From 2a17daa3dbe01daf766b772c5fdedb676a8f5ee0 Mon Sep 17 00:00:00 2001 From: Wietse Venema Date: Mon, 15 Feb 2021 00:00:00 -0500 Subject: [PATCH] postfix-3.6-20210215 --- postfix/HISTORY | 10 +++++ postfix/README_FILES/COMPATIBILITY_README | 2 +- postfix/README_FILES/IPV6_README | 37 +++++-------------- postfix/WISHLIST | 17 ++++++--- postfix/html/COMPATIBILITY_README.html | 2 +- postfix/html/IPV6_README.html | 45 +++++------------------ postfix/html/lmtp.8.html | 4 +- postfix/html/master.8.html | 2 +- postfix/html/postconf.5.html | 2 +- postfix/html/postsuper.1.html | 9 +++++ postfix/html/smtp.8.html | 4 +- postfix/html/smtpd.8.html | 2 +- postfix/man/man1/postsuper.1 | 11 ++++++ postfix/man/man5/postconf.5 | 2 +- postfix/man/man8/master.8 | 2 +- postfix/man/man8/smtp.8 | 4 +- postfix/man/man8/smtpd.8 | 2 +- postfix/proto/IPV6_README.html | 45 +++++------------------ postfix/proto/postconf.proto | 2 +- postfix/src/global/mail_params.c | 2 - postfix/src/global/mail_version.h | 2 +- postfix/src/master/master.c | 2 +- postfix/src/postsuper/postsuper.c | 11 ++++++ postfix/src/smtp/smtp.c | 4 +- postfix/src/smtpd/smtpd.c | 3 +- 25 files changed, 100 insertions(+), 128 deletions(-) diff --git a/postfix/HISTORY b/postfix/HISTORY index 84639fa64..486df5dcc 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -25388,3 +25388,13 @@ Apologies for any names omitted. Flipped a bit in the smtpd_relay_before_recipient_restrictions implementation. File: smtpd/smtpd_check.c. +20210206 + + Documentation: the inet_protocols default setting is compile-time + dependent. Files: proto/postconf.proto, proto/IPV6_README.html, + and documentation in smtpd/smtpd.c, smtp/smtp.c, master/master.c. + +20210212 + + Documentation: added a jq example to the postsuper(1) manpage. + File: postsuper/postsuper.c. diff --git a/postfix/README_FILES/COMPATIBILITY_README b/postfix/README_FILES/COMPATIBILITY_README index 8dc4f7d25..511f790ea 100644 --- a/postfix/README_FILES/COMPATIBILITY_README +++ b/postfix/README_FILES/COMPATIBILITY_README @@ -323,7 +323,7 @@ behavior. designed to enforce spam blocking policy. Both are evaluated while replying to the RCPT TO command, and both support the same features. -When the compatibility_level less than 3.6, and the +When the compatibility_level is less than 3.6, and the smtpd_relay_before_recipient_restrictions parameter is left at its implicit default setting, Postfix may log the following message: diff --git a/postfix/README_FILES/IPV6_README b/postfix/README_FILES/IPV6_README index 872756ee9..df6ad7ac2 100644 --- a/postfix/README_FILES/IPV6_README +++ b/postfix/README_FILES/IPV6_README @@ -69,38 +69,19 @@ configuration work with Postfix. /etc/postfix/main.cf: # You must stop/start Postfix after changing this parameter. - inet_protocols = ipv4 (DEFAULT: enable IPv4 only) inet_protocols = all (enable IPv4, and IPv6 if supported) + inet_protocols = ipv4 (enable IPv4 only) inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6) inet_protocols = ipv6 (enable IPv6 only) - By default, Postfix uses IPv4 only, because most systems aren't attached to - an IPv6 network. - - o On systems with combined IPv4/IPv6 stacks, attempts to deliver mail via - IPv6 would always fail with "network unreachable", and those attempts - would only slow down Postfix. - - o Linux kernels don't even load IPv6 protocol support by default. Any - attempt to use it would fail immediately. + The default is compile-time dependent: "all" when Postfix is built on a + software distribution with IPv6 support, "ipv4" otherwise. Note 1: you must stop and start Postfix after changing the inet_protocols configuration parameter. - Note 2: if you see error messages like the following, then you're running - Linux and need to turn on IPv6 in the kernel: see http://www.ipv6.org/ for - hints and tips. Unlike other systems, Linux does not have a combined stack - for IPv4 and IPv6, and IPv6 protocol support is not loaded by default. - - postconf: warning: inet_protocols: IPv6 support is disabled: Address - family not supported by protocol - postconf: warning: inet_protocols: configuring for IPv4 support only - - Note 3: on older Linux and Solaris systems, the setting "inet_protocols = - ipv6" will not prevent Postfix from accepting IPv4 connections. Postfix - will present the client IP addresses in IPv6 format, though. In all other - cases, Postfix always presents IPv4 client IP addresses in the traditional - dotted quad IPv4 format. + Note 2: on older Linux and Solaris systems, the setting "inet_protocols = + ipv6" will not prevent Postfix from accepting IPv4 connections. * The other new parameter is smtp_bind_address6. This sets the local interface address for outgoing IPv6 SMTP connections, just like the @@ -137,8 +118,8 @@ KKnnoowwnn LLiimmiittaattiioonnss IPv4 outgoing connection attempts is configurable with the smtp_address_preference parameter. - * Postfix versions before 2.6 do not support DNSBL (real-time blackhole list) - lookups for IPv6 client IP addresses. + * Postfix versions before 2.6 do not support DNSBL (DNS blocklist) lookups + for IPv6 client IP addresses. * IPv6 does not have class A, B, C, etc. networks. With IPv6 networks, the setting "mynetworks_style = class" has the same effect as the setting @@ -165,8 +146,8 @@ Strik and others, but differs in a few minor ways. * main.cf: Specify "inet_interfaces = loopback-only" to listen on loopback network interfaces only. - * The lmtp_bind_address and lmtp_bind_address6 features were omitted. The - Postfix LMTP client will be absorbed into the SMTP client, so there is no + * The lmtp_bind_address and lmtp_bind_address6 features were omitted. Postfix + version 2.3 merged the LMTP client into the SMTP client, so there was no reason to keep adding features to the LMTP client. * The SMTP server now requires that IPv6 addresses in SMTP commands are diff --git a/postfix/WISHLIST b/postfix/WISHLIST index 0cc4af072..8c5556202 100644 --- a/postfix/WISHLIST +++ b/postfix/WISHLIST @@ -1,8 +1,16 @@ Wish list: - http://www.postfix.org/postconf.5.html#inet_protocols default - differs from http://www.postfix.org/IPV6_README.html - and it's compile-time dependent. + Try to make the master throttle more distrusting. Currently, + the master throttles a service after a child process cannot be + created (fork() fails), or if a child process fails upon its + first use. The master always unthrottles the service if a process + handles a client successfully. This is sufficient to mitigate + local configuration errors. It also slows down stupid remote + attacks as long as malicious traffic dominates benign traffic. + Perhaps monitor a crashing percentage? + + More accurate address verification: do a quota check before + reporting that a local(8) or virtual(8) recipient is deliverable. Eliminate duplicate user_acl check from sendmail, and pass the result through the postdrop-to-sendmail protocol. This @@ -55,9 +63,6 @@ Wish list: resolver feature sets gracefully: an unsupported request will result in an error status, not program termination. - DNSSEC end-to-end test, probing a configurable zone (".") - and resource type (default: NS). - When a secondary instance has no multi_instance_name set, ` postmulti -i won't be able to find it. diff --git a/postfix/html/COMPATIBILITY_README.html b/postfix/html/COMPATIBILITY_README.html index 06f981a5e..089b4b0d7 100644 --- a/postfix/html/COMPATIBILITY_README.html +++ b/postfix/html/COMPATIBILITY_README.html @@ -479,7 +479,7 @@ primarily designed to enforce a mail relaying policy, while blocking policy. Both are evaluated while replying to the RCPT TO command, and both support the same features.

-

When the compatibility_level less than 3.6, and the +

When the compatibility_level is less than 3.6, and the smtpd_relay_before_recipient_restrictions parameter is left at its implicit default setting, Postfix may log the following message:

diff --git a/postfix/html/IPV6_README.html b/postfix/html/IPV6_README.html index 27344f15d..eb619e8b1 100644 --- a/postfix/html/IPV6_README.html +++ b/postfix/html/IPV6_README.html @@ -111,49 +111,22 @@ will use when it makes network connections. 

 /etc/postfix/main.cf:
     # You must stop/start Postfix after changing this parameter.
-    inet_protocols = ipv4       (DEFAULT: enable IPv4 only)
     inet_protocols = all        (enable IPv4, and IPv6 if supported)
+    inet_protocols = ipv4       (enable IPv4 only)
     inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
     inet_protocols = ipv6       (enable IPv6 only)
-

By default, Postfix uses IPv4 only, because most systems aren't -attached to an IPv6 network.

- - +

The default is compile-time dependent: "all" when Postfix is built +on a software distribution with IPv6 support, "ipv4" otherwise.

Note 1: you must stop and start Postfix after changing the inet_protocols configuration parameter.

-

Note 2: if you see error messages like the following, then -you're running Linux and need to turn on IPv6 in the kernel: see -http://www.ipv6.org/ for hints and tips. Unlike other systems, -Linux does not have a combined stack for IPv4 and IPv6, and IPv6 -protocol support is not loaded by default.

- -
-
-postconf: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol
-postconf: warning: inet_protocols: configuring for IPv4 support only
-
-
- -

Note 3: on older Linux and Solaris systems, the setting +

Note 2: on older Linux and Solaris systems, the setting "inet_protocols = ipv6" will not prevent Postfix from -accepting IPv4 connections. Postfix will present the client IP -addresses in IPv6 format, though. In all other cases, Postfix always -presents IPv4 client IP addresses in the traditional dotted quad -IPv4 format.

+accepting IPv4 connections.

  • The other new parameter is smtp_bind_address6. This sets the local interface address for outgoing IPv6 SMTP @@ -209,8 +182,8 @@ over IPv6 before trying IPv4. With more recent Postfix versions, the order of IPv6 versus IPv4 outgoing connection attempts is configurable with the smtp_address_preference parameter.

    -

  • Postfix versions before 2.6 do not support DNSBL (real-time -blackhole list) lookups for IPv6 client IP addresses.

    +

  • Postfix versions before 2.6 do not support DNSBL (DNS +blocklist) lookups for IPv6 client IP addresses.

  • IPv6 does not have class A, B, C, etc. networks. With IPv6 networks, the setting "mynetworks_style = class" has the @@ -249,8 +222,8 @@ receiving mail.

    to listen on loopback network interfaces only.

  • The lmtp_bind_address and lmtp_bind_address6 -features were omitted. The Postfix LMTP client will be absorbed -into the SMTP client, so there is no reason to keep adding features +features were omitted. Postfix version 2.3 merged the LMTP client +into the SMTP client, so there was no reason to keep adding features to the LMTP client.

  • The SMTP server now requires that IPv6 addresses in SMTP diff --git a/postfix/html/lmtp.8.html b/postfix/html/lmtp.8.html index 07907f40f..427a3569a 100644 --- a/postfix/html/lmtp.8.html +++ b/postfix/html/lmtp.8.html @@ -639,7 +639,7 @@ SMTP(8) SMTP(8) Available in Postfix version 3.1 and later: - smtp_tls_dane_insecure_mx_policy (dane) + smtp_tls_dane_insecure_mx_policy (see 'postconf -d' output) The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. @@ -880,7 +880,7 @@ SMTP(8) SMTP(8) The network interface addresses that this mail system receives mail on. - inet_protocols (all) + inet_protocols (see 'postconf -d output') The Internet protocols Postfix will attempt to use when making or accepting connections. diff --git a/postfix/html/master.8.html b/postfix/html/master.8.html index d72151ca9..f85b7d90f 100644 --- a/postfix/html/master.8.html +++ b/postfix/html/master.8.html @@ -150,7 +150,7 @@ MASTER(8) MASTER(8) The network interface addresses that this mail system receives mail on. - inet_protocols (all) + inet_protocols (see 'postconf -d output') The Internet protocols Postfix will attempt to use when making or accepting connections. diff --git a/postfix/html/postconf.5.html b/postfix/html/postconf.5.html index 6753f0ed7..cb63ebe65 100644 --- a/postfix/html/postconf.5.html +++ b/postfix/html/postconf.5.html @@ -4106,7 +4106,7 @@ Examples:

    inet_protocols -(default: all)
    +(default: see 'postconf -d output')

    The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" diff --git a/postfix/html/postsuper.1.html b/postfix/html/postsuper.1.html index 3f952b5a6..d23e3b5bd 100644 --- a/postfix/html/postsuper.1.html +++ b/postfix/html/postsuper.1.html @@ -44,6 +44,15 @@ POSTSUPER(1) POSTSUPER(1) input. For example, to delete all mail with exactly one recipi- ent user@example.com: + postqueue -j | jq ' + # See JSON OBJECT FORMAT section in the postqueue(1) manpage + select(.recipients[0].address == "user@example.com") + | select(.recipients[1].address == null) + | .queue_id + ' | postsuper -d - + + Or the historical form: + mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "user@example.com" && $9 == "") diff --git a/postfix/html/smtp.8.html b/postfix/html/smtp.8.html index 07907f40f..427a3569a 100644 --- a/postfix/html/smtp.8.html +++ b/postfix/html/smtp.8.html @@ -639,7 +639,7 @@ SMTP(8) SMTP(8) Available in Postfix version 3.1 and later: - smtp_tls_dane_insecure_mx_policy (dane) + smtp_tls_dane_insecure_mx_policy (see 'postconf -d' output) The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is dane, but the MX record was found via an "insecure" MX lookup. @@ -880,7 +880,7 @@ SMTP(8) SMTP(8) The network interface addresses that this mail system receives mail on. - inet_protocols (all) + inet_protocols (see 'postconf -d output') The Internet protocols Postfix will attempt to use when making or accepting connections. diff --git a/postfix/html/smtpd.8.html b/postfix/html/smtpd.8.html index 8304fc70c..3e88dc329 100644 --- a/postfix/html/smtpd.8.html +++ b/postfix/html/smtpd.8.html @@ -766,7 +766,7 @@ SMTPD(8) SMTPD(8) The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. - inet_protocols (all) + inet_protocols (see 'postconf -d output') The Internet protocols Postfix will attempt to use when making or accepting connections. diff --git a/postfix/man/man1/postsuper.1 b/postfix/man/man1/postsuper.1 index 43294f0a9..f8a909c67 100644 --- a/postfix/man/man1/postsuper.1 +++ b/postfix/man/man1/postsuper.1 @@ -46,6 +46,17 @@ from standard input. For example, to delete all mail with exactly one recipient \fBuser@example.com\fR: .sp .nf +postqueue \-j | jq ' + # See JSON OBJECT FORMAT section in the postqueue(1) manpage + select(.recipients[0].address == "user@example.com") + | select(.recipients[1].address == null) + | .queue_id + ' | postsuper \-d \- +.fi +.sp +Or the historical form: +.sp +.nf mailq | tail \-n +2 | grep \-v '^ *(' | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "user@example.com" && $9 == "") diff --git a/postfix/man/man5/postconf.5 b/postfix/man/man5/postconf.5 index d449c1ced..6050debf6 100644 --- a/postfix/man/man5/postconf.5 +++ b/postfix/man/man5/postconf.5 @@ -2579,7 +2579,7 @@ inet_interfaces = 192.168.1.2, 127.0.0.1 .fi .ad .ft R -.SH inet_protocols (default: all) +.SH inet_protocols (default: see 'postconf \-d output') The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" or "ipv6", separated by whitespace or commas. The form diff --git a/postfix/man/man8/master.8 b/postfix/man/man8/master.8 index 4517fa043..84b5d1f3c 100644 --- a/postfix/man/man8/master.8 +++ b/postfix/man/man8/master.8 @@ -153,7 +153,7 @@ invoked with the \-D option. .IP "\fBinet_interfaces (all)\fR" The network interface addresses that this mail system receives mail on. -.IP "\fBinet_protocols (all)\fR" +.IP "\fBinet_protocols (see 'postconf -d output')\fR" The Internet protocols Postfix will attempt to use when making or accepting connections. .IP "\fBimport_environment (see 'postconf -d' output)\fR" diff --git a/postfix/man/man8/smtp.8 b/postfix/man/man8/smtp.8 index 16084d104..613c71fde 100644 --- a/postfix/man/man8/smtp.8 +++ b/postfix/man/man8/smtp.8 @@ -582,7 +582,7 @@ Request that the Postfix SMTP client connects using the legacy SMTPS protocol instead of using the STARTTLS command. .PP Available in Postfix version 3.1 and later: -.IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" +.IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" The TLS policy for MX hosts with "secure" TLSA records when the nexthop destination security level is \fBdane\fR, but the MX record was found via an "insecure" MX lookup. @@ -789,7 +789,7 @@ Disable DNS lookups in the Postfix SMTP and LMTP clients. .IP "\fBinet_interfaces (all)\fR" The network interface addresses that this mail system receives mail on. -.IP "\fBinet_protocols (all)\fR" +.IP "\fBinet_protocols (see 'postconf -d output')\fR" The Internet protocols Postfix will attempt to use when making or accepting connections. .IP "\fBipc_timeout (3600s)\fR" diff --git a/postfix/man/man8/smtpd.8 b/postfix/man/man8/smtpd.8 index 180ea6359..24358712f 100644 --- a/postfix/man/man8/smtpd.8 +++ b/postfix/man/man8/smtpd.8 @@ -686,7 +686,7 @@ mail on. .IP "\fBproxy_interfaces (empty)\fR" The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. -.IP "\fBinet_protocols (all)\fR" +.IP "\fBinet_protocols (see 'postconf -d output')\fR" The Internet protocols Postfix will attempt to use when making or accepting connections. .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR" diff --git a/postfix/proto/IPV6_README.html b/postfix/proto/IPV6_README.html index b7e0408e0..db0dc61e6 100644 --- a/postfix/proto/IPV6_README.html +++ b/postfix/proto/IPV6_README.html @@ -111,49 +111,22 @@ will use when it makes network connections. 

     /etc/postfix/main.cf:
     # You must stop/start Postfix after changing this parameter.
-    inet_protocols = ipv4       (DEFAULT: enable IPv4 only)
     inet_protocols = all        (enable IPv4, and IPv6 if supported)
+    inet_protocols = ipv4       (enable IPv4 only)
     inet_protocols = ipv4, ipv6 (enable both IPv4 and IPv6)
     inet_protocols = ipv6       (enable IPv6 only)
    -

    By default, Postfix uses IPv4 only, because most systems aren't -attached to an IPv6 network.

    - -
      - -

    • On systems with combined IPv4/IPv6 stacks, attempts to -deliver mail via IPv6 would always fail with "network unreachable", -and those attempts would only slow down Postfix.

      - -

    • Linux kernels don't even load IPv6 protocol support by -default. Any attempt to use it would fail immediately.

      - -
    +

    The default is compile-time dependent: "all" when Postfix is built +on a software distribution with IPv6 support, "ipv4" otherwise.

    Note 1: you must stop and start Postfix after changing the inet_protocols configuration parameter.

    -

    Note 2: if you see error messages like the following, then -you're running Linux and need to turn on IPv6 in the kernel: see -http://www.ipv6.org/ for hints and tips. Unlike other systems, -Linux does not have a combined stack for IPv4 and IPv6, and IPv6 -protocol support is not loaded by default.

    - -
    -
    -postconf: warning: inet_protocols: IPv6 support is disabled: Address family not supported by protocol
-postconf: warning: inet_protocols: configuring for IPv4 support only
-
    -
    - -

    Note 3: on older Linux and Solaris systems, the setting +

    Note 2: on older Linux and Solaris systems, the setting "inet_protocols = ipv6" will not prevent Postfix from -accepting IPv4 connections. Postfix will present the client IP -addresses in IPv6 format, though. In all other cases, Postfix always -presents IPv4 client IP addresses in the traditional dotted quad -IPv4 format.

    +accepting IPv4 connections.

  • The other new parameter is smtp_bind_address6. This sets the local interface address for outgoing IPv6 SMTP @@ -209,8 +182,8 @@ over IPv6 before trying IPv4. With more recent Postfix versions, the order of IPv6 versus IPv4 outgoing connection attempts is configurable with the smtp_address_preference parameter.

    -

  • Postfix versions before 2.6 do not support DNSBL (real-time -blackhole list) lookups for IPv6 client IP addresses.

    +

  • Postfix versions before 2.6 do not support DNSBL (DNS +blocklist) lookups for IPv6 client IP addresses.

  • IPv6 does not have class A, B, C, etc. networks. With IPv6 networks, the setting "mynetworks_style = class" has the @@ -249,8 +222,8 @@ receiving mail.

    to listen on loopback network interfaces only.

  • The lmtp_bind_address and lmtp_bind_address6 -features were omitted. The Postfix LMTP client will be absorbed -into the SMTP client, so there is no reason to keep adding features +features were omitted. Postfix version 2.3 merged the LMTP client +into the SMTP client, so there was no reason to keep adding features to the LMTP client.

  • The SMTP server now requires that IPv6 addresses in SMTP diff --git a/postfix/proto/postconf.proto b/postfix/proto/postconf.proto index 39e2b8901..1f50b82b8 100644 --- a/postfix/proto/postconf.proto +++ b/postfix/proto/postconf.proto @@ -2008,7 +2008,7 @@ inet_interfaces = 127.0.0.1, [::1] (Postfix version 2.2 and later) inet_interfaces = 192.168.1.2, 127.0.0.1 -%PARAM inet_protocols all +%PARAM inet_protocols see 'postconf -d output'

    The Internet protocols Postfix will attempt to use when making or accepting connections. Specify one or more of "ipv4" diff --git a/postfix/src/global/mail_params.c b/postfix/src/global/mail_params.c index 09e0884b9..f54eb7523 100644 --- a/postfix/src/global/mail_params.c +++ b/postfix/src/global/mail_params.c @@ -374,7 +374,6 @@ char *var_maillog_file_stamp; char *var_postlog_service; char *var_dnssec_probe; -bool var_relay_before_rcpt_checks; const char null_format_string[1] = ""; @@ -749,7 +748,6 @@ void mail_params_init() /* read and process the following before opening tables. */ VAR_SMTPUTF8_ENABLE, DEF_SMTPUTF8_ENABLE, &var_smtputf8_enable, VAR_IDNA2003_COMPAT, DEF_IDNA2003_COMPAT, &var_idna2003_compat, - VAR_RELAY_BEFORE_RCPT_CHECKS, DEF_RELAY_BEFORE_RCPT_CHECKS, &var_relay_before_rcpt_checks, 0, }; static const CONFIG_STR_FN_TABLE function_str_defaults[] = { diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index bdbb35f48..93a95dd0e 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20210201" +#define MAIL_RELEASE_DATE "20210215" #define MAIL_VERSION_NUMBER "3.6" #ifdef SNAPSHOT diff --git a/postfix/src/master/master.c b/postfix/src/master/master.c index d9017789b..0faa43ace 100644 --- a/postfix/src/master/master.c +++ b/postfix/src/master/master.c @@ -137,7 +137,7 @@ /* .IP "\fBinet_interfaces (all)\fR" /* The network interface addresses that this mail system receives /* mail on. -/* .IP "\fBinet_protocols (all)\fR" +/* .IP "\fBinet_protocols (see 'postconf -d output')\fR" /* The Internet protocols Postfix will attempt to use when making /* or accepting connections. /* .IP "\fBimport_environment (see 'postconf -d' output)\fR" diff --git a/postfix/src/postsuper/postsuper.c b/postfix/src/postsuper/postsuper.c index cab381419..dfd285757 100644 --- a/postfix/src/postsuper/postsuper.c +++ b/postfix/src/postsuper/postsuper.c @@ -40,6 +40,17 @@ /* with exactly one recipient \fBuser@example.com\fR: /* .sp /* .nf +/* postqueue -j | jq ' +/* # See JSON OBJECT FORMAT section in the postqueue(1) manpage +/* select(.recipients[0].address == "user@example.com") +/* | select(.recipients[1].address == null) +/* | .queue_id +/* ' | postsuper -d - +/* .fi +/* .sp +/* Or the historical form: +/* .sp +/* .nf /* mailq | tail -n +2 | grep -v '^ *(' | awk 'BEGIN { RS = "" } /* # $7=sender, $8=recipient1, $9=recipient2 /* { if ($8 == "user@example.com" && $9 == "") diff --git a/postfix/src/smtp/smtp.c b/postfix/src/smtp/smtp.c index 3c8d397aa..b2ef7ac93 100644 --- a/postfix/src/smtp/smtp.c +++ b/postfix/src/smtp/smtp.c @@ -548,7 +548,7 @@ /* legacy SMTPS protocol instead of using the STARTTLS command. /* .PP /* Available in Postfix version 3.1 and later: -/* .IP "\fBsmtp_tls_dane_insecure_mx_policy (dane)\fR" +/* .IP "\fBsmtp_tls_dane_insecure_mx_policy (see 'postconf -d' output)\fR" /* The TLS policy for MX hosts with "secure" TLSA records when the /* nexthop destination security level is \fBdane\fR, but the MX /* record was found via an "insecure" MX lookup. @@ -745,7 +745,7 @@ /* .IP "\fBinet_interfaces (all)\fR" /* The network interface addresses that this mail system receives /* mail on. -/* .IP "\fBinet_protocols (all)\fR" +/* .IP "\fBinet_protocols (see 'postconf -d output')\fR" /* The Internet protocols Postfix will attempt to use when making /* or accepting connections. /* .IP "\fBipc_timeout (3600s)\fR" diff --git a/postfix/src/smtpd/smtpd.c b/postfix/src/smtpd/smtpd.c index 5cac517d3..43a14bbf4 100644 --- a/postfix/src/smtpd/smtpd.c +++ b/postfix/src/smtpd/smtpd.c @@ -642,7 +642,7 @@ /* .IP "\fBproxy_interfaces (empty)\fR" /* The network interface addresses that this mail system receives mail /* on by way of a proxy or network address translation unit. -/* .IP "\fBinet_protocols (all)\fR" +/* .IP "\fBinet_protocols (see 'postconf -d output')\fR" /* The Internet protocols Postfix will attempt to use when making /* or accepting connections. /* .IP "\fBlocal_recipient_maps (proxy:unix:passwd.byname $alias_maps)\fR" @@ -1462,6 +1462,7 @@ char *var_tlsproxy_service; char *var_smtpd_uproxy_proto; int var_smtpd_uproxy_tmout; +bool var_relay_before_rcpt_checks; /* * Silly little macros.