><b>history</b><i>_</i><b>flush</b><i>_</i><b>threshold</b>
@@ -215,23 +221,23 @@ SMTPD(8) SMTPD(8)
<b>smtpd</b><i>_</i><b>soft</b><i>_</i><b>error</b><i>_</i><b>limit</b>
When an SMTP client has made this number of errors,
wait <i>error_count</i> seconds before responding to any
wait <i>error_count</i> seconds before responding to any
client request.
<b>smtpd</b><i>_</i><b>hard</b><i>_</i><b>error</b><i>_</i><b>limit</b>
Disconnect after a client has made this number of
Disconnect after a client has made this number of
errors.
<b>smtpd</b><i>_</i><b>junk</b><i>_</i><b>command</b><i>_</i><b>limit</b>
Limit the number of times a client can issue a junk
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
command such as NOOP, VRFY, ETRN or RSET in one
SMTP session before it is penalized with tarpit
delays.
<b>UCE</b> <b>control</b> <b>restrictions</b>
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to
List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>smtpd</b><i>_</i><b>client</b><i>_</i><b>restrictions</b>
@@ -239,19 +245,19 @@ SMTPD(8) SMTPD(8)
tem.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>required</b>
Require that clients introduce themselves at the
Require that clients introduce themselves at the
beginning of an SMTP session.
<b>smtpd</b><i>_</i><b>helo</b><i>_</i><b>restrictions</b>
Restrict what client hostnames are allowed in <b>HELO</b>
Restrict what client hostnames are allowed in <b>HELO</b>
and <b>EHLO</b> commands.
<b>smtpd</b><i>_</i><b>sender</b><i>_</i><b>restrictions</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
Restrict what sender addresses are allowed in <b>MAIL</b>
<b>FROM</b> commands.
<b>smtpd</b><i>_</i><b>recipient</b><i>_</i><b>restrictions</b>
Restrict what recipient addresses are allowed in
Restrict what recipient addresses are allowed in
<b>RCPT</b> <b>TO</b> commands.
<b>smtpd</b><i>_</i><b>etrn</b><i>_</i><b>restrictions</b>
@@ -259,40 +265,41 @@ SMTPD(8) SMTPD(8)
mands, and what clients may issue <b>ETRN</b> commands.
<b>smtpd</b><i>_</i><b>data</b><i>_</i><b>restrictions</b>
Restrictions on the <b>DATA</b> command. Currently, the
only restriction that makes sense here is
Restrictions on the <b>DATA</b> command. Currently, the
only restriction that makes sense here is
<b>reject</b><i>_</i><b>unauth</b><i>_</i><b>pipelining</b>.
<b>allow</b><i>_</i><b>untrusted</b><i>_</i><b>routing</b>
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
Allow untrusted clients to specify addresses with
sender-specified routing. Enabling this opens up
nasty relay loopholes involving trusted backup MX
hosts.
<b>smtpd</b><i>_</i><b>restriction</b><i>_</i><b>classes</b>
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
Declares the name of zero or more parameters that
contain a list of UCE restrictions. The names of
these parameters can then be used instead of the
restriction lists that they represent.
<b>smtpd</b><i>_</i><b>null</b><i>_</i><b>access</b><i>_</i><b>lookup</b><i>_</i><b>key</b>
The lookup key to be used in SMTPD access tables
instead of the null sender address. A null sender
The lookup key to be used in SMTPD access tables
instead of the null sender address. A null sender
address cannot be looked up.
<b>maps</b><i>_</i><b>rbl</b><i>_</i><b>domains</b> (deprecated)
List of DNS domains that publish the addresses of
List of DNS domains that publish the addresses of
blacklisted hosts. This is used with the deprecated
<b>reject</b><i>_</i><b>maps</b><i>_</i><b>rbl</b> restriction.
<b>permit</b><i>_</i><b>mx</b><i>_</i><b>backup</b><i>_</i><b>networks</b>
Only domains whose primary MX hosts match the
listed networks are eligible for the <b>per-</b>
Only domains whose primary MX hosts match the
listed networks are eligible for the <b>per-</b>
<b>mit</b><i>_</i><b>mx</b><i>_</i><b>backup</b> feature.
<b>relay</b><i>_</i><b>domains</b>
Restrict what domains or networks this mail system
will relay mail from or to.
Restrict what domains this mail system will relay
mail to. The domains are routed to the delivery
agent specified with the <b>relay</b><i>_</i><b>transport</b> setting.
<b>UCE</b> <b>control</b> <b>responses</b>
<b>access</b><i>_</i><b>map</b><i>_</i><b>reject</b><i>_</i><b>code</b>
@@ -345,6 +352,7 @@ SMTPD(8) SMTPD(8)
<b>reject</b><i>_</i><b>unknown</b><i>_</i><b>hostname</b> restriction.
<b>SEE</b> <b>ALSO</b>
<a href="trivial-rewrite.8.html">trivial-rewrite(8)</a> address resolver
<a href="cleanup.8.html">cleanup(8)</a> message canonicalization
<a href="master.8.html">master(8)</a> process manager
syslogd(8) system logging

98
postfix/html/transport.5.html
View File

@@ -60,13 +60,36 @@ TRANSPORT(5) TRANSPORT(5)
"do not change": use the delivery transport and nexthop
information that would be used if no match were found.
The interpretation of the <i>nexthop</i> field is transport
<b>TRANSPORT</b> <b>FIELD</b>
The transport field specifies the name of a mail delivery
transport (the first name of a mail delivery service entry
in the Postfix <b>master.cf</b> file).
When a null transport field is specified, Postfix uses one
of the following transports:
<b>$local</b><i>_</i><b>transport</b>
The domain matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>inter-</b>
<b>faces</b>.
<b>$virtual</b><i>_</i><b>transport</b>
The domain matches <b>$virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>$relay</b><i>_</i><b>transport</b>
The domain matches <b>$relay</b><i>_</i><b>transport</b>.
<b>$default</b><i>_</i><b>transport</b>
All other non-local, non-virtual destinations.
<b>NEXTHOP</b> <b>FIELD</b>
The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify <i>host</i>:<i>service</i> for a
non-default server port, and use [<i>host</i>] or [<i>host</i>]:<i>port</i> in
order to disable MX (mail exchanger) DNS lookups. The []
form can also be used with IP addresses instead of host-
names.
<b>LOOKUP</b> <b>ORDER</b>
With lookups from indexed files such as DB or DBM, or from
networked tables such as NIS, LDAP or SQL, patterns are
tried in the order as listed below:
@@ -115,7 +138,7 @@ TRANSPORT(5) TRANSPORT(5)
<b>foo.org</b> <b>uucp:foo</b>
<b>.foo.org</b> <b>uucp:foo</b>
When no <i>nexthop</i> host name is specified, the destination
When no nexthop host name is specified, the destination
domain name is used instead. For example, the following
directs mail for <i>user</i>@<b>foo.org</b> via the <b>slow</b> transport to a
mail exchanger for <b>foo.org</b>. The <b>slow</b> transport could be
@@ -124,64 +147,63 @@ TRANSPORT(5) TRANSPORT(5)
<b>foo.org</b> <b>slow:</b>
When no <i>transport</i> is specified, Postfix uses either
<b>$local</b><i>_</i><b>transport</b> or <b>$default</b><i>_</i><b>transport</b>, depending on
whether the destination matches <b>$mydestination</b>. The fol-
lowing sends all mail for <b>foo.org</b> and its subdomains to
host <b>gateway.foo.org</b>:
When no transport is specified, Postfix uses the transport
that matches the address domain class (see TRANSPORT FIELD
discussion above). The following sends all mail for
<b>foo.org</b> and its subdomains to host <b>gateway.foo.org</b>:
<b>foo.org</b> <b>:[gateway.foo.org]</b>
<b>.foo.org</b> <b>:[gateway.foo.org]</b>
In the above example, the [] are used to suppress MX
lookups. The result would likely point to your local
In the above example, the [] are used to suppress MX
lookups. The result would likely point to your local
machine.
In the case of delivery via SMTP, one may specify <i>host-</i>
In the case of delivery via SMTP, one may specify <i>host-</i>
<i>name</i>:<i>service</i> instead of just a host:
<b>foo.org</b> <b>smtp:bar.org:2025</b>
This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
<b>2025</b>. Instead of a numerical port a symbolic name may be
used. Specify [] around the hostname in order to disable
This directs mail for <i>user</i>@<b>foo.org</b> to host <b>bar.org</b> port
<b>2025</b>. Instead of a numerical port a symbolic name may be
used. Specify [] around the hostname in order to disable
MX lookups.
The error mailer can be used to bounce mail:
<b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
<b>.foo.org</b> <b>error:mail</b> <b>for</b> <b>*.foo.org</b> <b>is</b> <b>not</b> <b>deliv-</b>
<b>erable</b>
This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
This causes all mail for <i>user</i>@<i>anything</i><b>.foo.org</b> to be
bounced.
<b>REGULAR</b> <b>EXPRESSION</b> <b>TABLES</b>
This section describes how the table lookups change when
This section describes how the table lookups change when
the table is given in the form of regular expressions. For
a description of regular expression lookup table syntax,
a description of regular expression lookup table syntax,
see <a href="regexp_table.5.html"><b>regexp</b><i>_</i><b>table</b>(5)</a> or <a href="pcre_table.5.html"><b>pcre</b><i>_</i><b>table</b>(5)</a>.
Each pattern is a regular expression that is applied to
Each pattern is a regular expression that is applied to
the entire domain being looked up. Thus, <i>some.domain.hier-</i>
<i>archy</i> is not broken up into parent domains.
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
Patterns are applied in the order as specified in the
table, until a pattern is found that matches the search
string.
Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
Results are the same as with indexed file lookups, with
the additional feature that parenthesized substrings from
the pattern can be interpolated as <b>$1</b>, <b>$2</b> and so on.
<b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
The following <b>main.cf</b> parameters are especially relevant
to this topic. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>parent</b><i>_</i><b>domain</b><i>_</i><b>matches</b><i>_</i><b>subdomains</b>
List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to
List of Postfix features that use <i>domain.tld</i> pat-
terns to match <i>sub.domain.tld</i> (as opposed to
requiring <i>.domain.tld</i> patterns).
<b>transport</b><i>_</i><b>maps</b>
@@ -190,14 +212,21 @@ TRANSPORT(5) TRANSPORT(5)
Other parameters of interest:
<b>local</b><i>_</i><b>transport</b>
The mail delivery transport to use when no trans-
port is explicitly specified, and the destination
matches <b>$mydestination</b>.
The default mail delivery transport when the desti-
nation matches <b>$mydestination</b> or <b>$inet</b><i>_</i><b>interfaces</b>.
<b>virtual</b><i>_</i><b>transport</b>
The default mail delivery transport when the desti-
nation matches <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>relay</b><i>_</i><b>transport</b>
The default mail delivery transport when the desti-
nation matches <b>relay</b><i>_</i><b>domains</b>.
<b>default</b><i>_</i><b>transport</b>
The mail delivery transport to use when no trans-
port is explicitly specified, and the destination
does not match <b>$mydestination</b>.
The default mail delivery transport when the desti-
nation does not match a local, virtual or relay
destination.
<b>mydestination</b>
The destinations that are given to <b>$local</b><i>_</i><b>transport</b>
@@ -205,7 +234,8 @@ TRANSPORT(5) TRANSPORT(5)
<b>relayhost</b>
The default host for destinations that do not match
<b>$mydestination</b>.
<b>$mydestination</b>, <b>$inet</b><i>_</i><b>interfaces</b>, <b>vir-</b>
<b>tual</b><i>_</i><b>alias</b><i>_</i><b>domains</b> or <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>.
<b>SEE</b> <b>ALSO</b>
<a href="postmap.1.html">postmap(1)</a> create mapping table

41
postfix/html/virtual.5.html
View File

@@ -13,9 +13,17 @@ VIRTUAL(5) VIRTUAL(5)
<b>DESCRIPTION</b>
The optional <b>virtual</b> alias table specifies address alias-
ing for local and non-local recipients. Virtual aliasing
is used by the <a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon. Virtual aliasing is
recursive.
ing for arbitrary local or non-local recipient addresses.
Virtual aliasing is recursive, and is done by the Postfix
<a href="cleanup.8.html"><b>cleanup</b>(8)</a> daemon.
The main applications of virtual aliasing are:
<b>o</b> To redirect mail from one address to one or more
other addresses.
<b>o</b> To simulate virtual domains where all virtual
addresses are aliased to non-virtual addresses.
Virtual aliasing is applied only to recipient envelope
addresses, and does not affect message headers. Think
@@ -53,8 +61,8 @@ VIRTUAL(5) VIRTUAL(5)
With a simulated virtual domain, the virtual domain has
its own user name space. Local (i.e. non-virtual) user-
names are not visible in a simulated virtual domain. In
particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and mailing lists are not
visible as <i>localname@virtual.domain</i>.
particular, local <a href="aliases.5.html"><b>aliases</b>(5)</a> and local mailing lists are
not visible as <i>localname@simulated.domain</i>.
Support for a simulated virtual domain looks like:
@@ -66,21 +74,21 @@ VIRTUAL(5) VIRTUAL(5)
types.
/etc/postfix/virtual:
<i>virtual.domain</i> <i>anything</i> (right-hand content does not matter)
<i>postmaster@virtual.domain</i> <i>postmaster</i>
<i>user1@virtual.domain</i> <i>address1</i>
<i>user2@virtual.domain</i> <i>address2,</i> <i>address3</i>
<i>simulated.domain</i> <i>anything</i> (right-hand content does not matter)
<i>postmaster@simulated.domain</i> <i>postmaster</i>
<i>user1@simulated.domain</i> <i>address1</i>
<i>user2@simulated.domain</i> <i>address2,</i> <i>address3</i>
The <i>virtual.domain</i> <i>anything</i> entry is required for a simu-
lated virtual domain. Without this entry, mail will be
The <i>simulated.domain</i> <i>anything</i> entry is required for a sim-
ulated virtual domain. Without this entry, mail will be
rejected with a "relay access denied" error condition.
Do not list a simulated virtual domain name in the <b>main.cf</b>
<b>mydestination</b> configuration parameter.
With a simulated virtual domain, the Postfix SMTP server
accepts mail for <i>known-user@virtual.domain</i>, and rejects
mail for <i>unknown-user</i>@<i>virtual.domain</i> as undeliverable.
accepts mail for <i>known-user@simulated.domain</i>, and rejects
mail for <i>unknown-user</i>@<i>simulated.domain</i> as undeliverable.
Instead of specifying the simulated virtual domain name
via the <b>virtual</b><i>_</i><b>alias</b><i>_</i><b>maps</b> table, you may also specify it
@@ -188,7 +196,8 @@ VIRTUAL(5) VIRTUAL(5)
local.
<b>myorigin</b>
The domain that is appended to locally-posted mail.
The domain that is appended to any address that
does not have a domain.
<b>owner</b><i>_</i><b>request</b><i>_</i><b>special</b>
Give special treatment to <b>owner-</b><i>xxx</i> and <i>xxx</i><b>-request</b>
@@ -197,8 +206,8 @@ VIRTUAL(5) VIRTUAL(5)
<b>SEE</b> <b>ALSO</b>
<a href="cleanup.8.html">cleanup(8)</a> canonicalize and enqueue mail
<a href="postmap.1.html">postmap(1)</a> create mapping table
<a href="pcre_table.5.html">pcre_table(5)</a> format of PCRE tables
<a href="regexp_table.5.html">regexp_table(5)</a> format of POSIX regular expression tables
<a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<b>LICENSE</b>
The Secure Mailer license must be distributed with this

87
postfix/html/virtual.8.html
View File

@@ -116,7 +116,7 @@ VIRTUAL(8) VIRTUAL(8)
boxes. While it could be set to "/", this setting
isn't recommended.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b> (regexp maps disallowed)
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine
the path to their mailbox or maildir. If the
returned path ends in a slash ("/"), maildir-style
@@ -134,33 +134,43 @@ VIRTUAL(8) VIRTUAL(8)
Note that <b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>base</b> is unconditionally
prepended to this path.
For security reasons, regular expression maps are
allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>domains</b>
The list of domains that should be delivered via
the Postfix virtual delivery agent. This uses the
The list of domains that should be delivered via
the Postfix virtual delivery agent. This uses the
same syntax as the <b>mydestination</b> configuration
parameter.
<b>virtual</b><i>_</i><b>minimum</b><i>_</i><b>uid</b>
Specifies a minimum uid that will be accepted as a
return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
<b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
this will be rejected, and the message will be
Specifies a minimum uid that will be accepted as a
return from a <b>virtual</b><i>_</i><b>owner</b><i>_</i><b>maps</b> or <b>vir-</b>
<b>tual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> lookup. Returned values less than
this will be rejected, and the message will be
deferred.
<b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b> (regexp maps disallowed)
<b>virtual</b><i>_</i><b>uid</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine
the user ID to be used when writing to the target
the user ID to be used when writing to the target
mailbox.
While searching a lookup table, an address exten-
While searching a lookup table, an address exten-
sion (<i>user+foo@domain.tld</i>) is ignored.
In a lookup table, specify a left-hand side of
<i>@domain.tld</i> to match any user in the specified
domain that does not have a specific
In a lookup table, specify a left-hand side of
<i>@domain.tld</i> to match any user in the specified
domain that does not have a specific
<i>user@domain.tld</i> entry.
<b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b> (regexp maps disallowed)
For security reasons, regular expression maps are
allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
<b>virtual</b><i>_</i><b>gid</b><i>_</i><b>maps</b>
Recipients are looked up in these maps to determine
the group ID to be used when writing to the target
mailbox.
@@ -173,72 +183,79 @@ VIRTUAL(8) VIRTUAL(8)
domain that does not have a specific
<i>user@domain.tld</i> entry.
For security reasons, regular expression maps are
allowed but regular expression substitution of $1
etc. is disallowed, because that would open a secu-
rity hole.
<b>Locking</b> <b>controls</b>
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>lock</b>
How to lock UNIX-style mailboxes: one or more of
<b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
requires that the recipient UID or GID has write
How to lock UNIX-style mailboxes: one or more of
<b>flock</b>, <b>fcntl</b> or <b>dotlock</b>. The <b>dotlock</b> method
requires that the recipient UID or GID has write
access to the parent directory of the mailbox file.
This setting is ignored with <b>maildir</b> style deliv-
This setting is ignored with <b>maildir</b> style deliv-
ery, because such deliveries are safe without
explicit locks.
Use the command <b>postconf</b> <b>-l</b> to find out what lock-
Use the command <b>postconf</b> <b>-l</b> to find out what lock-
ing methods are available on your system.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>attempts</b>
Limit the number of attempts to acquire an exclu-
Limit the number of attempts to acquire an exclu-
sive lock on a UNIX-style mailbox file.
<b>deliver</b><i>_</i><b>lock</b><i>_</i><b>delay</b>
Time (default: seconds) between successive attempts
to acquire an exclusive lock on a UNIX-style mail-
box file. The actual delay is slightly randomized.
to acquire an exclusive lock on a UNIX-style mail-
box file. The actual delay is slightly randomized.
<b>stale</b><i>_</i><b>lock</b><i>_</i><b>time</b>
Limit the time after which a stale lockfile is
removed (applicable to UNIX-style mailboxes only).
Limit the time after which a stale lockfile is
removed (applicable to UNIX-style mailboxes only).
<b>Resource</b> <b>controls</b>
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
domain via the <b>virtual</b> delivery agent. The default
limit is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concur-</b>
<b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
<b>rency</b><i>_</i><b>limit</b> parameter. The limit is enforced by
the Postfix queue manager.
<b>virtual</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of recipients per message delivery
via the <b>virtual</b> delivery agent. The default limit
is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
<b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
via the <b>virtual</b> delivery agent. The default limit
is taken from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>recipi-</b>
<b>ent</b><i>_</i><b>limit</b> parameter. The limit is enforced by the
Postfix queue manager.
<b>virtual</b><i>_</i><b>mailbox</b><i>_</i><b>limit</b>
The maximal size in bytes of a mailbox or maildir
The maximal size in bytes of a mailbox or maildir
file. Set to zero to disable the limit.
<b>HISTORY</b>
This agent was originally based on the Postfix local
This agent was originally based on the Postfix local
delivery agent. Modifications mainly consisted of removing
code that either was not applicable or that was not safe
in this context: aliases, ~user/.forward files, delivery
code that either was not applicable or that was not safe
in this context: aliases, ~user/.forward files, delivery
to "|command" or to /file/name.
The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
The <b>Delivered-To:</b> header appears in the <b>qmail</b> system by
Daniel Bernstein.
The <b>maildir</b> structure appears in the <b>qmail</b> system by
The <b>maildir</b> structure appears in the <b>qmail</b> system by
Daniel Bernstein.
<b>SEE</b> <b>ALSO</b>
<a href="regexp_table.5.html">regexp_table(5)</a> POSIX regular expression table format
<a href="pcre_table.5.html">pcre_table(5)</a> Perl Compatible Regular Expression table format
<a href="bounce.8.html">bounce(8)</a> non-delivery status reports
syslogd(8) system logging
<a href="qmgr.8.html">qmgr(8)</a> queue manager
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>

11
postfix/man/man1/postfix.1
View File

@@ -124,7 +124,16 @@ $\fBconfig_directory/master.cf\fR, Postfix daemon processes
.SH SEE ALSO
.na
.nf
master(8) Postfix master program
postconf(1) Postfix configuration management
postsuper(1) Postfix housekeeping
sendmail(1) Sendmail-compatible interface
postmap(1) Postfix lookup table management
master(8) Postfix master daemon
.ad
.fi
The respective manual pages for the daemon processes
specified in the \fBmaster.cf\fR file, and the manual
pages referenced by those manual pages.
.SH LICENSE
.na
.nf

10
postfix/man/man5/aliases.5
View File

@@ -118,6 +118,12 @@ Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
addresses.
.IP \fBrecipient_delimiter\fR
Delimiter that separates recipients from address extensions.
.SH BUGS
.ad
.fi
Regular expression alias lookup tables are allowed, but
substitution of $1 etc. is forbidden because that would
open a security loophole.
.SH STANDARDS
.na
.nf
@@ -126,7 +132,9 @@ RFC 822 (ARPA Internet Text Messages)
.na
.nf
local(8) local delivery agent
postalias(1) alias database management
newaliases(1) alias database management
regexp_table(5) POSIX regular expression table format
pcre_table(5) Perl Compatible Regular Expression table format
.SH LICENSE
.na
.nf

53
postfix/man/man5/transport.5
View File

@@ -59,13 +59,34 @@ specifies where and how to deliver mail. A null \fItransport\fR
or \fInexthop\fR field means "do not change": use the delivery
transport and nexthop information that would be used if no
match were found.
.PP
The interpretation of the \fInexthop\fR field is transport
.SH TRANSPORT FIELD
.ad
.fi
The transport field specifies the name of a mail delivery transport
(the first name of a mail delivery service entry in the Postfix
\fBmaster.cf\fR file).
When a null transport field is specified, Postfix uses one of the
following transports:
.IP \fB$local_transport\fR
The domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR.
.IP \fB$virtual_transport\fR
The domain matches \fB$virtual_mailbox_domains\fR.
.IP \fB$relay_transport\fR
The domain matches \fB$relay_transport\fR.
.IP \fB$default_transport\fR
All other non-local, non-virtual destinations.
.SH NEXTHOP FIELD
.ad
.fi
The interpretation of the nexthop field is transport
dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a
non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR
in order to disable MX (mail exchanger) DNS lookups. The [] form
can also be used with IP addresses instead of hostnames.
.PP
.SH LOOKUP ORDER
.ad
.fi
With lookups from indexed files such as DB or DBM, or from networked
tables such as NIS, LDAP or SQL, patterns are tried in the order as
listed below:
@@ -121,7 +142,7 @@ via the \fBuucp\fR transport to the UUCP host named \fBfoo\fR:
.ti +5
\fB\&.foo.org uucp:foo\fR
When no \fInexthop\fR host name is specified, the destination domain
When no nexthop host name is specified, the destination domain
name is used instead. For example, the following directs mail for
\fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail
exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be
@@ -130,10 +151,9 @@ something that runs at most one delivery process at a time:
.ti +5
\fBfoo.org slow:\fR
When no \fItransport\fR is specified, Postfix uses either
\fB$local_transport\fR or \fB$default_transport\fR, depending
on whether the destination matches \fB$mydestination\fR.
The following sends all mail for \fBfoo.org\fR and its
When no transport is specified, Postfix uses the transport that
matches the address domain class (see TRANSPORT FIELD discussion
above). The following sends all mail for \fBfoo.org\fR and its
subdomains to host \fBgateway.foo.org\fR:
.ti +5
@@ -199,17 +219,24 @@ List of transport lookup tables.
.PP
Other parameters of interest:
.IP \fBlocal_transport\fR
The mail delivery transport to use when no transport is explicitly
specified, and the destination matches \fB$mydestination\fR.
The default mail delivery transport when the destination matches
\fB$mydestination\fR or \fB$inet_interfaces\fR.
.IP \fBvirtual_transport\fR
The default mail delivery transport when the destination matches
\fBvirtual_mailbox_domains\fR.
.IP \fBrelay_transport\fR
The default mail delivery transport when the destination matches
\fBrelay_domains\fR.
.IP \fBdefault_transport\fR
The mail delivery transport to use when no transport is explicitly
specified, and the destination does not match \fB$mydestination\fR.
The default mail delivery transport when the destination does not
match a local, virtual or relay destination.
.IP \fBmydestination\fR
The destinations that are given to \fB$local_transport\fR
by default.
.IP \fBrelayhost\fR
The default host for destinations that do not match
\fB$mydestination\fR.
\fB$mydestination\fR, \fB$inet_interfaces\fR,
\fBvirtual_alias_domains\fR or \fBvirtual_mailbox_domains\fR.
.SH SEE ALSO
.na
.nf

35
postfix/man/man5/virtual.5
View File

@@ -17,9 +17,16 @@ format of Postfix virtual alias table
.ad
.fi
The optional \fBvirtual\fR alias table specifies address aliasing
for local and non-local recipients. Virtual aliasing is used
by the \fBcleanup\fR(8) daemon. Virtual aliasing is recursive.
for arbitrary local or non-local recipient addresses. Virtual aliasing
is recursive, and is done by the Postfix \fBcleanup\fR(8) daemon.
The main applications of virtual aliasing are:
.IP \(bu
To redirect mail from one address to one or more other addresses.
.IP \(bu
To simulate virtual domains where all virtual addresses are aliased
to non-virtual addresses.
.PP
Virtual aliasing is applied only to recipient
envelope addresses, and does not affect message headers.
Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
@@ -56,8 +63,8 @@ have its own mailbox.
With a simulated virtual domain, the virtual domain has its
own user name space. Local (i.e. non-virtual) usernames are not
visible in a simulated virtual domain. In particular, local
\fBaliases\fR(5) and mailing lists are not visible as
\fIlocalname@virtual.domain\fR.
\fBaliases\fR(5) and local mailing lists are not visible as
\fIlocalname@simulated.domain\fR.
Support for a simulated virtual domain looks like:
@@ -72,16 +79,16 @@ See the output from \fBpostconf -m\fR for available database types.
/etc/postfix/virtual:
.nf
.na
\fIvirtual.domain anything\fR (right-hand content does not matter)
\fIpostmaster@virtual.domain postmaster\fR
\fIuser1@virtual.domain address1\fR
\fIuser2@virtual.domain address2, address3\fR
\fIsimulated.domain anything\fR (right-hand content does not matter)
\fIpostmaster@simulated.domain postmaster\fR
\fIuser1@simulated.domain address1\fR
\fIuser2@simulated.domain address2, address3\fR
.fi
.in -4
.ad
.fi
.sp
The \fIvirtual.domain anything\fR entry is required for a
The \fIsimulated.domain anything\fR entry is required for a
simulated virtual domain. Without this entry, mail will
be rejected with a "relay access denied" error condition.
@@ -89,8 +96,8 @@ Do not list a simulated virtual domain name in the \fBmain.cf
mydestination\fR configuration parameter.
With a simulated virtual domain, the Postfix SMTP server
accepts mail for \fIknown-user@virtual.domain\fR, and rejects
mail for \fIunknown-user\fR@\fIvirtual.domain\fR as undeliverable.
accepts mail for \fIknown-user@simulated.domain\fR, and rejects
mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
Instead of specifying the simulated virtual domain name via
the \fBvirtual_alias_maps\fR table, you may also specify it via
@@ -192,7 +199,7 @@ You need to stop and start Postfix when this parameter changes.
.IP \fBmydestination\fR
List of domains that this mail system considers local.
.IP \fBmyorigin\fR
The domain that is appended to locally-posted mail.
The domain that is appended to any address that does not have a domain.
.IP \fBowner_request_special\fR
Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
addresses.
@@ -201,8 +208,8 @@ addresses.
.nf
cleanup(8) canonicalize and enqueue mail
postmap(1) create mapping table
pcre_table(5) format of PCRE tables
regexp_table(5) format of POSIX regular expression tables
regexp_table(5) POSIX regular expression table format
pcre_table(5) Perl Compatible Regular Expression table format
.SH LICENSE
.na
.nf

2
postfix/man/man8/cleanup.8
View File

@@ -179,7 +179,7 @@ canonical(5) canonical address lookup table format
qmgr(8) queue manager daemon
syslogd(8) system logging
trivial-rewrite(8) address rewriting
virtual(5) virtual address lookup table format
virtual(5) virtual alias lookup table format
.SH FILES
.na
.nf

10
postfix/man/man8/smtpd.8
View File

@@ -136,6 +136,10 @@ Limit the number of \fBReceived:\fR message headers.
List of maps with user names that are local to \fB$myorigin\fR
or \fB$inet_interfaces\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown local users.
.IP \fBrelay_recipient_maps\fR
List of maps that define all the email addresses in the domains
that match \fB$relay_domains\fR. If this parameter is defined,
then the SMTP server rejects mail for unknown relay recipients.
.IP \fBnotify_classes\fR
List of error classes. Of special interest are:
.RS
@@ -237,8 +241,9 @@ restriction.
Only domains whose primary MX hosts match the listed networks
are eligible for the \fBpermit_mx_backup\fR feature.
.IP \fBrelay_domains\fR
Restrict what domains or networks this mail system will relay
mail from or to.
Restrict what domains this mail system will relay
mail to. The domains are routed to the delivery agent
specified with the \fBrelay_transport\fR setting.
.SH "UCE control responses"
.ad
.fi
@@ -279,6 +284,7 @@ restriction.
.SH SEE ALSO
.na
.nf
trivial-rewrite(8) address resolver
cleanup(8) message canonicalization
master(8) process manager
syslogd(8) system logging

20
postfix/man/man8/virtual.8
View File

@@ -135,7 +135,7 @@ Specifies a path that is prepended to all mailbox or maildir paths.
This is a safety measure to ensure that an out of control map in
\fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
While it could be set to "/", this setting isn't recommended.
.IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
.IP \fBvirtual_mailbox_maps\fR
Recipients are looked up in these maps to determine the path to
their mailbox or maildir. If the returned path ends in a slash
("/"), maildir-style delivery is carried out, otherwise the
@@ -150,6 +150,10 @@ specific \fIuser@domain.tld\fR entry.
Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
to this path.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
.IP \fBvirtual_mailbox_domains\fR
The list of domains that should be delivered via the Postfix virtual
delivery agent. This uses the same syntax as the \fBmydestination\fR
@@ -159,7 +163,7 @@ Specifies a minimum uid that will be accepted as a return from
a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
Returned values less than this will be rejected, and the message
will be deferred.
.IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
.IP \fBvirtual_uid_maps\fR
Recipients are looked up in these maps to determine the user ID to be
used when writing to the target mailbox.
@@ -169,7 +173,11 @@ While searching a lookup table, an address extension
In a lookup table, specify a left-hand side of \fI@domain.tld\fR
to match any user in the specified domain that does not have a
specific \fIuser@domain.tld\fR entry.
.IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
.IP \fBvirtual_gid_maps\fR
Recipients are looked up in these maps to determine the group ID to be
used when writing to the target mailbox.
@@ -179,6 +187,10 @@ While searching a lookup table, an address extension
In a lookup table, specify a left-hand side of \fI@domain.tld\fR
to match any user in the specified domain that does not have a
specific \fIuser@domain.tld\fR entry.
For security reasons, regular expression maps are allowed but
regular expression substitution of $1 etc. is disallowed,
because that would open a security hole.
.SH "Locking controls"
.ad
.fi
@@ -239,6 +251,8 @@ by Daniel Bernstein.
.SH SEE ALSO
.na
.nf
regexp_table(5) POSIX regular expression table format
pcre_table(5) Perl Compatible Regular Expression table format
bounce(8) non-delivery status reports
syslogd(8) system logging
qmgr(8) queue manager

16
postfix/proto/Makefile.in
View File

@@ -22,25 +22,25 @@ clobber:
rm -f $(CONFIG)
../conf/access: access
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/aliases: aliases0 aliases
(cat aliases0; srctoman - aliases | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /') >$@
(cat aliases0; ../mantools/srctoman - aliases | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /') >$@
../conf/canonical: canonical
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/pcre_table: pcre_table
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/regexp_table: regexp_table
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/relocated: relocated
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/transport: transport
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../conf/virtual: virtual
srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@
../mantools/srctoman - $? | $(AWK) | nroff -man | col -bx | uniq | sed 's/^/# /' >$@

8
postfix/proto/aliases
View File

@@ -108,11 +108,17 @@
# addresses.
# .IP \fBrecipient_delimiter\fR
# Delimiter that separates recipients from address extensions.
# BUGS
# Regular expression alias lookup tables are allowed, but
# substitution of $1 etc. is forbidden because that would
# open a security loophole.
# STANDARDS
# RFC 822 (ARPA Internet Text Messages)
# SEE ALSO
# local(8) local delivery agent
# postalias(1) alias database management
# newaliases(1) alias database management
# regexp_table(5) POSIX regular expression table format
# pcre_table(5) Perl Compatible Regular Expression table format
# LICENSE
# .ad
# .fi

6
postfix/proto/aliases0
View File

@@ -8,6 +8,9 @@
# >>>>>>>>>> show through to Postfix.
#
# Person who should get root's mail. Don't receive mail as root!
#root: you
# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root
@@ -33,6 +36,3 @@ abuse: postmaster
# trap decode to catch security attacks
decode: root
# Person who should get root's mail
#root: you

53
postfix/proto/transport
View File

@@ -51,13 +51,34 @@
# or \fInexthop\fR field means "do not change": use the delivery
# transport and nexthop information that would be used if no
# match were found.
# .PP
# The interpretation of the \fInexthop\fR field is transport
# .SH TRANSPORT FIELD
# .ad
# .fi
# The transport field specifies the name of a mail delivery transport
# (the first name of a mail delivery service entry in the Postfix
# \fBmaster.cf\fR file).
#
# When a null transport field is specified, Postfix uses one of the
# following transports:
# .IP \fB$local_transport\fR
# The domain matches \fB$mydestination\fR or \fB$inet_interfaces\fR.
# .IP \fB$virtual_transport\fR
# The domain matches \fB$virtual_mailbox_domains\fR.
# .IP \fB$relay_transport\fR
# The domain matches \fB$relay_transport\fR.
# .IP \fB$default_transport\fR
# All other non-local, non-virtual destinations.
# .SH NEXTHOP FIELD
# .ad
# .fi
# The interpretation of the nexthop field is transport
# dependent. In the case of SMTP, specify \fIhost\fR:\fIservice\fR for a
# non-default server port, and use [\fIhost\fR] or [\fIhost\fR]:\fIport\fR
# in order to disable MX (mail exchanger) DNS lookups. The [] form
# can also be used with IP addresses instead of hostnames.
# .PP
# .SH LOOKUP ORDER
# .ad
# .fi
# With lookups from indexed files such as DB or DBM, or from networked
# tables such as NIS, LDAP or SQL, patterns are tried in the order as
# listed below:
@@ -109,7 +130,7 @@
# .ti +5
# \fB\&.foo.org uucp:foo\fR
#
# When no \fInexthop\fR host name is specified, the destination domain
# When no nexthop host name is specified, the destination domain
# name is used instead. For example, the following directs mail for
# \fIuser\fR@\fBfoo.org\fR via the \fBslow\fR transport to a mail
# exchanger for \fBfoo.org\fR. The \fBslow\fR transport could be
@@ -118,10 +139,9 @@
# .ti +5
# \fBfoo.org slow:\fR
#
# When no \fItransport\fR is specified, Postfix uses either
# \fB$local_transport\fR or \fB$default_transport\fR, depending
# on whether the destination matches \fB$mydestination\fR.
# The following sends all mail for \fBfoo.org\fR and its
# When no transport is specified, Postfix uses the transport that
# matches the address domain class (see TRANSPORT FIELD discussion
# above). The following sends all mail for \fBfoo.org\fR and its
# subdomains to host \fBgateway.foo.org\fR:
#
# .ti +5
@@ -183,17 +203,24 @@
# .PP
# Other parameters of interest:
# .IP \fBlocal_transport\fR
# The mail delivery transport to use when no transport is explicitly
# specified, and the destination matches \fB$mydestination\fR.
# The default mail delivery transport when the destination matches
# \fB$mydestination\fR or \fB$inet_interfaces\fR.
# .IP \fBvirtual_transport\fR
# The default mail delivery transport when the destination matches
# \fBvirtual_mailbox_domains\fR.
# .IP \fBrelay_transport\fR
# The default mail delivery transport when the destination matches
# \fBrelay_domains\fR.
# .IP \fBdefault_transport\fR
# The mail delivery transport to use when no transport is explicitly
# specified, and the destination does not match \fB$mydestination\fR.
# The default mail delivery transport when the destination does not
# match a local, virtual or relay destination.
# .IP \fBmydestination\fR
# The destinations that are given to \fB$local_transport\fR
# by default.
# .IP \fBrelayhost\fR
# The default host for destinations that do not match
# \fB$mydestination\fR.
# \fB$mydestination\fR, \fB$inet_interfaces\fR,
# \fBvirtual_alias_domains\fR or \fBvirtual_mailbox_domains\fR.
# SEE ALSO
# postmap(1) create mapping table
# trivial-rewrite(8) rewrite and resolve addresses

35
postfix/proto/virtual
View File

@@ -11,9 +11,16 @@
# \fBpostmap -q - /etc/postfix/virtual <\fIinputfile\fR
# DESCRIPTION
# The optional \fBvirtual\fR alias table specifies address aliasing
# for local and non-local recipients. Virtual aliasing is used
# by the \fBcleanup\fR(8) daemon. Virtual aliasing is recursive.
# for arbitrary local or non-local recipient addresses. Virtual aliasing
# is recursive, and is done by the Postfix \fBcleanup\fR(8) daemon.
#
# The main applications of virtual aliasing are:
# .IP \(bu
# To redirect mail from one address to one or more other addresses.
# .IP \(bu
# To simulate virtual domains where all virtual addresses are aliased
# to non-virtual addresses.
# .PP
# Virtual aliasing is applied only to recipient
# envelope addresses, and does not affect message headers.
# Think Sendmail rule set \fBS0\fR, if you like. Use \fBcanonical\fR(5)
@@ -48,8 +55,8 @@
# With a simulated virtual domain, the virtual domain has its
# own user name space. Local (i.e. non-virtual) usernames are not
# visible in a simulated virtual domain. In particular, local
# \fBaliases\fR(5) and mailing lists are not visible as
# \fIlocalname@virtual.domain\fR.
# \fBaliases\fR(5) and local mailing lists are not visible as
# \fIlocalname@simulated.domain\fR.
#
# Support for a simulated virtual domain looks like:
#
@@ -64,16 +71,16 @@
# /etc/postfix/virtual:
# .nf
# .na
# \fIvirtual.domain anything\fR (right-hand content does not matter)
# \fIpostmaster@virtual.domain postmaster\fR
# \fIuser1@virtual.domain address1\fR
# \fIuser2@virtual.domain address2, address3\fR
# \fIsimulated.domain anything\fR (right-hand content does not matter)
# \fIpostmaster@simulated.domain postmaster\fR
# \fIuser1@simulated.domain address1\fR
# \fIuser2@simulated.domain address2, address3\fR
# .fi
# .in -4
# .ad
# .fi
# .sp
# The \fIvirtual.domain anything\fR entry is required for a
# The \fIsimulated.domain anything\fR entry is required for a
# simulated virtual domain. Without this entry, mail will
# be rejected with a "relay access denied" error condition.
#
@@ -81,8 +88,8 @@
# mydestination\fR configuration parameter.
#
# With a simulated virtual domain, the Postfix SMTP server
# accepts mail for \fIknown-user@virtual.domain\fR, and rejects
# mail for \fIunknown-user\fR@\fIvirtual.domain\fR as undeliverable.
# accepts mail for \fIknown-user@simulated.domain\fR, and rejects
# mail for \fIunknown-user\fR@\fIsimulated.domain\fR as undeliverable.
#
# Instead of specifying the simulated virtual domain name via
# the \fBvirtual_alias_maps\fR table, you may also specify it via
@@ -174,15 +181,15 @@
# .IP \fBmydestination\fR
# List of domains that this mail system considers local.
# .IP \fBmyorigin\fR
# The domain that is appended to locally-posted mail.
# The domain that is appended to any address that does not have a domain.
# .IP \fBowner_request_special\fR
# Give special treatment to \fBowner-\fIxxx\fR and \fIxxx\fB-request\fR
# addresses.
# SEE ALSO
# cleanup(8) canonicalize and enqueue mail
# postmap(1) create mapping table
# pcre_table(5) format of PCRE tables
# regexp_table(5) format of POSIX regular expression tables
# regexp_table(5) POSIX regular expression table format
# pcre_table(5) Perl Compatible Regular Expression table format
# LICENSE
# .ad
# .fi

2
postfix/src/cleanup/cleanup.c
View File

@@ -163,7 +163,7 @@
/* qmgr(8) queue manager daemon
/* syslogd(8) system logging
/* trivial-rewrite(8) address rewriting
/* virtual(5) virtual address lookup table format
/* virtual(5) virtual alias lookup table format
/* FILES
/* /etc/postfix/canonical*, canonical mapping table
/* /etc/postfix/virtual*, virtual mapping table

10
postfix/src/dns/dns_lookup.c
View File

@@ -400,7 +400,7 @@ static int dns_get_answer(DNS_REPLY *reply, int type,
DNS_RR *rr;
int resource_found = 0;
int cname_found = 0;
int default_status = DNS_NOTFOUND;
int not_found_status = DNS_NOTFOUND;
/*
* Initialize. Skip over the name server query if we haven't yet.
@@ -466,7 +466,7 @@ static int dns_get_answer(DNS_REPLY *reply, int type,
resource_found++;
*rrlist = dns_rr_append(*rrlist, rr);
} else
default_status = DNS_RETRY;
not_found_status = DNS_RETRY;
} else
resource_found++;
} else if (fixed.type == T_CNAME) { /* cname resource */
@@ -487,7 +487,7 @@ static int dns_get_answer(DNS_REPLY *reply, int type,
return (DNS_OK);
if (cname_found)
return (DNS_RECURSE);
return (default_status);
return (not_found_status);
}
/* dns_lookup - DNS lookup user interface */
@@ -543,7 +543,9 @@ int dns_lookup(const char *name, unsigned type, unsigned flags,
switch (status) {
default:
if (why)
vstring_sprintf(why, "%s: Malformed name server reply", name);
vstring_sprintf(why, "Name service error for name=%s type=%s: "
"Malformed name server reply",
name, dns_strtype(type));
case DNS_NOTFOUND:
case DNS_OK:
return (status);

3
postfix/src/global/mail_params.c
View File

@@ -64,7 +64,6 @@
/* char *var_syslog_facility;
/* char *var_relay_domains;
/* char *var_fflush_domains;
/* char *var_def_transport;
/* char *var_mynetworks_style;
/* char *var_verp_delims;
/* char *var_verp_filter;
@@ -218,7 +217,6 @@ int var_daemon_timeout;
char *var_syslog_facility;
char *var_relay_domains;
char *var_fflush_domains;
char *var_def_transport;
char *var_mynetworks_style;
char *var_verp_delims;
char *var_verp_filter;
@@ -452,7 +450,6 @@ void mail_params_init()
VAR_FFLUSH_DOMAINS, DEF_FFLUSH_DOMAINS, &var_fflush_domains, 0, 0,
VAR_EXPORT_ENVIRON, DEF_EXPORT_ENVIRON, &var_export_environ, 0, 0,
VAR_IMPORT_ENVIRON, DEF_IMPORT_ENVIRON, &var_import_environ, 0, 0,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 0, 0,
VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,

4
postfix/src/global/mail_params.h
View File

@@ -1115,6 +1115,10 @@ extern char *var_relay_domains;
#define DEF_RELAY_TRANSPORT MAIL_SERVICE_RELAY
extern char *var_relay_transport;
#define VAR_RELAY_RCPT_MAPS "relay_recipient_maps"
#define DEF_RELAY_RCPT_MAPS ""
extern char *var_relay_rcpt_maps;
#define VAR_CLIENT_CHECKS "smtpd_client_restrictions"
#define DEF_CLIENT_CHECKS ""
extern char *var_client_checks;

2
postfix/src/global/mail_version.h
View File

@@ -20,7 +20,7 @@
* Patches change the patchlevel and the release date. Snapshots change the
* release date only, unless they include the same bugfix as a patch release.
*/
#define MAIL_RELEASE_DATE "20021207"
#define MAIL_RELEASE_DATE "20021208"
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "1.1.12-" MAIL_RELEASE_DATE

2
postfix/src/global/maps.c
View File

@@ -29,6 +29,8 @@
/* locking. Dictionaries are opened read-only, and in-memory
/* dictionary instances are shared.
/*
/* Lookups are case sensitive.
/*
/* maps_create() takes list of type:name pairs and opens the
/* named dictionaries.
/* The result is a handle that must be specified along with all

22
postfix/src/global/resolve_clnt.c
View File

@@ -52,6 +52,28 @@
/* The address resolved to something that has invalid syntax.
/* .IP RESOLVE_FLAG_FAIL
/* The request could not be completed.
/* .PP
/* In addition, the address domain class is returned by setting
/* one of the following flags (this is preliminary code awaiting
/* more permanent implementation of address domain class handling):
/* .IP RESOLVE_CLASS_LOCAL
/* The address domain matches $mydestination or $inet_interfaces.
/* .IP RESOLVE_CLASS_ALIAS
/* The address domain matches $virtual_alias_domains (simulated
/* virtual domains, where each address is redirected to a real
/* local or remote address).
/* .IP RESOLVE_CLASS_VIRTUAL
/* The address domain matches $virtual_mailbox_domains (true
/* virtual domains where each address can have its own mailbox).
/* .IP RESOLVE_CLASS_RELAY
/* The address domain matches $relay_domains, i.e. this is an
/* authorized mail relay destination.
/* .IP RESOLVE_CLASS_DEFAULT
/* The address matches none of the above. Access to this domain
/* should be limited to authorized senders only.
/* .PP
/* For convenience, the constant RESOLVE_CLASS_FINAL includes all
/* cases where the local machine is the final destination.
/* DIAGNOSTICS
/* Warnings: communication failure. Fatal error: mail system is down.
/* SEE ALSO

5
postfix/src/global/resolve_clnt.h
View File

@@ -27,11 +27,14 @@
#define RESOLVE_FLAG_FAIL (1<<3) /* request failed */
#define RESOLVE_CLASS_LOCAL (1<<8) /* mydestination/inet_interfaces */
#define RESOLVE_CLASS_ERROR (1<<9) /* virtual_alias_domains */
#define RESOLVE_CLASS_ALIAS (1<<9) /* virtual_alias_domains */
#define RESOLVE_CLASS_VIRTUAL (1<<10) /* virtual_mailbox_domains */
#define RESOLVE_CLASS_RELAY (1<<11) /* relay_domains */
#define RESOLVE_CLASS_DEFAULT (1<<12) /* raise reject_unauth_destination */
#define RESOLVE_CLASS_FINAL \
(RESOLVE_CLASS_LOCAL | RESOLVE_CLASS_ALIAS | RESOLVE_CLASS_VIRTUAL)
typedef struct RESOLVE_REPLY {
VSTRING *transport;
VSTRING *nexthop;

8
postfix/src/global/virtual8_maps_find.c
View File

@@ -22,6 +22,8 @@
/* agent. The code is made available as a library module so that
/* other programs can perform compatible queries.
/*
/* Lookups are case sensitive.
/*
/* virtual8_maps_create() takes list of type:name pairs and opens the
/* named dictionaries.
/* The result is a handle that must be specified along with all
@@ -111,7 +113,7 @@ const char *virtual8_maps_find(MAPS *maps, const char *recipient)
}
/*
* Look up the full address.
* Look up the full address. Allow regexp table searches.
*/
if (bare == 0) {
result = maps_find(maps, recipient, DICT_FLAG_NONE);
@@ -147,7 +149,7 @@ int main(int argc, char **argv)
var_rcpt_delim = "+";
var_double_bounce_sender = DEF_DOUBLE_BOUNCE;
maps = maps_create("testmap", argv[1], DICT_FLAG_LOCK);
maps = virtual8_maps_create("testmap", argv[1], DICT_FLAG_LOCK);
buffer = vstring_alloc(1);
while (vstring_fgets_nonl(buffer, VSTREAM_IN)) {
@@ -155,7 +157,7 @@ int main(int argc, char **argv)
vstream_printf("%s -> %s\n", STR(buffer), result ? result : "(none)");
vstream_fflush(VSTREAM_OUT);
}
maps_free(maps);
virtual8_maps_free(maps);
vstring_free(buffer);
return (0);
}

2
postfix/src/local/alias.c
View File

@@ -183,8 +183,6 @@ int deliver_alias(LOCAL_STATE state, USER_ATTR usr_attr,
* With aliases that have an owner- alias, the latter is used to set the
* sender and owner attributes. Otherwise, the owner attribute is reset
* (the alias is globally visible and could be sent to by anyone).
*
* Don't allow regexp substitutions.
*/
for (cpp = alias_maps->argv->argv; *cpp; cpp++) {
if ((dict = dict_handle(*cpp)) == 0)

8
postfix/src/local/resolve.c
View File

@@ -114,10 +114,18 @@ int deliver_resolve_tree(LOCAL_STATE state, USER_ATTR usr_attr, TOK822 *addr
tok822_rewrite(addr, REWRITE_CANON);
tok822_resolve(addr, &reply);
/*
* First, a healthy portion of error handling.
*/
if (reply.flags & RESOLVE_FLAG_FAIL) {
status = defer_append(BOUNCE_FLAG_KEEP, /* XXX */
BOUNCE_ATTR(state.msg_attr),
"address resolver failure");
} else if (reply.flags & RESOLVE_FLAG_ERROR) {
status = bounce_append(BOUNCE_FLAG_KEEP,/* XXX */
BOUNCE_ATTR(state.msg_attr),
"bad recipient address syntax: %s",
STR(reply.recipient));
} else {
/*

15
postfix/src/master/multi_server.c
View File

@@ -249,15 +249,15 @@ static void multi_server_execute(int unused_event, char *context)
/*
* Do not bother the application when the client disconnected.
*/
if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
if (peekfd(vstream_fileno(stream)) > 0) {
if (master_notify(var_pid, MASTER_STAT_TAKEN) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
multi_server_service(stream, multi_server_name, multi_server_argv);
if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
} else {
multi_server_disconnect(stream);
}
if (master_notify(var_pid, MASTER_STAT_AVAIL) < 0)
multi_server_abort(EVENT_NULL_TYPE, EVENT_NULL_CONTEXT);
if (client_count == 0 && var_idle_limit > 0)
event_request_timer(multi_server_timeout, (char *) 0, var_idle_limit);
}
@@ -572,6 +572,12 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
* Illustrated volume 2 page 532. We avoid select() collisions with an
* external lock file.
*/
/*
* XXX Can't compete for exclusive access to the listen socket because we
* also have to monitor existing client connections for service requests.
*/
#if 0
if (stream == 0 && !alone) {
lock_path = concatenate(DEF_PID_DIR, "/", transport,
".", service_name, (char *) 0);
@@ -583,6 +589,7 @@ NORETURN multi_server_main(int argc, char **argv, MULTI_SERVER_FN service,...)
myfree(lock_path);
vstring_free(why);
}
#endif
/*
* Set up call-back info.

11
postfix/src/postfix/postfix.c
View File

@@ -110,7 +110,16 @@
/* $\fBconfig_directory/main.cf\fR, configuration parameters
/* $\fBconfig_directory/master.cf\fR, Postfix daemon processes
/* SEE ALSO
/* master(8) Postfix master program
/* postconf(1) Postfix configuration management
/* postsuper(1) Postfix housekeeping
/* sendmail(1) Sendmail-compatible interface
/* postmap(1) Postfix lookup table management
/* master(8) Postfix master daemon
/* .ad
/* .fi
/* The respective manual pages for the daemon processes
/* specified in the \fBmaster.cf\fR file, and the manual
/* pages referenced by those manual pages.
/* LICENSE
/* .ad
/* .fi

2
postfix/src/qmgr/qmgr_message.c
View File

@@ -671,7 +671,7 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
if (defer_xport_argv == 0)
defer_xport_argv = argv_split(var_defer_xports, " \t\r\n,");
for (cpp = defer_xport_argv->argv; *cpp; cpp++)
if (strcasecmp(*cpp, STR(reply.transport)) == 0)
if (strcmp(*cpp, STR(reply.transport)) == 0)
break;
if (*cpp) {
qmgr_defer_recipient(message, recipient, "deferred transport");

4
postfix/src/smtp/Makefile.in
View File

@@ -1,9 +1,9 @@
SHELL = /bin/sh
SRCS = smtp.c smtp_connect.c smtp_proto.c smtp_chat.c smtp_session.c \
smtp_addr.c smtp_trouble.c smtp_unalias.c smtp_state.c \
smtp_addr.c smtp_trouble.c smtp_state.c \
smtp_sasl_proto.c smtp_sasl_glue.c
OBJS = smtp.o smtp_connect.o smtp_proto.o smtp_chat.o smtp_session.o \
smtp_addr.o smtp_trouble.o smtp_unalias.o smtp_state.o \
smtp_addr.o smtp_trouble.o smtp_state.o \
smtp_sasl_proto.o smtp_sasl_glue.o
HDRS = smtp.h smtp_sasl.h
TESTSRC =

26
postfix/src/smtpd/smtpd.c
View File

@@ -122,6 +122,10 @@
/* List of maps with user names that are local to \fB$myorigin\fR
/* or \fB$inet_interfaces\fR. If this parameter is defined,
/* then the SMTP server rejects mail for unknown local users.
/* .IP \fBrelay_recipient_maps\fR
/* List of maps that define all the email addresses in the domains
/* that match \fB$relay_domains\fR. If this parameter is defined,
/* then the SMTP server rejects mail for unknown relay recipients.
/* .IP \fBnotify_classes\fR
/* List of error classes. Of special interest are:
/* .RS
@@ -223,8 +227,9 @@
/* Only domains whose primary MX hosts match the listed networks
/* are eligible for the \fBpermit_mx_backup\fR feature.
/* .IP \fBrelay_domains\fR
/* Restrict what domains or networks this mail system will relay
/* mail from or to.
/* Restrict what domains this mail system will relay
/* mail to. The domains are routed to the delivery agent
/* specified with the \fBrelay_transport\fR setting.
/* .SH "UCE control responses"
/* .ad
/* .fi
@@ -263,6 +268,7 @@
/* Response code when a client violates the \fBreject_unknown_hostname\fR
/* restriction.
/* SEE ALSO
/* trivial-rewrite(8) address resolver
/* cleanup(8) message canonicalization
/* master(8) process manager
/* syslogd(8) system logging
@@ -390,10 +396,8 @@ bool var_disable_vrfy_cmd;
char *var_canonical_maps;
char *var_rcpt_canon_maps;
char *var_virt_alias_maps;
char *var_virt_alias_doms;
char *var_virt_mailbox_maps;
char *var_virt_mailbox_doms;
char *var_relocated_maps;
char *var_alias_maps;
char *var_local_rcpt_maps;
bool var_allow_untrust_route;
@@ -410,6 +414,12 @@ char *var_smtpd_null_key;
int var_smtpd_hist_thrsh;
char *var_smtpd_exp_filter;
char *var_def_rbl_reply;
char *var_def_transport;
char *var_error_transport;
char *var_local_transport;
char *var_relay_transport;
char *var_virt_transport;
char *var_relay_rcpt_maps;
/*
* Silly little macros.
@@ -1644,10 +1654,8 @@ int main(int argc, char **argv)
VAR_CANONICAL_MAPS, DEF_CANONICAL_MAPS, &var_canonical_maps, 0, 0,
VAR_RCPT_CANON_MAPS, DEF_RCPT_CANON_MAPS, &var_rcpt_canon_maps, 0, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,
VAR_ALIAS_MAPS, DEF_ALIAS_MAPS, &var_alias_maps, 0, 0,
VAR_LOCAL_RCPT_MAPS, DEF_LOCAL_RCPT_MAPS, &var_local_rcpt_maps, 0, 0,
VAR_SMTPD_SASL_OPTS, DEF_SMTPD_SASL_OPTS, &var_smtpd_sasl_opts, 0, 0,
@@ -1657,6 +1665,12 @@ int main(int argc, char **argv)
VAR_SMTPD_SND_AUTH_MAPS, DEF_SMTPD_SND_AUTH_MAPS, &var_smtpd_snd_auth_maps, 0, 0,
VAR_SMTPD_NOOP_CMDS, DEF_SMTPD_NOOP_CMDS, &var_smtpd_noop_cmds, 0, 0,
VAR_SMTPD_NULL_KEY, DEF_SMTPD_NULL_KEY, &var_smtpd_null_key, 0, 0,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 1, 0,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps, 0, 0,
0,
};
static CONFIG_RAW_TABLE raw_table[] = {

267
postfix/src/smtpd/smtpd_check.c
View File

@@ -108,11 +108,6 @@
/* default template is used. The \fImaps_rbl_reject_code\fR
/* configuration parameter specifies the reject status code used in
/* the default template (default: 554).
/* .IP reject_maps_rbl
/* Look up the reversed client network address in the real-time blackhole
/* DNS zones below the domains listed in the "maps_rbl_domains"
/* configuration parameter. This is equivalent to using
/* "reject_rbl_client" once for each such domain.
/* .IP permit_naked_ip_address
/* Permit the use of a naked IP address (without enclosing [])
/* in HELO/EHLO commands.
@@ -353,11 +348,16 @@ static MAPS *rcpt_canon_maps;
static MAPS *canonical_maps;
static MAPS *virt_alias_maps;
static MAPS *virt_mailbox_maps;
static MAPS *relay_rcpt_maps;
#ifdef TEST
static MAPS *relocated_maps;
static STRING_LIST *virt_alias_doms;
static STRING_LIST *virt_mailbox_doms;
#endif
/*
* Response templates for various rbl domains.
*/
@@ -641,11 +641,16 @@ void smtpd_check_init(void)
virt_mailbox_maps = virtual8_maps_create(VAR_VIRT_MAILBOX_MAPS,
var_virt_mailbox_maps,
DICT_FLAG_LOCK);
relay_rcpt_maps = maps_create(VAR_RELAY_RCPT_MAPS, var_relay_rcpt_maps,
DICT_FLAG_LOCK);
#ifdef TEST
relocated_maps = maps_create(VAR_RELOCATED_MAPS, var_relocated_maps,
DICT_FLAG_LOCK);
virt_alias_doms = string_list_init(MATCH_FLAG_NONE, var_virt_alias_doms);
virt_mailbox_doms = string_list_init(MATCH_FLAG_NONE, var_virt_mailbox_doms);
#endif
access_parent_style = match_parent_style(SMTPD_ACCESS_MAPS);
@@ -869,20 +874,6 @@ static void reject_dict_retry(SMTPD_STATE *state, const char *reply_name)
451, reply_name));
}
/* check_str_match - reject with temporary failure if dict lookup fails */
static int check_str_match(SMTPD_STATE *state, const char *reply_name,
STRING_LIST *list, const char *key)
{
int result;
dict_errno = 0;
if ((result = string_list_match(list, key)) == 0
&& dict_errno == DICT_ERR_RETRY)
reject_dict_retry(state, reply_name);
return (result);
}
/* checkv8_maps_find - reject with temporary failure if dict lookup fails */
static const char *checkv8_maps_find(SMTPD_STATE *state, const char *reply_name,
@@ -913,37 +904,6 @@ static const char *check_mail_addr_find(SMTPD_STATE *state,
return (result);
}
/* resolve_final - do we do final delivery for the domain? */
static int resolve_final(SMTPD_STATE *state, const char *reply_name,
const char *domain)
{
/* If matches $mydestination or $inet_interfaces. */
if (resolve_local(domain)) {
if (*var_virt_alias_doms
&& check_str_match(state, reply_name, virt_alias_doms, domain))
msg_warn("list domain %s in only one of $%s and $%s",
domain, VAR_MYDEST, VAR_VIRT_ALIAS_DOMS);
if (*var_virt_mailbox_doms
&& check_str_match(state, reply_name, virt_mailbox_doms, domain))
msg_warn("list domain %s in only one of $%s and $%s",
domain, VAR_MYDEST, VAR_VIRT_MAILBOX_DOMS);
return (1);
}
/* If Postfix-style virtual domain. */
if (*var_virt_alias_doms
&& check_str_match(state, reply_name, virt_alias_doms, domain))
return (1);
/* If virtual mailbox domain. */
if (*var_virt_mailbox_doms
&& check_str_match(state, reply_name, virt_mailbox_doms, domain))
return (1);
return (0);
}
/* reject_unknown_client - fail if client hostname is unknown */
static int reject_unknown_client(SMTPD_STATE *state)
@@ -1212,7 +1172,6 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
{
char *myname = "permit_auth_destination";
const RESOLVE_REPLY *reply;
const char *domain;
if (msg_verbose)
msg_info("%s: %s", myname, recipient);
@@ -1222,13 +1181,14 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, recipient);
/*
* Handle special case that is not supposed to happen.
*/
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
if (strrchr(CONST_STR(reply->recipient), '@') == 0)
return (SMTPD_CHECK_OK);
domain += 1;
/*
* Skip source-routed non-local or virtual mail (uncertain destination).
@@ -1240,13 +1200,13 @@ static int permit_auth_destination(SMTPD_STATE *state, char *recipient)
* Permit final delivery: the destination matches mydestination,
* virtual_alias_domains, or virtual_mailbox_domains.
*/
if (resolve_final(state, recipient, domain))
if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK);
/*
* Permit if the destination matches the relay_domains list.
*/
if (domain_list_match(relay_domains, domain))
if (reply->flags & RESOLVE_CLASS_RELAY)
return (SMTPD_CHECK_OK);
/*
@@ -1492,6 +1452,8 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, recipient);
/*
* If the destination is local, it is acceptable, because we are
@@ -1510,7 +1472,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
/*
* The destination is local, or it is a local virtual destination.
*/
if (resolve_final(state, recipient, domain))
if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_OK);
if (msg_verbose)
@@ -1519,8 +1481,7 @@ static int permit_mx_backup(SMTPD_STATE *state, const char *recipient,
/*
* Skip numerical forms that didn't match the local system.
*/
if (domain[0] == '#'
|| (domain[0] == '[' && domain[strlen(domain) - 1] == ']'))
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO);
/*
@@ -1590,8 +1551,6 @@ static int reject_non_fqdn_address(SMTPD_STATE *state, char *addr,
/*
* Skip forms that we can't handle yet.
*/
if (domain[0] == '#')
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO);
@@ -1635,6 +1594,8 @@ static int reject_unknown_address(SMTPD_STATE *state, const char *addr,
* Resolve the address.
*/
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, addr);
/*
* Skip local destinations and non-DNS forms.
@@ -1642,9 +1603,7 @@ static int reject_unknown_address(SMTPD_STATE *state, const char *addr,
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
return (SMTPD_CHECK_DUNNO);
domain += 1;
if (resolve_final(state, reply_name, domain))
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '#')
if (reply->flags & RESOLVE_CLASS_FINAL)
return (SMTPD_CHECK_DUNNO);
if (domain[0] == '[' && domain[strlen(domain) - 1] == ']')
return (SMTPD_CHECK_DUNNO);
@@ -2017,6 +1976,8 @@ static int check_mail_access(SMTPD_STATE *state, const char *table,
* Resolve the address.
*/
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, addr);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, addr);
/*
* Garbage in, garbage out. Every address from canon_addr_internal() and
@@ -2439,7 +2400,7 @@ static int reject_rbl_domain(SMTPD_STATE *state, const char *rbl_domain,
*/
if ((domain = strrchr(what, '@')) != 0) {
domain += 1;
if (domain[0] == '#' || domain[0] == '[')
if (domain[0] == '[')
return (SMTPD_CHECK_DUNNO);
} else
domain = what;
@@ -2470,10 +2431,16 @@ static int reject_maps_rbl(SMTPD_STATE *state)
char *bp = saved_domains;
char *rbl_domain;
int result = SMTPD_CHECK_DUNNO;
static int warned;
if (msg_verbose)
msg_info("%s: %s", myname, state->addr);
if (warned == 0) {
warned++;
msg_warn("restriction %s is going away. Please use %s <domain> instead",
REJECT_MAPS_RBL, REJECT_RBL_CLIENT);
}
while ((rbl_domain = mystrtok(&bp, " \t\r\n,")) != 0) {
result = reject_rbl_addr(state, rbl_domain, state->addr,
SMTPD_NAME_CLIENT);
@@ -2503,6 +2470,8 @@ static int reject_sender_login_mismatch(SMTPD_STATE *state, const char *sender)
* the sender address.
*/
reply = (const RESOLVE_REPLY *) ctable_locate(smtpd_resolve_cache, sender);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, sender);
owner = check_mail_addr_find(state, sender, smtpd_sender_login_maps,
STR(reply->recipient), (char **) 0);
#ifdef USE_SASL_AUTH
@@ -3116,7 +3085,6 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
char *myname = "smtpd_check_rcptmap";
char *saved_recipient;
const RESOLVE_REPLY *reply;
const char *domain;
int status;
/*
@@ -3145,71 +3113,94 @@ char *smtpd_check_rcptmap(SMTPD_STATE *state, char *recipient)
*/
reply = (const RESOLVE_REPLY *)
ctable_locate(smtpd_resolve_cache, recipient);
if (reply->flags & RESOLVE_FLAG_FAIL)
reject_dict_retry(state, recipient);
/*
* Skip non-DNS forms. Skip non-local numerical forms.
* Make complex expressions more readable?
*/
if ((domain = strrchr(CONST_STR(reply->recipient), '@')) == 0)
SMTPD_CHECK_RCPT_RETURN(0);
domain += 1;
if (domain[0] == '#' || domain[0] == '[')
if (!resolve_local(domain))
SMTPD_CHECK_RCPT_RETURN(0);
#define MATCH(map, rcpt) \
check_mail_addr_find(state, recipient, map, rcpt, (char **) 0)
#define NOMATCH(map, rcpt) \
(check_mail_addr_find(state, recipient, map, rcpt, (char **) 0) == 0)
#define NOMATCH(map, rcpt) (MATCH(map, rcpt) == 0)
#define NOMATCHV8(map, rcpt) \
(checkv8_maps_find(state, recipient, map, rcpt) == 0)
/*
* Reject mail to unknown addresses in Postfix-style virtual domains.
* XXX We throw up our hands if the address matches a canonical or
* virtual alias map. Eventually, the address resolver should give us the
* final resolved recipient address, and the SMTP server should write the
* final recipient address to the output record stream. See also the next
* comment block on recipients in simulated virtual domains.
*/
if (*var_virt_alias_doms
&& (check_str_match(state, recipient, virt_alias_doms, domain))) {
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient))
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
}
if (MATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
|| MATCH(canonical_maps, CONST_STR(reply->recipient))
|| MATCH(virt_alias_maps, CONST_STR(reply->recipient)))
SMTPD_CHECK_RCPT_RETURN(0);
/*
* Reject mail to unknown addresses in Postfix-style virtual domains.
* At this point, anything that resolves to the error mailer is known to
* be undeliverable.
*
* XXX Until the address resolver does final address resolution, known and
* unknown recipients in simulated virtual domains will both resolve to
* "error:user unknown".
*/
if (*var_virt_mailbox_doms
&& (check_str_match(state, recipient, virt_mailbox_doms, domain))) {
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient))
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
if (strcmp(STR(reply->transport), var_error_transport) == 0) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: %s", 550,
recipient, STR(reply->nexthop));
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
* Reject mail to unknown addresses in local domains (domains that match
* $mydestination or $inet_interfaces). Accept mail for addresses in
* Sendmail-style virtual domains.
* $mydestination or $inet_interfaces).
*
* XXX For now, we throw up our hands when a transport mapping overrides the
* default local delivery transport.
*
* XXX Use the less expensive maps_find() (case is already folded) instead
* of the baroque mail_addr_find(). But then we have to strip the domain
* and deal with address extensions ourselves.
*/
if (*var_local_rcpt_maps && resolve_local(domain)) {
if (NOMATCH(rcpt_canon_maps, CONST_STR(reply->recipient))
&& NOMATCH(canonical_maps, CONST_STR(reply->recipient))
&& NOMATCH(relocated_maps, CONST_STR(reply->recipient))
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))
&& NOMATCH(virt_alias_maps, CONST_STR(reply->recipient))
&& NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
if ((reply->flags & RESOLVE_CLASS_LOCAL)
&& *var_local_rcpt_maps
&& strcmp(STR(reply->transport), var_local_transport) == 0
&& NOMATCH(local_rcpt_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
* Reject mail to unknown addresses in virtual mailbox domains.
*
* XXX For now, we throw up our hands when a transport mapping overrides the
* default virtual delivery transport.
*/
if ((reply->flags & RESOLVE_CLASS_VIRTUAL)
&& strcmp(STR(reply->transport), var_virt_transport) == 0
&& NOMATCHV8(virt_mailbox_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
* Reject mail to unknown addresses in relay domains.
*
* XXX For now, we throw up our hands when a transport mapping overrides the
* default relay transport.
*/
if ((reply->flags & RESOLVE_CLASS_RELAY)
&& *var_relay_rcpt_maps
&& strcmp(STR(reply->transport), var_relay_transport) == 0
&& NOMATCH(relay_rcpt_maps, CONST_STR(reply->recipient))) {
(void) smtpd_check_reject(state, MAIL_ERROR_BOUNCE,
"%d <%s>: User unknown", 550, recipient);
SMTPD_CHECK_RCPT_RETURN(STR(error_text));
}
/*
@@ -3368,6 +3359,12 @@ char *var_double_bounce_sender;
char *var_rbl_reply_maps;
char *var_smtpd_exp_filter;
char *var_def_rbl_reply;
char *var_local_transport;
char *var_error_transport;
char *var_virt_transport;
char *var_relay_transport;
char *var_def_transport;
char *var_relay_rcpt_maps;
typedef struct {
char *name;
@@ -3375,6 +3372,9 @@ typedef struct {
char **target;
} STRING_TABLE;
#undef DEF_VIRT_ALIAS_MAPS
#define DEF_VIRT_ALIAS_MAPS ""
static STRING_TABLE string_table[] = {
VAR_MAPS_RBL_DOMAINS, DEF_MAPS_RBL_DOMAINS, &var_maps_rbl_domains,
VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin,
@@ -3399,6 +3399,12 @@ static STRING_TABLE string_table[] = {
VAR_RBL_REPLY_MAPS, DEF_RBL_REPLY_MAPS, &var_rbl_reply_maps,
VAR_SMTPD_EXP_FILTER, DEF_SMTPD_EXP_FILTER, &var_smtpd_exp_filter,
VAR_DEF_RBL_REPLY, DEF_DEF_RBL_REPLY, &var_def_rbl_reply,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport,
VAR_RELAY_RCPT_MAPS, DEF_RELAY_RCPT_MAPS, &var_relay_rcpt_maps,
0,
};
@@ -3409,7 +3415,7 @@ static void string_init(void)
STRING_TABLE *sp;
for (sp = string_table; sp->name; sp++)
sp->target[0] = mystrdup(sp->defval[0] == '$' ? "" : sp->defval);
sp->target[0] = mystrdup(sp->defval);
}
/* string_update - update string parameter */
@@ -3607,12 +3613,36 @@ VSTRING *canon_addr_internal(VSTRING *result, const char *addr)
void resolve_clnt_query(const char *addr, RESOLVE_REPLY *reply)
{
const char *domain;
if (addr == CONST_STR(reply->recipient))
msg_panic("resolve_clnt_query: result clobbers input");
vstring_strcpy(reply->transport, "foo");
vstring_strcpy(reply->nexthop, "foo");
if (strchr(addr, '%'))
msg_fatal("%s: address rewriting is disabled", addr);
if ((domain = strrchr(addr, '@')) == 0)
msg_fatal("%s: unqualified address", addr);
domain += 1;
if (resolve_local(domain)) {
reply->flags = RESOLVE_CLASS_LOCAL;
vstring_strcpy(reply->transport, var_local_transport);
vstring_strcpy(reply->nexthop, domain);
} else if (string_list_match(virt_alias_doms, domain)) {
reply->flags = RESOLVE_CLASS_ALIAS;
vstring_strcpy(reply->transport, var_error_transport);
vstring_strcpy(reply->nexthop, "user unknown");
} else if (string_list_match(virt_mailbox_doms, domain)) {
reply->flags = RESOLVE_CLASS_VIRTUAL;
vstring_strcpy(reply->transport, var_virt_transport);
vstring_strcpy(reply->nexthop, domain);
} else if (domain_list_match(relay_domains, domain)) {
reply->flags = RESOLVE_CLASS_RELAY;
vstring_strcpy(reply->transport, var_relay_transport);
vstring_strcpy(reply->nexthop, domain);
} else {
reply->flags = RESOLVE_CLASS_DEFAULT;
vstring_strcpy(reply->transport, var_def_transport);
vstring_strcpy(reply->nexthop, domain);
}
vstring_strcpy(reply->recipient, addr);
}
@@ -3746,6 +3776,13 @@ int main(int argc, char **argv)
resp = 0;
break;
}
if (strcasecmp(args->argv[0], "relay_recipient_maps") == 0) {
UPDATE_STRING(var_relay_rcpt_maps, args->argv[1]);
UPDATE_MAPS(relay_rcpt_maps, VAR_LOCAL_RCPT_MAPS,
var_relay_rcpt_maps, DICT_FLAG_LOCK);
resp = 0;
break;
}
if (strcasecmp(args->argv[0], "canonical_maps") == 0) {
UPDATE_STRING(var_canonical_maps, args->argv[1]);
UPDATE_MAPS(canonical_maps, VAR_CANONICAL_MAPS,

2
postfix/src/smtpd/smtpd_check.ref
View File

@@ -139,6 +139,7 @@ OK
>>> client foo 123.123.123.123
OK
>>> rcpt foo@watson.ibm.com
./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<123.123.123.123>
554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied
>>> rcpt foo@porcupine.org
@@ -182,6 +183,7 @@ OK
>>> client_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK
>>> client foo 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<123.123.123.123>

2
postfix/src/smtpd/smtpd_check.ref2
View File

@@ -129,6 +129,7 @@ OK
>>> client foo 123.123.123.123
OK
>>> rcpt foo@watson.ibm.com
./smtpd_check: warning: the "check_relay_domains" restriction is going away; use "reject_unauth_destination" instead
./smtpd_check: <queue id>: reject: RCPT from foo[123.123.123.123]: 554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied; from=<foo@friend.bad.domain> to=<foo@watson.ibm.com> proto=SMTP helo=<friend.bad.domain>
554 <foo@watson.ibm.com>: Recipient address rejected: Relay access denied
>>> rcpt foo@porcupine.org
@@ -172,6 +173,7 @@ OK
>>> client_restrictions reject_maps_rbl
OK
>>> client spike.porcupine.org 168.100.189.2
./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK
>>> client foo 127.0.0.2
./smtpd_check: <queue id>: reject: CONNECT from foo[127.0.0.2]: 554 Service unavailable; Client host [127.0.0.2] blocked using blackholes.mail-abuse.org; Blackholed - see <URL:http://mail-abuse.org/cgi-bin/lookup?127.0.0.2>; from=<foo@friend.bad.domain> proto=SMTP helo=<friend.bad.domain>

1
postfix/src/smtpd/smtpd_exp.ref
View File

@@ -25,6 +25,7 @@ OK
>>> client spike.porcupine.org 168.100.189.2
OK
>>> rcpt rname@rdomain
./smtpd_check: warning: restriction reject_maps_rbl is going away. Please use reject_rbl_client <domain> instead
OK
>>> client foo 127.0.0.2
OK

27
postfix/src/trivial-rewrite/resolve.c
View File

@@ -103,7 +103,7 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
TOK822 *saved_domain = 0;
TOK822 *domain = 0;
char *destination;
const char *blame;
const char *blame = 0;
*flags = 0;
@@ -239,9 +239,9 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
if (virt_alias_doms
&& string_list_match(virt_alias_doms, STR(nexthop))) {
vstring_strcpy(channel, var_error_transport);
vstring_strcpy(nexthop, "unknown user");
vstring_strcpy(nexthop, "User unknown");
blame = VAR_ERROR_TRANSPORT;
*flags |= RESOLVE_CLASS_ERROR;
*flags |= RESOLVE_CLASS_ALIAS;
} else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_VIRT_ALIAS_DOMS);
*flags |= RESOLVE_FLAG_FAIL;
@@ -291,11 +291,17 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
/*
* Sanity checks.
*/
if (*STR(channel) == 0)
msg_fatal("file %s/%s: parameter %s: null transport is not allowed",
var_config_dir, MAIN_CONF_FILE, blame);
if (*STR(nexthop) == 0)
msg_panic("%s: null nexthop", myname);
if ((*flags & RESOLVE_FLAG_FAIL) == 0) {
if (*STR(channel) == 0) {
if (blame == 0)
msg_panic("%s: null blame", myname);
msg_warn("file %s/%s: parameter %s: null transport is not allowed",
var_config_dir, MAIN_CONF_FILE, blame);
*flags |= RESOLVE_FLAG_FAIL;
}
if (*STR(nexthop) == 0)
msg_panic("%s: null nexthop", myname);
}
/*
* Bounce recipients that have moved. We do it here instead of in the
@@ -315,7 +321,6 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
IGNORE_ADDR_EXTENSION)) != 0) {
vstring_strcpy(channel, var_error_transport);
vstring_sprintf(nexthop, "user has moved to %s", newloc);
*flags |= RESOLVE_CLASS_ERROR;
} else if (dict_errno != 0) {
msg_warn("%s lookup failure", VAR_RELOCATED_MAPS);
*flags |= RESOLVE_FLAG_FAIL;
@@ -329,8 +334,8 @@ void resolve_addr(char *addr, VSTRING *channel, VSTRING *nexthop,
* XXX Don't override the error transport :-(
*/
if ((*flags & RESOLVE_FLAG_FAIL) == 0
&& (*flags & RESOLVE_CLASS_ERROR) != 0
&& *var_transport_maps) {
&& *var_transport_maps
&& strcmp(STR(channel), var_error_transport) != 0) {
if (transport_lookup(STR(nextrcpt), channel, nexthop) == 0
&& dict_errno != 0) {
msg_warn("%s lookup failure", VAR_TRANSPORT_MAPS);

2
postfix/src/trivial-rewrite/transport.c
View File

@@ -104,6 +104,8 @@ static int find_transport_entry(const char *key, int flags,
/*
* Look up an entry with extreme prejedice.
*
* XXX Should report lookup failure status to caller instead of aborting.
*/
if ((value = maps_find(transport_path, key, flags)) == 0) {
if (dict_errno != 0)

10
postfix/src/trivial-rewrite/trivial-rewrite.c
View File

@@ -218,6 +218,7 @@ char *var_virt_mailbox_maps; /* XXX virtual_mailbox_domains */
char *var_virt_alias_doms;
char *var_virt_mailbox_doms;
char *var_relocated_maps;
char *var_def_transport;
/* rewrite_service - read request and send reply */
@@ -282,15 +283,16 @@ int main(int argc, char **argv)
{
static CONFIG_STR_TABLE str_table[] = {
VAR_TRANSPORT_MAPS, DEF_TRANSPORT_MAPS, &var_transport_maps, 0, 0,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 0, 0,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 0, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 0, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 0, 0,
VAR_LOCAL_TRANSPORT, DEF_LOCAL_TRANSPORT, &var_local_transport, 1, 0,
VAR_ERROR_TRANSPORT, DEF_ERROR_TRANSPORT, &var_error_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_XPORT_NULL_KEY, DEF_XPORT_NULL_KEY, &var_xport_null_key, 1, 0,
VAR_VIRT_ALIAS_MAPS, DEF_VIRT_ALIAS_MAPS, &var_virt_alias_maps, 0, 0,
VAR_VIRT_ALIAS_DOMS, DEF_VIRT_ALIAS_DOMS, &var_virt_alias_doms, 0, 0,
VAR_VIRT_MAILBOX_MAPS, DEF_VIRT_MAILBOX_MAPS, &var_virt_mailbox_maps, 0, 0,
VAR_VIRT_MAILBOX_DOMS, DEF_VIRT_MAILBOX_DOMS, &var_virt_mailbox_doms, 0, 0,
VAR_DEF_TRANSPORT, DEF_DEF_TRANSPORT, &var_def_transport, 1, 0,
VAR_VIRT_TRANSPORT, DEF_VIRT_TRANSPORT, &var_virt_transport, 1, 0,
VAR_RELAY_TRANSPORT, DEF_RELAY_TRANSPORT, &var_relay_transport, 1, 0,
VAR_RELOCATED_MAPS, DEF_RELOCATED_MAPS, &var_relocated_maps, 0, 0,

2
postfix/src/util/dict_pcre.c
View File

@@ -433,7 +433,7 @@ static int dict_pcre_prescan(int type, VSTRING *buf, char *context)
if (type == MAC_PARSE_VARNAME) {
if (ctxt->flags & DICT_FLAG_NO_REGSUB) {
msg_warn("pcre map %s, line %d: "
"regular expression substitution is not allowed"
"regular expression substitution is not allowed",
ctxt->mapname, ctxt->lineno);
return (MAC_PARSE_ERROR);
}

20
postfix/src/virtual/virtual.c
View File

@@ -111,7 +111,7 @@
/* This is a safety measure to ensure that an out of control map in
/* \fBvirtual_mailbox_maps\fR doesn't litter the filesystem with mailboxes.
/* While it could be set to "/", this setting isn't recommended.
/* .IP "\fBvirtual_mailbox_maps\fR (regexp maps disallowed)"
/* .IP \fBvirtual_mailbox_maps\fR
/* Recipients are looked up in these maps to determine the path to
/* their mailbox or maildir. If the returned path ends in a slash
/* ("/"), maildir-style delivery is carried out, otherwise the
@@ -126,6 +126,10 @@
/*
/* Note that \fBvirtual_mailbox_base\fR is unconditionally prepended
/* to this path.
/*
/* For security reasons, regular expression maps are allowed but
/* regular expression substitution of $1 etc. is disallowed,
/* because that would open a security hole.
/* .IP \fBvirtual_mailbox_domains\fR
/* The list of domains that should be delivered via the Postfix virtual
/* delivery agent. This uses the same syntax as the \fBmydestination\fR
@@ -135,7 +139,7 @@
/* a \fBvirtual_owner_maps\fR or \fBvirtual_uid_maps\fR lookup.
/* Returned values less than this will be rejected, and the message
/* will be deferred.
/* .IP "\fBvirtual_uid_maps\fR (regexp maps disallowed)"
/* .IP \fBvirtual_uid_maps\fR
/* Recipients are looked up in these maps to determine the user ID to be
/* used when writing to the target mailbox.
/*
@@ -145,7 +149,11 @@
/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
/* to match any user in the specified domain that does not have a
/* specific \fIuser@domain.tld\fR entry.
/* .IP "\fBvirtual_gid_maps\fR (regexp maps disallowed)"
/*
/* For security reasons, regular expression maps are allowed but
/* regular expression substitution of $1 etc. is disallowed,
/* because that would open a security hole.
/* .IP \fBvirtual_gid_maps\fR
/* Recipients are looked up in these maps to determine the group ID to be
/* used when writing to the target mailbox.
/*
@@ -155,6 +163,10 @@
/* In a lookup table, specify a left-hand side of \fI@domain.tld\fR
/* to match any user in the specified domain that does not have a
/* specific \fIuser@domain.tld\fR entry.
/*
/* For security reasons, regular expression maps are allowed but
/* regular expression substitution of $1 etc. is disallowed,
/* because that would open a security hole.
/* .SH "Locking controls"
/* .ad
/* .fi
@@ -211,6 +223,8 @@
/* The \fBmaildir\fR structure appears in the \fBqmail\fR system
/* by Daniel Bernstein.
/* SEE ALSO
/* regexp_table(5) POSIX regular expression table format
/* pcre_table(5) Perl Compatible Regular Expression table format
/* bounce(8) non-delivery status reports
/* syslogd(8) system logging
/* qmgr(8) queue manager