mir/postfix
2
0
Fork 0
mirror of https://github.com/vdukhovni/postfix synced 2025-08-30 05:38:06 +00:00
Code Issues Releases Wiki Activity

snapshot-20010222

Browse Source
This commit is contained in:
Wietse Venema 2001-02-22 00:00:00 -05:00 committed by Viktor Dukhovni
parent edac954e0e
commit 2ea174ea56
32 changed files with 818 additions and 537 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
postfix/0README
View File

@ -21,9 +21,7 @@ Purpose of the Postfix mail system
==================================
Postfix aims to be an alternative to the widely-used sendmail
program. Sendmail is responsible for 70% of all e-mail delivered
on the Internet. With an estimated 100 million users, that's an
estimated 10 billion (10^10) messages daily. A stunning number.
program.
Although IBM supported the Postfix development, it abstains from
control over its evolution. The goal is to have Postfix installed
@ -71,15 +69,6 @@ you are welcome to send a postcard to:
Roadmap of the Postfix source distribution
==========================================
Point your browser at html/index.html for Postfix documentation,
for manual pages, and for the unavoidable Postfix FAQ. Expect to
see updated versions on-line at http://www.postfix.org/
Point your MANPATH environment variable at the `man' directory (use
an absolute path) for UNIX-style on-line manual pages. These pages
are also available through the HTML interface, which allows you to
navigate faster.
The RELEASE_NOTES file describes new features, and lists incompatible
changes with respect to previous Postfix versions.
@ -91,10 +80,17 @@ not yet implement, and how well it works with other software.
The HISTORY file gives a detailed log of changes to the software.
Point your browser at html/index.html for Postfix documentation,
for manual pages, and for the unavoidable Postfix FAQ. Expect to
see updated versions on-line at http://www.postfix.org/
Point your MANPATH environment variable at the `man' directory (use
an absolute path) for UNIX-style on-line manual pages. These pages
are also available through the HTML interface, which allows you to
navigate faster.
The PORTING file discusses how to go about porting Postfix to other
UNIX platforms. Some people are looking into a port to Windows NT.
We'll see. This software uses every trick in the book that I learned
about UNIX.
UNIX platforms.
The TODO file lists things that still need to be done. If you want
to set your teeth into one of those problems, drop me a note at

45
postfix/HISTORY
View File

@ -4856,7 +4856,7 @@ Apologies for any names omitted.
20010203
Update: null candidate patch from Patrick Rak. Files:
Update: null candidate patch from Patrik Rak. Files:
nqmgr/qmgr_entry.c nqmgr/qmgr_job.c nqmgr/qmgr_message.c.
Cleanup: added one gruesome command to the postlink script
@ -4869,3 +4869,46 @@ Apologies for any names omitted.
Laid the ground work for logging of table accesses. This
will give more insight into how Postfix uses its lookup
tables. User interface comes later. File: util/dict_debug.c.
20010215
The showq output format assumes queue IDs of up to 10
characters. It can be more with large file systems.
Workaround for 11 character queue IDs by Lamont Jones.
File: showq/showq.c.
20010216
Bugfix: the pipe delivery agent expanded $size as if it
were a recipient, instead of expanding it as $nexthop or
as $sender. Reported by Michael Tokarev. File: pipe/pipe.c.
20010221
Bugfix: poor LMTP performance for domains that are listed
in $mydestination, because Postfix would send one recipient
at a time, with multiple deliveries of recipients of the
same message in parallel; a similar problem could exist
with firewall relay hosts that forward mail for $mydestination
to an inside machine. This behavior is now changed to depend
on the transport-specific xxx_destination_recipient_limit
parameter. This also means that you can now get qmail behavior
for SMTP deliveries by setting smtp_destination_recipient_limit=1.
File: {qmgr,nqmgr}/qmgr_message.c.
Workaround: Solaris socketpair() can fail with EINTR. Added
a sane_socketpair.c module that joins the ranks of the other
sane_whatever workarounds. Reported by Andrew McNamara.
File: util/sane_socketpair.[hc]
20010222
Documentation: the default main.cf file has a prominent
warning that mynetworks should be properly configured in
order to reject unauthorized mail relay requests from
strangers.
Documentation: the INSTALL document, section "mandatory
configuration file edits" has a section that explains that
mynetworks should be properly configured in order to reject
unauthorized mail relay requests from strangers.

40
postfix/INSTALL
View File

@ -66,11 +66,13 @@ If your system is supported, it is one of
Linux RedHat 4.x
Linux RedHat 5.x
Linux RedHat 6.x
Linux RedHat 7.x
Linux Slackware 3.5
Linux Slackware 4.0
Linux Slackware 7.0
Linux SuSE 5.x
Linux SuSE 6.x
Linux SuSE 7.x
Mac OS X server
NEXTSTEP 3.x
NetBSD 1.x
@ -83,7 +85,7 @@ If your system is supported, it is one of
Rhapsody 5.x
SunOS 4.1.x
SunOS 5.4..5.8 (Solaris 2.4..8)
Ultrix 4.x
Ultrix 4.x (well, that was long ago)
or something closely resemblant.
@ -202,7 +204,8 @@ In order to install or upgrade Postfix:
- Run the INSTALL.sh script as the super-user:
# sh INSTALL.sh
# make install (interactive version, first time install)
# make install </dev/null (non-interactive version, for upgrades)
The INSTALL.sh script offers suggestions for pathnames that you
can override, either by editing INSTALL.sh or by specifying your
@ -351,9 +354,10 @@ You can use $parameter before it is given a value. The Postfix
configuration language uses lazy evaluation, and does not look at
a parameter value until it is needed at runtime.
First of all, you must specify what domain will be appended to a
local address. The "myorigin" parameter defaults to the local
hostname, but that is probably OK only for very small sites.
First of all, you must specify what domain will be appended to an
unqualified address (i.e. an address without @domain.name). The
"myorigin" parameter defaults to the local hostname, but that is
probably OK only for very small sites.
Some examples:
@ -363,8 +367,8 @@ Some examples:
In the first case, local mail goes out as user@$myhostname, in
the second case the sender address is user@$mydomain.
Next you need to specify what mail addresses are local to the
Postfix system.
Next you need to specify what mail addresses Postfix should deliver
locally.
Some examples:
@ -376,6 +380,14 @@ The first example is appropriate for a workstation, the second is
appropriate for the mailserver for an entire domain. The third
example should be used when running on a virtual host interface.
If your machine is on an open network then you must specify what
client IP addresses are authorized to relay their mail through your
machine. The default setting includes all class A, B or C networks
that the machine is attached to. Often, that gives relay permission
to too many clients. My own settings are:
mynetworks = 168.100.189.0/28, 127.0.0.0/8
If you're behind a firewall, you should set up a relayhost. If
you can, specify the organizational domain name so that Postfix
can use DNS lookups, and so that it can fall back to a secondary
@ -403,7 +415,8 @@ and/or dial-up networks.
Finally, if you haven't used Sendmail prior to using Postfix, you
will have to build the alias database (with: sendmail -bi, or:
newaliases). Be sure to set up aliases for root and postmaster that
forward mail to a real person.
forward mail to a real person. Postfix has a sample aliases file
the conf/aliases.
11 - To chroot or not to chroot
==============================
@ -417,10 +430,13 @@ impenetrable, but every little bit helps.
With the exception of the Postfix local delivery and `pipe' daemons,
every Postfix daemon can run chrooted.
By default, no Postfix daemon runs chrooted. In order to enable
chroot operation, edit the file /etc/postfix/master.cf. It is
highly recommended to chroot the daemons that talk to the network:
the smtp and smtpd processes.
Sites with high security requirements should consider to chroot
all daemons that talk to the network: the smtp and smtpd processes,
and perhaps also the lmtp client.
The default /etc/postfix/master.cf file specifies that no Postfix
daemon runs chrooted. In order to enable chroot operation, edit
the file /etc/postfix/master.cf. Instructions are in the file.
Note that a chrooted daemon resolves all filenames relative to the
Postfix queue directory (/var/spool/postfix). For successful use

8
postfix/LDAP_README
View File

@ -26,6 +26,14 @@ Postfix source tree should work:
% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
AUXLIBS="-L/usr/local/lib -lldap -L/usr/local/lib -llber"
On Solaris 2.x you may have to specify run-time link information,
otherwise ld.so will not find some of the shared libraries:
% make tidy
% make makefiles CCARGS="-I/usr/local/include -DHAS_LDAP" \
AUXLIBS="-L/usr/local/lib -R/usr/local/lib -lldap \
-L/usr/local/lib -R/usr/local/lib -llber"
The 'make tidy' command is needed only if you have previously built
Postfix without LDAP support.

0
postfix/BEWARE → postfix/LINUX_README
View File

376
postfix/LMTP_README
View File

@ -1,17 +1,25 @@
[This file still needs to be updated - some information is obsolete]
Postfix LMTP support
====================
1 - Postfix LMTP support
========================
LMTP stands for Local Mail Transfer Protocol, and is detailed in
RFC2033. This protocol is used to communicate with the final
RFC2033. Postfix uses this protocol to communicate with the final
delivery agent, which may run on the local host or a remote host.
This protocol opens up interesting possibilities: one Postfix front
end machine can drive multiple mailbox back end machines over LMTP.
As the mail load increases you add Postfix front end systems and
LMTP mailbox back end systems. You can use LDAP or mysql to share
the user database among the front end and back end systems.
As the mail load increases, you add more Postfix front end systems
and more LMTP mailbox back end systems. This is the model that I
had in mind when I began drafting the design for Postfix - a scalable
architecture that allows you to keep adding SMTP servers and mailbox
servers painlessly.
Such a distributed architecture needs glue to keep things together.
You can use a networked database LDAP or mysql to share the user
database among the front end and back end systems. Use a replicated
database so that no machine becomes a single point of failure for
the entire mail infrastructure.
Postfix LMTP support is based on a modified version of the Postfix
SMTP client. The initial version was by Philip A. Prindeville of
@ -21,166 +29,210 @@ much of the documentation. Wietse Venema reduced the code to its
present shape.
Overview
========
2 - Overview
============
Most of the examples in this document involve the CMU Cyrus IMAP/POP
server, available from:
http://asg.web.cmu.edu/cyrus/
While certainly not the only application that could make use of LMTP,
it tends to be the most discussed. These examples are based on the
forthcoming Cyrus 2.0.10, at least at the time of writing. The 2.x
branch of Cyrus places greater emphasis on LMTP delivery than the
previous releases. Those using older releases of Cyrus can find a
discussion in the appendix of this document.
While certainly not the only application that could make use of
LMTP, it tends to be the most discussed. These examples are based
on the forthcoming Cyrus 2.0.10, at least at the time of writing.
The 2.x branch of Cyrus places greater emphasis on LMTP delivery
than the previous releases. Those using older releases of Cyrus
can find a discussion in the appendix of this document.
There are a variety of ways LMTP delivery can be configured in
Postfix. The two basic flavors are delivery over UNIX-domain sockets
and delivery over TCP sockets. Both flavors can be specified in
either the Postfix main.cf or in a transport map. The best approach
to use depends upon the arrangement of your servers and the desired
level of parallelization. Please be sure to study this entire
document as there are trade-offs in convenience and performance with
these different approaches.
Postfix. The two basic flavors are delivery over UNIX-domain
sockets and delivery over TCP sockets.
o Connections over UNIX-domain sockets limit delivery to LMTP
servers running on the same machine.
o Connections over TCP sockets allow you to deliver to LMTP
servers across a local network.
The precise syntax for UNIX-domain and TCP connection endpoints is
given in the lmtp(8) manual page.
given in the lmtp(8) manual page. Examples are also given in the
text below.
Both socket flavors can be specified in either the Postfix main.cf
file (see section 5) or in a Postfix transport map (section 6).
What is the best approach for you depends upon the arrangement of
your servers and the desired level of parallelization.
Please be sure to study this entire document as there are trade-offs
in convenience and in performance with these different approaches.
3 - LMTP over UNIX-domain sockets
=================================
A UNIX-domain socket is specified as the socket type ("unix") and
a name in the local file system:
unix:/path/name
The "/path/name" part should be the name of a socket created by
the LMTP server on the local machine. See the specific examples
later in this document.
NOTE:
If you run the lmtp client chrooted, the interpretation of the
/path/name is relative to the Postfix queue directory (typically,
/var/spool/postfix).
By default, the Postfix LMTP client does not run chrooted.
With LMTP delivery to the local machine there is no good reason
to run the Postfix LMTP client chrooted.
4 - LMTP over TCP sockets
=========================
A TCP destination is specified as the socket type ("inet"), the
destination hostname and the TCP port:
inet:hostname:port
The "inet:" part can be omitted, as it is the default socket type.
The destination port can be omitted as well. Currently the default
TCP port number for this type of connection is 24, but this can be
customized in the "/etc/services" file. Specific examples are
given later in this document.
NOTE:
With connections over TCP sockets, later Cyrus LMTP server
implementations insist on SASL-style authentication. This means
that Postfix must be built with SASL support (see SASL_README).
The examples below show how to enable this in the Postfix LMTP
client.
Some Cyrus LMTP server implementations do not allow SASL-style
authentication via plaintext passwords. You will have to jump
some extra hoops in order to enable MD5 password support, or
you will have to wait until this restriction is relaxed.
Using main.cf configuration
===========================
5 - Configuring LMTP using main.cf configuration
================================================
This is the simplest LMTP configuration.
1. Delivery mechanisms
5.1 - Delivery mechanisms
-------------------------
Postfix supports three mechanisms to deliver mail over LMTP.
Each method can use UNIX-domain or TCP sockets as described in
a later section.
Postfix main.cf supports three mechanisms to deliver mail over
LMTP. Each method can use UNIX-domain or TCP sockets as described
in a later section.
mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket)
mailbox_transport = lmtp:hostname:port (TCP socket)
main.cf mechanism 1
-------------------
The Postfix local delivery agent expands aliases and .forward
files, and delegates mailbox delivery to the LMTP server.
mailbox_transport = lmtp:unix:/path/name (UNIX-domain socket example)
mailbox_transport = lmtp:hostname:port (TCP socket example)
local_transport = lmtp:unix:/path/name (UNIX-domain socket)
local_transport = lmtp:hostname:port (TCP socket)
Mail that resolves as local (domain is listed in $mydestination)
is given to the Postfix local delivery agent. The Postfix local
delivery agent expands aliases and .forward files, and delegates
mailbox delivery to the LMTP server.
Mail that resolves as local is directly given to the LMTP
server. The mail is not processed by the Postfix local
delivery agent; therefore aliases and .forward files are
not expanded.
main.cf mechanism 2
-------------------
fallback_transport = lmtp:unix:/path/name (UNIX-domain socket)
fallback_transport = lmtp:hostname:port (TCP socket)
local_transport = lmtp:unix:/path/name (UNIX-domain socket example)
local_transport = lmtp:hostname:port (TCP socket example)
The Postfix local delivery agent expands aliases and .forward
files, and delivers to /var[/spool]/mail/$user for users
that have a UNIX account. Mail for other local users is
delegated to the LMTP server.
Mail that resolves as local (domain is listed in $mydestination)
is directly given to the LMTP server. The mail is not processed
by the Postfix local delivery agent; therefore aliases and .forward
files are not processed.
2. LMTP over UNIX-domain sockets.
main.cf mechanism 3
-------------------
The UNIX-domain socket is specified as a name in the local file
system. This "/path/name" should be the socket created by the
LMTP server on the local machine. See the specific examples
later in this document.
fallback_transport = lmtp:unix:/path/name (UNIX-domain socket example)
fallback_transport = lmtp:hostname:port (TCP socket example)
NOTE:
Mail that resolves as local (domain is listed in $mydestination)
is given to the Postfix local delivery agent. The Postfix local
delivery agent processes aliases and .forward files, and delivers
to /var[/spool]/mail/$user for users that have a UNIX account.
Mail for other local users is delegated to the LMTP server.
If you run the lmtp client chrooted, the interpretation of
the /path/name is relative to the Postfix queue directory
(typically, /var/spool/postfix).
5.2 - Examples
--------------
By default, the Postfix LMTP client does not run chrooted.
With LMTP delivery to the local machine there is no good
reason to run the Postfix LMTP client chrooted.
5.2.1 - LMTP over UNIX-domain sockets
-------------------------------------
3. LMTP over TCP sockets.
To utilize UNIX-domain sockets for the communication between
Postfix and Cyrus, the corresponding configuration files should
look something like this:
Currently the default TCP port number for this type of connection
is 24, but this can be customized in the "/etc/services" file.
Specific examples are given later in this document.
/etc/cyrus.conf:
NOTE:
SERVICES {
...
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
...
}
With connections over TCP sockets, later Cyrus implementations
insist on SASL-style authentication. This means that Postfix
must be built with SASL support (see SASL_README). The
examples below show how to enable this in the Postfix LMTP
client.
/etc/postfix/main.cf:
Examples:
mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
1. LMTP over UNIX-domain sockets.
In this case, the Postfix local delivery agent expands aliases
and .forward files, and delegates mailbox delivery to the Cyrus
lmtpd server via the socket "/var/imap/socket/lmtp".
To utilize UNIX-domain sockets for the communication between
Postfix and Cyrus, the corresponding configuration files should
look something like this:
5.2.2 - LMTP over TCP sockets
-----------------------------
/etc/cyrus.conf:
For this example, suppose the following files are configured
thusly:
SERVICES {
...
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
...
}
/etc/cyrus.conf:
/etc/postfix/main.cf:
SERVICES {
...
lmtp cmd="lmtpd" listen="127.0.0.1:lmtp" prefork=0
...
}
mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
/etc/services:
In this case, the Postfix local delivery agent expands aliases
and .forward files, and delegates mailbox delivery to the Cyrus
lmtpd server via the socket "/var/imap/socket/lmtp".
lmtp 24/tcp
2. LMTP over TCP sockets.
/etc/postfix/main.cf:
For this example, suppose the following files are configured
thusly:
mailbox_transport = lmtp:localhost
lmtp_sasl_auth_enable = yes
lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
/etc/cyrus.conf:
/etc/postfix/master.cf:
SERVICES {
...
lmtp cmd="lmtpd" listen="127.0.0.1:lmtp" prefork=0
...
}
lmtp unix - - n - - lmtp
/etc/services:
/etc/postfix/lmtp_sasl_pass:
localhost.my.domain username:password
lmtp 24/tcp
Instead of "hash", use the map type of your choice. Some systems
use "dbm" instead. Use "postconf -m" to find out what map types
are supported.
/etc/postfix/main.cf:
mailbox_transport = lmtp:localhost
lmtp_sasl_auth_enable = yes
lmtp_sasl_password_maps = hash:/etc/postfix/lmtp_sasl_pass
/etc/postfix/master.cf:
lmtp unix - - n - - lmtp
/etc/postfix/lmtp_sasl_pass:
localhost.my.domain username:password
Instead of "hash", use the map type of your choice. Some
systems use "dbm" instead. Use "postconf -m" to find out what
map types are supported.
With the above settings, the Postfix local delivery agent
expands aliases and .forward files, and delegates mailbox
delivery to the the Cyrus LMTP server. Postfix makes a
connection to port 24 on the local host, subsequently
transmitting the message to the lmtpd server managed by the
Cyrus master process.
With the above settings, the Postfix local delivery agent expands
aliases and .forward files, and delegates mailbox delivery to the
the Cyrus LMTP server. Postfix makes a connection to port 24 on
the local host, subsequently transmitting the message to the lmtpd
server managed by the Cyrus master process.
Using transport map configuration
=================================
6 - Configuring LMTP using transport map configuration
======================================================
This approach is quite similar to specifying the LMTP service in
the Postfix main.cf configuration file. However, now we will use
@ -206,51 +258,55 @@ to route mail for multiple domains to their respective mail retrieval
transport_maps = hash:/etc/postfix/transport
For details of the Cyrus LMTP server configuration, see section 5.
Instead of "hash", use the map type of your choice. Some systems use
"dbm" instead. Use "postconf -m" to find out what map types are
supported.
Performance considerations
==========================
7 - Performance considerations
==============================
Hopefully the preceding discussion has seemed pretty straight
forward. Now things get interesting. After reading the following
you will see that there are more factors to consider when setting up
LMTP services.
you will see that there are more factors to consider when setting
up LMTP services.
Single instance message store
=============================
8 - Single instance message store
=================================
Presently this topic is more pertinent to sites running Cyrus, but
may be a factor with other applications as well.
Since 1.6.22, Cyrus has had the feature that if a message containing
multiple recipients is received via the LMTP protocol, and all these
recipients were on the same Cyrus partition, only one instance of
this message would be written to the file system. The other
multiple recipients is received via the LMTP protocol, and all
these recipients were on the same Cyrus partition, only one instance
of this message would be written to the file system. The other
recipients would then see a hard link of this single instance.
Depending on your user base, this can be considerable motivation to
using LMTP.
Depending on your user base, this can be considerable motivation
to using LMTP.
However, there is a catch: currently the Postfix local delivery
mechanisms are only designed to handle one recipient at a time, which
in most cases is more than adequate. So, if you wish to support
single instance message store delivery, you will have to use a
transport table to map these users to the appropriate LMTP
destination.
However, there is a catch: the Postfix local delivery agent is
designed to deliver one recipient at a time, which in most cases
is more than adequate. So, if you wish to support single instance
message store delivery, you will have to use a virtual table to
map these users to the appropriate LMTP destination (at the time
of writing, the Postfix transport table supports only per-domain
routing, and not per-recipient routing).
While the simplest thing to do would be to list the entire domain in
the transport map for LMTP delivery, this by-passes alias expansion
for otherwise local addresses. If the site is to run software via
aliases, like most Mailing List Management (MLM) software, a more
complex solution is required. Fortunately, a virtual table should do
the trick.
While the simplest thing to do would be to list the entire domain
in the transport map for LMTP delivery, this by-passes alias
expansion for otherwise local addresses (see section 5.1, delivery
mechanism 2). If the site is to run software via aliases, like
most Mailing List Management (MLM) software, a more complex solution
is required. A virtual table should do the trick.
As an example, suppose we wanted to support single instance message
store delivery for the domain "example.org". The configuration files
for this domain could look something like this:
store delivery for the hosted (not local) domain "example.org".
The configuration files for this domain could look something like
this:
/etc/postfix/virtual:
@ -287,21 +343,22 @@ for this domain could look something like this:
Breaking things down, we begin with the address "mlist@example.org",
which represents a mailing list. By placing an entry in the virtual
map to direct this mail to "mlist@localhost", we can override the
transport map that would by default route all "@example.org" mail to
a LMTP server via a UNIX-domain socket.
transport map that would by default route all "@example.org" mail
to a LMTP server via a UNIX-domain socket.
To summarize, all mail that is to be processed by an alias entry must
first be diverted with a virtual table entry so that it does not fall
into the more general routing established by the transport table.
To summarize, all mail that is to be processed by an alias entry
must first be diverted with a virtual table entry so that it does
not fall into the more general routing established by the transport
table.
Improving connection caching performance
========================================
9 - Improving connection caching performance
============================================
After delivering a message via LMTP, Postfix will keep the connection
open for a while, so that it can be reused for a subsequent delivery.
This reduces overhead of LMTP servers that create one process per
connection.
connection.
For LMTP connection caching to work, the Postfix LMTP client should
not switch destination hosts. This is no problem when you run only
@ -309,7 +366,7 @@ one LMTP server. However, if you run multiple LMTP servers, this
can be an issue.
You can prevent the LMTP client from switching between servers by
configuring a separate mail delivery transport for each LMTP server:
configuring a separate LMTP delivery transport for each LMTP server:
/etc/postfix/master.cf:
@ -327,8 +384,8 @@ mail lmtp2 transport for the LMTP server #2, and so on.
bar.com lmtp2:lmtp2host
Appendix: Older Cyrus versions
==============================
10 - Appendix: Older Cyrus versions
===================================
First of all, if you are using a Cyrus 2.x version prior to 2.0.10,
it would be good to upgrade. The previous 2.x releases were beta
@ -407,14 +464,3 @@ you will notice the one significant difference with the Postfix
configuration is the lack of mention of the UNIX-domain sockets.
That is because delivery over UNIX-domain sockets is new with Cyrus
2.x, yet another reason to upgrade. :-)
# Local Variables:
# mode: text
# mode: flyspell
# fill-column: 69
# End:

43
postfix/RELEASE_NOTES
View File

@ -1,5 +1,44 @@
Apart from bugfixes this is expected to become the first non-beta
Postfix release.
Incompatible changes with snapshot-20010222
===========================================
The incoming and deferred queue directories are now hashed by
default. This improves the performance considerably under heavy
load, at the cost of a small but noticeable slowdown when one runs
"mailq" on an unloaded system.
Postfix no longer automatically delivers recipients one at a time
when their domain is listed in $mydestination. This change solves
delivery performance problems with delivery via LMTP, and with
firewall relays that forward all mail for $mydestination to an
inside host.
The "one recipient at a time" delivery behavior is now controlled
by the per-transport recipient limit (xxx_destination_recipient_limit,
where xxx is the name of the delivery mechanism). This parameter
controls the number of recipients that can be sent in one delivery
(surprise).
The setting of the per-transport recipient limit also controls the
meaning of the per-transport destination concurrency limit (named
xxx_destination_concurrency_limit, where xxx is again the name of
the delivery mechanism):
1) When the per-transport recipient limit is 1 (i.e., send one
recipient per delivery), the per-transport destination concurrency
limit controls the number of simultaneous deliveries to the
same recipient. This is the default behavior for delivery via
the Postfix local delivery agent.
2) When the per-transport recipient limit is > 1 (i.e., send
multiple recipients per delivery), the per-transport destination
concurrency limit controls the number of simultaneous deliveries
to the same domain. This is the default behavior for all other
Postfix delivery agents.
The default settings are: local_destination_recipient_limit = 1,
local_destination_concurrency_limit = 2. Other delivery transports
have default recipient limits (50) and have default per-destination
concurrency limits (10).
Major changes with snapshot-20010202
====================================

116
postfix/TODO
View File

@ -7,55 +7,30 @@ expanded via :include:).
postconf -f filename
more general relocated feature - perhaps better to bounce recipients
get rid of the relocated feature - perhaps better to bounce recipients
at the SMTP port.
use $mydomain when hostname is not FQDN.
generic daemon that listens on fifo and runs command
make sendmail/smtpd/cleanup output directory/fifo configurable
if postdrop scrutinizes input, skip the overhead in the pickup
daemon.
luser relay
add a threshold to sendmail etc. stderr logging, so that class
"info" messages don't go to stderr.
need a configurable mailbox locking method with system-specific
default, so people don't have to recompile just to turn of fcntl()
locks to work around SUN mailtool.
implement an UCE control to accept mail if the sender domain sender
lists us as MX host (rafal wiosna). By the same token, implement
a control to accept mail when the client hostname/parent domain
lists us as their MX host.
with recipient delimiter enabled, append the unmatched recipient
of @virtual.domain patterns as extension to right-hand recipient,
for qmail-like virtual mapping.
received: headers should be generated by the cleanup daemon, and
client attributes ("with", "from", etc.) should be passed along
with the message. This guarantees that forwarded/aliased mail gets
stamped with the queue ID.
trivial-rewrite etc.: after reload, close the listen socket and
wait until all clients disconnect.
In qmgr_entry.c, turn off random walk by default.
toss double-bounce mail even when mail for the local machine is
redirected to another box. See mail_addr_double_bounce().
represent peer as object, not as name + addr arguments
ignore sender: header when different from envelope?
smtp client: optionally log every MX host contacted
remote showq access (cookie in maildrop or print some text to inform
the user)
@ -63,48 +38,23 @@ defer: explain mail was bounced after N days
multiple rewrite processes?
log relay address in addition to host.
gethostbyaddr() uses native name services, which can be slow.
can we detect a client that ignores error responses?
way to block inbound mail based on recipient suffix?
when client begins with non-SMTP data, log warning
when non-SMTP follows ".", log warning.
On linux syslogd needs -/file/name
can Postfix implement one switchboard instead of having all these
little lookup tables?
make canonical/virtual/etc. table lookup order configurable
allow /file/name or maptype_mapname in $mydestination
make protocol errors soft errore? There are a lot of broken mailers
out there that sometimes croak and sometimes work.
require @ in sender/rcpt (another restriction)
figure out a way to pump recipients into qmgr before concurrency
starts to drop.
pass on client etc/ attributes along with message to delivery agent
pass on configurable info into external process environment
scrutinize file opens in delivery agents just like in qmgr (better:
open the file and see if someone compromised the vmailer account
and is racing against us).
cleanup: don't run out of memory with large amounts of bcc addresses
cleanup: permit non-empty extra segment, so that mail posting
software can pass in bcc recipients.
suspend/resume signals + master status (suspended/running) in PID
file. Maybe use FIFO instead. But, that means requests do not
arrive when the master is stuck.
@ -134,24 +84,9 @@ access.
trivial-rewrite: optionally, use DNS to fully qualify hostnames.
smtp: optionally deal with MX records containing an address instead
of a name.
pickup/cleanup/qmgr/local: add options record to control internal
features such as canonical/virtual mapping, VERPs etcetera.
smtpd: when deciding if a destination is local, also look at the
virtual map. Perhaps we should move canonical and virtual lookups
back into the rewrite service, but under a different name, so they
do not get in the way if we do not want them.
Queue manager: do not allocate queue slots when a destination
already has more than some threshold. This is to prevent a dead or
slow destination from filling up the queue manager's active queue,
preventing delivery to other destinations. However, such `fairness'
strategies should not cause Postfix to lose the benchmark race, so
we must be fair and smart at the same time :-)
Add hook for (domain, user database) support. This is needed if
you have lots of real domains and can't afford a separate master.cf
delivery agent entry for each domain.
@ -159,9 +94,6 @@ delivery agent entry for each domain.
Add support for DBZ databases, using the code from INN. Reportedly,
GDB handles large numbers of keys poorly.
Make the number of time bits in the queue ID configurable, or at
least a little larger.
Change the front-end to cleanup protocol so that the front-end
sends the expected message size, and so that the cleanup service
can report if there is enough space. This is useful only for the
@ -196,40 +128,11 @@ postfix-script: detect and/or build missing alias database. In
order to do this we must extract the alias_maps parameter from the
main.cf file, and create any missing files with the right ownerships.
SunOS 5.4 sendmail seems to include the null byte in alias keys
and values, like almost every UNIX system; SunOS 5.5 sendmail does
not include these nulls. Need to add support for SunOS 5.4. NIS
alias maps always include the null terminator...
implement the return-receipt-to notification service.
Implement real address rewriting.
default alias for mail to non-existent users. How useful is this
when the postmaster already gets notices of mail that could not be
delivered by the local mail system? And how do we pass around the
original envelope recipient once it has been "aliased" to the
address for non-existent users?
owner-default alias to capture all mailing list errors. Or perhaps
they should just set up the appropriate owner-foo aliases in their
alias database?
make mail_params module the main config interface; no calls from
config.c to routines in mail_params.c
resolve/rewrite clients should share connection
postfix-script: make sure permissions of queue (and anything below)
are sane.
bounce/defer: provide attribute-value interface, for better logging
(expanded-from etc.) and non-delivery reports.
Postfix-Options: header, to turn on qmail-like VERPs. But, these
must be accessible only for locally-posted mail (not mail that
arrives via UUCP).
Maintain per-client short-term host status, so we can slow down
unreasonable clients
@ -248,27 +151,10 @@ True ETRN means kick the host out of the queue manager's "dead
hosts" table & move mail from the "hold" queue for that site to
the incoming queue.
Option to make a copy of all mail passing through the mail system.
The message ID is built by concatenating the time of day in seconds
with the queue id. We must ensure that a queue id is unique for at
least one second, otherwise multiple messages will have the same
message ID. Queue ids will always collide after a while. The NFS
generation number for the queue file would be useful, but there is
no portable interface to get it, and we cannot depend on the system
having NFS support enabled. If a 1-microsecond resolution is
sufficient, we could compose the queue ID from the inode number
plus 6 decimal digits or 5 hex ones for the time in microseconds.
Or, use a smarter encoding with more bits per character.
postfix-script: make sure that each queue file matches its file id
or we might lose mail.
postfix-script: do database fixups as the unprivileged user
Put a version file in the conf directory or add option to vmail
control command to print the version (requires vmconf tool that
can query main.cf.).
Maintain a pool of pre-allocated queue files, to eliminate file
creation and deletion overhead.

33
postfix/VIRTUAL_README
View File

@ -8,6 +8,10 @@ Purpose of this software
You can use the virtual delivery agent for mailbox delivery of some
or all domains that are handled by a machine.
This mechanism is different from virtual domains that are implemented
by translating each virtual address into a real local user. For
that, see the virtual(5) manual page.
This is what Andrew McNamara wrote when he made the virtual delivery
agent available.
@ -16,12 +20,12 @@ It looks up the location, uid and gid of user mailboxes via separate
maps, and the mailbox location map can specify either mailbox or
maildir delivery (controlled by trailing slash on mailbox name).
The agent does not support aliases or .forwards (use the virtual
table instead), and therefore doesn't support file or program
aliases. This choice was made to simplify and streamline the code
(it allowed me to dispense with 70% of local's code - mostly the
bits that are a security headache) - if you need this functionality,
this agent isn't for you.
The agent does not support user+foo address extensions, aliases or
.forward files (use the virtual table instead), and therefore
doesn't support file or program aliases. This choice was made to
simplify and streamline the code (it allowed me to dispense with
70% of local's code - mostly the bits that are a security headache)
- if you need this functionality, this agent isn't for you.
It also doesn't support writing to a common spool as root and then
chowning the mailbox to the user - I felt this functionality didn't
@ -30,8 +34,7 @@ fit with my overall aims."
[End of Andrew McNamara's words]
The result is the most secure local delivery agent that you will
find with Postfix. All deliveries are done with the privileges of
the recipient.
find with Postfix.
This delivery agent requires three different lookup tables in order
to define its recipients. This is because Postfix table lookups
@ -61,7 +64,8 @@ virtual_mailbox_maps
If a recipient is not found the mail is returned to the sender.
For security reasons, regexp maps are not allowed here.
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
The mail administrator is expected to create and chown recipient
mailbox files or maildir directories ahead of time.
@ -77,14 +81,16 @@ virtual_uid_maps
Recipients are looked up in this map to determine the UID (owner
privileges) to be used when writing to the target mailbox.
For security reasons, regexp maps are not allowed here.
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
virtual_gid_maps
Recipients are looked up in this map to determine the GID (group
privileges) to be used when writing to the target mailbox.
For security reasons, regexp maps are not allowed here.
For security reasons, regexp maps are not allowed here, because
their $1 etc. substitutions would open a security hole.
virtual_mailbox_lock
@ -107,8 +113,9 @@ Example 1: using the virtual delivery agent for all local mail
==============================================================
This example does not use the Postfix local delivery agent at all.
With this configuration Postfix does no alias expansion, no .forward
file expansion, and no lookups of recipients in /etc/passwd.
With this configuration Postfix does no user+foo address extension,
no alias expansion, no .forward file expansion, and no lookups of
recipients in /etc/passwd.
Instead of "hash" specify "dbm" or "btree", depending on your system
type. The command "postconf -m" displays possible lookup table

106
postfix/conf/main.cf
View File

@ -115,14 +115,67 @@ mail_owner = postfix
# a name matches a lookup key. Continue long lines by starting the
# next line with whitespace.
#
# DO NOT LIST VIRTUAL DOMAINS HERE. LIST THEM IN THE VIRTUAL FILE
# INSTEAD. BE SURE TO READ THE ENTIRE VIRTUAL MANUAL PAGE.
#
#mydestination = $myhostname, localhost.$mydomain
#mydestination = $myhostname, localhost.$mydomain $mydomain
#mydestination = $myhostname, localhost.$mydomain, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# RELAY CONTROL
# The mynetworks parameter specifies the list of networks that make
# up the local neighborhood. The list is used by the anti-UCE software
# to distinguish local clients from strangers. See permit_mynetworks
# and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
#
# The default is a list of all networks attached to the machine: a
# complete class A network (X.0.0.0/8), a complete class B network
# (X.X.0.0/16), and so on.
#
# YOU MUST CHANGE THIS DEFAULT SETTING IF YOUR ADDRESS BLOCK IS PART
# OF A LARGER ADDRESS RANGE THAT IS OWNED BY YOUR PROVIDER - IT WOULD
# CAUSE POSTFIX TO RELAY MAIL FROM ALL THEIR CUSTOMERS.
#
# If you need stricter control than the default, specify a list of
# network/mask patterns, where the mask specifies the number of bits
# in the network part of a host address.
#
# You can also specify the absolute pathname of a pattern file instead
# of listing the patterns here.
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
# The relay_domains parameter restricts what clients this mail system
# will relay mail from, or what destinations this system will relay
# mail to. See the smtpd_recipient_restrictions restriction in the
# file sample-smtpd.cf for detailed information.
#
# By default, Postfix relays mail
# - from "trusted" clients whose IP address matches $mynetworks,
# - from "trusted" clients matching $relay_domains or subdomains thereof,
# - from untrusted clients to destinations that match $relay_domains
# or subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_maps.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction in the file sample-smtpd.cf.
#
#relay_domains = $mydestination
# INTERNET OR INTRANET
# The relayhost parameter specifies the default host to send mail to
@ -322,53 +375,6 @@ mail_owner = postfix
#header_checks = regexp:/etc/postfix/filename
#header_checks = pcre:/etc/postfix/filename
# The relay_domains parameter restricts what clients this mail system
# will relay mail from, or what destinations this system will relay
# mail to. See the smtpd_recipient_restrictions restriction in the
# file sample-smtpd.cf.
#
# By default, Postfix relays mail
# - from trusted clients whose IP address matches $mynetworks,
# - from trusted clients matching $relay_domains or subdomains thereof,
# - from untrusted clients to destinations that match $relay_domains
# or subdomains thereof, except addresses with sender-specified routing.
# The default relay_domains value is $mydestination.
#
# In addition to the above, the Postfix SMTP server by default accepts mail
# that Postfix is final destination for:
# - destinations that match $inet_interfaces,
# - destinations that match $mydestination
# - destinations that match $virtual_maps.
# These destinations do not need to be listed in $relay_domains.
#
# Specify a list of hosts or domains, /file/name patterns or type:name
# lookup tables, separated by commas and/or whitespace. Continue
# long lines by starting the next line with whitespace. A file name
# is replaced by its contents; a type:name table is matched when a
# (parent) domain appears as lookup key.
#
# NOTE: Postfix will not automatically forward mail for domains that
# list this system as their primary or backup MX host. See the
# permit_mx_backup restriction in the file sample-smtpd.cf.
#
#relay_domains = $mydestination
# The mynetworks parameter specifies the list of networks that are
# local to this machine. The list is used by the anti-UCE software
# to distinguish local clients from strangers. See permit_mynetworks
# and smtpd_recipient_restrictions in the file sample-smtpd.cf file.
#
# The default is a list of all networks attached to the machine: a
# complete class A network (X.0.0.0/8), a complete class B network
# (X.X.0.0/16), and so on. If you want stricter control, specify a
# list of network/mask patterns, where the mask specifies the number
# of bits in the network part of a host address. You can also specify
# the absolute pathname of a pattern file instead of listing the
# patterns here.
#
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
# FAST ETRN SERVICE
#
# Postfix maintains per-destination logfiles with information about

5
postfix/conf/postfix-script-nosgid
View File

@ -145,7 +145,9 @@ reload)
exit 1
}
$INFO refreshing the Postfix mail system
$command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
$command_directory/postsuper &
;;
flush)
@ -252,7 +254,8 @@ EOF
# See if all queue files are in the right place.
$command_directory/postsuper || exit 1
$command_directory/postsuper active
$command_directory/postsuper &
find corrupt -type f -exec $WARN damaged message: {} \;

6
postfix/conf/postfix-script-sgid
View File

@ -145,7 +145,9 @@ reload)
exit 1
}
$INFO refreshing the Postfix mail system
$command_directory/postsuper active || exit 1
kill -HUP `sed 1q pid/master.pid`
$command_directory/postsuper &
;;
flush)
@ -253,8 +255,8 @@ EOF
# See if all queue files are in the right place.
$command_directory/postsuper || exit 1
$command_directory/postsuper active
$command_directory/postsuper &
find corrupt -type f -exec $WARN damaged message: {} \;

145
postfix/html/faq.html
View File

@ -26,6 +26,8 @@
<li><a href="#sendmail_incompatibility">Sendmail incompatibility</a>
<li><a href="#moby">Running hundreds of Postfix processes</a>
<li><a href="#performance">Postfix performance</a>
<li><a href="#receiving">Receiving mail via the network</a>
@ -99,8 +101,28 @@ distribution list</a>
</ul>
<a name="moby"><h3>Running hundreds of Postfix processes</h3>
<ul>
<li><a href="#moby-freebsd">Running hundreds of Postfix processes on FreeBSD</a>
<li><a href="#moby-linux">Running hundreds of Postfix processes on Linux</a>
</ul>
<a name="performance"><h3>Postfix performance</h3>
<ul>
<li><a href="#incoming">Too much mail in the incoming queue</a>
<li><a href="#delay">Postfix responds slowly to incoming SMTP connections</a>
</ul>
<ul>
<li><a href="#incoming">Too much mail in the incoming queue</a>
@ -486,31 +508,39 @@ execute the command <b>postconf mail_version</b>.
<p>
How to set up Postfix on the firewall machine so that it relays
mail for <i>my.domain</i> to a gateway machine on the inside, and
so that it refuses mail for <i>*.my.domain</i>? The problem is that
the standard <a href="uce.html#relay_domains">relay_domains</a>
mail relaying restriction allows mail to <i>*.my.domain</i> when
you specify <i>my.domain</i>.
mail for <i>domain.com</i> to a gateway machine on the inside, and
so that it refuses mail for <i>*.domain.com</i>? The problem is that
the default <a href="uce.html#relay_domains">relay_domains</a>
mail relaying restriction allows mail to <i>*.domain.com</i> when
you specify <i>domain.com</i>.
<p>
<ul>
<li>Specify a null <a href="uce.html#relay_domains">relay_domains</a>
parameter plus a <a href="transport.5.html">transport</a> table to
route mail for <i>my.domain</i> to the inside machine:
<li>Specify a <a href="transport.5.html">transport</a> table to
route mail for <i>domain.com</i> to the inside machine.
<p>
Specify explicit settings for <a
href="uce.html#smtpd_recipient_restrictions">smtpd_recipient_restrictions</a>
and for <a href="basic.html#mynetworks">mynetworks</a> that allow
local systems to send mail anywhere, and that allow remote systems
to send mail only to <i>user@domain.com</i>.
<p>
<pre>
/etc/postfix/main.cf:
mydestination = $myhostname, my.domain, localhost.my.domain
relay_domains =
myorigin = domain.com
mydestination = domain.com
transport_maps = hash:/etc/postfix/transport
mynetworks = 12.34.56.0/24
smtpd_recipient_restrictions = permit_mynetworks reject_unauth_destination
/etc/postfix/transport:
my.domain smtp:inside-gateway.my.domain (forwards user@domain)
.my.domain smtp:inside-gateway.my.domain (forwards user@firewall)
domain.com smtp:inside-gateway.domain.com (forwards user@domain)
/etc/postfix/master.cf:
Comment out the local delivery agent
@ -806,6 +836,81 @@ delivery agent deals with undeliverable mail.
<hr>
<a name="moby-freebsd"><h3>Running hundreds of Postfix processes on FreeBSD</h3></a>
With hundreds of Postfix processes, the kernel will eventually
run out of file handles; after that, it will run out of sockets.
<p>
To set kernel parameters at boot time, add the following lines to
the <b>/boot/loader.conf</b> file (this is specific to FreeBSD 4.x):
<p>
<blockquote>
<pre>
kern.ipc.maxsockets="5000"
kern.maxfiles="16384"
kern.maxfilesperproc="16384"
kern.ipc.nmbclusters="65536"
</pre>
</blockquote>
<p>
To set kernel parameters at run time execute the following commands
as root (this is specific to FreeBSD 4.x):
<p>
<blockquote>
<pre>
# sysctl -w kern.ipc.maxsockets=5000
# sysctl -w kern.maxfiles=16384
# sysctl -w kern.maxfilesperproc=16384
# sysctl -w kern.ipc.nmbclusters=65536
</pre>
</blockquote>
<hr>
<a name="moby-linux"><h3>Running hundreds of Postfix processes on Linux</h3></a>
When you increase the number of Postfix processes into the hundreds,
the kernel will eventually run out of file handles; after that it
is likely to run out of process slots.
<p>
To set parameters at boot time on Linux systems that have
<b>/etc/sysctl.conf</b>, add the following lines:
<p>
<blockquote>
<pre>
fs.file-max = 16384
kernel.threads-max = 2048
</pre>
</blockquote>
<p>
To set kernel parameters at run time, execute the following
commands as <b>root</b>:
<p>
<blockquote>
<pre>
# echo 16384 > /proc/sys/fs/file-max
# echo 2048 > /proc/sys/kernel/threads-max
</pre>
</blockquote>
<hr>
<a name="incoming"><h3>Too much mail in the incoming queue</h3></a>
<blockquote>
@ -2398,7 +2503,7 @@ with Postfix and HylaFax. Here's the setup used:
<pre>
/etc/postfix/master.cf:
fax unix - n n - - pipe
fax unix - n n - 1 pipe
flags= user=fax argv=/usr/bin/faxmail -d -n ${user}
/etc/postfix/transport:
@ -2411,6 +2516,12 @@ with Postfix and HylaFax. Here's the setup used:
<p>
The process limit of 1 in the <b>master.cf</b> file is necessary
with fax software that cannot handle multiple requests at the same
time. It won't hurt otherwise.
<p>
The <b>fax_destination_recipient_limit</b> entry (by Simon, Mr.
Simix) is necessary with fax software that can't have more than
one destination on its command line. It won't hurt otherwise.
@ -2423,7 +2534,7 @@ types Postfix supports, use the command <b>postconf -m</b>.
<p>
Note: be sure to not advertise <b>fax.your.domain</b> in the DNS...
Note: be sure to not advertise <b>fax.your.domain</b> in the DNS :-)
<hr>
@ -2461,9 +2572,9 @@ Postfix first.
<p>
Do not use the above command on a running Postfix system, because
it can delete files that belong to new mail that arrives while you
are deleting queue files.
Do not use the above <b>find</b> command on a running Postfix
system, because it can delete files that belong to new mail that
arrives while you are deleting queue files.
<hr>

152
postfix/html/lmtp.8.html
View File

@ -29,21 +29,22 @@ LMTP(8) LMTP(8)
specified in the Postfix <a href="transport.5.html"><b>transport</b>(5)</a> table, has the form:
<b>unix</b>:<i>pathname</i>
Connect to the UNIX-domain server that is bound to
the specified <i>pathname</i>. If the process runs
chrooted, an absolute pathname is interpreted rela-
tive to the changed root directory.
Connect to the local UNIX-domain server that is
bound to the specified <i>pathname</i>. If the process
runs chrooted, an absolute pathname is interpreted
relative to the changed root directory.
<b>inet</b>:<i>host</i>, <b>inet:</b><i>host</i>:<i>port</i> (symbolic host)
<b>inet</b>:[<i>addr</i>], <b>inet</b>:[<i>addr</i>]:<i>port</i> (numeric host)
Connect to the specified IPV4 TCP port on the spec-
ified host. If no port is specified, connect to the
port defined as <b>lmtp</b> in <b>services</b>(4). If no such
service is found, the <b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b> configuration
parameter (default value of 24) will be used.
ified local or remote host. If no port is speci-
fied, connect to the port defined as <b>lmtp</b> in <b>ser-</b>
<b>vices</b>(4). If no such service is found, the
<b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b> configuration parameter (default
value of 24) will be used.
The LMTP client does not perform MX (mail
The LMTP client does not perform MX (mail
exchanger) lookups since those are defined only for
mail delivery via SMTP.
@ -52,13 +53,12 @@ LMTP(8) LMTP(8)
<b>SECURITY</b>
The LMTP client is moderately security-sensitive. It talks
to LMTP servers and to DNS servers on the network. The
to LMTP servers and to DNS servers on the network. The
LMTP client can be run chrooted at fixed low privilege.
<b>STANDARDS</b>
<a href="http://www.faqs.org/rfcs/rfc821.html">RFC 821</a> (SMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc1651.html">RFC 1651</a> (SMTP service extensions)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
@ -71,60 +71,60 @@ LMTP(8) LMTP(8)
LMTP(8) LMTP(8)
<a href="http://www.faqs.org/rfcs/rfc1870.html">RFC 1870</a> (Message Size Declaration)
<a href="http://www.faqs.org/rfcs/rfc2033.html">RFC 2033</a> (LMTP protocol)
<a href="http://www.faqs.org/rfcs/rfc2197.html">RFC 2197</a> (Pipelining)
<a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a> (AUTH command)
<b>DIAGNOSTICS</b>
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
rupted message files are marked so that the queue manager
Problems and transactions are logged to <b>syslogd</b>(8). Cor-
rupted message files are marked so that the queue manager
can move them to the <b>corrupt</b> queue for further inspection.
Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
the postmaster is notified of bounces, protocol problems,
Depending on the setting of the <b>notify</b><i>_</i><b>classes</b> parameter,
the postmaster is notified of bounces, protocol problems,
and of other trouble.
<b>BUGS</b>
<b>CONFIGURATION</b> <b>PARAMETERS</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
The following <b>main.cf</b> parameters are especially relevant
to this program. See the Postfix <b>main.cf</b> file for syntax
details and for default values. Use the <b>postfix</b> <b>reload</b>
command after a configuration change.
<b>Miscellaneous</b>
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b>
Verbose logging level increment for hosts that
Verbose logging level increment for hosts that
match a pattern in the <b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b> parameter.
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>list</b>
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
List of domain or network patterns. When a remote
host matches a pattern, increase the verbose log-
ging level by the amount specified in the
<b>debug</b><i>_</i><b>peer</b><i>_</i><b>level</b> parameter.
<b>error</b><i>_</i><b>notice</b><i>_</i><b>recipient</b>
Recipient of protocol/policy/resource/software
Recipient of protocol/policy/resource/software
error notices.
<b>notify</b><i>_</i><b>classes</b>
When this parameter includes the <b>protocol</b> class,
send mail to the postmaster with transcripts of
When this parameter includes the <b>protocol</b> class,
send mail to the postmaster with transcripts of
LMTP sessions with protocol errors.
<b>lmtp</b><i>_</i><b>skip</b><i>_</i><b>quit</b><i>_</i><b>response</b>
Do not wait for the server response after sending
Do not wait for the server response after sending
QUIT.
<b>lmtp</b><i>_</i><b>tcp</b><i>_</i><b>port</b>
The TCP port to be used when connecting to a LMTP
server. Used as backup if the <b>lmtp</b> service is not
The TCP port to be used when connecting to a LMTP
server. Used as backup if the <b>lmtp</b> service is not
found in <b>services</b>(4).
<b>Authentication</b> <b>controls</b>
<b>lmtp</b><i>_</i><b>enable</b><i>_</i><b>sasl</b><i>_</i><b>auth</b>
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). By default, Postfix is built without SASL
support.
Enable per-session authentication as per <a href="http://www.faqs.org/rfcs/rfc2554.html">RFC 2554</a>
(SASL). By default, Postfix is built without SASL
@ -137,9 +137,11 @@ LMTP(8) LMTP(8)
LMTP(8) LMTP(8)
support.
<b>lmtp</b><i>_</i><b>sasl</b><i>_</i><b>password</b><i>_</i><b>maps</b>
Lookup tables with per-host or domain <i>name</i>:<i>password</i>
entries. No entry for a host means no attempt to
entries. No entry for a host means no attempt to
authenticate.
<b>lmtp</b><i>_</i><b>sasl</b><i>_</i><b>security</b><i>_</i><b>options</b>
@ -162,35 +164,33 @@ LMTP(8) LMTP(8)
<b>Resource</b> <b>controls</b>
<b>lmtp</b><i>_</i><b>cache</b><i>_</i><b>connection</b>
Should we cache the connection to the LMTP server?
The effectiveness of cached connections will be
determined by the number of LMTP servers in use,
and the concurrency limit specified for the LMTP
Should we cache the connection to the LMTP server?
The effectiveness of cached connections will be
determined by the number of LMTP servers in use,
and the concurrency limit specified for the LMTP
client. Cached connections are closed under any of
the following conditions:
<b>o</b> The LMTP client idle time limit is reached.
This limit is specified with the Postfix
<b>o</b> The LMTP client idle time limit is reached.
This limit is specified with the Postfix
<b>max</b><i>_</i><b>idle</b> configuration parameter.
<b>o</b> A delivery request specifies a different
<b>o</b> A delivery request specifies a different
destination than the one currently cached.
<b>o</b> The per-process limit on the number of
delivery requests is reached. This limit is
specified with the Postfix <b>max</b><i>_</i><b>use</b> configu-
specified with the Postfix <b>max</b><i>_</i><b>use</b> configu-
ration parameter.
<b>o</b> Upon the onset of another delivery request,
the LMTP server associated with the current
session does not respond to the <b>RSET</b> com-
<b>o</b> Upon the onset of another delivery request,
the LMTP server associated with the current
session does not respond to the <b>RSET</b> com-
mand.
<i>transport_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
Limit the number of parallel deliveries to the same
destination via this mail delivery transport.
<i>transport</i> is the name of the service as specified
in the <b>master.cf</b> file. The default limit is taken
destination via this mail delivery transport.
@ -203,59 +203,59 @@ LMTP(8) LMTP(8)
LMTP(8) LMTP(8)
from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
<i>transport</i> is the name of the service as specified
in the <b>master.cf</b> file. The default limit is taken
from the <b>default</b><i>_</i><b>destination</b><i>_</i><b>concurrency</b><i>_</i><b>limit</b>
parameter.
<i>transport_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b>
Limit the number of recipients per message delivery
via this mail delivery transport. <i>transport</i> is the
name of the service as specified in the <b>master.cf</b>
file. The default limit is taken from the
via this mail delivery transport. <i>transport</i> is the
name of the service as specified in the <b>master.cf</b>
file. The default limit is taken from the
<b>default</b><i>_</i><b>destination</b><i>_</i><b>recipient</b><i>_</i><b>limit</b> parameter.
This parameter becomes significant if the LMTP
client is used for local delivery. Some LMTP
servers can optimize delivery of the same message
This parameter becomes significant if the LMTP
client is used for local delivery. Some LMTP
servers can optimize delivery of the same message
to multiple recipients. The default limit for local
mail delivery is 1.
Setting this parameter to 0 will lead to an
unbounded number of recipients per delivery. How-
ever, this could be risky since it may make the
machine vulnerable to running out of resources if
messages are encountered with an inordinate number
of recipients. Exercise care when setting this
unbounded number of recipients per delivery. How-
ever, this could be risky since it may make the
machine vulnerable to running out of resources if
messages are encountered with an inordinate number
of recipients. Exercise care when setting this
parameter.
<b>Timeout</b> <b>controls</b>
The default time unit is seconds; an explicit time unit
can be specified by appending a one-letter suffix to the
value: s (seconds), m (minutes), h (hours), d (days) or w
The default time unit is seconds; an explicit time unit
can be specified by appending a one-letter suffix to the
value: s (seconds), m (minutes), h (hours), d (days) or w
(weeks).
<b>lmtp</b><i>_</i><b>connect</b><i>_</i><b>timeout</b>
Timeout for opening a connection to the LMTP
server. If no connection can be made within the
server. If no connection can be made within the
deadline, the message is deferred.
<b>lmtp</b><i>_</i><b>lhlo</b><i>_</i><b>timeout</b>
Timeout for sending the <b>LHLO</b> command, and for
Timeout for sending the <b>LHLO</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>mail</b><i>_</i><b>timeout</b>
Timeout for sending the <b>MAIL</b> <b>FROM</b> command, and for
Timeout for sending the <b>MAIL</b> <b>FROM</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>rcpt</b><i>_</i><b>timeout</b>
Timeout for sending the <b>RCPT</b> <b>TO</b> command, and for
Timeout for sending the <b>RCPT</b> <b>TO</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>data</b><i>_</i><b>init</b><i>_</i><b>timeout</b>
Timeout for sending the <b>DATA</b> command, and for
Timeout for sending the <b>DATA</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
Timeout for sending the message content.
@ -269,18 +269,21 @@ LMTP(8) LMTP(8)
LMTP(8) LMTP(8)
<b>lmtp</b><i>_</i><b>data</b><i>_</i><b>xfer</b><i>_</i><b>timeout</b>
Timeout for sending the message content.
<b>lmtp</b><i>_</i><b>data</b><i>_</i><b>done</b><i>_</i><b>timeout</b>
Timeout for sending the "<b>.</b>" command, and for
receiving the server response. When no response is
received, a warning is logged that the mail may be
receiving the server response. When no response is
received, a warning is logged that the mail may be
delivered multiple times.
<b>lmtp</b><i>_</i><b>rset</b><i>_</i><b>timeout</b>
Timeout for sending the <b>RSET</b> command, and for
Timeout for sending the <b>RSET</b> command, and for
receiving the server response.
<b>lmtp</b><i>_</i><b>quit</b><i>_</i><b>timeout</b>
Timeout for sending the <b>QUIT</b> command, and for
Timeout for sending the <b>QUIT</b> command, and for
receiving the server response.
<b>SEE</b> <b>ALSO</b>
@ -293,7 +296,7 @@ LMTP(8) LMTP(8)
syslogd(8) system logging
<b>LICENSE</b>
The Secure Mailer license must be distributed with this
The Secure Mailer license must be distributed with this
software.
<b>AUTHOR(S)</b>
@ -323,9 +326,6 @@ LMTP(8) LMTP(8)
5

10
postfix/html/local.8.html
View File

@ -470,11 +470,13 @@ LOCAL(8) LOCAL(8)
<b>Security</b> <b>controls</b>
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>commands</b>
Restrict the usage of mail delivery to external
command.
command. Specify zero or more of: <b>alias</b>, <b>forward</b>,
<b>include</b>.
<b>allow</b><i>_</i><b>mail</b><i>_</i><b>to</b><i>_</i><b>files</b>
Restrict the usage of mail delivery to external
file.
Restrict the usage of mail delivery to external
file. Specify zero or more of: <b>alias</b>, <b>forward</b>,
<b>include</b>.
<b>command</b><i>_</i><b>expansion</b><i>_</i><b>filter</b>
What characters are allowed to appear in $name
@ -522,8 +524,6 @@ LOCAL(8) LOCAL(8)
8

2
postfix/makedefs
View File

@ -218,7 +218,7 @@ ReliantUNIX-?.5.43) SYSTYPE=ReliantUnix543
RANLIB=echo
SYSLIBS="-lresolv -lsocket -lnsl"
;;
Rhapsody.5*|Darwin.1.2*)
Rhapsody.5*|Darwin.1.*)
SYSTYPE=RHAPSODY5
# Use the native compiler by default
: ${CC=cc}

8
postfix/man/man8/lmtp.8
View File

@ -27,14 +27,14 @@ The LMTP client connects to the destination specified in the message
delivery request. The destination, usually specified in the Postfix
\fBtransport\fR(5) table, has the form:
.IP \fBunix\fR:\fIpathname\fR
Connect to the UNIX-domain server that is bound to the specified
Connect to the local UNIX-domain server that is bound to the specified
\fIpathname\fR. If the process runs chrooted, an absolute pathname
is interpreted relative to the changed root directory.
.IP "\fBinet\fR:\fIhost\fR, \fBinet\fB:\fIhost\fR:\fIport\fR (symbolic host)"
.IP "\fBinet\fR:[\fIaddr\fR], \fBinet\fR:[\fIaddr\fR]:\fIport\fR (numeric host)"
Connect to the specified IPV4 TCP port on the specified host. If no
port is specified, connect to the port defined as \fBlmtp\fR in
\fBservices\fR(4).
Connect to the specified IPV4 TCP port on the specified local or
remote host. If no port is specified, connect to the port defined as
\fBlmtp\fR in \fBservices\fR(4).
If no such service is found, the \fBlmtp_tcp_port\fR configuration
parameter (default value of 24) will be used.

2
postfix/man/man8/local.8
View File

@ -384,8 +384,10 @@ Set to zero to disable the limit.
.fi
.IP \fBallow_mail_to_commands\fR
Restrict the usage of mail delivery to external command.
Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
.IP \fBallow_mail_to_files\fR
Restrict the usage of mail delivery to external file.
Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
.IP \fBcommand_expansion_filter\fR
What characters are allowed to appear in $name expansions of
mailbox_command. Illegal characters are replaced by underscores.

10
postfix/src/global/mail_params.h
View File

@ -617,7 +617,7 @@ extern int var_debug_peer_level;
* subdirectories, and how deep the forest is.
*/
#define VAR_HASH_QUEUE_NAMES "hash_queue_names"
#define DEF_HASH_QUEUE_NAMES "active,bounce,defer,flush"
#define DEF_HASH_QUEUE_NAMES "incoming,active,deferred,bounce,defer,flush"
extern char *var_hash_queue_names;
#define VAR_HASH_QUEUE_DEPTH "hash_queue_depth"
@ -1048,7 +1048,7 @@ extern int var_unk_client_code;
#define REJECT_INVALID_HOSTNAME "reject_invalid_hostname"
#define VAR_BAD_NAME_CODE "invalid_hostname_reject_code"
#define DEF_BAD_NAME_CODE 501
#define DEF_BAD_NAME_CODE 501 /* SYNTAX */
extern int var_bad_name_code;
#define REJECT_UNKNOWN_HOSTNAME "reject_unknown_hostname"
@ -1060,7 +1060,7 @@ extern int var_unk_name_code;
#define REJECT_NON_FQDN_SENDER "reject_non_fqdn_sender"
#define REJECT_NON_FQDN_RCPT "reject_non_fqdn_recipient"
#define VAR_NON_FQDN_CODE "non_fqdn_reject_code"
#define DEF_NON_FQDN_CODE 504
#define DEF_NON_FQDN_CODE 504 /* POLICY */
extern int var_non_fqdn_code;
#define REJECT_UNKNOWN_SENDDOM "reject_unknown_sender_domain"
@ -1201,10 +1201,6 @@ extern char *var_virt_uid_maps;
#define DEF_VIRT_GID_MAPS ""
extern char *var_virt_gid_maps;
#define VAR_VIRT_USEDOTLOCK "virtual_usedotlock"
#define DEF_VIRT_USEDOTLOCK 0
extern bool var_virt_usedotlock;
#define VAR_VIRT_MINUID "virtual_minimum_uid"
#define DEF_VIRT_MINUID 100
extern int var_virt_minimum_uid;

2
postfix/src/global/mail_version.h
View File

@ -15,7 +15,7 @@
* Version of this program.
*/
#define VAR_MAIL_VERSION "mail_version"
#define DEF_MAIL_VERSION "Snapshot-20010204"
#define DEF_MAIL_VERSION "Snapshot-20010222"
extern char *var_mail_version;
/* LICENSE

8
postfix/src/lmtp/lmtp.c
View File

@ -21,14 +21,14 @@
/* delivery request. The destination, usually specified in the Postfix
/* \fBtransport\fR(5) table, has the form:
/* .IP \fBunix\fR:\fIpathname\fR
/* Connect to the UNIX-domain server that is bound to the specified
/* Connect to the local UNIX-domain server that is bound to the specified
/* \fIpathname\fR. If the process runs chrooted, an absolute pathname
/* is interpreted relative to the changed root directory.
/* .IP "\fBinet\fR:\fIhost\fR, \fBinet\fB:\fIhost\fR:\fIport\fR (symbolic host)"
/* .IP "\fBinet\fR:[\fIaddr\fR], \fBinet\fR:[\fIaddr\fR]:\fIport\fR (numeric host)"
/* Connect to the specified IPV4 TCP port on the specified host. If no
/* port is specified, connect to the port defined as \fBlmtp\fR in
/* \fBservices\fR(4).
/* Connect to the specified IPV4 TCP port on the specified local or
/* remote host. If no port is specified, connect to the port defined as
/* \fBlmtp\fR in \fBservices\fR(4).
/* If no such service is found, the \fBlmtp_tcp_port\fR configuration
/* parameter (default value of 24) will be used.
/*

4
postfix/src/local/local.c
View File

@ -356,8 +356,10 @@
/* .fi
/* .IP \fBallow_mail_to_commands\fR
/* Restrict the usage of mail delivery to external command.
/* Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
/* .IP \fBallow_mail_to_files\fR
/* Restrict the usage of mail delivery to external file.
/* Specify zero or more of: \fBalias\fR, \fBforward\fR, \fBinclude\fR.
/* .IP \fBcommand_expansion_filter\fR
/* What characters are allowed to appear in $name expansions of
/* mailbox_command. Illegal characters are replaced by underscores.
@ -637,7 +639,7 @@ static void pre_init(char *unused_name, char **unused_argv)
* also affects delivery to command.
*
* A file size limit protects the machine against runaway software errors.
* It is not suitable to enfoce mail quota, because users can get around
* It is not suitable to enforce mail quota, because users can get around
* mail quota by delivering to /file/name or to |command.
*
* We can't have mailbox size limit smaller than the message size limit,

7
postfix/src/nqmgr/qmgr_deliver.c
View File

@ -126,9 +126,10 @@ static int qmgr_deliver_send_request(QMGR_ENTRY *entry, VSTREAM *stream)
char *cp;
/*
* With local delivery, the queue name is user@nexthop, so that we can
* implement per-recipient concurrency limits. The delivery agent
* protocol expects nexthop only.
* With mail transports that accept only one recipient per delivery, the
* queue name is user@nexthop, so that we can implement per-recipient
* concurrency limits. However, the delivery agent protocol expects
* nexthop only, so we must strip off the recipient local part.
*/
mail_print(stream, "%d %s %s %ld %ld %s %s %s %s %ld",
message->inspect_xport ? DEL_REQ_FLAG_BOUNCE : DEL_REQ_FLAG_DEFLT,

31
postfix/src/nqmgr/qmgr_message.c
View File

@ -670,8 +670,11 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
/*
* Queues are identified by the transport name and by the next-hop
* hostname. When the destination is local (no next hop), derive the
* queue name from the recipient name. XXX Should split the address
* hostname. When the delivery agent accepts only one recipient per
* delivery, give each recipient its own queue, so that deliveries to
* different recipients of the same message can happen in parallel.
* This also has the benefit that one bad recipient cannot interfere
* with deliveries to other recipients. XXX Should split the address
* on the recipient delimiter if one is defined, but doing a proper
* job requires knowledge of local aliases. Yuck! I don't want to
* duplicate delivery-agent specific knowledge in the queue manager.
@ -679,23 +682,27 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
* queue name. Should have separate fields for queue name and for
* destination.
*/
if ((at = strrchr(STR(reply.recipient), '@')) == 0
|| resolve_local(at + 1)) {
len = (at != 0 ? (at - STR(reply.recipient))
: strlen(STR(reply.recipient)));
at = strrchr(STR(reply.recipient), '@');
len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
transport = qmgr_transport_create(STR(reply.transport));
if (transport->recipient_limit == 1) {
VSTRING_SPACE(reply.nexthop, len + 1);
memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
LEN(reply.nexthop) + 1);
memcpy(STR(reply.nexthop), STR(reply.recipient), len);
STR(reply.nexthop)[len] = '@';
lowercase(STR(reply.nexthop));
}
/*
* Discard mail to the local double bounce address here, so this
* system can run without a local delivery agent. They'd still
* have to configure something for mail directed to the local
* postmaster, though, but that is an RFC requirement anyway.
*/
/*
* Discard mail to the local double bounce address here, so this
* system can run without a local delivery agent. They'd still have
* to configure something for mail directed to the local postmaster,
* though, but that is an RFC requirement anyway.
*/
if (at == 0 || resolve_local(at + 1)) {
if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
len) == 0
&& !var_double_bounce_sender[len]) {

14
postfix/src/pipe/pipe.c
View File

@ -291,8 +291,6 @@ static int parse_callback(int type, VSTRING *buf, char *context)
*expand_flag |= PIPE_FLAG_EXTENSION;
else if (strcmp(vstring_str(buf), PIPE_DICT_MAILBOX) == 0)
*expand_flag |= PIPE_FLAG_MAILBOX;
else if (strcmp(vstring_str(buf), PIPE_DICT_SIZE) == 0)
*expand_flag |= PIPE_FLAG_SIZE;
}
return (0);
}
@ -397,14 +395,6 @@ static ARGV *expand_argv(char **argv, RECIPIENT_LIST *rcpt_list, long data_size)
dict_update(PIPE_DICT_TABLE, PIPE_DICT_MAILBOX, STR(buf));
}
/*
* This argument contains $size.
*/
if (expand_flag & PIPE_FLAG_SIZE) {
vstring_sprintf(buf, "%ld", data_size);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
}
/*
* Done.
*/
@ -698,6 +688,10 @@ static int deliver_message(DELIVER_REQUEST *request, char *service, char **argv)
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SENDER, request->sender);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_NEXTHOP, request->nexthop);
buf = vstring_alloc(10);
vstring_sprintf(buf, "%ld", (long) request->data_size);
dict_update(PIPE_DICT_TABLE, PIPE_DICT_SIZE, STR(buf));
vstring_free(buf);
expanded_argv = expand_argv(attr.command, rcpt_list, request->data_size);
export_env = argv_split(var_export_environ, ", \t\r\n");

7
postfix/src/qmgr/qmgr_deliver.c
View File

@ -121,9 +121,10 @@ static int qmgr_deliver_send_request(QMGR_ENTRY *entry, VSTREAM *stream)
char *cp;
/*
* With local delivery, the queue name is user@nexthop, so that we can
* implement per-recipient concurrency limits. The delivery agent
* protocol expects nexthop only.
* With mail transports that accept only one recipient per delivery, the
* queue name is user@nexthop, so that we can implement per-recipient
* concurrency limits. However, the delivery agent protocol expects
* nexthop only, so we must strip off the recipient local part.
*/
mail_print(stream, "%d %s %s %ld %ld %s %s %s %s %ld",
message->inspect_xport ? DEL_REQ_FLAG_BOUNCE : DEL_REQ_FLAG_DEFLT,

2
postfix/src/qmgr/qmgr_entry.c
View File

@ -47,7 +47,7 @@
/* the queue file to the deferred queue; send bounce reports to the
/* message originator (see qmgr_active_done()).
/*
/* qmgr_entry_select() randomly selects one entry from the named
/* qmgr_entry_select() selects the next entry from the named
/* per-site queue's `todo' list for actual delivery. The entry is
/* moved to the queue's `busy' list: the list of messages being
/* delivered.

31
postfix/src/qmgr/qmgr_message.c
View File

@ -550,8 +550,11 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
/*
* Queues are identified by the transport name and by the next-hop
* hostname. When the destination is local (no next hop), derive the
* queue name from the recipient name. XXX Should split the address
* hostname. When the delivery agent accepts only one recipient per
* delivery, give each recipient its own queue, so that deliveries to
* different recipients of the same message can happen in parallel.
* This also has the benefit that one bad recipient cannot interfere
* with deliveries to other recipients. XXX Should split the address
* on the recipient delimiter if one is defined, but doing a proper
* job requires knowledge of local aliases. Yuck! I don't want to
* duplicate delivery-agent specific knowledge in the queue manager.
@ -559,23 +562,27 @@ static void qmgr_message_resolve(QMGR_MESSAGE *message)
* queue name. Should have separate fields for queue name and for
* destination.
*/
if ((at = strrchr(STR(reply.recipient), '@')) == 0
|| resolve_local(at + 1)) {
len = (at != 0 ? (at - STR(reply.recipient))
: strlen(STR(reply.recipient)));
at = strrchr(STR(reply.recipient), '@');
len = (at ? (at - STR(reply.recipient)) : strlen(STR(reply.recipient)));
if ((transport = qmgr_transport_find(STR(reply.transport))) == 0)
transport = qmgr_transport_create(STR(reply.transport));
if (transport->recipient_limit == 1) {
VSTRING_SPACE(reply.nexthop, len + 1);
memmove(STR(reply.nexthop) + len + 1, STR(reply.nexthop),
LEN(reply.nexthop) + 1);
memcpy(STR(reply.nexthop), STR(reply.recipient), len);
STR(reply.nexthop)[len] = '@';
lowercase(STR(reply.nexthop));
}
/*
* Discard mail to the local double bounce address here, so this
* system can run without a local delivery agent. They'd still
* have to configure something for mail directed to the local
* postmaster, though, but that is an RFC requirement anyway.
*/
/*
* Discard mail to the local double bounce address here, so this
* system can run without a local delivery agent. They'd still have
* to configure something for mail directed to the local postmaster,
* though, but that is an RFC requirement anyway.
*/
if (at == 0 || resolve_local(at + 1)) {
if (strncasecmp(STR(reply.recipient), var_double_bounce_sender,
len) == 0
&& !var_double_bounce_sender[len]) {

13
postfix/src/util/Makefile.in
View File

@ -22,7 +22,8 @@ SRCS = argv.c argv_split.c attr.c basename.c binhash.c chroot_uid.c \
stream_connect.c stream_trigger.c dict_regexp.c mac_expand.c \
clean_env.c watchdog.c spawn_command.c duplex_pipe.c sane_rename.c \
sane_link.c unescape.c timed_read.c timed_write.c dict_tcp.c \
hex_quote.c dict_alloc.c rand_sleep.c sane_time.c dict_debug.c
hex_quote.c dict_alloc.c rand_sleep.c sane_time.c dict_debug.c \
sane_socketpair.c
OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
close_on_exec.o concatenate.o dict.o dict_db.o dict_dbm.o \
dict_env.o dict_ht.o dict_ldap.o dict_mysql.o dict_ni.o dict_nis.o \
@ -46,7 +47,8 @@ OBJS = argv.o argv_split.o attr.o basename.o binhash.o chroot_uid.o \
stream_connect.o stream_trigger.o dict_regexp.o mac_expand.o \
clean_env.o watchdog.o spawn_command.o duplex_pipe.o sane_rename.o \
sane_link.o unescape.o timed_read.o timed_write.o dict_tcp.o \
hex_quote.o dict_alloc.o rand_sleep.o sane_time.o dict_debug.o
hex_quote.o dict_alloc.o rand_sleep.o sane_time.o dict_debug.o \
sane_socketpair.o
HDRS = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
dict_dbm.h dict_env.h dict_ht.h dict_ldap.h dict_mysql.h \
dict_ni.h dict_nis.h dict_nisplus.h dir_forest.h events.h \
@ -62,7 +64,7 @@ HDRS = argv.h attr.h binhash.h chroot_uid.h connect.h dict.h dict_db.h \
vbuf.h vbuf_print.h vstream.h vstring.h vstring_vstream.h \
dict_unix.h dict_pcre.h dict_regexp.h mac_expand.h clean_env.h \
watchdog.h spawn_command.h sane_fsops.h dict_tcp.h hex_quote.h \
sane_time.h
sane_time.h sane_socketpair.h
TESTSRC = fifo_open.c fifo_rdwr_bug.c fifo_rdonly_bug.c select_bug.c \
stream_test.c dup2_pass_on_exec.c
WARN = -W -Wformat -Wimplicit -Wmissing-prototypes \
@ -534,6 +536,7 @@ dup2_pass_on_exec.o: dup2_pass_on_exec.c
duplex_pipe.o: duplex_pipe.c
duplex_pipe.o: sys_defs.h
duplex_pipe.o: iostuff.h
duplex_pipe.o: sane_socketpair.h
environ.o: environ.c
environ.o: sys_defs.h
events.o: events.c
@ -840,6 +843,10 @@ sane_rename.o: sane_rename.c
sane_rename.o: sys_defs.h
sane_rename.o: msg.h
sane_rename.o: sane_fsops.h
sane_socketpair.o: sane_socketpair.c
sane_socketpair.o: sys_defs.h
sane_socketpair.o: msg.h
sane_socketpair.o: sane_socketpair.h
sane_time.o: sane_time.c
sane_time.o: sys_defs.h
sane_time.o: msg.h

3
postfix/src/util/duplex_pipe.c
View File

@ -34,6 +34,7 @@
/* Utility library. */
#include "iostuff.h"
#include "sane_socketpair.h"
/* duplex_pipe - give me a duplex pipe or bust */
@ -42,7 +43,7 @@ int duplex_pipe(int *fds)
#ifdef HAS_DUPLEX_PIPE
return (pipe(fds));
#else
return (socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
return (sane_socketpair(AF_UNIX, SOCK_STREAM, 0, fds));
#endif
}

71
postfix/src/util/sane_socketpair.c Normal file
View File

@ -0,0 +1,71 @@
/*++
/* NAME
/* sane_socketpair 3
/* SUMMARY
/* sanitize socketpair() error returns
/* SYNOPSIS
/* #include <sane_socketpair.h>
/*
/* int sane_socketpair(domain, type, protocol, result)
/* int domain;
/* int type;
/* int protocol;
/* int *result;
/* DESCRIPTION
/* sane_socketpair() implements the socketpair(2) socket call, and
/* skips over silly error results such as EINTR.
/* BUGS
/* Bizarre systems may have other harmless error results. Such
/* systems encourage programers to ignore error results, and
/* penalizes programmers who code defensively.
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
/* System library. */
#include "sys_defs.h"
#include <sys/socket.h>
#include <unistd.h>
#include <errno.h>
/* Utility library. */
#include "msg.h"
#include "sane_socketpair.h"
/* sane_socketpair - sanitize socketpair() error returns */
int sane_socketpair(int domain, int type, int protocol, int *result)
{
static int socketpair_ok_errors[] = {
EINTR,
0,
};
int count;
int err;
int ret;
/*
* Solaris socketpair() can fail with EINTR.
*/
while ((ret = socketpair(domain, type, protocol, result)) < 0) {
for (count = 0; /* void */ ; count++) {
if ((err = socketpair_ok_errors[count]) == 0)
return (ret);
if (errno == err) {
msg_warn("socketpair: %m (trying again)");
sleep(1);
break;
}
}
}
return (ret);
}

29
postfix/src/util/sane_socketpair.h Normal file
View File

@ -0,0 +1,29 @@
#ifndef _SANE_SOCKETPAIR_H_
#define _SANE_SOCKETPAIR_H_
/*++
/* NAME
/* sane_socketpair 3h
/* SUMMARY
/* sanitize socketpair() error returns
/* SYNOPSIS
/* #include <sane_socketpair.h>
/* DESCRIPTION
/* .nf
/* External interface. */
extern int sane_socketpair(int, int, int, int *);
/* LICENSE
/* .ad
/* .fi
/* The Secure Mailer license must be distributed with this software.
/* AUTHOR(S)
/* Wietse Venema
/* IBM T.J. Watson Research
/* P.O. Box 704
/* Yorktown Heights, NY 10598, USA
/*--*/
#endif